DNS 3 NXDOMAIN vs 21 BADALG
Both DNS 3 (NXDOMAIN) and 21 (BADALG) belong to the DNS Response Codes (RCODEs) category. 3 indicates that non-Existent Domain. The queried domain name does not exist in the DNS namespace. Meanwhile, 21 means that algorithm not supported. The cryptographic algorithm specified in the TKEY or SIG record is not supported by the server.
Açıklama
Non-Existent Domain. The queried domain name does not exist in the DNS namespace.
Gördüğünüzde
The domain has no DNS records at all — either it was never registered, has expired, or you have a typo in the hostname.
Nasıl Düzeltilir
Double-check the domain spelling. If you own the domain, verify your registrar settings and ensure the nameservers are correctly delegated.
Açıklama
Algorithm not supported. The cryptographic algorithm specified in the TKEY or SIG record is not supported by the server.
Gördüğünüzde
Your TKEY negotiation or DNSSEC operation requested an algorithm (e.g., HMAC-SHA512) that the server has not been compiled with or configured to accept.
Nasıl Düzeltilir
Use a mutually supported algorithm. HMAC-SHA256 is widely supported for TSIG; for DNSSEC, check the server's supported algorithm list with its documentation.
Temel Farklar
DNS 3: Non-Existent Domain. The queried domain name does not exist in the DNS namespace.
DNS 21: Algorithm not supported. The cryptographic algorithm specified in the TKEY or SIG record is not supported by the server.
You encounter 3 when the domain has no DNS records at all — either it was never registered, has expired, or you have a typo in the hostname.
You encounter 21 when your TKEY negotiation or DNSSEC operation requested an algorithm (e.g., HMAC-SHA512) that the server has not been compiled with or configured to accept.
Hangisini Ne Zaman Kullanmalı
For 3 (NXDOMAIN): Double-check the domain spelling. If you own the domain, verify your registrar settings and ensure the nameservers are correctly delegated. For 21 (BADALG): Use a mutually supported algorithm. HMAC-SHA256 is widely supported for TSIG; for DNSSEC, check the server's supported algorithm list with its documentation.