We've been experiencing an issue where some zones are not
synchronizing properly from our primary server via TLS, mostly on
remote locations, where the connection tends to be unstable.

The scenario that we have able to reproduce is as follows:

• The primary server is running a proprietary solution serving about 140 zones
• NSD 4.6.1 is running as a secondary for all zones
• All transfers are done via TLS
• In order to simulate a poor connection, we manually added a 300ms
  delay and 10% packet loss on the client connection.

In this scenario, we noticed that some zones can't complete a zone
transfer (IXFR), probably due to unstable connection, and don't try
again at any moment later, even when receiving new notifies.

From the logfile, the msg that seems to be mostly related to this issue is:

[2023-01-24 19:35:19.858] nsd[14100]: error: ssl_read returned error 5 with received 0
[2023-01-24 19:35:19.858] nsd[14100]: error: xfrd: failed reading tcp Success

When queried for zonestatus, an out-of-sync zone appears to be in state "refereshing":

zone:    ecn.br
    state: refreshing
    served-serial: "2023023434 since 2023-01-23T18:05:17"
    commit-serial: "2023023434 since 2023-01-23T18:05:17"
    notified-serial: "2023023442 since 2023-01-23T18:25:16"
    transfer: "TCP connected to <primary IP>"

By running "netstat" both on the primary and secondary servers, there seems to be no open connection between the two.

Once it reaches this point, in order to make the zone synchronize
again, we have to run "nsd-control force_transfer".