Last night I spend hours trying to debug a problem. (Got to love it when it’s just a switch somewhere :D) I have my primary DNS in house and secondary out on the internet. I configured the firewall to allow the transfer but it just wouldn’t start. I could see the connection going through both firewalls, even reaching the computer. But just wouldn’t start transferring with BIND.
Till I turn off the “Intrusion Detection and DoS Prevention” feature. Once disabled the DNS transfer works no problem. Not sure if this is a bug or intended. But would be nice to have DoS prevention while still allowing services to function.**
If it helps the command I was using to debug was dig @<ip of peplink wan> <domain> axfr