On 10/30/19 1:14 AM, Walter H. wrote: > can someone explain these errors > > Oct 27 15:34:05 vhost01 named[1316]: zone #ZONE#/IN/auth: refresh: > retry limit for master IPV6-MASTER#53 exceeded (source IPV6-THIS#0) https://access.redhat.com/solutions/1231573 I believe this means that the client is trying to reach the server over UDP, and is unable to do so. > is this caused by a misconfiguration at the master dns or this dns > (slave)? Probably the firewall or ACL on the master. > is there a serious problem? I think so, yes. > the master has these for each dns > > -A INPUT -i sit1 -s IPV6-SLAVE -d IPV6-MASTER -m tcp -p tcp --dport 53 > -m state --state NEW -j ACCEPT > -A INPUT -i sit1 -s IPV6-SLAVE -d IPV6-MASTER -m udp -p udp --dport 53 > -j ACCEPT You're obscuring kind of a lot of information, so it's hard to guess. If the ACLs are denying transfers, I believe the server's named logs will reflect that, so check those. If the firewall is denying it, you should be able to observe that using tcpdump on the server to watch requests and responses from the client. You might also want to check whether the client is using RFC4941 temp addresses, and whether your ACLs and rules will actually match the address it uses for requests: http://tldp.org/HOWTO/Linux+IPv6-HOWTO/ch06s05.html