Enable TSIG authentication of the zone transfer agents
RFC 2845 describes a secret-key mechanism known as transaction signatures (TSIGs) for authenticating DNS. Most common name servers support some version of this mechanism. ZTAs (zone transfer agents) currently support the use of TSIGs. Windows NS does not currently support TSIGs.
BIND 9 and later: TSIG example provides syntax examples for enabling IP ACLs and/or TSIGs on BIND primary name servers.