DNS 9 NOTAUTH vs 17 BADKEY
Both DNS 9 (NOTAUTH) and 17 (BADKEY) belong to the DNS Response Codes (RCODEs) category. 9 indicates that server Not Authoritative for zone, or Not Authorized. The server is not authoritative for the zone named in the Zone section. Meanwhile, 17 means that key not recognized. The TSIG key name in the message is not configured on the server.
Mô tả
Server Not Authoritative for zone, or Not Authorized. The server is not authoritative for the zone named in the Zone section.
Khi bạn thấy mã này
You sent a dynamic update or zone operation to a server that is not the authoritative master for that zone, or the server rejected it due to TSIG authentication failure.
Cách khắc phục
Send the update to the correct primary authoritative server for the zone. If using TSIG, verify the key name and secret match on both client and server.
Mô tả
Key not recognized. The TSIG key name in the message is not configured on the server.
Khi bạn thấy mã này
Your TSIG-signed query or update references a key name that the server does not have in its keyring, so it cannot verify the signature.
Cách khắc phục
Ensure the TSIG key name matches exactly (case-sensitive) on both client and server. Add the missing key to the server's configuration if it is a new key.
Sự khác biệt chính
DNS 9: Server Not Authoritative for zone, or Not Authorized. The server is not authoritative for the zone named in the Zone section.
DNS 17: Key not recognized. The TSIG key name in the message is not configured on the server.
You encounter 9 when you sent a dynamic update or zone operation to a server that is not the authoritative master for that zone, or the server rejected it due to TSIG authentication failure.
You encounter 17 when your TSIG-signed query or update references a key name that the server does not have in its keyring, so it cannot verify the signature.
Khi nào dùng cái nào
For 9 (NOTAUTH): Send the update to the correct primary authoritative server for the zone. If using TSIG, verify the key name and secret match on both client and server. For 17 (BADKEY): Ensure the TSIG key name matches exactly (case-sensitive) on both client and server. Add the missing key to the server's configuration if it is a new key.