Hurricane Electric's IPv6 Tunnel Broker Forums

Hello, I am trying to setup an slave dns server and I fail every time.

I have a bind9 server as a master, there is my config:

named.conf:
acl "he" {
        216.218.133.2;
        2001:470:600::2;
};

options {
        directory "/var/bind";
        pid-file "/run/named/named.pid";

        /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
        //bindkeys-file "/etc/bind/bind.keys";

        listen-on-v6 { ::1; 2001:470:26:5df:1::1; };
        listen-on { 127.0.0.1; 192.168.18.203; };

        max-cache-size 104857600;

        allow-query {
                /*
                 * Accept queries from our "trusted" ACL.  We will
                 * allow anyone to query our master zones below.
                 * This prevents us from becoming a free DNS server
                 * to the masses.
                 */
                trusted;

        allow-query-cache {
                /* Use the cache for the "trusted" ACL. */
                trusted;
        };

        allow-recursion {
                /* Only trusted addresses are allowed to use recursion. */
                trusted;
        };

        allow-transfer {
                /* Zone tranfers are denied by default. */
                none;
        };

    allow-update {
                /* Don't allow updates, e.g. via nsupdate. */
                none;
        };

    /*
    * If you've got a DNS server around at your upstream provider, enter its
        * IP address here, and enable the line below. This will make you benefit
        * from its cache, thus reduce overall DNS traffic in the Internet.
        *
        * Uncomment the following lines to turn on DNS forwarding, and change
        *  and/or update the forwarding ip address(es):
        */

        forward first;
        forwarders {
        //    123.123.123.123;        // Your ISP NS
        //    124.124.124.124;        // Your ISP NS
        //    4.2.2.1;                // Level3 Public DNS
        //    4.2.2.2;                // Level3 Public DNS
                8.8.8.8;                // Google Open DNS
                8.8.4.4;                // Google Open DNS
        };


        //dnssec-validation yes;

        /*
         * As of bind 9.8.0:
         * "If the root key provided has expired,
         * named will log the expiration and validation will not work."
         */
        dnssec-validation auto;

        /* if you have problems and are behind a firewall: */
        //query-source address * port 53;
};


logging {
        channel default_log {
                file "/var/log/named/named.log" versions 5 size 50M;
                print-time yes;
                print-severity yes;
                print-category yes;
        };

        category default { default_log; };
        category general { default_log; };
};


include "/etc/bind/rndc.key";
controls {
        inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };
};

zone "." in {
    type hint;
        file "/var/bind/named.cache";
};

zone "localhost" IN {
        type master;
        file "pri/localhost.zone";
        notify no;
};

zone "alvaro.hernandez-garcia.me" {
        type master;
        file "ahg.db";
        allow-transfer { he; };
        allow-update { localhost; };
        notify explicit;
        also-notify { 216.218.130.2; };
        forwarders { };

};


Also my zone file:
$TTL 600
$ORIGIN alvaro.hernandez-garcia.me.
@               IN    SOA     ns1.he.net.     support         (2026050902 3600 18000 864000 3600)
@               IN    NS    ns1.he.net.
@               IN    NS    ns2.he.net.
@               IN    NS    ns3.he.net.
@               IN    NS    ns4.he.net.
@               IN    NS    ns5.he.net.

ads00           IN    AAAA    2001:470:26:5df:1::13


The response:
https://imgur.com/a/5V366iI

PS:Images not showed, posting link.


I am probe everything with no result. I don't know was I doing wrong.

Solved!!! Was the AD-blocker, turning off and all fine.