[CentOS] named errors in /var/log/messages

Gordon Messmer

gordon.messmer at gmail.com
Sat Nov 9 17:58:41 UTC 2019

On 10/30/19 1:14 AM, Walter H. wrote:
> can someone explain these errors
> Oct 27 15:34:05 vhost01 named[1316]: zone #ZONE#/IN/auth: refresh: 
> retry limit for master IPV6-MASTER#53 exceeded (source IPV6-THIS#0)


I believe this means that the client is trying to reach the server over 
UDP, and is unable to do so.

> is this caused by a misconfiguration at the master dns or this dns 
> (slave)?

Probably the firewall or ACL on the master.

> is there a serious problem?

I think so, yes.

> the master has these for each dns
> -A INPUT -i sit1 -s IPV6-SLAVE -d IPV6-MASTER -m tcp -p tcp --dport 53 
> -m state --state NEW -j ACCEPT
> -A INPUT -i sit1 -s IPV6-SLAVE -d IPV6-MASTER -m udp -p udp --dport 53 

You're obscuring kind of a lot of information, so it's hard to guess.  
If the ACLs are denying transfers, I believe the server's named logs 
will reflect that, so check those.  If the firewall is denying it, you 
should be able to observe that using tcpdump on the server to watch 
requests and responses from the client.

You might also want to check whether the client is using RFC4941 temp 
addresses, and whether your ACLs and rules will actually match the 
address it uses for requests:


More information about the CentOS mailing list