Cant get updates for my external slave server anymore

[Sjoerd]

It seems that my ip number is blocked to do an ixfr to another slave server.
Last update was from 9 june this year and now getting repeatedly an SERVFAIL
general: info: zone myslavezone.tld/IN/UNTRUSTED: refresh: unexpected rcode (SERVFAIL) from master 64.68.198.91#53 ( source slaveserverip#0)

Is that specific ip blocked for ixfr or is there some other problem.

Help please.

 

[Chris Cherry]

Sorry for the delay.

Click on the Integrations tab when you have your domain managed.

Click the "zone transfers" link. Do you have your IP address listed in the Allow Zone Transfers box?

 

[Sjoerd]

Yes. It’s the same ip address as the slave server.

Also did a restore from a known working backup and got the same error.
I even drop my firewall rules to let it get full access and did’t helped.

Some other messages from logfile:
Jul 11 15:41:14 asus named-sdb[6191]: 11-Jul-2023 15:41:14.680 general: info: zone mydomain.tld/IN/untrusted: refresh: unexpected rcode (SERVFAIL) from master 64.68.198.91#53 (source slaveserverip4#0)
Jul 11 15:41:14 asus named-sdb[6191]: 11-Jul-2023 15:41:14.777 general: info: zone mydomain.tld/IN/untrusted: Transfer started.
Jul 11 15:41:14 asus named-sdb[6191]: 11-Jul-2023 15:41:14.872 xfer-in: info: transfer of 'mydomain.tld/IN/untrusted' from 64.68.198.83#53: connected using slaveserverip4#24448
Jul 11 15:41:15 asus named-sdb[6191]: 11-Jul-2023 15:41:15.075 xfer-in: error: transfer of 'mydomain.tld/IN/untrusted' from 64.68.198.83#53: failed while receiving responses: REFUSED
Jul 11 15:41:15 asus named-sdb[6191]: 11-Jul-2023 15:41:15.075 xfer-in: info: transfer of 'mydomain.tld/IN/untrusted' from 64.68.198.83#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.202 secs (0 bytes/sec)

 

[Chris Cherry]

We're going to need to know the domain so we can check the logs on our end.

 

[Sjoerd]

lingeek.nl

 

[sandy]

hi there.

the domain does have zone transfers allowed from 212.187.124.126, but we are not seeing this IP hit the system. Nothing in the firewall either. We are only seeing the notifies for zone changes, but nothing coming in.

Can you please double check your ACL or firewall

regards.

 

[Sjoerd]

Made another dns record file and got the proper ixfr data:

Jul 18 02:56:24 asus named-sdb[26631]: 18-Jul-2023 02:56:24.385 general: info: zone crystalh.nl/IN/untrusted: Transfer started.
Jul 18 02:56:24 asus named-sdb[26631]: 18-Jul-2023 02:56:24.385 general: info: zone lingeek.nl/IN/untrusted: refresh: unexpected rcode (SERVFAIL) from master 64.68.198.91#53 (source 0.0.0.0#0)
Jul 18 02:56:24 asus named-sdb[26631]: 18-Jul-2023 02:56:24.488 xfer-in: info: transfer of 'crystalh.nl/IN/untrusted' from 64.68.198.91#53: connected using 212.187.124.126#7913
Jul 18 02:56:24 asus named-sdb[26631]: 18-Jul-2023 02:56:24.693 general: info: zone crystalh.nl/IN/untrusted: transferred serial 1689641471
Jul 18 02:56:24 asus named-sdb[26631]: 18-Jul-2023 02:56:24.693 xfer-in: info: transfer of 'crystalh.nl/IN/untrusted' from 64.68.198.91#53: Transfer completed: 1 messages, 9 records, 283 bytes, 0.204 secs (1387 bytes/sec)

2nd works with current setup on my part. Only first on doesn’t work anymore. Wonder if it is a problem on my part or not?

 

[sandy]

most likely something on your side as we were not seeing any requests reach us.

regards

 

[Sjoerd]

Something is wrong and its not my side.
#host -l -a lingeek.nl xfr0.zoneedit.com

#host lingeek.nl not found: 2(SERVFAIL)

Seems that xfr0 server has lost the domain to replicate.

 

[Sjoerd]

Ever tried from 'master' to 'slave' zone and back to 'master' zone. That seems to 'not work'

 

[Chris Cherry]

The issue we see is there's nothing in our logs since July 17th:

xfer-in.log.8.gz:17-Jun-2023 23:50:32.169 transfer of 'lingeek.nl/IN' from 212.###.###.126#53: failed to connect: timed out