It is better to initiate connection from the LAN to the DMZ to sync the files, no matter in which direction the sync is done. Initiating the connection from the DMZ would mean to open the firewall between LAN and DMZ which makes the LAN prone to attacks from the less secure DMZ.
When allowing connection establishment from the DMZ to the LAN you essentially expose the internal host to attacks from the DMZ. Even if the firewall is strict in that it only allows connection from the DMZ to a specific internal IP+Port an attacker which took over the DMZ (it is less protected than the LAN by design) can flood this internal IP and thus cause a denial of service. Also, firewall rules often are forgotten when they are no longer needed and it might happen that the system reachable by the rule changes and now the attacker can reach a different system through the same rule. And then there are bugs in the firewall configuration which might actually expose more than was intended - see here for a report (in German) about a bug in the router which exposed not only the intended port 443 for VPN but also 445 (SMB, i.e. windows file sharing) and this way made sensitive data available to the internet.
If instead connections are only allowed from the LAN to the DMZ, then the LAN keeps full control over what gets transferred. An attacker in the DMZ cannot simply flood the LAN from the DMZ since packets not matching an established connections are blocked by the firewall. If the data exchange is no longer needed no firewall rules need to be removed. If the IP of the internal system changes (for example due to DHCP) no firewall rule needs to be adapted. And if no firewall rule is there it also cannot be too broad.