Hi,
Every SOA REFRESH time, BIND9 slave server checks master’s SOA serial
(with ordinary UDP SOA query) and if the serial is increased it starts AXFR.
But my NSD slave server (4.0.0 and 3.2.16) just do AXFR with
no serial checking every REFRESH time. (according to tcpdump).
I expect SOA serial checking before AXFR to avoid load at both
master/slave side.
This is my NSD configuration. Something is missing?
Oh I’ve missed this statement in doc/NSD-FOR-BIND-USERS 
An AXFR initiated by the built-in transfer process
will not start with a SOA query at all. The first
packet of the AXFR transfer will be used to determine
the SOA version number in that case. This is a conscious
breach of RFC spec to ease implementation and efficiency.
"First packet" size seems to be up to 16kB for NSD4 master.
Usual forward zones likely fit into it so full zone transfer
may occur every REFRESH time.
In doc/TODO :
- query SOA before getting AXFR and then cutting it off,
it causes an err log on the master.
It would be nice if it implemented since I worry about tcp setup/transfer
overhead especially in many zone hosting scenario.
Regards,