My Scenario is this, NS1 (primary zones) is in Colo #1 in Portland, NS2 (secondary zones) is in Colo #2 in Colorado. I host a variety of zone files, some big, some small for different groups, all internet facing, none of these are AD integrated zones.. I had to re-ip NS2 due to an ISP acquisition. After changing the IP's and updating the records, 2/3 of the domains work great, but 1/3 are giving 2003 Event ID 6523 "Zone xyz.com failed zone refresh check. Unable to connect to master DNS server at x.x.x.x to receive zone transfer. Check that the zone contains correct IP address for the master server or if network failure has occurred.
For the most part the zone files that were working were small, and the ones that were not were larger, however that wasn't always true. Doing an nslookup from NS2's console to NS1, doing a ls xyz.com was also not working as expected.
I noticed that in the logs outbound from NS2 that UDP DNS requests were working, but TCP DNS requests were failing. I had the firewall of NS1 opened to both TCP and UDP, and now everything is syncing just fine.
HINT: I also learned using a test address in a DNS zone with the IP of 0.0.0.0 makes Windows DNS think the zone file is invalid, so don't use that as a lazy address for testing.