This option will generate the rules that will allow inbound DNS queries (UDP queries to port 53). It will also generate a rule in the tcp_inbound chain to allow inbound tcp packets to port 53. However, this latter rule is commented by default; DNS queries are typically UDP and that is the most commonly used protocol. However, if you need to enable zone transfers, you will need to allow TCP connections; you can simply uncomment the rule in the tcp_inbound chain to achieve that. However, you may wish to tweak it so that only those servers that you wish to allow to perform zone transfers are allowed in through the firewall.