Problems with zone-transfers

Chris Thompson cet1 at
Wed Nov 23 16:22:29 UTC 2005

On Nov 23 2005, Fredrik Petersson wrote:

>Hi All!
>I have two nameservers master M and slave S.
>M has a public ip and are not behind a firewall.
>S has a local ip and are behind a firewall with #53 open for udp and tcp.
>The problem is that S doesn't update the zonefile when I restart it thus the
>zonefile has a new Serial on the M.
>But if I delete the zonefile on S and restart M, the S get the new data.
>If I run (on S):
>dig axfr
>I get the correct data.
>What should I check??
>What can be the problem?

I'll assume that you did remember to increase the SOA serial number ...

Does the slave update if you use "rndc refresh" ?

What is the refresh time for the zone? Does S update if you leave it that long?

If the answers to both those are yes, then your problem is probably that NOTIFY
packets are not getting through from M to S, although it isn't obvious why if
the firewall configuration is as you describe.

Chris Thompson
Email: cet1 at

