If you’re running a slave nameserver using bind9 and you’re getting messages like this in your logs:

    Aug 31 19:58:30 sns named[12175]: zone somedomain.com/IN: refused notify from non-master: 2002:1234:cdef::1234:cdef#13361

then the master is sending out notifies on an IPv6 address. Normally, you could just add that address to the “masters” list in the zone on the slave, but if the master isn’t listening on IPv6 you’ll get a bunch of other errors, like this:

    Aug 31 07:32:33 sns named[12175]: zone somedomain.com/IN: refresh: retry limit for master 2002:1234:cdef::1234:cdef#53 exceeded (source ::#0)
    Aug 31 07:32:33 sns named[12175]: zone somedomain.com/IN: Transfer started.
    Aug 31 07:35:42 sns named[12175]: transfer of 'somedomain.com/IN' from 2002:1234:cdef::1234:cdef#53: failed to connect: timed out
    Aug 31 07:35:42 sns named[12175]: transfer of 'somedomain.com/IN' from 2002:1234:cdef::1234:cdef#53: Transfer completed: 0 messages, 0 records, 0 bytes, 189.000 secs (0 bytes/sec)

There are two ways to fix this: on the slave nameserver, or on the master.

Fix on the slave

On the slave, you can use the “allow-transfer” statement. It goes in the “options” statement (it’s not “per-zone”).

    allow-transfer { 2002:1234:cdef::1234:cdef; };

(note the semi-colon after the address _and_ after the close-curly-brace)

Fix on the master

On the master, you can either listen on IPv6 for requests to refresh the zone, or you can stop sending on IPv6 for notifies.

to listen on IPv6 on the master

add to its bind config in the options statement:

    listen-on-v6 { any; };

to send notifies on IPv4 on the master

add to its bind config:

    notify-source { 01.02.03.04 port 53; };

notify-source can be in the options, zone or view statements.