DNS 5 REFUSED vs 19 BADMODE
Both DNS 5 (REFUSED) and 19 (BADMODE) belong to the DNS Response Codes (RCODEs) category. 5 indicates that query refused. The name server refuses to perform the requested operation for policy reasons. Meanwhile, 19 means that bad TKEY Mode. The TKEY mode field contains a value not supported by the server.
Descrição
Query refused. The name server refuses to perform the requested operation for policy reasons.
Quando você o vê
The server rejected your query due to access control — for example, a recursive resolver that only serves its own network, or a zone transfer blocked by ACL.
Como corrigir
Check the server's allow-query, allow-recursion, or allow-transfer ACLs. If you are not authorized to use this resolver, switch to a public DNS service.
Descrição
Bad TKEY Mode. The TKEY mode field contains a value not supported by the server.
Quando você o vê
Your client attempted a TKEY key exchange using a mode (e.g., Diffie-Hellman, GSS-API) that the server does not support or has not been configured for.
Como corrigir
Check which TKEY modes the server supports and configure your client to use a compatible mode. GSS-TSIG (mode 3) is the most widely deployed.
Diferenças principais
DNS 5: Query refused. The name server refuses to perform the requested operation for policy reasons.
DNS 19: Bad TKEY Mode. The TKEY mode field contains a value not supported by the server.
You encounter 5 when the server rejected your query due to access control — for example, a recursive resolver that only serves its own network, or a zone transfer blocked by ACL.
You encounter 19 when your client attempted a TKEY key exchange using a mode (e.g., Diffie-Hellman, GSS-API) that the server does not support or has not been configured for.
Quando usar qual
For 5 (REFUSED): Check the server's allow-query, allow-recursion, or allow-transfer ACLs. If you are not authorized to use this resolver, switch to a public DNS service. For 19 (BADMODE): Check which TKEY modes the server supports and configure your client to use a compatible mode. GSS-TSIG (mode 3) is the most widely deployed.