Here's what RFC 4035, Section 4 says:

4.  Services Not Provided by DNS Security

   [....]

   The DNS security extensions provide data and origin authentication

   for DNS data.  The mechanisms outlined above are not designed to

   protect operations such as zone transfers and dynamic update

   ([RFC2136], [RFC3007]).  Message authentication schemes described in

   [RFC2845] and [RFC2931] address security operations that pertain to

   these transactions.