DNS 9 NOTAUTH vs 21 BADALG
Both DNS 9 (NOTAUTH) and 21 (BADALG) belong to the DNS Response Codes (RCODEs) category. 9 indicates that server Not Authoritative for zone, or Not Authorized. The server is not authoritative for the zone named in the Zone section. Meanwhile, 21 means that algorithm not supported. The cryptographic algorithm specified in the TKEY or SIG record is not supported by the server.
คำอธิบาย
Server Not Authoritative for zone, or Not Authorized. The server is not authoritative for the zone named in the Zone section.
เมื่อคุณพบเห็น
You sent a dynamic update or zone operation to a server that is not the authoritative master for that zone, or the server rejected it due to TSIG authentication failure.
วิธีแก้ไข
Send the update to the correct primary authoritative server for the zone. If using TSIG, verify the key name and secret match on both client and server.
คำอธิบาย
Algorithm not supported. The cryptographic algorithm specified in the TKEY or SIG record is not supported by the server.
เมื่อคุณพบเห็น
Your TKEY negotiation or DNSSEC operation requested an algorithm (e.g., HMAC-SHA512) that the server has not been compiled with or configured to accept.
วิธีแก้ไข
Use a mutually supported algorithm. HMAC-SHA256 is widely supported for TSIG; for DNSSEC, check the server's supported algorithm list with its documentation.
ความแตกต่างหลัก
DNS 9: Server Not Authoritative for zone, or Not Authorized. The server is not authoritative for the zone named in the Zone section.
DNS 21: Algorithm not supported. The cryptographic algorithm specified in the TKEY or SIG record is not supported by the server.
You encounter 9 when you sent a dynamic update or zone operation to a server that is not the authoritative master for that zone, or the server rejected it due to TSIG authentication failure.
You encounter 21 when your TKEY negotiation or DNSSEC operation requested an algorithm (e.g., HMAC-SHA512) that the server has not been compiled with or configured to accept.
ควรใช้อันไหนเมื่อไร
For 9 (NOTAUTH): Send the update to the correct primary authoritative server for the zone. If using TSIG, verify the key name and secret match on both client and server. For 21 (BADALG): Use a mutually supported algorithm. HMAC-SHA256 is widely supported for TSIG; for DNSSEC, check the server's supported algorithm list with its documentation.