Hello, As you may be aware, BitFolk offers free authoritative DNS services to VPS customers. This is provided by means of the BitFolk DNS servers taking a zone transfer (AXFR) from the customer's name server. As part of this service we monitor the customer's name server as a matter of course. That's because it saves everyone's time to know where any problems lie. What we currently monitor: - Customer's server responds on TCP/53 - Query of server for SOA record of the customer's domain produces a positive, authoritative response That's pretty good but it misses one class of misconfiguration: where a customer's name server is misconfigured to refuse zone transfer from BitFolk's servers. That's pretty obvious the first time the zone slaving is set up, but if it happens afterwards then it relies on customers spotting anomalies in their log files. If it isn't fixed, then once the "expire" setting of the SOA record is reached (generally 1-2 weeks for most domains) our name servers will no longer respond to queries for the customer's domain. This may come as a shock to the customer. At this point alerts will start firing for us and we'll probably have to open a ticket. I would really rather not have to open a ticket either when I spot the refused AXFRs in my logs, or when I start getting alerts. I would rather the customer got alerts as soon as AXFRs start failing. The problem is I can't think of a way to check that AXFR works without doing an AXFR. :) Can anyone else? Alternatively, if BitFolk's Nagios tried an AXFR say once a day for each of your zones would you consider that excessive? Cheers, Andy -- http://bitfolk.com/ -- No-nonsense VPS hosting "I am the permanent milk monitor of all hobbies!" -- Simon Quinlank