Back to All Scenarios
PASSEDnetwork / dns_zone_transfer_failure
DNS Zone Transfer Failure — Secondary DNS Serving Stale Records
The primary DNS server's zone transfer (AXFR) to the secondary fails due to a firewall rule change blocking TCP port 53. The secondary DNS server continues serving increasingly stale records, causing intermittent name resolution failures as TTLs expire.
Pattern
DNS_FAILURE
Severity
CRITICAL
Confidence
90%
Remediation
Remote Hands
Test Results
| Metric | Expected | Actual | Result |
|---|---|---|---|
| Pattern Recognition | DNS_FAILURE | DNS_FAILURE | |
| Severity Assessment | CRITICAL | CRITICAL | |
| Incident Correlation | Yes | 42 linked | |
| Cascade Escalation | Yes | Yes | |
| Remediation | — | Remote Hands — Corax contacts on-site support via call, email, or API |
Scenario Conditions
BIND 9 primary and secondary DNS. Firewall rule change blocked TCP/53 for zone transfers. Secondary serving stale data (12 hours old). New DNS records not propagating. 300+ zones affected.
Injected Error Messages (3)
DNS zone transfer failing — AXFR from ns1 to ns2 refused, TCP/53 connection denied, dns resolution failed for newly added entries on secondary server, zone serial mismatch: primary 2026032901 vs secondary 2026032801
Secondary DNS serving stale data — dns resolution failed for entries added in last 12 hours, zone transfer AXFR connection denied, NOTIFY messages being sent but transfers not completing, 300+ zones out of sync
New application dns resolution failed — newapp.internal.company.com returning NXDOMAIN on ns2 while resolving correctly on ns1, clients using ns2 unable to reach new services, TTL-expired entries returning SERVFAIL
Neural Engine Root Cause Analysis
The primary DNS server (ns1) at 10.0.0.53 is experiencing a critical failure preventing zone transfers to secondary DNS server (ns2). The TCP/53 connection is being denied, indicating either the DNS service is down, firewall/network connectivity issues, or the service is refusing AXFR requests. This is causing zone serial mismatches (primary 2026032901 vs secondary 2026032801) and preventing DNS resolution for newly added entries, creating a cascading failure affecting 16 correlated incidents.
Remediation Plan
1. Check if DNS service (likely BIND) is running on ns1 (10.0.0.53) 2. Verify TCP/53 port connectivity between ns1 and ns2 3. Check firewall rules allowing AXFR transfers 4. Restart DNS service if process is hung or misconfigured 5. Verify zone file integrity and permissions 6. Force zone transfer after service restoration 7. Monitor zone serial synchronization between primary and secondary
Tested: 2026-03-30Monitors: 3 | Incidents: 3Test ID: cmncjprld03lnobqexqnzkuuy