DNS 8 NXRRSET vs 21 BADALG
Both DNS 8 (NXRRSET) and 21 (BADALG) belong to the DNS Response Codes (RCODEs) category. 8 indicates that rR Set that should exist does not. A required resource record set is missing from the zone. Meanwhile, 21 means that algorithm not supported. The cryptographic algorithm specified in the TKEY or SIG record is not supported by the server.
Descripción
RR Set that should exist does not. A required resource record set is missing from the zone.
Cuándo lo verás
A DNS UPDATE prerequisite expected a certain RRset to exist (e.g., an MX record), but the zone does not contain it.
Cómo solucionarlo
Create the missing RRset in the zone before retrying the update, or change the prerequisite to not require its existence.
Descripción
Algorithm not supported. The cryptographic algorithm specified in the TKEY or SIG record is not supported by the server.
Cuándo lo verás
Your TKEY negotiation or DNSSEC operation requested an algorithm (e.g., HMAC-SHA512) that the server has not been compiled with or configured to accept.
Cómo solucionarlo
Use a mutually supported algorithm. HMAC-SHA256 is widely supported for TSIG; for DNSSEC, check the server's supported algorithm list with its documentation.
Diferencias clave
DNS 8: RR Set that should exist does not. A required resource record set is missing from the zone.
DNS 21: Algorithm not supported. The cryptographic algorithm specified in the TKEY or SIG record is not supported by the server.
You encounter 8 when a DNS UPDATE prerequisite expected a certain RRset to exist (e.g., an MX record), but the zone does not contain it.
You encounter 21 when your TKEY negotiation or DNSSEC operation requested an algorithm (e.g., HMAC-SHA512) that the server has not been compiled with or configured to accept.
Cuándo usar cada uno
For 8 (NXRRSET): Create the missing RRset in the zone before retrying the update, or change the prerequisite to not require its existence. For 21 (BADALG): Use a mutually supported algorithm. HMAC-SHA256 is widely supported for TSIG; for DNSSEC, check the server's supported algorithm list with its documentation.