DNS 6 YXDOMAIN vs 21 BADALG
Both DNS 6 (YXDOMAIN) and 21 (BADALG) belong to the DNS Response Codes (RCODEs) category. 6 indicates that name Exists when it should not. Used in dynamic updates to indicate a name that should not exist already has records. Meanwhile, 21 means that algorithm not supported. The cryptographic algorithm specified in the TKEY or SIG record is not supported by the server.
Descripción
Name Exists when it should not. Used in dynamic updates to indicate a name that should not exist already has records.
Cuándo lo verás
A DNS UPDATE prerequisite check failed because the domain name already exists when the update expected it to be absent.
Cómo solucionarlo
Review your dynamic update prerequisites. If you expect to create a new name, remove the existing records first or change the prerequisite to allow existing names.
Descripción
Algorithm not supported. The cryptographic algorithm specified in the TKEY or SIG record is not supported by the server.
Cuándo lo verás
Your TKEY negotiation or DNSSEC operation requested an algorithm (e.g., HMAC-SHA512) that the server has not been compiled with or configured to accept.
Cómo solucionarlo
Use a mutually supported algorithm. HMAC-SHA256 is widely supported for TSIG; for DNSSEC, check the server's supported algorithm list with its documentation.
Diferencias clave
DNS 6: Name Exists when it should not. Used in dynamic updates to indicate a name that should not exist already has records.
DNS 21: Algorithm not supported. The cryptographic algorithm specified in the TKEY or SIG record is not supported by the server.
You encounter 6 when a DNS UPDATE prerequisite check failed because the domain name already exists when the update expected it to be absent.
You encounter 21 when your TKEY negotiation or DNSSEC operation requested an algorithm (e.g., HMAC-SHA512) that the server has not been compiled with or configured to accept.
Cuándo usar cada uno
For 6 (YXDOMAIN): Review your dynamic update prerequisites. If you expect to create a new name, remove the existing records first or change the prerequisite to allow existing names. For 21 (BADALG): Use a mutually supported algorithm. HMAC-SHA256 is widely supported for TSIG; for DNSSEC, check the server's supported algorithm list with its documentation.