REFUSED
DNS response code 5: the server refused to answer, typically because of policy (e.g., not authoritative for the zone, ACL blocked).
REFUSED (RCODE 5) is what a DNS server returns when it understood the query but declined to process it. Common causes: the server is not authoritative for the zone and recursion is disabled (a hardened authoritative-only server), the query came from an IP outside the configured ACL, or rate-limiting policy kicked in. REFUSED is distinct from SERVFAIL (which signals a server-side failure) and NXDOMAIN (which signals the name does not exist). Seeing REFUSED on a domain you control usually points at a misdirected query, not a broken zone.
Reference
Related terms
See also
Referenced on
- Ban-evasion gate at session creation:
- Build a DNS Resolver from Scratch in PHP
- Cloudflare Error Codes (5xx, 1xxx) and Fixes
- Complete Guide to DNS Attacks and DNS Security (Prevention, Testing & Mitigation)
- DNS Amplification Attack Explained: How Open Resolvers Enable Massive DDoS
- DNS Queries in Node.js: dns.lookup vs dns.resolve Explained
- DNS Zone Transfer Attack (AXFR): How a Single Query Exposes Your Entire Domain
- FTP Error Codes Reference and Fixes
- How DNS Queries Work: A Developer's Guide to the DNS Protocol
- HTTP Status Codes Reference (1xx
- SMTP Error Codes Reference and Fixes
- The Complete dig Command Guide: Every Flag and Option Explained
- What Is an Open DNS Resolver? Why It's Dangerous and How to Fix It
- What Is NXDOMAIN? Understanding the 'Domain Does Not Exist' DNS Response
- What Is SERVFAIL? Understanding DNS Server Failure Responses