DNS 9 NOTAUTH vs 23 BADCOOKIE
Both DNS 9 (NOTAUTH) and 23 (BADCOOKIE) belong to the DNS Response Codes (RCODEs) category. 9 indicates that server Not Authoritative for zone, or Not Authorized. The server is not authoritative for the zone named in the Zone section. Meanwhile, 23 means that bad or missing server cookie. The DNS COOKIE option in the request is absent, malformed, or does not match the server's expected value.
Mô tả
Server Not Authoritative for zone, or Not Authorized. The server is not authoritative for the zone named in the Zone section.
Khi bạn thấy mã này
You sent a dynamic update or zone operation to a server that is not the authoritative master for that zone, or the server rejected it due to TSIG authentication failure.
Cách khắc phục
Send the update to the correct primary authoritative server for the zone. If using TSIG, verify the key name and secret match on both client and server.
Mô tả
Bad or missing server cookie. The DNS COOKIE option in the request is absent, malformed, or does not match the server's expected value.
Khi bạn thấy mã này
Your resolver sent a query without a valid server cookie, or the cookie has expired. This is part of the DNS COOKIE mechanism to prevent spoofed-source attacks.
Cách khắc phục
Retry the query — most resolvers automatically learn the correct server cookie from the first response. If the error persists, ensure your resolver supports RFC 7873 DNS Cookies.
Sự khác biệt chính
DNS 9: Server Not Authoritative for zone, or Not Authorized. The server is not authoritative for the zone named in the Zone section.
DNS 23: Bad or missing server cookie. The DNS COOKIE option in the request is absent, malformed, or does not match the server's expected value.
You encounter 9 when you sent a dynamic update or zone operation to a server that is not the authoritative master for that zone, or the server rejected it due to TSIG authentication failure.
You encounter 23 when your resolver sent a query without a valid server cookie, or the cookie has expired. This is part of the DNS COOKIE mechanism to prevent spoofed-source attacks.
Khi nào dùng cái nào
For 9 (NOTAUTH): Send the update to the correct primary authoritative server for the zone. If using TSIG, verify the key name and secret match on both client and server. For 23 (BADCOOKIE): Retry the query — most resolvers automatically learn the correct server cookie from the first response. If the error persists, ensure your resolver supports RFC 7873 DNS Cookies.