Bind9 not updating zone
This statement saves bandwidth at the expense of increased CPU and memory consumption.
Sets a maximum size in bytes (may take the case insensitive k or m shortforms) for each journal file.
While on its face this may seem an excessively friendly default, DNS data is essentially public (that's why its there) and the bad guys can get all of it anyway.
However if the thought of anyone being able to transfer your precious zone file is repugnant, or (and this is far more significant) you are concerned about possible Do S attack initiated by XFER requests, then use the following policy.
allow-notify applies to slave zones only and defines a match list, for example, IP address(es) that are allowed to NOTIFY this server and implicitly update the zone in addition to those hosts defined in the masters option for the zone.
Note: The also-notify statement can appear in a zone file, in which case its scope is the single zone, or in an options clause, in which case its scope is all zones, or in a view clause, in which case it applies to all zones in the view.
The gp-num parameter changes the port number used for NOTIFY for all the listed servers (the default is port 53).
The p-num parameter changes the port number for the specific IP address only.
This statement may be used in a zone, view or global options clause. IP address(es) that are allowed to transfer (copy) the zone information from the server (master or slave for the zone).
The default behaviour is to allow zone transfers to any host.
From BIND9.10 the statement also allows the use of a Diff Serv Differentiated Service Code Point (DSCP) number (range 0 - 95, where supported by the OS) to be used to identify the traffic classification.