DNS 10 NOTZONE vs 23 BADCOOKIE
Both DNS 10 (NOTZONE) and 23 (BADCOOKIE) belong to the DNS Response Codes (RCODEs) category. 10 indicates that name not contained in zone. A name used in the Prerequisite or Update section is not within the zone denoted by the Zone section. Meanwhile, 23 means that bad or missing server cookie. The DNS COOKIE option in the request is absent, malformed, or does not match the server's expected value.
Beschreibung
Name not contained in zone. A name used in the Prerequisite or Update section is not within the zone denoted by the Zone section.
Wann Sie es sehen
Your dynamic update tried to modify a record that falls outside the zone specified in the update message (e.g., updating foo.example.org in the example.com zone).
Wie man es behebt
Ensure all names in the update are within the target zone. Check for typos in the zone name or the records being updated.
Beschreibung
Bad or missing server cookie. The DNS COOKIE option in the request is absent, malformed, or does not match the server's expected value.
Wann Sie es sehen
Your resolver sent a query without a valid server cookie, or the cookie has expired. This is part of the DNS COOKIE mechanism to prevent spoofed-source attacks.
Wie man es behebt
Retry the query — most resolvers automatically learn the correct server cookie from the first response. If the error persists, ensure your resolver supports RFC 7873 DNS Cookies.
Wesentliche Unterschiede
DNS 10: Name not contained in zone. A name used in the Prerequisite or Update section is not within the zone denoted by the Zone section.
DNS 23: Bad or missing server cookie. The DNS COOKIE option in the request is absent, malformed, or does not match the server's expected value.
You encounter 10 when your dynamic update tried to modify a record that falls outside the zone specified in the update message (e.g., updating foo.example.org in the example.com zone).
You encounter 23 when your resolver sent a query without a valid server cookie, or the cookie has expired. This is part of the DNS COOKIE mechanism to prevent spoofed-source attacks.
Wann welchen verwenden
For 10 (NOTZONE): Ensure all names in the update are within the target zone. Check for typos in the zone name or the records being updated. For 23 (BADCOOKIE): Retry the query — most resolvers automatically learn the correct server cookie from the first response. If the error persists, ensure your resolver supports RFC 7873 DNS Cookies.