DNS 1 FORMERR vs 9 NOTAUTH
Both DNS 1 (FORMERR) and 9 (NOTAUTH) belong to the DNS Response Codes (RCODEs) category. 1 indicates that format error. The name server was unable to interpret the query due to a malformed DNS message. Meanwhile, 9 means that server Not Authoritative for zone, or Not Authorized. The server is not authoritative for the zone named in the Zone section.
描述
Format error. The name server was unable to interpret the query due to a malformed DNS message.
何时出现
Your DNS client or library sent a query the server could not parse, often caused by a buggy resolver, corrupted packet, or unsupported EDNS options.
如何修复
Check your DNS client or library version for known bugs. Capture the raw query with dig or Wireshark and verify it conforms to the DNS wire format.
描述
Server Not Authoritative for zone, or Not Authorized. The server is not authoritative for the zone named in the Zone section.
何时出现
You sent a dynamic update or zone operation to a server that is not the authoritative master for that zone, or the server rejected it due to TSIG authentication failure.
如何修复
Send the update to the correct primary authoritative server for the zone. If using TSIG, verify the key name and secret match on both client and server.
主要区别
DNS 1: Format error. The name server was unable to interpret the query due to a malformed DNS message.
DNS 9: Server Not Authoritative for zone, or Not Authorized. The server is not authoritative for the zone named in the Zone section.
You encounter 1 when your DNS client or library sent a query the server could not parse, often caused by a buggy resolver, corrupted packet, or unsupported EDNS options.
You encounter 9 when you sent a dynamic update or zone operation to a server that is not the authoritative master for that zone, or the server rejected it due to TSIG authentication failure.
何时使用哪个
For 1 (FORMERR): Check your DNS client or library version for known bugs. Capture the raw query with dig or Wireshark and verify it conforms to the DNS wire format. For 9 (NOTAUTH): Send the update to the correct primary authoritative server for the zone. If using TSIG, verify the key name and secret match on both client and server.