ISC BIND release 9.3.2

23 files changed, 1803 insertions, 3480 deletions

diff --git a/usr.sbin/bind/bin/check/named-checkconf.8 b/usr.sbin/bind/bin/check/named-checkconf.8
index 82ebb938ae6..431a4c24381 100644
--- a/usr.sbin/bind/bin/check/named-checkconf.8
+++ b/usr.sbin/bind/bin/check/named-checkconf.8
@@ -1,59 +1,70 @@
-.\" Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2002  Internet Software Consortium.
-.\"
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002 Internet Software Consortium.
+.\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
-.\"
+.\" 
 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $ISC: named-checkconf.8,v 1.11.12.4 2004/06/03 05:35:41 marka Exp $
+.\" $ISC: named-checkconf.8,v 1.11.12.7 2005/10/13 02:33:41 marka Exp $
 .\"
-.TH "NAMED-CHECKCONF" "8" "June 14, 2000" "BIND9" ""
-.SH NAME
-named-checkconf \- named configuration file syntax checking tool
-.SH SYNOPSIS
-.sp
-\fBnamed-checkconf\fR [ \fB-v\fR ]  [ \fB-j\fR ]  [ \fB-t \fIdirectory\fB\fR ]  \fBfilename\fR [ \fB-z\fR ] 
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "NAMED\-CHECKCONF" "8" "June 14, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+named\-checkconf \- named configuration file syntax checking tool
+.SH "SYNOPSIS"
+.HP 16
+\fBnamed\-checkconf\fR [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} [\fB\-z\fR]
 .SH "DESCRIPTION"
 .PP
-\fBnamed-checkconf\fR checks the syntax, but not
-the semantics, of a named configuration file.
+\fBnamed\-checkconf\fR
+checks the syntax, but not the semantics, of a named configuration file.
 .SH "OPTIONS"
 .TP
-\fB-t \fIdirectory\fB\fR
-chroot to \fIdirectory\fR so that include
-directives in the configuration file are processed as if
-run by a similarly chrooted named.
+\-t \fIdirectory\fR
+chroot to
+\fIdirectory\fR
+so that include directives in the configuration file are processed as if run by a similarly chrooted named.
 .TP
-\fB-v\fR
-Print the version of the \fBnamed-checkconf\fR
+\-v
+Print the version of the
+\fBnamed\-checkconf\fR
 program and exit.
 .TP
-\fB-z\fR
+\-z
 Perform a check load the master zonefiles found in
 \fInamed.conf\fR.
 .TP
-\fB-j\fR
+\-j
 When loading a zonefile read the journal if it exists.
 .TP
-\fBfilename\fR
-The name of the configuration file to be checked. If not
-specified, it defaults to \fI/etc/named.conf\fR.
+filename
+The name of the configuration file to be checked. If not specified, it defaults to
+\fI/etc/named.conf\fR.
 .SH "RETURN VALUES"
 .PP
-\fBnamed-checkconf\fR returns an exit status of 1 if
-errors were detected and 0 otherwise.
+\fBnamed\-checkconf\fR
+returns an exit status of 1 if errors were detected and 0 otherwise.
 .SH "SEE ALSO"
 .PP
 \fBnamed\fR(8),
-\fIBIND 9 Administrator Reference Manual\fR.
+BIND 9 Administrator Reference Manual.
 .SH "AUTHOR"
 .PP
 Internet Systems Consortium
diff --git a/usr.sbin/bind/bin/check/named-checkconf.docbook b/usr.sbin/bind/bin/check/named-checkconf.docbook
index 51c119b074e..72b67403252 100644
--- a/usr.sbin/bind/bin/check/named-checkconf.docbook
+++ b/usr.sbin/bind/bin/check/named-checkconf.docbook
@@ -1,7 +1,9 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2001, 2002  Internet Software Consortium.
+ - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $ISC: named-checkconf.docbook,v 1.3.2.1.8.5 2004/06/03 02:24:59 marka Exp $ -->
+<!-- $ISC: named-checkconf.docbook,v 1.3.2.1.8.7 2005/05/12 21:35:56 sra Exp $ -->
 
 <refentry>
   <refentryinfo>
@@ -29,6 +31,20 @@
     <refmiscinfo>BIND9</refmiscinfo>
   </refmeta>
 
+  <docinfo>
+    <copyright>
+      <year>2004</year>
+      <year>2005</year>
+      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+    </copyright>
+    <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <year>2002</year>
+      <holder>Internet Software Consortium.</holder>
+    </copyright>
+  </docinfo>
+
   <refnamediv>
     <refname><application>named-checkconf</application></refname>
     <refpurpose>named configuration file syntax checking tool</refpurpose>
@@ -116,6 +132,7 @@
     <para>
         <command>named-checkconf</command> returns an exit status of 1 if
 	errors were detected and 0 otherwise.
+    </para>
   </refsect1>
 
   <refsect1>
diff --git a/usr.sbin/bind/bin/check/named-checkzone.8 b/usr.sbin/bind/bin/check/named-checkzone.8
index 6e87b7863aa..29b7fe2d216 100644
--- a/usr.sbin/bind/bin/check/named-checkzone.8
+++ b/usr.sbin/bind/bin/check/named-checkzone.8
@@ -1,94 +1,111 @@
-.\" Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2002  Internet Software Consortium.
-.\"
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002 Internet Software Consortium.
+.\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
-.\"
+.\" 
 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $ISC: named-checkzone.8,v 1.11.2.1.8.4 2004/06/03 05:35:42 marka Exp $
+.\" $ISC: named-checkzone.8,v 1.11.2.1.8.8 2005/10/13 02:33:41 marka Exp $
 .\"
-.TH "NAMED-CHECKZONE" "8" "June 13, 2000" "BIND9" ""
-.SH NAME
-named-checkzone \- zone file validity checking tool
-.SH SYNOPSIS
-.sp
-\fBnamed-checkzone\fR [ \fB-d\fR ]  [ \fB-j\fR ]  [ \fB-q\fR ]  [ \fB-v\fR ]  [ \fB-c \fIclass\fB\fR ]  [ \fB-k \fImode\fB\fR ]  [ \fB-n \fImode\fB\fR ]  [ \fB-o \fIfilename\fB\fR ]  [ \fB-t \fIdirectory\fB\fR ]  [ \fB-w \fIdirectory\fB\fR ]  [ \fB-D\fR ]  \fBzonename\fR \fBfilename\fR
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "NAMED\-CHECKZONE" "8" "June 13, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+named\-checkzone \- zone file validity checking tool
+.SH "SYNOPSIS"
+.HP 16
+\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] {zonename} {filename}
 .SH "DESCRIPTION"
 .PP
-\fBnamed-checkzone\fR checks the syntax and integrity of
-a zone file. It performs the same checks as \fBnamed\fR
+\fBnamed\-checkzone\fR
+checks the syntax and integrity of a zone file. It performs the same checks as
+\fBnamed\fR
 does when loading a zone. This makes
-\fBnamed-checkzone\fR useful for checking zone
-files before configuring them into a name server.
+\fBnamed\-checkzone\fR
+useful for checking zone files before configuring them into a name server.
 .SH "OPTIONS"
 .TP
-\fB-d\fR
+\-d
 Enable debugging.
 .TP
-\fB-q\fR
-Quiet mode - exit code only.
+\-q
+Quiet mode \- exit code only.
 .TP
-\fB-v\fR
-Print the version of the \fBnamed-checkzone\fR
+\-v
+Print the version of the
+\fBnamed\-checkzone\fR
 program and exit.
 .TP
-\fB-j\fR
+\-j
 When loading the zone file read the journal if it exists.
 .TP
-\fB-c \fIclass\fB\fR
+\-c \fIclass\fR
 Specify the class of the zone. If not specified "IN" is assumed.
 .TP
-\fB-k \fImode\fB\fR
-Perform \fB"check-name"\fR checks with the specified failure mode.
-Possible modes are \fB"fail"\fR,
-\fB"warn"\fR (default) and
+\-k \fImode\fR
+Perform
+\fB"check\-name"\fR
+checks with the specified failure mode. Possible modes are
+\fB"fail"\fR,
+\fB"warn"\fR
+(default) and
 \fB"ignore"\fR.
 .TP
-\fB-n \fImode\fB\fR
-Specify whether NS records should be checked to see if they
-are addresses. Possible modes are \fB"fail"\fR,
-\fB"warn"\fR (default) and
+\-n \fImode\fR
+Specify whether NS records should be checked to see if they are addresses. Possible modes are
+\fB"fail"\fR,
+\fB"warn"\fR
+(default) and
 \fB"ignore"\fR.
 .TP
-\fB-o \fIfilename\fB\fR
-Write zone output to \fIdirectory\fR.
+\-o \fIfilename\fR
+Write zone output to
+\fIfilename\fR.
 .TP
-\fB-t \fIdirectory\fB\fR
-chroot to \fIdirectory\fR so that include
-directives in the configuration file are processed as if
-run by a similarly chrooted named.
+\-t \fIdirectory\fR
+chroot to
+\fIdirectory\fR
+so that include directives in the configuration file are processed as if run by a similarly chrooted named.
 .TP
-\fB-w \fIdirectory\fB\fR
-chdir to \fIdirectory\fR so that relative
-filenames in master file $INCLUDE directives work. This
-is similar to the directory clause in
+\-w \fIdirectory\fR
+chdir to
+\fIdirectory\fR
+so that relative filenames in master file $INCLUDE directives work. This is similar to the directory clause in
 \fInamed.conf\fR.
 .TP
-\fB-D\fR
+\-D
 Dump zone file in canonical format.
 .TP
-\fBzonename\fR
+zonename
 The domain name of the zone being checked.
 .TP
-\fBfilename\fR
+filename
 The name of the zone file.
 .SH "RETURN VALUES"
 .PP
-\fBnamed-checkzone\fR returns an exit status of 1 if
-errors were detected and 0 otherwise.
+\fBnamed\-checkzone\fR
+returns an exit status of 1 if errors were detected and 0 otherwise.
 .SH "SEE ALSO"
 .PP
 \fBnamed\fR(8),
-\fIRFC 1035\fR,
-\fIBIND 9 Administrator Reference Manual\fR.
+RFC 1035,
+BIND 9 Administrator Reference Manual.
 .SH "AUTHOR"
 .PP
 Internet Systems Consortium
diff --git a/usr.sbin/bind/bin/check/named-checkzone.docbook b/usr.sbin/bind/bin/check/named-checkzone.docbook
index 83cfbf8d675..836702ccfd3 100644
--- a/usr.sbin/bind/bin/check/named-checkzone.docbook
+++ b/usr.sbin/bind/bin/check/named-checkzone.docbook
@@ -1,7 +1,9 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2001, 2002  Internet Software Consortium.
+ - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $ISC: named-checkzone.docbook,v 1.3.2.2.8.7 2004/06/03 02:25:00 marka Exp $ -->
+<!-- $ISC: named-checkzone.docbook,v 1.3.2.2.8.11 2005/05/12 21:35:57 sra Exp $ -->
 
