I get warning messages like "zone example.com/IN: refresh: failure trying primary 1.2.3.4#53: timed out".
  • 01 Jul 2021
  • 1 Minute to read
  • Contributors
  • Dark
    Light
  • PDF

I get warning messages like "zone example.com/IN: refresh: failure trying primary 1.2.3.4#53: timed out".

  • Dark
    Light
  • PDF

Article Summary

Check that you can make UDP queries from the secondary to the primary:

dig +norec example.com soa @1.2.3.4

You could be generating queries faster than the secondary can cope with. One simple strategy would be to lower the serial query rate:

serial-query-rate 5; // default 20
Changes to serial-query-rate and other configuration options relating to zone refresh
BIND has been updated to separate the rate limiting controlled originally by the serial-query-rate into several options, so that SOA refresh queries and zone update notifications can be independently controlled. For more information, see serial-query-rate, notify-rate and startup-notify-rate: how they impact zone transfers in different versions of BIND.

DNS system administrators who would like to learn more about tuning their primary and secondary servers more effectively may be interested in reading: Tuning your BIND configuration effectively for zone transfers (particularly with many frequently-updated zones).