O problema era a porta 53 ser protegida por firewall a partir da porta externa, mas não no localhost ou na interface VPN.
Eu não tinha notado porque eu geralmente tentava dig @localhost
.
Se bem entendi, mestre envia uma mensagem para UDP / 53 (via Stefan). Isso foi, portanto, parcialmente protegido por firewall e causou o problema.
Mestre:
Oct 3 18:56:25 localhost pdns[6884]: gmysql Connection successful
Oct 3 18:56:25 localhost pdns[6884]: AXFR of domain 'netly.io' initiated by 162.243.25.159
Oct 3 18:56:25 localhost pdns[6884]: AXFR of domain 'netly.io' allowed: client IP 162.243.25.159 is in allow-axfr-ips
Oct 3 18:56:25 localhost pdns[6884]: gmysql Connection successful
Oct 3 18:56:25 localhost pdns[6884]: gmysql Connection successful
Oct 3 18:56:25 localhost pdns[6884]: AXFR of domain 'netly.io' to 162.243.25.159 finished
Oct 3 18:56:25 localhost pdns[6884]: Received unsuccessful notification report for 'netly.io' from 146.185.146.149:53, rcode: 4
Oct 3 18:56:25 localhost pdns[6884]: Removed from notification list: 'netly.io' to 146.185.146.149:53
Oct 3 18:56:25 localhost pdns[6884]: Removed from notification list: 'netly.io' to 162.243.25.159:53 (was acknowledged)
Oct 3 18:56:27 localhost pdns[6884]: No master domains need notifications
Escravo:
Oct 3 18:56:25 localhost pdns[2263]: 1 slave domain needs checking, 0 queued for AXFR
Oct 3 18:56:25 localhost pdns[2263]: Received serial number updates for 1 zones, had 0 timeouts
Oct 3 18:56:25 localhost pdns[2263]: Domain netly.io is stale, master serial 2013100302, our serial 2013100301
Oct 3 18:56:25 localhost pdns[2263]: Initiating transfer of 'netly.io' from remote '146.185.146.149'
Oct 3 18:56:25 localhost pdns[2263]: AXFR started for 'netly.io', transaction started
Oct 3 18:56:25 localhost pdns[2263]: Zone 'netly.io' (/etc/powerdns/bind/netly.io.) reloaded
Oct 3 18:56:25 localhost pdns[2263]: AXFR done for 'netly.io', zone committed with serial number 2013100302