To recap on the concept of TSIG, we must recognize that slave server trusts a master server based on IP in the config file. But IP address can be spoofed and there is a likelihood of attackers passing hacked zone file to the slave server. A better approach is for master and slave to use a common key. Master server would generate signature of hash while slave will decrypt the signature and get back the hash and compare with the received zone file.
That is why the master and slave must sync with a NTP server in a more frequent manner.