Hello, can someone explain these errors Oct 27 15:34:05 vhost01 named[1316]: zone #ZONE#/IN/auth: refresh: retry limit for master IPV6-MASTER#53 exceeded (source IPV6-THIS#0) Oct 27 15:34:05 vhost01 named[1316]: zone #ZONE#/IN/auth: Transfer started. Oct 27 15:34:06 vhost01 named[1316]: zone #ZONE#/IN/auth: refresh: retry limit for master IPV6-MASTER#53 exceeded (source IPV6-THIS#0) Oct 27 15:34:06 vhost01 named[1316]: zone #ZONE#/IN/auth: Transfer started. Oct 29 04:06:19 vhost01 named[1316]: zone #ZONE#/IN/auth: refresh: retry limit for master IPV6-MASTER#53 exceeded (source IPV6-THIS#0) Oct 29 04:06:19 vhost01 named[1316]: zone #ZONE#/IN/auth: Transfer started. is this caused by a misconfiguration at the master dns or this dns (slave)? (the master dns can only be connected by IPv6) is there a serious problem? there also can be found such entries Oct 29 04:06:21 vhost01 named[1316]: transfer of '#ZONE#/IN/auth' from IPV6-MASTER#53: connected using IPV6-THIS#46019 Oct 29 04:06:21 vhost01 named[1316]: transfer of '#ZONE#/IN/auth' from IPV6-MASTER#53: Transfer completed: 0 messages, 1 records, 0 bytes, 0.064 secs (0 bytes/sec) or is this just caused by #0 - I guess source port 0? these are the ip6tables entries on this dns (slave) -A INPUT -i eth0 -d IPV6-THIS -m tcp -p tcp --dport 53 -m state --state NEW -j ACCEPT -A INPUT -i eth0 -d IPV6-THIS -m udp -p udp --dport 53 -j ACCEPT the master has these for each dns -A INPUT -i sit1 -s IPV6-SLAVE -d IPV6-MASTER -m tcp -p tcp --dport 53 -m state --state NEW -j ACCEPT -A INPUT -i sit1 -s IPV6-SLAVE -d IPV6-MASTER -m udp -p udp --dport 53 -j ACCEPT the master DNS has this in /etc/named.conf acl dns-hosts { IPV6-SLAVE; // IPv6only: slave ... }; view "auth" { match-clients { dns-hosts; }; empty-zones-enable no; recursion no; additional-from-auth no; additional-from-cache no; also-notify { IPV6-SLAVE; // IPv6only: slave ... }; notify-source 0.0.0.0; notify-source-v6 IPV6-MASTER; transfer-source 0.0.0.0; transfer-source-v6 IPV6-MASTER; zone "#ZONE#" IN { type master; notify yes; file "named._authzone-#ZONE#"; allow-transfer { dns-hosts; }; allow-update { none; }; }; ... }; the slaves itself have this in /etc/named.conf masters masterhost { IPV6-MASTER; // IPv6only: master }; view "auth" { match-clients { any; }; empty-zones-enable no; recursion no; transfer-source 0.0.0.0; transfer-source-v6 IPV6-SLAVE; additional-from-auth no; additional-from-cache no; zone "#ZONE#" IN { type slave; masters { masterhost; }; file "slaves/named._authzone-#ZONE#"; }; ... }; I have 3 slave DNS servers, each has the same master; and such log entries are at all three slave DNS servers; each of these 3 slaves is DualStack (in the wild) and the master is IPv6only (at home) Thanks, Walter _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos