BIND: Zone transfer fails with "permission denied"

[ATC]

Messages like these appear in /var/log/messages:

Aug  1 13:20:07 hostname named[28614]: transfer of 'zone-name-here/IN' from x.x.x.x#53: failed while receiving responses: permission denied
Aug  1 13:20:07 hostname named[28614]: transfer of 'zone-name-here/IN' from x.x.x.x#53: end of transfer

[ATC]

Make sure the local zone file (usually in /var/named) is owned by the same user:group running named.

Gather the necessary info like this:
# ls -l /var/named
# ps aux | grep named

Example: /var/named is owned by nobody:nobody and is mode 02755, the zone file is owned by nobody:nobody and is mode 0644. The named process is owned by root:root. This will NOT work even though logically root should be able to overwrite a file owned by nobody.

Use the "chown" command to change file ownership.
# chown -R root:root /var/named

Note however that this may interfere with certain automated DNS systems (for instance the one we use) so you may want to limit the command to specific zone files.