 <refentry>
   <refentryinfo>
@@ -29,6 +31,20 @@
     <refmiscinfo>BIND9</refmiscinfo>
   </refmeta>
 
+  <docinfo>
+    <copyright>
+      <year>2004</year>
+      <year>2005</year>
+      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+    </copyright>
+    <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <year>2002</year>
+      <holder>Internet Software Consortium.</holder>
+    </copyright>
+  </docinfo>
+
   <refnamediv>
     <refname><application>named-checkzone</application></refname>
     <refpurpose>zone file validity checking tool</refpurpose>
@@ -103,6 +119,7 @@
               When loading the zone file read the journal if it exists.
           </para>   
         </listitem>
+      </varlistentry>
 
       <varlistentry>
         <term>-c <replaceable class="parameter">class</replaceable></term>
@@ -141,7 +158,7 @@
         <term>-o <replaceable class="parameter">filename</replaceable></term>
         <listitem>
           <para>
-	      Write zone output to <filename>directory</filename>.
+	      Write zone output to <filename>filename</filename>.
           </para>
         </listitem>
       </varlistentry>
@@ -205,6 +222,7 @@
     <para>
         <command>named-checkzone</command> returns an exit status of 1 if
 	errors were detected and 0 otherwise.
+    </para>
   </refsect1>
 
   <refsect1>
diff --git a/usr.sbin/bind/bin/check/named-checkzone.html b/usr.sbin/bind/bin/check/named-checkzone.html
index 9f4be41ca1a..68cc098b1db 100644
--- a/usr.sbin/bind/bin/check/named-checkzone.html
+++ b/usr.sbin/bind/bin/check/named-checkzone.html
@@ -1,367 +1,135 @@
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2001, 2002  Internet Software Consortium.
- -
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002 Internet Software Consortium.
+ - 
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
- -
+ - 
  - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
-<!-- $ISC: named-checkzone.html,v 1.5.2.2.4.5 2004/08/22 23:38:57 marka Exp $ -->
-
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->named-checkzone</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="AEN1"
-></A
-><SPAN
-CLASS="APPLICATION"
->named-checkzone</SPAN
-></H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN9"
-></A
-><H2
->Name</H2
-><SPAN
-CLASS="APPLICATION"
->named-checkzone</SPAN
->&nbsp;--&nbsp;zone file validity checking tool</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN13"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->named-checkzone</B
->  [<VAR
-CLASS="OPTION"
->-d</VAR
->] [<VAR
-CLASS="OPTION"
->-j</VAR
->] [<VAR
-CLASS="OPTION"
->-q</VAR
->] [<VAR
-CLASS="OPTION"
->-v</VAR
->] [<VAR
-CLASS="OPTION"
->-c <VAR
-CLASS="REPLACEABLE"
->class</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-k <VAR
-CLASS="REPLACEABLE"
->mode</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-n <VAR
-CLASS="REPLACEABLE"
->mode</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-o <VAR
-CLASS="REPLACEABLE"
->filename</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-t <VAR
-CLASS="REPLACEABLE"
->directory</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-w <VAR
-CLASS="REPLACEABLE"
->directory</VAR
-></VAR
->] [<VAR
-CLASS="OPTION"
->-D</VAR
->] {zonename} {filename}</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN46"
-></A
-><H2
->DESCRIPTION</H2
-><P
->        <B
-CLASS="COMMAND"
->named-checkzone</B
-> checks the syntax and integrity of
-	a zone file.  It performs the same checks as <B
-CLASS="COMMAND"
->named</B
->
+<!-- $ISC: named-checkzone.html,v 1.5.2.2.4.13 2005/10/13 02:33:42 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>named-checkzone</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="id2463721"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">named-checkzone</span> &#8212; zone file validity checking tool</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">named-checkzone</code>  [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] {zonename} {filename}</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525922"></a><h2>DESCRIPTION</h2>
+<p>
+        <span><strong class="command">named-checkzone</strong></span> checks the syntax and integrity of
+	a zone file.  It performs the same checks as <span><strong class="command">named</strong></span>
 	does when loading a zone.  This makes
-	<B
-CLASS="COMMAND"
->named-checkzone</B
-> useful for checking zone
+	<span><strong class="command">named-checkzone</strong></span> useful for checking zone
 	files before configuring them into a name server.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN52"
-></A
-><H2
->OPTIONS</H2
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->-d</DT
-><DD
-><P
->	      Enable debugging.
-	  </P
-></DD
-><DT
->-q</DT
-><DD
-><P
->	      Quiet mode - exit code only.
-	  </P
-></DD
-><DT
->-v</DT
-><DD
-><P
->	      Print the version of the <B
-CLASS="COMMAND"
->named-checkzone</B
->
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525942"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">-d</span></dt>
+<dd><p>
+	      Enable debugging.
+	  </p></dd>
+<dt><span class="term">-q</span></dt>
+<dd><p>
+	      Quiet mode - exit code only.
+	  </p></dd>
+<dt><span class="term">-v</span></dt>
+<dd><p>
+	      Print the version of the <span><strong class="command">named-checkzone</strong></span>
 	      program and exit.
-	  </P
-></DD
-><DT
->-j</DT
-><DD
-><P
->              When loading the zone file read the journal if it exists.
-          </P
-></DD
-><DT
->-c <VAR
-CLASS="REPLACEABLE"
->class</VAR
-></DT
-><DD
-><P
->	      Specify the class of the zone.  If not specified "IN" is assumed.
-	  </P
-></DD
-><DT
->-k <VAR
-CLASS="REPLACEABLE"
->mode</VAR
-></DT
-><DD
-><P
->	      Perform <B
-CLASS="COMMAND"
->"check-name"</B
-> checks with the specified failure mode.
-	      Possible modes are <B
-CLASS="COMMAND"
->"fail"</B
->,
-	      <B
-CLASS="COMMAND"
->"warn"</B
-> (default) and
-	      <B
-CLASS="COMMAND"
->"ignore"</B
->.
-	  </P
-></DD
-><DT
->-n <VAR
-CLASS="REPLACEABLE"
->mode</VAR
-></DT
-><DD
-><P
->	      Specify whether NS records should be checked to see if they
-	      are addresses.  Possible modes are <B
-CLASS="COMMAND"
->"fail"</B
->,
-	      <B
-CLASS="COMMAND"
->"warn"</B
-> (default) and
-	      <B
-CLASS="COMMAND"
->"ignore"</B
->.
-	  </P
-></DD
-><DT
->-o <VAR
-CLASS="REPLACEABLE"
->filename</VAR
-></DT
-><DD
-><P
->	      Write zone output to <TT
-CLASS="FILENAME"
->directory</TT
->.
-          </P
-></DD
-><DT
->-t <VAR
-CLASS="REPLACEABLE"
->directory</VAR
-></DT
-><DD
-><P
->              chroot to <TT
-CLASS="FILENAME"
->directory</TT
-> so that include
+	  </p></dd>
+<dt><span class="term">-j</span></dt>
+<dd><p>
+              When loading the zone file read the journal if it exists.
+          </p></dd>
+<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
+<dd><p>
+	      Specify the class of the zone.  If not specified "IN" is assumed.
+	  </p></dd>
+<dt><span class="term">-k <em class="replaceable"><code>mode</code></em></span></dt>
+<dd><p>
+	      Perform <span><strong class="command">"check-name"</strong></span> checks with the specified failure mode.
+	      Possible modes are <span><strong class="command">"fail"</strong></span>,
+	      <span><strong class="command">"warn"</strong></span> (default) and
+	      <span><strong class="command">"ignore"</strong></span>.
+	  </p></dd>
+<dt><span class="term">-n <em class="replaceable"><code>mode</code></em></span></dt>
+<dd><p>
+	      Specify whether NS records should be checked to see if they
+	      are addresses.  Possible modes are <span><strong class="command">"fail"</strong></span>,
+	      <span><strong class="command">"warn"</strong></span> (default) and
+	      <span><strong class="command">"ignore"</strong></span>.
+	  </p></dd>
+<dt><span class="term">-o <em class="replaceable"><code>filename</code></em></span></dt>
+<dd><p>
+	      Write zone output to <code class="filename">filename</code>.
+          </p></dd>
+<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
+<dd><p>
+              chroot to <code class="filename">directory</code> so that include
               directives in the configuration file are processed as if
               run by a similarly chrooted named.
-          </P
-></DD
-><DT
->-w <VAR
-CLASS="REPLACEABLE"
->directory</VAR
-></DT
-><DD
-><P
->              chdir to <TT
-CLASS="FILENAME"
->directory</TT
-> so that relative
+          </p></dd>
+<dt><span class="term">-w <em class="replaceable"><code>directory</code></em></span></dt>
+<dd><p>
+              chdir to <code class="filename">directory</code> so that relative
 	      filenames in master file $INCLUDE directives work.  This
 	      is similar to the directory clause in
-	      <TT
-CLASS="FILENAME"
->named.conf</TT
->.
-          </P
-></DD
-><DT
->-D</DT
-><DD
-><P
->	      Dump zone file in canonical format.
-	  </P
-></DD
-><DT
->zonename</DT
-><DD
-><P
->	       The domain name of the zone being checked.
-	  </P
-></DD
-><DT
->filename</DT
-><DD
-><P
->	       The name of the zone file.
-	  </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN125"
-></A
-><H2
->RETURN VALUES</H2
-><P
->        <B
-CLASS="COMMAND"
->named-checkzone</B
-> returns an exit status of 1 if
+	      <code class="filename">named.conf</code>.
+          </p></dd>
+<dt><span class="term">-D</span></dt>
+<dd><p>
+	      Dump zone file in canonical format.
+	  </p></dd>
+<dt><span class="term">zonename</span></dt>
+<dd><p>
+	       The domain name of the zone being checked.
+	  </p></dd>
+<dt><span class="term">filename</span></dt>
+<dd><p>
+	       The name of the zone file.
+	  </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526187"></a><h2>RETURN VALUES</h2>
+<p>
+        <span><strong class="command">named-checkzone</strong></span> returns an exit status of 1 if
 	errors were detected and 0 otherwise.
-  </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN129"
-></A
-><H2
->SEE ALSO</H2
-><P
->      <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->named</SPAN
->(8)</SPAN
->,
-      <I
-CLASS="CITETITLE"
->RFC 1035</I
->,
-      <I
-CLASS="CITETITLE"
->BIND 9 Administrator Reference Manual</I
->.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN137"
-></A
-><H2
->AUTHOR</H2
-><P
->        Internet Systems Consortium
-    </P
-></DIV
-></BODY
-></HTML
->
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526200"></a><h2>SEE ALSO</h2>
+<p>
+      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+      <em class="citetitle">RFC 1035</em>,
+      <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526227"></a><h2>AUTHOR</h2>
+<p>
+        <span class="corpauthor">Internet Systems Consortium</span>
+    </p>
+</div>
+</div></body>
+</html>
diff --git a/usr.sbin/bind/bin/dig/nslookup.docbook b/usr.sbin/bind/bin/dig/nslookup.docbook
index 27b95247db4..128491c175d 100644
--- a/usr.sbin/bind/bin/dig/nslookup.docbook
+++ b/usr.sbin/bind/bin/dig/nslookup.docbook
@@ -1,6 +1,8 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  -
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +17,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $ISC: nslookup.docbook,v 1.3.6.3 2004/08/30 00:50:11 marka Exp $ -->
+<!-- $ISC: nslookup.docbook,v 1.3.6.5 2005/05/13 01:22:33 marka Exp $ -->
 
