Knowledge

DNS_ERROR_NOT_ALLOWED_ON_SIGNED_ZONE - 9102 (0x238E)

This operation is not allowed on a zone that is signed or has signing keys.

Updated: Feb 21, 2026

Technical Meaning

The DNS_ERROR_NOT_ALLOWED_ON_SIGNED_ZONE error code indicates that a specific operation cannot be performed on a DNS zone that is either signed or has associated signing keys. This error suggests that the operation in question conflicts with the security and integrity requirements of a signed DNS zone.

Error Details

This error typically occurs when attempting to modify a DNS zone that has been configured for secure dynamic updates (SDU) using DNSSEC. The presence of a signing key or the signature on the zone data restricts certain operations, such as adding, modifying, or deleting records, to ensure the integrity and authenticity of the zone.

Usage Context

This error is relevant in scenarios where administrators attempt to make changes to a DNS zone that has been signed. The operation may include adding new records, modifying existing ones, or removing records from the zone. These actions are restricted when the zone is signed due to the potential impact on the security and integrity of the DNS data.

Developer Interpretation

Developers should interpret this error as a signal that the current operation is not compatible with the state of the DNS zone. The presence of a signing key or signature implies that the zone has been configured for enhanced security, and certain operations are prohibited to maintain the integrity of the signed data.

Related Errors

  • DNS_ERROR_ZONE_LOCKED (9103): Indicates that the zone is locked and cannot be modified.
  • DNS_ERROR_NOT_ALLOWED_ON_ROOT_ZONE (9104): Suggests that an operation is not allowed on a root DNS zone.

FAQ

Q: What does this error mean?

A: This error indicates that the requested operation cannot be performed on a signed DNS zone due to security and integrity constraints.

Q: How can I resolve this issue?

A: Ensure that the operation is compatible with the state of the DNS zone. If the zone is signed, certain modifications may not be allowed. Consult the documentation or seek assistance from network administrators for further guidance.

Summary

The DNS_ERROR_NOT_ALLOWED_ON_SIGNED_ZONE error code signifies that an operation cannot be performed on a DNS zone due to its signed state. This error is critical in maintaining the security and integrity of DNS data, particularly when using DNSSEC for secure dynamic updates.