DNS 7 YXRRSET vs 21 BADALG
Both DNS 7 (YXRRSET) and 21 (BADALG) belong to the DNS Response Codes (RCODEs) category. 7 indicates that rR Set Exists when it should not. A resource record set exists that the update prerequisite says should not. Meanwhile, 21 means that algorithm not supported. The cryptographic algorithm specified in the TKEY or SIG record is not supported by the server.
Mô tả
RR Set Exists when it should not. A resource record set exists that the update prerequisite says should not.
Khi bạn thấy mã này
A DNS UPDATE failed because a specific RRset (e.g., an A record) already exists when the prerequisite required it to be absent.
Cách khắc phục
Delete the conflicting RRset before retrying the update, or adjust your prerequisite conditions to match the actual zone state.
Mô tả
Algorithm not supported. The cryptographic algorithm specified in the TKEY or SIG record is not supported by the server.
Khi bạn thấy mã này
Your TKEY negotiation or DNSSEC operation requested an algorithm (e.g., HMAC-SHA512) that the server has not been compiled with or configured to accept.
Cách khắc phục
Use a mutually supported algorithm. HMAC-SHA256 is widely supported for TSIG; for DNSSEC, check the server's supported algorithm list with its documentation.
Sự khác biệt chính
DNS 7: RR Set Exists when it should not. A resource record set exists that the update prerequisite says should not.
DNS 21: Algorithm not supported. The cryptographic algorithm specified in the TKEY or SIG record is not supported by the server.
You encounter 7 when a DNS UPDATE failed because a specific RRset (e.g., an A record) already exists when the prerequisite required it to be absent.
You encounter 21 when your TKEY negotiation or DNSSEC operation requested an algorithm (e.g., HMAC-SHA512) that the server has not been compiled with or configured to accept.
Khi nào dùng cái nào
For 7 (YXRRSET): Delete the conflicting RRset before retrying the update, or adjust your prerequisite conditions to match the actual zone state. For 21 (BADALG): Use a mutually supported algorithm. HMAC-SHA256 is widely supported for TSIG; for DNSSEC, check the server's supported algorithm list with its documentation.