 <!--
  - Copyright (c) 1985, 1989
@@ -62,6 +64,14 @@
 <refmiscinfo>BIND9</refmiscinfo>
 </refmeta>
 
+  <docinfo>
+    <copyright>
+      <year>2004</year>
+      <year>2005</year>
+      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+    </copyright>
+  </docinfo>
+
 <refnamediv>
 <refname>nslookup</refname>
 <refpurpose>query Internet name servers interactively</refpurpose>
@@ -71,8 +81,8 @@
 <cmdsynopsis>
   <command>nslookup</command>
   <arg><option>-option</option></arg>
-  <arg choice=opt>name | -</arg>
-  <arg choice=opt>server</arg>
+  <arg choice="opt">name | -</arg>
+  <arg choice="opt">server</arg>
 </cmdsynopsis>
 </refsynopsisdiv>
 
@@ -93,19 +103,19 @@ domain.
 <title>ARGUMENTS</title>
 <para>
 Interactive mode is entered in the following cases:
-<OrderedList Numeration=Loweralpha>
-<Listitem>
+<orderedlist numeration="loweralpha">
+<listitem>
 <para>
 when no arguments are given (the default name server will be used)
 </para>
-</Listitem>
-<Listitem>
+</listitem>
+<listitem>
 <para>
 when the first argument is a hyphen (-) and the second argument is
 the host name or Internet address of a name server.
 </para>
-</Listitem>
-</OrderedList>
+</listitem>
+</orderedlist>
 </para>
 
 <para>
@@ -118,11 +128,11 @@ argument specifies the host name or address of a name server.
 Options can also be specified on the command line if they precede the
 arguments and are prefixed with a hyphen.  For example, to
 change the default query type to host information, and the initial timeout to 10 seconds, type:
-<InformalExample>
-<PROGRAMLISTING>
+<informalexample>
+<programlisting>
 nslookup -query=hinfo  -timeout=10
-</PROGRAMLISTING>
-</InformalExample>
+</programlisting>
+</informalexample>
 </para>
 
