Zone refresh error: refresh: retry limit for master a.b.c.d#53 exceeded

Reindl Harald h.reindl at
Mon Jul 13 19:48:43 UTC 2015

Am 13.07.2015 um 21:46 schrieb Anand Buddhdev:
> On 13/07/15 21:31, Anand Buddhdev wrote:
>> So what could cause these SOA lookup failures in BIND on one server, but
>> not another? Could the developers tell me how BIND does SOA queries over
>> UDP, and is there any way to mimic this with dig?
> Oops. I just noticed Cathy Almond's response to Irwin Tillman, and
> recognised the symptom. It turns out that our network guys are blocking
> outbound UDP queries with a source port of 2049, and BIND is getting
> stuck on this. Now that I know the problem, I know whom to chase for a
> solution.
> Apologies for wasting everyone's time with my rather long post. I should
> have read the archives of the list first!

greetings to the firewall admins

* they should monitor their logs
* additional:  -m conntrack --ctstate NEW may help in general

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the bind-users mailing list