CentOS/RHEL: dig axfr works but zone transfer fails?

I set up named as a secondary with a stanza like this:

zone "example.com" IN {
        type slave;
        masters { 10.0.0.1; };
        file "example.com.zone";
        notify yes;
};

When I restarted named the log messages in /var/log/messages told me that the transfer failed. However I could do:

dig @10.0.0.1 axfr example.com

just fine. What was the problem?

Looking in /var/named/chroot/var/named I saw that there was a directory named slaves. Should I be using that? Looking at the permissions, I saw:

total 88
drwxr-x--- 4 root  named 4096 Jan  7  2013 .
drwxr-x--- 6 root  named 4096 Jan  7  2013 ..
drwxrwx--- 2 named named 4096 Mar  4 23:23 data
-rw-r----- 1 root  named  208 Apr 28  2005 localdomain.zone
-rw-r----- 1 root  named  195 Apr 28  2005 localhost.zone
-rw-r----- 1 root  named  427 Apr 28  2005 named.broadcast
-rw-r----- 1 root  named  424 Apr 28  2005 named.ip6.local
-rw-r----- 1 root  named  426 Apr 28  2005 named.local
-rw-r----- 1 root  named 1892 Feb 26  2008 named.root
-rw-r----- 1 root  named  427 Apr 28  2005 named.zero
drwxrwx--- 2 named named 4096 Mar  5 00:59 slaves

Yes, I bet I'm supposed to use the directory slaves because that's writable by named but the top zone directory isn't, so I changed the line in the stanza to:

        file "slaves/example.com.zone";

and it worked.

You may see advice on the Web to change permissions of the top zone directory. Don't do that. Work with the structure and permissions that the distribution makers have developed.