 </refsect1>
diff --git a/usr.sbin/bind/bin/dig/nslookup.html b/usr.sbin/bind/bin/dig/nslookup.html
index 49527f582c7..5b1a668e6b9 100644
--- a/usr.sbin/bind/bin/dig/nslookup.html
+++ b/usr.sbin/bind/bin/dig/nslookup.html
@@ -1,617 +1,264 @@
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- -
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - 
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
- -
+ - 
  - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
-<!-- $ISC: nslookup.html,v 1.1.6.3 2004/08/22 23:38:58 marka Exp $ -->
-
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->nslookup</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="AEN1"
-></A
->nslookup</H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN8"
-></A
-><H2
->Name</H2
->nslookup&nbsp;--&nbsp;query Internet name servers interactively</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN11"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->nslookup</B
->  [<VAR
-CLASS="OPTION"
->-option</VAR
->] [name | -] [server]</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN18"
-></A
-><H2
->DESCRIPTION</H2
-><P
-><B
-CLASS="COMMAND"
->Nslookup</B
->
-is a program to query Internet domain name servers.  <B
-CLASS="COMMAND"
->Nslookup</B
->
+<!-- $ISC: nslookup.html,v 1.1.6.9 2005/10/13 02:33:44 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>nslookup</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="id2463728"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p>nslookup &#8212; query Internet name servers interactively</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">nslookup</code>  [<code class="option">-option</code>] [name | -] [server]</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525973"></a><h2>DESCRIPTION</h2>
+<p>
+<span><strong class="command">Nslookup</strong></span>
+is a program to query Internet domain name servers.  <span><strong class="command">Nslookup</strong></span>
 has two modes: interactive and non-interactive.  Interactive mode allows
 the user to query name servers for information about various hosts and
 domains or to print a list of hosts in a domain.  Non-interactive mode is
 used to print just the name and requested information for a host or
-domain.</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN23"
-></A
-><H2
->ARGUMENTS</H2
-><P
->Interactive mode is entered in the following cases:
-<P
-></P
-><OL
-TYPE="a"
-><LI
-><P
->when no arguments are given (the default name server will be used)</P
-></LI
-><LI
-><P
->when the first argument is a hyphen (-) and the second argument is
-the host name or Internet address of a name server.</P
-></LI
-></OL
-></P
-><P
->Non-interactive mode is used when the name or Internet address of the
+domain.
+</p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525990"></a><h2>ARGUMENTS</h2>
+<p>
+Interactive mode is entered in the following cases:
+</p>
+<div class="orderedlist"><ol type="a">
+<li><p>
+when no arguments are given (the default name server will be used)
+</p></li>
+<li><p>
+when the first argument is a hyphen (-) and the second argument is
+the host name or Internet address of a name server.
+</p></li>
+</ol></div>
+<p>
+</p>
+<p>
+Non-interactive mode is used when the name or Internet address of the
 host to be looked up is given as the first argument. The optional second
-argument specifies the host name or address of a name server.</P
-><P
->Options can also be specified on the command line if they precede the
+argument specifies the host name or address of a name server.
+</p>
+<p>
+Options can also be specified on the command line if they precede the
 arguments and are prefixed with a hyphen.  For example, to
 change the default query type to host information, and the initial timeout to 10 seconds, type:
-<DIV
-CLASS="INFORMALEXAMPLE"
-><P
-></P
-><A
-NAME="AEN33"
-></A
-><PRE
-CLASS="PROGRAMLISTING"
->nslookup -query=hinfo  -timeout=10</PRE
-><P
-></P
-></DIV
-></P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN35"
-></A
-><H2
->INTERACTIVE COMMANDS</H2
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->host [<SPAN
-CLASS="OPTIONAL"
->server</SPAN
->]</DT
-><DD
-><P
->Look up information for host using the current default server or
+</p>
+<div class="informalexample"><pre class="programlisting">
+nslookup -query=hinfo  -timeout=10
+</pre></div>
+<p>
+</p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526033"></a><h2>INTERACTIVE COMMANDS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">host [<span class="optional">server</span>]</span></dt>
+<dd>
+<p>
+Look up information for host using the current default server or
 using server, if specified.  If host is an Internet address and
 the query type is A or PTR, the name of the host is returned.
 If host is a name and does not have a trailing period, the
-search list is used to qualify the name.</P
-><P
->To look up a host not in the current domain, append a period to
-the name.</P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->server</CODE
-> <VAR
-CLASS="REPLACEABLE"
->domain</VAR
-></DT
-><DD
-><P
-></P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->lserver</CODE
-> <VAR
-CLASS="REPLACEABLE"
->domain</VAR
-></DT
-><DD
-><P
->Change the default server to <VAR
-CLASS="REPLACEABLE"
->domain</VAR
->; <CODE
-CLASS="CONSTANT"
->lserver</CODE
-> uses the initial
-server to look up information about <VAR
-CLASS="REPLACEABLE"
->domain</VAR
->, while <CODE
-CLASS="CONSTANT"
->server</CODE
-> uses
+search list is used to qualify the name.
+</p>
+<p>
+To look up a host not in the current domain, append a period to
+the name.
+</p>
+</dd>
+<dt><span class="term"><code class="constant">server</code> <em class="replaceable"><code>domain</code></em></span></dt>
+<dd><p></p></dd>
+<dt><span class="term"><code class="constant">lserver</code> <em class="replaceable"><code>domain</code></em></span></dt>
+<dd><p>
+Change the default server to <em class="replaceable"><code>domain</code></em>; <code class="constant">lserver</code> uses the initial
+server to look up information about <em class="replaceable"><code>domain</code></em>, while <code class="constant">server</code> uses
 the current default server.  If an authoritative answer can't be
 found, the names of servers that might have the answer are
-returned.</P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->root</CODE
-></DT
-><DD
-><P
->not implemented</P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->finger</CODE
-></DT
-><DD
-><P
->not implemented</P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->ls</CODE
-></DT
-><DD
-><P
->not implemented</P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->view</CODE
-></DT
-><DD
-><P
->not implemented</P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->help</CODE
-></DT
-><DD
-><P
->not implemented</P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->?</CODE
-></DT
-><DD
-><P
->not implemented</P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->exit</CODE
-></DT
-><DD
-><P
->Exits the program.</P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->set</CODE
-> <VAR
-CLASS="REPLACEABLE"
->keyword[<SPAN
-CLASS="OPTIONAL"
->=value</SPAN
->]</VAR
-></DT
-><DD
-><P
->This command is used to change state information that affects
+returned.
+</p></dd>
+<dt><span class="term"><code class="constant">root</code></span></dt>
+<dd><p>not implemented</p></dd>
+<dt><span class="term"><code class="constant">finger</code></span></dt>
+<dd><p>not implemented</p></dd>
+<dt><span class="term"><code class="constant">ls</code></span></dt>
+<dd><p>not implemented</p></dd>
+<dt><span class="term"><code class="constant">view</code></span></dt>
+<dd><p>not implemented</p></dd>
+<dt><span class="term"><code class="constant">help</code></span></dt>
+<dd><p>not implemented</p></dd>
+<dt><span class="term"><code class="constant">?</code></span></dt>
+<dd><p>not implemented</p></dd>
+<dt><span class="term"><code class="constant">exit</code></span></dt>
+<dd><p>Exits the program.</p></dd>
+<dt><span class="term"><code class="constant">set</code> <em class="replaceable"><code>keyword[<span class="optional">=value</span>]</code></em></span></dt>
+<dd>
+<p>This command is used to change state information that affects
 the lookups.  Valid keywords are:
- <P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
-><CODE
-CLASS="CONSTANT"
->all</CODE
-></DT
-><DD
-><P
->Prints the current values of the frequently used
-  options to <B
-CLASS="COMMAND"
->set</B
->.  Information about the  current default
+ </p>
+<div class="variablelist"><dl>
+<dt><span class="term"><code class="constant">all</code></span></dt>
+<dd><p>Prints the current values of the frequently used
