Zone refresh error: refresh: retry limit for master a.b.c.d#53 exceeded
Reindl Harald
h.reindl at thelounge.net
Mon Jul 13 19:48:43 UTC 2015
Am 13.07.2015 um 21:46 schrieb Anand Buddhdev:
> On 13/07/15 21:31, Anand Buddhdev wrote:
>
>> So what could cause these SOA lookup failures in BIND on one server, but
>> not another? Could the developers tell me how BIND does SOA queries over
>> UDP, and is there any way to mimic this with dig?
>
> Oops. I just noticed Cathy Almond's response to Irwin Tillman, and
> recognised the symptom. It turns out that our network guys are blocking
> outbound UDP queries with a source port of 2049, and BIND is getting
> stuck on this. Now that I know the problem, I know whom to chase for a
> solution.
>
> Apologies for wasting everyone's time with my rather long post. I should
> have read the archives of the list first!
greetings to the firewall admins
* they should monitor their logs
* additional: -m conntrack --ctstate NEW may help in general
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150713/4a6c6a0e/attachment.bin>
More information about the bind-users
mailing list