Traefik ACME returning could not determine the zone: unexpected response code 'REFUSED'

In Traefik log, the following error was observed

Unable to obtain ACME certificate for domains "app.example.com": unable to generate a certificate for the domains [app.example.com]: error: one or more domains had a problem:
[app.example.com] time limit exceeded: last error: could not determine the zone: unexpected response code 'REFUSED' for _acme-challenge.app.example.com.

In our scenario, after some debugging, it was due to the incorrect configuration of recursive DNS in traefik.yaml:

certificatesResolvers:
  route53:
    acme:
      email: "hello@example.com"
      storage: "/data/certs.json"
      keyType: RSA4096
      caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"

      dnsChallenge:
        provider: route53
        resolvers:
          - "ns-926.awsdns-51.net:53"
          - "ns-88.awsdns-11.com:53"
          - "ns-1591.awsdns-06.co.uk:53"
          - "ns-1132.awsdns-13.org:53"

In certificatesResolves.route53.acme.dnsChallenge.resolvers, the resolvers have to be set to those NS address of the corresponding domain names of which this certificate resolver is used to obtaining a certificate. Add all NS entries of each domain names if there are multiple domain names under this resolver.