+  options to <span><strong class="command">set</strong></span>.  Information about the  current default
   server and host is also printed.
-  </P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->class=</CODE
-><VAR
-CLASS="REPLACEABLE"
->value</VAR
-></DT
-><DD
-><P
->   Change the query class to one of:
-   <P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
-><CODE
-CLASS="CONSTANT"
->IN</CODE
-></DT
-><DD
-><P
->the Internet class</P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->CH</CODE
-></DT
-><DD
-><P
->the Chaos class</P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->HS</CODE
-></DT
-><DD
-><P
->the Hesiod class</P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->ANY</CODE
-></DT
-><DD
-><P
->wildcard</P
-></DD
-></DL
-></DIV
->
+  </p></dd>
+<dt><span class="term"><code class="constant">class=</code><em class="replaceable"><code>value</code></em></span></dt>
+<dd>
+<p>
+   Change the query class to one of:
+   </p>
+<div class="variablelist"><dl>
+<dt><span class="term"><code class="constant">IN</code></span></dt>
+<dd><p>the Internet class</p></dd>
+<dt><span class="term"><code class="constant">CH</code></span></dt>
+<dd><p>the Chaos class</p></dd>
+<dt><span class="term"><code class="constant">HS</code></span></dt>
+<dd><p>the Hesiod class</p></dd>
+<dt><span class="term"><code class="constant">ANY</code></span></dt>
+<dd><p>wildcard</p></dd>
+</dl></div>
+<p>
    The class specifies the protocol group of the information.
-   </P
-><P
->   (Default = IN; abbreviation = cl)
-   </P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
-><VAR
-CLASS="REPLACEABLE"
->[<SPAN
-CLASS="OPTIONAL"
->no</SPAN
->]</VAR
->debug</CODE
-></DT
-><DD
-><P
->  Turn debugging mode on.  A lot more information is
+   </p>
+<p>
+   (Default = IN; abbreviation = cl)
+   </p>
+</dd>
+<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>debug</code></span></dt>
+<dd>
+<p>
+  Turn debugging mode on.  A lot more information is
   printed about the packet sent to the server and the
   resulting answer.
-  </P
-><P
->  (Default = nodebug; abbreviation = [<SPAN
-CLASS="OPTIONAL"
->no</SPAN
->]deb)
-  </P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
-><VAR
-CLASS="REPLACEABLE"
->[<SPAN
-CLASS="OPTIONAL"
->no</SPAN
->]</VAR
->d2</CODE
-></DT
-><DD
-><P
->  Turn debugging mode on.  A lot more information is
+  </p>
+<p>
+  (Default = nodebug; abbreviation = [<span class="optional">no</span>]deb)
+  </p>
+</dd>
+<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>d2</code></span></dt>
+<dd>
+<p>
+  Turn debugging mode on.  A lot more information is
   printed about the packet sent to the server and the
   resulting answer.
-  </P
-><P
->  (Default = nod2)
-  </P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->domain=</CODE
-><VAR
-CLASS="REPLACEABLE"
->name</VAR
-></DT
-><DD
-><P
->  Sets the search list to <VAR
-CLASS="REPLACEABLE"
->name</VAR
->.
-  </P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
-><VAR
-CLASS="REPLACEABLE"
->[<SPAN
-CLASS="OPTIONAL"
->no</SPAN
->]</VAR
->search</CODE
-></DT
-><DD
-><P
->  If the lookup request contains at least one period but
+  </p>
+<p>
+  (Default = nod2)
+  </p>
+</dd>
+<dt><span class="term"><code class="constant">domain=</code><em class="replaceable"><code>name</code></em></span></dt>
+<dd><p>
+  Sets the search list to <em class="replaceable"><code>name</code></em>.
+  </p></dd>
+<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>search</code></span></dt>
+<dd>
+<p>
+  If the lookup request contains at least one period but
   doesn't end with a trailing period, append the domain
   names in the domain search list to the request until an
   answer is received.
-  </P
-><P
->  (Default = search)
-  </P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->port=</CODE
-><VAR
-CLASS="REPLACEABLE"
->value</VAR
-></DT
-><DD
-><P
->  Change the default TCP/UDP name server port to <VAR
-CLASS="REPLACEABLE"
->value</VAR
->.
-  </P
-><P
->  (Default = 53; abbreviation = po)
-  </P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->querytype=</CODE
-><VAR
-CLASS="REPLACEABLE"
->value</VAR
-></DT
-><DD
-><P
-></P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->type=</CODE
-><VAR
-CLASS="REPLACEABLE"
->value</VAR
-></DT
-><DD
-><P
->  Change the top of the information query.
-  </P
-><P
->  (Default = A; abbreviations = q, ty)
-  </P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
-><VAR
-CLASS="REPLACEABLE"
->[<SPAN
-CLASS="OPTIONAL"
->no</SPAN
->]</VAR
->recurse</CODE
-></DT
-><DD
-><P
->  Tell the name server to query other servers if it does not have the
+  </p>
+<p>
+  (Default = search)
+  </p>
+</dd>
+<dt><span class="term"><code class="constant">port=</code><em class="replaceable"><code>value</code></em></span></dt>
+<dd>
+<p>
+  Change the default TCP/UDP name server port to <em class="replaceable"><code>value</code></em>.
+  </p>
+<p>
+  (Default = 53; abbreviation = po)
+  </p>
+</dd>
+<dt><span class="term"><code class="constant">querytype=</code><em class="replaceable"><code>value</code></em></span></dt>
+<dd><p></p></dd>
+<dt><span class="term"><code class="constant">type=</code><em class="replaceable"><code>value</code></em></span></dt>
+<dd>
+<p>
+  Change the top of the information query.
+  </p>
+<p>
+  (Default = A; abbreviations = q, ty)
+  </p>
+</dd>
+<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>recurse</code></span></dt>
+<dd>
+<p>
+  Tell the name server to query other servers if it does not have the
   information.
-  </P
-><P
->  (Default = recurse; abbreviation = [no]rec)
-  </P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->retry=</CODE
-><VAR
-CLASS="REPLACEABLE"
->number</VAR
-></DT
-><DD
-><P
->  Set the number of retries to number.
-  </P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
->timeout=</CODE
-><VAR
-CLASS="REPLACEABLE"
->number</VAR
-></DT
-><DD
-><P
->  Change the initial timeout interval for waiting for a
+  </p>
+<p>
+  (Default = recurse; abbreviation = [no]rec)
+  </p>
+</dd>
+<dt><span class="term"><code class="constant">retry=</code><em class="replaceable"><code>number</code></em></span></dt>
+<dd><p>
+  Set the number of retries to number.
+  </p></dd>
+<dt><span class="term"><code class="constant">timeout=</code><em class="replaceable"><code>number</code></em></span></dt>
+<dd><p>
+  Change the initial timeout interval for waiting for a
   reply to number seconds.
-  </P
-></DD
-><DT
-><CODE
-CLASS="CONSTANT"
-><VAR
-CLASS="REPLACEABLE"
->[<SPAN
-CLASS="OPTIONAL"
->no</SPAN
->]</VAR
->vc</CODE
-></DT
-><DD
-><P
->  Always use a virtual circuit when sending requests to the server.
-  </P
-><P
->  (Default = novc)
-  </P
-></DD
-></DL
-></DIV
-></P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN218"
-></A
-><H2
->FILES</H2
-><P
-><TT
-CLASS="FILENAME"
->/etc/resolv.conf</TT
-></P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN222"
-></A
-><H2
->SEE ALSO</H2
-><P
-><SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dig</SPAN
->(1)</SPAN
->,
-<SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->host</SPAN
->(1)</SPAN
->,
-<SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->named</SPAN
->(8)</SPAN
->.</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN234"
-></A
-><H2
->Author</H2
-><P
->Andrew Cherenson</P
-></DIV
-></BODY
-></HTML
->
+  </p></dd>
+<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>vc</code></span></dt>
+<dd>
+<p>
+  Always use a virtual circuit when sending requests to the server.
+  </p>
+<p>
+  (Default = novc)
+  </p>
+</dd>
+</dl></div>
+<p>
+</p>
+</dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526490"></a><h2>FILES</h2>
+<p>
+<code class="filename">/etc/resolv.conf</code>
+</p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526503"></a><h2>SEE ALSO</h2>
+<p>
+<span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
+<span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
+<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
+</p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526538"></a><h2>Author</h2>
+<p>
+Andrew Cherenson
+</p>
+</div>
+</div></body>
+</html>
diff --git a/usr.sbin/bind/bin/dnssec/Makefile.in b/usr.sbin/bind/bin/dnssec/Makefile.in
index 9b3d901b58f..63881023884 100644
--- a/usr.sbin/bind/bin/dnssec/Makefile.in
+++ b/usr.sbin/bind/bin/dnssec/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 2000-2002  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $ISC: Makefile.in,v 1.19.12.9 2004/07/20 07:01:48 marka Exp $
+# $ISC: Makefile.in,v 1.19.12.12 2005/05/02 00:25:54 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -58,7 +58,8 @@ dnssec-keygen@EXEEXT@: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS}
 	dnssec-keygen.@O@ ${OBJS} ${LIBS}
 
