slave transfer problems

Scott Haneda
Wed Apr 29 23:11:07 UTC 2009

I have been having some long standing issues with my secondary  
provider that I would like to learn how to solve, and who needs to  
look to solve the errors.  When I make an update, it seems hit or miss  
as to how long before I see it hit the secondary.

Apparently they have a server at  xx.xx.0.26 that pulls the slave  
data, even though I list the secondary NS as  xx.xx.0.18.   xx.xx.0.18  
seems to be a slave of  xx.xx.0.26.

My master has:
options {
         directory "/var/named";
         allow-transfer {  xx.xx.0.26; };
         transfer-source  xx.xx.37.14;
         also-notify {  xx.xx.0.26; };

* I redacted some lines, but those are the ones I believe to be  

They sent me some lines from their logs, which I will make comments on  
in-between. I am pretty sure there is nothing for me to do on my end,  
and this is for them to solve, but wanted to confirm...

NS0 is  xx.xx.0.26, which is where I send my notifications to.

> Computer:	NS0
> Description:
> zone refresh: unexpected rcode (REFUSED) from
> master xx.xx.37.14#53 (source

I do not understand this one, why would source be  This looks  
like my machine, .14 is refusing their refresh request.  Do I need to  
allow-recursion for their NS0?

At any rate, I no longer have zones for this domain on the primary,  
the domain owner has asked to terminate hosting.  I asked the  
secondary to remove this from their slave.  I assume this, and the  
below errors, especially the NOTAUTH are telling me exactly that, that  
there is simply no data for this zone, and they need to remove the  
slave files?

> Computer:	NS0
> Description:
> Transfer started.
> Computer:	NS0
> Description:
> transfer of '' from xx.xx.37.14#53: connected  
> using
>  xx.xx.0.26#4012
> Computer:	NS0
> Description:
> transfer of '' from xx.xx.37.14#53: failed while
> receiving responses: NOTAUTH

-- end of logs for

> Computer:	NS0
> Description:
> zone refused notify from non-master:
>  xx.xx.37.6#56516

This is a valid domain, current records, should be working fine.  Is  
the refusal because they are asking  xx.xx.37.6?  Yes, this IP is on  
the same machine, but that IP is used for http, and not DNS. So in  
this case, my transfer source is  xx.xx.37.14, and they hit  xx.xx. 
37.6, which named is not listening on, and get the above error?

Those are the only two they gave me, but the general problem is, I can  
update a zone, change the serial, issue rndc reload, and see my logs  
show a notify sent their way.  It can then take anywhere from a few  
minutes, to hours, to sometimes days to get the change to hit the  

As far as you can see, is there anything on my end that I should look  
into?  If I send a notify, see it in the logs, and do not see errors  
with it, and further, in a while, someone like openDNS picks up on it,  
would it be safe to assume my setup is good, and they need to look  
into their end?

Scott * If you contact me off list replace talklists@ with scott@ *

