bind: client X... zone transfer 'example.com/AXFR/IN' denied, but allow-transfer { X; }; is set!

The issue has been solved now. I did fairly major changes:

1. Tightening security by some permissions for files (this probably isn't the case, because they were OK before this also)
2. Didn't have rndc configuration in place. Generated key and set up rndc.

3. And then.... when i was making changes in named.conf and restarted, it seems that previous process wasn't killed, but new ones spawned and i had such lines in my log:

   Jan 25 15:43:22 web named[18863]: listening on IPv6 interfaces, port 53
   Jan 25 15:43:22 web named[18863]: binding TCP socket: address in use
   Jan 25 15:43:22 web named[18863]: listening on IPv4 interface lo, 127.0.0.1#53
   Jan 25 15:43:22 web named[18863]: binding TCP socket: address in use
   Jan 25 15:43:22 web named[18863]: listening on IPv4 interface eth0, 10.3.0.10#53
   Jan 25 15:43:22 web named[18863]: binding TCP socket: address in use
   ...
   Jan 25 15:43:22 web named[18863]: /etc/named.conf:12: couldn't add command channel 0.0.0.0#953: address in use
   

   Now i did killall named and then /etc/init.d/bind9 start and all went fine.

Probably the third point solved the problem, because when i was changing named.conf, it actually wasn't working with the latest conf file.