 dnssec-signzone.@O@: dnssec-signzone.c
-	${LIBTOOL_MODE_COMPILE} ${PURIFY} ${CC} ${ALL_CFLAGS} -c $<
+	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
+		-c ${srcdir}/dnssec-signzone.c
 
 dnssec-signzone@EXEEXT@: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}
 	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
diff --git a/usr.sbin/bind/bin/dnssec/dnssec-keygen.8 b/usr.sbin/bind/bin/dnssec/dnssec-keygen.8
index 4a888193ecd..628b8e4b118 100644
--- a/usr.sbin/bind/bin/dnssec/dnssec-keygen.8
+++ b/usr.sbin/bind/bin/dnssec/dnssec-keygen.8
@@ -1,174 +1,164 @@
-.\" Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2003  Internet Software Consortium.
-.\"
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2003 Internet Software Consortium.
+.\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
-.\"
+.\" 
 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $ISC: dnssec-keygen.8,v 1.19.12.5 2004/06/11 02:32:45 marka Exp $
+.\" $ISC: dnssec-keygen.8,v 1.19.12.9 2005/10/13 02:33:45 marka Exp $
 .\"
-.TH "DNSSEC-KEYGEN" "8" "June 30, 2000" "BIND9" ""
-.SH NAME
-dnssec-keygen \- DNSSEC key generation tool
-.SH SYNOPSIS
-.sp
-\fBdnssec-keygen\fR \fB-a \fIalgorithm\fB\fR \fB-b \fIkeysize\fB\fR \fB-n \fInametype\fB\fR [ \fB-c \fIclass\fB\fR ]  [ \fB-e\fR ]  [ \fB-f \fIflag\fB\fR ]  [ \fB-g \fIgenerator\fB\fR ]  [ \fB-h\fR ]  [ \fB-k\fR ]  [ \fB-p \fIprotocol\fB\fR ]  [ \fB-r \fIrandomdev\fB\fR ]  [ \fB-s \fIstrength\fB\fR ]  [ \fB-t \fItype\fB\fR ]  [ \fB-v \fIlevel\fB\fR ]  \fBname\fR
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "DNSSEC\-KEYGEN" "8" "June 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+dnssec\-keygen \- DNSSEC key generation tool
+.SH "SYNOPSIS"
+.HP 14
+\fBdnssec\-keygen\fR {\-a\ \fIalgorithm\fR} {\-b\ \fIkeysize\fR} {\-n\ \fInametype\fR} [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-e\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-k\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {name}
 .SH "DESCRIPTION"
 .PP
-\fBdnssec-keygen\fR generates keys for DNSSEC
-(Secure DNS), as defined in RFC 2535 and RFC <TBA\\>. It can also generate
-keys for use with TSIG (Transaction Signatures), as
-defined in RFC 2845.
+\fBdnssec\-keygen\fR
+generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC <TBA\\>. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845.
 .SH "OPTIONS"
 .TP
-\fB-a \fIalgorithm\fB\fR
+\-a \fIalgorithm\fR
 Selects the cryptographic algorithm. The value of
-\fBalgorithm\fR must be one of RSAMD5 (RSA) or RSASHA1,
-DSA, DH (Diffie Hellman), or HMAC-MD5. These values
-are case insensitive.
-
-Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm,
-and DSA is recommended. For TSIG, HMAC-MD5 is mandatory.
-
-Note 2: HMAC-MD5 and DH automatically set the -k flag.
-.TP
-\fB-b \fIkeysize\fB\fR
-Specifies the number of bits in the key. The choice of key
-size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be between
-512 and 2048 bits. Diffie Hellman keys must be between
-128 and 4096 bits. DSA keys must be between 512 and 1024
-bits and an exact multiple of 64. HMAC-MD5 keys must be
-between 1 and 512 bits.
-.TP
-\fB-n \fInametype\fB\fR
+\fBalgorithm\fR
+must be one of RSAMD5 (RSA) or RSASHA1, DSA, DH (Diffie Hellman), or HMAC\-MD5. These values are case insensitive.
+.sp
+Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended. For TSIG, HMAC\-MD5 is mandatory.
+.sp
+Note 2: HMAC\-MD5 and DH automatically set the \-k flag.
+.TP
+\-b \fIkeysize\fR
+Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC\-MD5 keys must be between 1 and 512 bits.
+.TP
+\-n \fInametype\fR
 Specifies the owner type of the key. The value of
-\fBnametype\fR must either be ZONE (for a DNSSEC
-zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)),
-USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are
-case insensitive.
+\fBnametype\fR
+must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive.
 .TP
-\fB-c \fIclass\fB\fR
-Indicates that the DNS record containing the key should have
-the specified class. If not specified, class IN is used.
+\-c \fIclass\fR
+Indicates that the DNS record containing the key should have the specified class. If not specified, class IN is used.
 .TP
-\fB-e\fR
+\-e
 If generating an RSAMD5/RSASHA1 key, use a large exponent.
 .TP
-\fB-f \fIflag\fB\fR
-Set the specified flag in the flag field of the KEY/DNSKEY record.
-The only recognized flag is KSK (Key Signing Key) DNSKEY.
+\-f \fIflag\fR
+Set the specified flag in the flag field of the KEY/DNSKEY record. The only recognized flag is KSK (Key Signing Key) DNSKEY.
 .TP
-\fB-g \fIgenerator\fB\fR
-If generating a Diffie Hellman key, use this generator.
-Allowed values are 2 and 5. If no generator
-is specified, a known prime from RFC 2539 will be used
-if possible; otherwise the default is 2.
+\-g \fIgenerator\fR
+If generating a Diffie Hellman key, use this generator. Allowed values are 2 and 5. If no generator is specified, a known prime from RFC 2539 will be used if possible; otherwise the default is 2.
 .TP
-\fB-h\fR
+\-h
 Prints a short summary of the options and arguments to
-\fBdnssec-keygen\fR.
+\fBdnssec\-keygen\fR.
 .TP
-\fB-k\fR
+\-k
 Generate KEY records rather than DNSKEY records.
 .TP
-\fB-p \fIprotocol\fB\fR
-Sets the protocol value for the generated key. The protocol
-is a number between 0 and 255. The default is 3 (DNSSEC).
-Other possible values for this argument are listed in
-RFC 2535 and its successors.
-.TP
-\fB-r \fIrandomdev\fB\fR
-Specifies the source of randomness. If the operating
-system does not provide a \fI/dev/random\fR
-or equivalent device, the default source of randomness
-is keyboard input. \fIrandomdev\fR specifies
-the name of a character device or file containing random
-data to be used instead of the default. The special value
-\fIkeyboard\fR indicates that keyboard
-input should be used.
-.TP
-\fB-s \fIstrength\fB\fR
-Specifies the strength value of the key. The strength is
-a number between 0 and 15, and currently has no defined
-purpose in DNSSEC.
-.TP
-\fB-t \fItype\fB\fR
-Indicates the use of the key. \fBtype\fR must be
-one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default
-is AUTHCONF. AUTH refers to the ability to authenticate
-data, and CONF the ability to encrypt data.
-.TP
-\fB-v \fIlevel\fB\fR
+\-p \fIprotocol\fR
+Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors.
+.TP
+\-r \fIrandomdev\fR
+Specifies the source of randomness. If the operating system does not provide a
+\fI/dev/random\fR
+or equivalent device, the default source of randomness is keyboard input.
+\fIrandomdev\fR
+specifies the name of a character device or file containing random data to be used instead of the default. The special value
+\fIkeyboard\fR
+indicates that keyboard input should be used.
+.TP
+\-s \fIstrength\fR
+Specifies the strength value of the key. The strength is a number between 0 and 15, and currently has no defined purpose in DNSSEC.
+.TP
+\-t \fItype\fR
+Indicates the use of the key.
+\fBtype\fR
+must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data.
+.TP
+\-v \fIlevel\fR
 Sets the debugging level.
 .SH "GENERATED KEYS"
 .PP
-When \fBdnssec-keygen\fR completes successfully,
-it prints a string of the form \fIKnnnn.+aaa+iiiii\fR
-to the standard output. This is an identification string for
-the key it has generated. These strings can be used as arguments
-to \fBdnssec-makekeyset\fR.
-.TP 0.2i
+When
+\fBdnssec\-keygen\fR
+completes successfully, it prints a string of the form
+\fIKnnnn.+aaa+iiiii\fR
+to the standard output. This is an identification string for the key it has generated.
+.TP 3
 \(bu
-\fInnnn\fR is the key name.
-.TP 0.2i
+\fInnnn\fR
+is the key name.
+.TP
 \(bu
-\fIaaa\fR is the numeric representation of the
-algorithm.
-.TP 0.2i
+\fIaaa\fR
+is the numeric representation of the algorithm.
+.TP
 \(bu
-\fIiiiii\fR is the key identifier (or footprint).
+\fIiiiii\fR
+is the key identifier (or footprint).
 .PP
-\fBdnssec-keygen\fR creates two file, with names based
-on the printed string. \fIKnnnn.+aaa+iiiii.key\fR
+\fBdnssec\-keygen\fR
+creates two file, with names based on the printed string.
+\fIKnnnn.+aaa+iiiii.key\fR
 contains the public key, and
-\fIKnnnn.+aaa+iiiii.private\fR contains the private
-key.
-.PP
-.PP
-The \fI.key\fR file contains a DNS KEY record that
-can be inserted into a zone file (directly or with a $INCLUDE
-statement).
-.PP
-.PP
-The \fI.private\fR file contains algorithm specific
-fields. For obvious security reasons, this file does not have
-general read permission.
-.PP
-.PP
-Both \fI.key\fR and \fI.private\fR
-files are generated for symmetric encryption algorithm such as
-HMAC-MD5, even though the public and private key are equivalent.
-.PP
+\fIKnnnn.+aaa+iiiii.private\fR
+contains the private key.
+.PP
+The
+\fI.key\fR
+file contains a DNS KEY record that can be inserted into a zone file (directly or with a $INCLUDE statement).
+.PP
+The
+\fI.private\fR
+file contains algorithm specific fields. For obvious security reasons, this file does not have general read permission.
+.PP
+Both
+\fI.key\fR
+and
+\fI.private\fR
+files are generated for symmetric encryption algorithm such as HMAC\-MD5, even though the public and private key are equivalent.
 .SH "EXAMPLE"
 .PP
-To generate a 768-bit DSA key for the domain
-\fBexample.com\fR, the following command would be
-issued:
+To generate a 768\-bit DSA key for the domain
+\fBexample.com\fR, the following command would be issued:
 .PP
-\fBdnssec-keygen -a DSA -b 768 -n ZONE example.com\fR
+\fBdnssec\-keygen \-a DSA \-b 768 \-n ZONE example.com\fR
 .PP
 The command would print a string of the form:
 .PP
 \fBKexample.com.+003+26160\fR
 .PP
-In this example, \fBdnssec-keygen\fR creates
-the files \fIKexample.com.+003+26160.key\fR and
+In this example,
+\fBdnssec\-keygen\fR
+creates the files
+\fIKexample.com.+003+26160.key\fR
+and
 \fIKexample.com.+003+26160.private\fR
 .SH "SEE ALSO"
 .PP
-\fBdnssec-signzone\fR(8),
-\fIBIND 9 Administrator Reference Manual\fR,
-\fIRFC 2535\fR,
-\fIRFC 2845\fR,
-\fIRFC 2539\fR.
+\fBdnssec\-signzone\fR(8),
+BIND 9 Administrator Reference Manual,
+RFC 2535,
+RFC 2845,
+RFC 2539.
 .SH "AUTHOR"
 .PP
 Internet Systems Consortium
diff --git a/usr.sbin/bind/bin/dnssec/dnssec-keygen.docbook b/usr.sbin/bind/bin/dnssec/dnssec-keygen.docbook
index 5d445bd5d9d..c0ea2afdb3b 100644
--- a/usr.sbin/bind/bin/dnssec/dnssec-keygen.docbook
+++ b/usr.sbin/bind/bin/dnssec/dnssec-keygen.docbook
@@ -1,7 +1,9 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2001-2003  Internet Software Consortium.
+ - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $ISC: dnssec-keygen.docbook,v 1.3.12.6 2004/06/11 01:17:34 marka Exp $ -->
+<!-- $ISC: dnssec-keygen.docbook,v 1.3.12.9 2005/08/30 01:41:41 marka Exp $ -->
 
 <refentry>
   <refentryinfo>
@@ -29,6 +31,21 @@
     <refmiscinfo>BIND9</refmiscinfo>
   </refmeta>
 
+  <docinfo>
+    <copyright>
+      <year>2004</year>
+      <year>2005</year>
+      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+    </copyright>
+    <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <year>2002</year>
+      <year>2003</year>
+      <holder>Internet Software Consortium.</holder>
+    </copyright>
+  </docinfo>
+
   <refnamediv>
     <refname><application>dnssec-keygen</application></refname>
     <refpurpose>DNSSEC key generation tool</refpurpose>
@@ -244,8 +261,7 @@
         When <command>dnssec-keygen</command> completes successfully,
 	it prints a string of the form <filename>Knnnn.+aaa+iiiii</filename>
 	to the standard output.  This is an identification string for
-	the key it has generated.  These strings can be used as arguments
-	to <command>dnssec-makekeyset</command>.
+	the key it has generated.
     </para>
     <itemizedlist>
       <listitem>
diff --git a/usr.sbin/bind/bin/named/include/named/client.h b/usr.sbin/bind/bin/named/include/named/client.h
index 6f32b9b2562..26aeb45278f 100644
--- a/usr.sbin/bind/bin/named/include/named/client.h
+++ b/usr.sbin/bind/bin/named/include/named/client.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $ISC: client.h,v 1.60.2.2.10.8 2004/07/23 02:56:52 marka Exp $ */
+/* $ISC: client.h,v 1.60.2.2.10.10 2005/07/29 00:13:08 marka Exp $ */
 
