Why is my secondary server trying sometimes to use a different source IP address for zone transfers?

  • Updated on Jan 16, 2019
  • Published on Jan 31, 2018
  • 1 minute(s) read
  • Suzanne Goldlust
  • Cathy Almond

There are several configuration options in named.conf that control which IPv4 and/or IPv6 source addresses are used for the SOA refresh queries and for the zone transfers themselves. See the Administrator Reference Manual for more details.

The well-known ones are these:

transfer-source - determines which local IPv4 address will be used as the source for both SOA refresh queries and zone transfer requests that need to be made to servers.

transfer-source-v6 - the same as transfer-source, but used when the destination is an IPv6 address.

Less well-known are:

alt-transfer-source - this provides an alternative local IPv4 source address to use if the first one fails.

alt-transfer-source-v6 - the same as alt-transfer-source, but used when the destination is an IPv6 address.

use-alt-transfer-source - defines whether or not named will fall back to using the alternative source addresses when the first attempt at a zone transfer fails.

If you are using views, the configuration option use-alt-transfer-source will default to 'yes'
Administrators using views should ensure that they either configure use-alt-transfer-source no; or that they have appropriate settings for alt-transfer-source and/or alt-transfer-source-v6.
If undefined, named will itself choose the source IPv4 or IPv6 address(es) to use
This applies to both transfer-source and alt-transfer-source (and also to the IPv6 options). named will usually select the source address that is "closest" to the remote end. This can lead to unexpected outcomes - therefore it is best to configure all of these options explicitly to avoid surprises!