continued dns issue

so, my original issue was ns1 not updating ns2 and ns3.
over the past few months and specifically today, i have narrowed and seen the specific issue.
i have 32 external ip's, each server has a 10.0.0.0/24 ip and using pfsense, these are mapped external IP > internal IP.
ns1 gets an error when i request from ns2

Code:

2025-10-23T16:32:45.734550+01:00 ns1 named[633]: client @0x7f6362dea168 10.0.0.1#61916 (tlsystems.co.uk): zone transfer 'tlsystems.co.uk/AXFR/IN' denied 

and looks like all communication between servers are using 10.0.0.1 when received.
A chatgpt query states to add

Code:

options {
    allow-transfer { 10.0.0.0/24; };
};

to /etc/bind/named.conf.options.
or this code snippet

Code:

    acl "secondary-servers" {
        192.0.2.1;
        192.0.2.2;
        10.0.0.10;
    };

    options {
        directory "/var/cache/bind";
        // ... other options ...
    };

will this fix the issue with communication between 3 servers?
I have ruled out permission for /etc/bind/slave

thanks

 

Thanks till,
so do i have to change dns zones from allow-transfer using external ip to its internal ip?

 

You have a whole other problem then bind config!

If all 3 servers are in the same network they should communicate with each other directly and by that connect using their respective 10.0.0.x address.
When you see only connections from 10.0.0.1 (I assume your pfsense) it means connections are made via wan and not over lan directly.

Don't implement chatgpt's suggestions! Or if you already have, undo it!
With proper configuration of dns zones in ispconfig those suggestions are not necessary and even may lead to more problems which will be hard to find because they are out of ispconfig's default config scope.

So figure out why your nameservers want to connect to each other over wan instead of lan directly.
Fix that and all should work just fine, assuming you've configured all zones correctly in ispconfig.