DNS 9 NOTAUTH vs 10 NOTZONE
Both DNS 9 (NOTAUTH) and 10 (NOTZONE) belong to the DNS Response Codes (RCODEs) category. 9 indicates that server Not Authoritative for zone, or Not Authorized. The server is not authoritative for the zone named in the Zone section. Meanwhile, 10 means that name not contained in zone. A name used in the Prerequisite or Update section is not within the zone denoted by the Zone section.
Description
Server Not Authoritative for zone, or Not Authorized. The server is not authoritative for the zone named in the Zone section.
When You See It
You sent a dynamic update or zone operation to a server that is not the authoritative master for that zone, or the server rejected it due to TSIG authentication failure.
How to Fix
Send the update to the correct primary authoritative server for the zone. If using TSIG, verify the key name and secret match on both client and server.
Description
Name not contained in zone. A name used in the Prerequisite or Update section is not within the zone denoted by the Zone section.
When You See It
Your dynamic update tried to modify a record that falls outside the zone specified in the update message (e.g., updating foo.example.org in the example.com zone).
How to Fix
Ensure all names in the update are within the target zone. Check for typos in the zone name or the records being updated.
Key Differences
DNS 9: Server Not Authoritative for zone, or Not Authorized. The server is not authoritative for the zone named in the Zone section.
DNS 10: Name not contained in zone. A name used in the Prerequisite or Update section is not within the zone denoted by the Zone section.
You encounter 9 when you sent a dynamic update or zone operation to a server that is not the authoritative master for that zone, or the server rejected it due to TSIG authentication failure.
You encounter 10 when your dynamic update tried to modify a record that falls outside the zone specified in the update message (e.g., updating foo.example.org in the example.com zone).
When to Use Which
For 9 (NOTAUTH): Send the update to the correct primary authoritative server for the zone. If using TSIG, verify the key name and secret match on both client and server. For 10 (NOTZONE): Ensure all names in the update are within the target zone. Check for typos in the zone name or the records being updated.