 #ifndef NAMED_CLIENT_H
 #define NAMED_CLIENT_H 1
@@ -322,13 +322,19 @@ ns_client_aclmsg(const char *msg, dns_name_t *name, dns_rdatatype_t type,
 	 DNS_RDATACLASS_FORMATSIZE + sizeof(x) + sizeof("'/'"))
 
 void
-ns_client_recursing(ns_client_t *client, isc_boolean_t killoldest);
-/*
+ns_client_recursing(ns_client_t *client);
+/*%
  * Add client to end of recursing list.  If 'killoldest' is true
  * kill the oldest recursive client (list head). 
  */
 
 void
+ns_client_killoldestquery(ns_client_t *client);
+/*%
+ * Kill the oldest recursive query (recursing list head).
+ */
+
+void
 ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager);
 /*
  * Dump the outstanding recursive queries to 'f'.
diff --git a/usr.sbin/bind/bin/named/include/named/ns_smf_globals.h b/usr.sbin/bind/bin/named/include/named/ns_smf_globals.h
new file mode 100644
index 00000000000..8ce735762ad
--- /dev/null
+++ b/usr.sbin/bind/bin/named/include/named/ns_smf_globals.h
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2005  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $ISC: ns_smf_globals.h,v 1.2.4.4 2005/05/13 01:22:33 marka Exp $ */
+
+#ifndef NS_SMF_GLOBALS_H
+#define NS_SMF_GLOBALS_H 1
+ 
+#include <libscf.h>
+ 
+#undef EXTERN
+#undef INIT
+#ifdef NS_MAIN
+#define EXTERN
+#define INIT(v) = (v)
+#else
+#define EXTERN extern
+#define INIT(v)
+#endif
+                
+EXTERN unsigned int	ns_smf_got_instance	INIT(0);
+EXTERN unsigned int	ns_smf_chroot		INIT(0);
+EXTERN unsigned int	ns_smf_want_disable	INIT(0);
+
+isc_result_t ns_smf_add_message(isc_buffer_t *text);
+isc_result_t ns_smf_get_instance(char **name, int debug, isc_mem_t *mctx);
+
+#undef EXTERN
+#undef INIT
+ 
+#endif /* NS_SMF_GLOBALS_H */
diff --git a/usr.sbin/bind/bin/named/log.c b/usr.sbin/bind/bin/named/log.c
index 3d3d78fe4c8..40d84e3b4f1 100644
--- a/usr.sbin/bind/bin/named/log.c
+++ b/usr.sbin/bind/bin/named/log.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2002  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $ISC: log.c,v 1.33.2.1.10.4 2004/03/08 09:04:14 marka Exp $ */
+/* $ISC: log.c,v 1.33.2.1.10.6 2005/05/24 23:58:17 marka Exp $ */
 
 #include <config.h>
 
@@ -154,6 +154,9 @@ ns_log_setdefaultchannels(isc_logconfig_t *lcfg) {
 isc_result_t
 ns_log_setsafechannels(isc_logconfig_t *lcfg) {
 	isc_result_t result;
+#if ISC_FACILITY != LOG_DAEMON
+	isc_logdestination_t destination;
+#endif
 
 	if (! ns_g_logstderr) {
 		result = isc_log_createchannel(lcfg, "default_debug",
@@ -172,6 +175,15 @@ ns_log_setsafechannels(isc_logconfig_t *lcfg) {
 		isc_log_setdebuglevel(ns_g_lctx, ns_g_debuglevel);
 	}
 
+#if ISC_FACILITY != LOG_DAEMON
+	destination.facility = ISC_FACILITY;
+	result = isc_log_createchannel(lcfg, "default_syslog",
+				       ISC_LOG_TOSYSLOG, ISC_LOG_INFO,
+				       &destination, 0);
+	if (result != ISC_R_SUCCESS)
+		goto cleanup;
+#endif
+
 	result = ISC_R_SUCCESS;
 
  cleanup:
diff --git a/usr.sbin/bind/bin/named/lwresd.8 b/usr.sbin/bind/bin/named/lwresd.8
index d1473e8d72d..94975dfb47a 100644
--- a/usr.sbin/bind/bin/named/lwresd.8
+++ b/usr.sbin/bind/bin/named/lwresd.8
@@ -1,135 +1,135 @@
-.\" Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001  Internet Software Consortium.
-.\"
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
+.\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
-.\"
+.\" 
 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $ISC: lwresd.8,v 1.13.208.2 2004/06/03 05:35:47 marka Exp $
+.\" $ISC: lwresd.8,v 1.13.208.5 2005/10/13 02:33:47 marka Exp $
 .\"
-.TH "LWRESD" "8" "June 30, 2000" "BIND9" ""
-.SH NAME
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "LWRESD" "8" "June 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
 lwresd \- lightweight resolver daemon
-.SH SYNOPSIS
-.sp
-\fBlwresd\fR [ \fB-C \fIconfig-file\fB\fR ]  [ \fB-d \fIdebug-level\fB\fR ]  [ \fB-f\fR ]  [ \fB-g\fR ]  [ \fB-i \fIpid-file\fB\fR ]  [ \fB-n \fI#cpus\fB\fR ]  [ \fB-P \fIport\fB\fR ]  [ \fB-p \fIport\fB\fR ]  [ \fB-s\fR ]  [ \fB-t \fIdirectory\fB\fR ]  [ \fB-u \fIuser\fB\fR ]  [ \fB-v\fR ] 
+.SH "SYNOPSIS"
+.HP 7
+\fBlwresd\fR [\fB\-C\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-i\ \fR\fB\fIpid\-file\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-P\ \fR\fB\fIport\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR]
 .SH "DESCRIPTION"
 .PP
-\fBlwresd\fR is the daemon providing name lookup
-services to clients that use the BIND 9 lightweight resolver
-library. It is essentially a stripped-down, caching-only name
-server that answers queries using the BIND 9 lightweight
-resolver protocol rather than the DNS protocol.
+\fBlwresd\fR
+is the daemon providing name lookup services to clients that use the BIND 9 lightweight resolver library. It is essentially a stripped\-down, caching\-only name server that answers queries using the BIND 9 lightweight resolver protocol rather than the DNS protocol.
 .PP
-\fBlwresd\fR listens for resolver queries on a
-UDP port on the IPv4 loopback interface, 127.0.0.1. This
-means that \fBlwresd\fR can only be used by
-processes running on the local machine. By default UDP port
-number 921 is used for lightweight resolver requests and
-responses.
+\fBlwresd\fR
+listens for resolver queries on a UDP port on the IPv4 loopback interface, 127.0.0.1. This means that
+\fBlwresd\fR
+can only be used by processes running on the local machine. By default UDP port number 921 is used for lightweight resolver requests and responses.
 .PP
-Incoming lightweight resolver requests are decoded by the
-server which then resolves them using the DNS protocol. When
-the DNS lookup completes, \fBlwresd\fR encodes
-the answers in the lightweight resolver format and returns
-them to the client that made the request.
+Incoming lightweight resolver requests are decoded by the server which then resolves them using the DNS protocol. When the DNS lookup completes,
+\fBlwresd\fR
+encodes the answers in the lightweight resolver format and returns them to the client that made the request.
 .PP
-If \fI/etc/resolv.conf\fR contains any
-\fBnameserver\fR entries, \fBlwresd\fR
-sends recursive DNS queries to those servers. This is similar
-to the use of forwarders in a caching name server. If no
-\fBnameserver\fR entries are present, or if
-forwarding fails, \fBlwresd\fR resolves the
-queries autonomously starting at the root name servers, using
-a built-in list of root server hints.
+If
+\fI/etc/resolv.conf\fR
+contains any
+\fBnameserver\fR
+entries,
+\fBlwresd\fR
+sends recursive DNS queries to those servers. This is similar to the use of forwarders in a caching name server. If no
+\fBnameserver\fR
+entries are present, or if forwarding fails,
+\fBlwresd\fR
+resolves the queries autonomously starting at the root name servers, using a built\-in list of root server hints.
 .SH "OPTIONS"
 .TP
-\fB-C \fIconfig-file\fB\fR
-Use \fIconfig-file\fR as the
-configuration file instead of the default,
+\-C \fIconfig\-file\fR
+Use
+\fIconfig\-file\fR
+as the configuration file instead of the default,
 \fI/etc/resolv.conf\fR.
 .TP
-\fB-d \fIdebug-level\fB\fR
-Set the daemon's debug level to \fIdebug-level\fR.
-Debugging traces from \fBlwresd\fR become
-more verbose as the debug level increases.
+\-d \fIdebug\-level\fR
+Set the daemon's debug level to
+\fIdebug\-level\fR. Debugging traces from
+\fBlwresd\fR
+become more verbose as the debug level increases.
 .TP
-\fB-f\fR
+\-f
 Run the server in the foreground (i.e. do not daemonize).
 .TP
-\fB-g\fR
-Run the server in the foreground and force all logging
-to \fIstderr\fR.
+\-g
+Run the server in the foreground and force all logging to
+\fIstderr\fR.
 .TP
-\fB-n \fI#cpus\fB\fR
-Create \fI#cpus\fR worker threads
-to take advantage of multiple CPUs. If not specified,
-\fBlwresd\fR will try to determine the
-number of CPUs present and create one thread per CPU.
-If it is unable to determine the number of CPUs, a
-single worker thread will be created.
+\-n \fI#cpus\fR
+Create
+\fI#cpus\fR
+worker threads to take advantage of multiple CPUs. If not specified,
+\fBlwresd\fR
+will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created.
 .TP
-\fB-P \fIport\fB\fR
+\-P \fIport\fR
 Listen for lightweight resolver queries on port
-\fIport\fR. If
-not specified, the default is port 921.
+\fIport\fR. If not specified, the default is port 921.
 .TP
-\fB-p \fIport\fB\fR
-Send DNS lookups to port \fIport\fR. If not
-specified, the default is port 53. This provides a
-way of testing the lightweight resolver daemon with a
-name server that listens for queries on a non-standard
-port number.
+\-p \fIport\fR
+Send DNS lookups to port
+\fIport\fR. If not specified, the default is port 53. This provides a way of testing the lightweight resolver daemon with a name server that listens for queries on a non\-standard port number.
 .TP
-\fB-s\fR
-Write memory usage statistics to \fIstdout\fR
+\-s
+Write memory usage statistics to
+\fIstdout\fR
 on exit.
-.sp
 .RS
 .B "Note:"
-This option is mainly of interest to BIND 9 developers
-and may be removed or changed in a future release.
+This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release.
 .RE
-.sp
 .TP
-\fB-t \fIdirectory\fB\fR
-\fBchroot()\fR to \fIdirectory\fR after
-processing the command line arguments, but before
-reading the configuration file.
-.sp
+\-t \fIdirectory\fR
+\fBchroot()\fR
+to
+\fIdirectory\fR
+after processing the command line arguments, but before reading the configuration file.
 .RS
 .B "Warning:"
 This option should be used in conjunction with the
-\fB-u\fR option, as chrooting a process
-running as root doesn't enhance security on most
-systems; the way \fBchroot()\fR is
-defined allows a process with root privileges to
-escape a chroot jail.
+\fB\-u\fR
+option, as chrooting a process running as root doesn't enhance security on most systems; the way
+\fBchroot()\fR
+is defined allows a process with root privileges to escape a chroot jail.
 .RE
-.sp
 .TP
-\fB-u \fIuser\fB\fR
-\fBsetuid()\fR to \fIuser\fR after completing
-privileged operations, such as creating sockets that
-listen on privileged ports.
+\-u \fIuser\fR
+\fBsetuid()\fR
+to
+\fIuser\fR
+after completing privileged operations, such as creating sockets that listen on privileged ports.
 .TP
-\fB-v\fR
+\-v
 Report the version number and exit.
 .SH "FILES"
 .TP
-\fB\fI/etc/resolv.conf\fB\fR
+\fI/etc/resolv.conf\fR
 The default configuration file.
 .TP
-\fB\fI/var/run/lwresd.pid\fB\fR
-The default process-id file.
+\fI/var/run/lwresd.pid\fR
+The default process\-id file.
 .SH "SEE ALSO"
 .PP
 \fBnamed\fR(8),
diff --git a/usr.sbin/bind/bin/named/lwresd.docbook b/usr.sbin/bind/bin/named/lwresd.docbook
index b05072e86ae..6743b090610 100644
--- a/usr.sbin/bind/bin/named/lwresd.docbook
+++ b/usr.sbin/bind/bin/named/lwresd.docbook
@@ -1,6 +1,8 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000, 2001  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and distribute this software for any
@@ -16,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $ISC: lwresd.docbook,v 1.6.208.2 2004/06/03 02:24:57 marka Exp $ -->
+<!-- $ISC: lwresd.docbook,v 1.6.208.4 2005/05/13 01:22:33 marka Exp $ -->
 
