The option allow-transfer defines a list of addresses that are sequentially checked for the purpose of determine what IP addresses are to be allowed (or denied) the ability to transfer (copy) zone information for a domain.
You may enter the a match list as one would normally enter in a BIND zone file, and as illustrated in the examples below. Specific things to note are as follows:
22.214.171.124; 126.96.36.199; 188.8.131.52; 184.108.40.206; 220.127.116.11; none;
!18.104.22.168; 22.214.171.124/24; none;The above example will disallow zone transfers to be done for IP address 126.96.36.199, will allow the remainder of this /24 to perform zone transfers, and everyone else will be disallowed.