DNS 11 DSOTYPENI vs 21 BADALG
Both DNS 11 (DSOTYPENI) and 21 (BADALG) belong to the DNS Response Codes (RCODEs) category. 11 indicates that dSO-TYPE Not Implemented. The DNS Stateful Operations (DSO) type in the request is not supported by the server. Meanwhile, 21 means that algorithm not supported. The cryptographic algorithm specified in the TKEY or SIG record is not supported by the server.
설명
DSO-TYPE Not Implemented. The DNS Stateful Operations (DSO) type in the request is not supported by the server.
이 코드를 보게 되는 경우
Your client attempted a DSO operation (like a keepalive or push subscription) that the server does not recognize or has not implemented.
해결 방법
Verify that both client and server support the same DSO-TYPE. Upgrade the server software or fall back to traditional DNS queries.
설명
Algorithm not supported. The cryptographic algorithm specified in the TKEY or SIG record is not supported by the server.
이 코드를 보게 되는 경우
Your TKEY negotiation or DNSSEC operation requested an algorithm (e.g., HMAC-SHA512) that the server has not been compiled with or configured to accept.
해결 방법
Use a mutually supported algorithm. HMAC-SHA256 is widely supported for TSIG; for DNSSEC, check the server's supported algorithm list with its documentation.
주요 차이점
DNS 11: DSO-TYPE Not Implemented. The DNS Stateful Operations (DSO) type in the request is not supported by the server.
DNS 21: Algorithm not supported. The cryptographic algorithm specified in the TKEY or SIG record is not supported by the server.
You encounter 11 when your client attempted a DSO operation (like a keepalive or push subscription) that the server does not recognize or has not implemented.
You encounter 21 when your TKEY negotiation or DNSSEC operation requested an algorithm (e.g., HMAC-SHA512) that the server has not been compiled with or configured to accept.
언제 어떤 것을 사용할지
For 11 (DSOTYPENI): Verify that both client and server support the same DSO-TYPE. Upgrade the server software or fall back to traditional DNS queries. For 21 (BADALG): Use a mutually supported algorithm. HMAC-SHA256 is widely supported for TSIG; for DNSSEC, check the server's supported algorithm list with its documentation.