I have a number of DNS zones set up on the primary server (let's say 220.127.116.11) on my multi-server ISPConfig3 setup. These all allow zone transfers to the slave DNS on the secondary server (18.104.22.168). I have not set up mirroring from the primary to the secondary server. Both servers are running Bind9, configured by ISPConfig. In order to configure the slave server I'd set up corresponding secondary zones for each zone in ISPConfig. These are configured as: Server: secondary.domain.tld DNS-Zone: clientdomain.tld NS: 22.214.171.124 Allow zone transfers to: 126.96.36.199 I'd noticed that some but not all zones were propagating to the secondary server with entries in named.conf.local and supporting files in /etc/bind/slave. I couldn't establish why only some were pulling through. Looking at the system logs some transfer fine, but the others give a 'non-authoritative' error. Using dig on the primary server gives a 'NOERROR' status. Using dig on the secondary server (via the primary) gives a 'REFUSED' status. I deleted the slave entries in named.conf.local and the supporting files. I can't figure out why this isn't working. It seems to be close but no cigar. Am I using the correct settings in the zones and secondary zones in ISPConfig? I'm assuming that if I fix whatever's causing the problem then the transfers will begin again and Bind9 on the slave will populate named.conf.local and the /etc/bind/slave folder, or will I need to reconfigure these in ISPConfig once it's fixed? Any help appreciated, I'm going mad here!