DNSmonitor KB - DNS check KB

Generic DNS response codes

Defined in RFC 1035, RFC 2136 and RFC 8914, these are the response codes possible to receive from a DNS query, dynamic update request or zone transfer.

DNS response codes (RFC 1035)

NOERROR

No error condition found in response. The name in the query exist but not necessarily of the requested query type.

FORMERR

The responding name server were unable to interpret the request due to a format error.

SERVFAIL

The name server encountered an internal failure while processing this request, for example an operating system error or a forwarding timeout. Read more about this response code further down under the RFC 8914 headline.

NXDOMAIN

Some name that ought to exist, does not exist. The NXDOMAIN response should be an absolute confimation that the requested name does not exist in the name space regardless query type. We have found that some name server implementations doesn't adhere to this rule and instead use the NXDOMAIN result code for the specific query type.

NOTIMP

The name server is not impressed with the query and want you to send another, better one.

No, that was our nerdy humor, the truth is that the response code mean that the name server does not support the Opcode (operation code) specified in the query request.

REFUSED

The name server refuses to perform the specified operation for policy or security reasons.

DNS response codes (RFC 2136)

The following response codes is predominately used while performing dynamic updates.

YXDOMAIN

Some name that ought not to exist, does exist.

YXRRSET

Some RRset that ought not to exist, does exist.

NXRRSET

Some RRset that ought to exist, does not exist.

NOTAUTH

The server is not authoritative for the zone name in the Zone section.

NOTZONE

A name used in the Prerequisite or Update Section is not within the zone denoted by the Zone Section.

Extended DNS Errors (RFC 8914)

In RFC 1035 (November 1987) that define the DNS protocol the number of response codes were set to 16. As mentioned earlier in this document under the SERVFAIL headline there are many reasons a DNS can fail and the number of response codes simply are too few.

In October 2020 the RFC 8914 was published as an Internet standard by the IETF to allow DNS implementations additional error responses.

As of now the SERVFAIL response code is used for more than internal server failures like failed DNSSEC validations and so on.