 <refentry>
   <refentryinfo>
@@ -29,6 +31,19 @@
     <refmiscinfo>BIND9</refmiscinfo>
   </refmeta>
 
+  <docinfo>
+    <copyright>
+      <year>2004</year>
+      <year>2005</year>
+      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+    </copyright>
+    <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <holder>Internet Software Consortium.</holder>
+    </copyright>
+  </docinfo>
+
   <refnamediv>
     <refname><application>lwresd</application></refname>
     <refpurpose>lightweight resolver daemon</refpurpose>
diff --git a/usr.sbin/bind/bin/named/named.conf.5 b/usr.sbin/bind/bin/named/named.conf.5
index f5f07731f87..36f6d03144e 100644
--- a/usr.sbin/bind/bin/named/named.conf.5
+++ b/usr.sbin/bind/bin/named/named.conf.5
@@ -1,32 +1,40 @@
-.\" Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
-.\"
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
-.\"
+.\" 
 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $ISC: named.conf.5,v 1.1.4.3 2004/10/18 02:33:06 marka Exp $
+.\" $ISC: named.conf.5,v 1.1.4.6 2005/10/13 02:33:47 marka Exp $
 .\"
-.TH "NAMED.CONF" "5" "Aug 13, 2004" "BIND9" ""
-.SH NAME
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "\\FINAMED.CONF\\FR" "5" "Aug 13, 2004" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
 named.conf \- configuration file for named
-.SH SYNOPSIS
-.sp
+.SH "SYNOPSIS"
+.HP 11
 \fBnamed.conf\fR
 .SH "DESCRIPTION"
 .PP
-\fInamed.conf\fR is the configuration file for
-\fBnamed\fR. Statements are enclosed
-in braces and terminated with a semi-colon. Clauses in
-the statements are also semi-colon terminated. The usual
-comment styles are supported:
+\fInamed.conf\fR
+is the configuration file for
+\fBnamed\fR. Statements are enclosed in braces and terminated with a semi\-colon. Clauses in the statements are also semi\-colon terminated. The usual comment styles are supported:
 .PP
 C style: /* */
 .PP
@@ -37,7 +45,6 @@ Unix style: # to end of line
 .sp
 .nf
 acl \fIstring\fR { \fIaddress_match_element\fR; ... };
-.sp
 .fi
 .SH "KEY"
 .sp
@@ -46,7 +53,6 @@ key \fIdomain_name\fR {
 	algorithm \fIstring\fR;
 	secret \fIstring\fR;
 };
-.sp
 .fi
 .SH "MASTERS"
 .sp
@@ -55,7 +61,6 @@ masters \fIstring\fR [ port \fIinteger\fR ] {
 	( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] |
 	\fIipv6_address\fR [port \fIinteger\fR] ) [ key \fIstring\fR ]; ...
 };
-.sp
 .fi
 .SH "SERVER"
 .sp
@@ -63,27 +68,24 @@ masters \fIstring\fR [ port \fIinteger\fR ] {
 server ( \fIipv4_address\fR | \fIipv6_address\fR ) {
 	bogus \fIboolean\fR;
 	edns \fIboolean\fR;
-	provide-ixfr \fIboolean\fR;
-	request-ixfr \fIboolean\fR;
+	provide\-ixfr \fIboolean\fR;
+	request\-ixfr \fIboolean\fR;
 	keys \fIserver_key\fR;
 	transfers \fIinteger\fR;
-	transfer-format ( many-answers | one-answer );
-	transfer-source ( \fIipv4_address\fR | * )
+	transfer\-format ( many\-answers | one\-answer );
+	transfer\-source ( \fIipv4_address\fR | * )
 		[ port ( \fIinteger\fR | * ) ];
-	transfer-source-v6 ( \fIipv6_address\fR | * )
+	transfer\-source\-v6 ( \fIipv6_address\fR | * )
 		[ port ( \fIinteger\fR | * ) ];
-
-	support-ixfr \fIboolean\fR; // obsolete
+	support\-ixfr \fIboolean\fR; // obsolete
 };
-.sp
 .fi
-.SH "TRUSTED-KEYS"
+.SH "TRUSTED\-KEYS"
 .sp
 .nf
-trusted-keys {
+trusted\-keys {
 	\fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ... 
 };
-.sp
 .fi
 .SH "CONTROLS"
 .sp
@@ -95,7 +97,6 @@ controls {
 		[ keys { \fIstring\fR; ... } ];
 	unix \fIunsupported\fR; // not implemented
 };
-.sp
 .fi
 .SH "LOGGING"
 .sp
@@ -107,363 +108,325 @@ logging {
 		null;
 		stderr;
 		severity \fIlog_severity\fR;
-		print-time \fIboolean\fR;
-		print-severity \fIboolean\fR;
-		print-category \fIboolean\fR;
+		print\-time \fIboolean\fR;
+		print\-severity \fIboolean\fR;
+		print\-category \fIboolean\fR;
 	};
 	category \fIstring\fR { \fIstring\fR; ... };
 };
-.sp
 .fi
 .SH "LWRES"
 .sp
 .nf
 lwres {
-	listen-on [ port \fIinteger\fR ] {
+	listen\-on [ port \fIinteger\fR ] {
 		( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
 	};
 	view \fIstring\fR \fIoptional_class\fR;
 	search { \fIstring\fR; ... };
 	ndots \fIinteger\fR;
 };
-.sp
 .fi
 .SH "OPTIONS"
 .sp
 .nf
 options {
-	avoid-v4-udp-ports { \fIport\fR; ... };
-	avoid-v6-udp-ports { \fIport\fR; ... };
+	avoid\-v4\-udp\-ports { \fIport\fR; ... };
+	avoid\-v6\-udp\-ports { \fIport\fR; ... };
 	blackhole { \fIaddress_match_element\fR; ... };
 	coresize \fIsize\fR;
 	datasize \fIsize\fR;
 	directory \fIquoted_string\fR;
-	dump-file \fIquoted_string\fR;
+	dump\-file \fIquoted_string\fR;
 	files \fIsize\fR;
-	heartbeat-interval \fIinteger\fR;
-	host-statistics \fIboolean\fR; // not implemented
-	host-statistics-max \fInumber\fR; // not implemented
+	heartbeat\-interval \fIinteger\fR;
+	host\-statistics \fIboolean\fR; // not implemented
+	host\-statistics\-max \fInumber\fR; // not implemented
 	hostname ( \fIquoted_string\fR | none );
-	interface-interval \fIinteger\fR;
-	listen-on [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
-	listen-on-v6 [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
-	match-mapped-addresses \fIboolean\fR;
-	memstatistics-file \fIquoted_string\fR;
-	pid-file ( \fIquoted_string\fR | none );
+	interface\-interval \fIinteger\fR;
+	listen\-on [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
+	listen\-on\-v6 [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
+	match\-mapped\-addresses \fIboolean\fR;
+	memstatistics\-file \fIquoted_string\fR;
+	pid\-file ( \fIquoted_string\fR | none );
 	port \fIinteger\fR;
 	querylog \fIboolean\fR;
-	recursing-file \fIquoted_string\fR;
-	random-device \fIquoted_string\fR;
-	recursive-clients \fIinteger\fR;
-	serial-query-rate \fIinteger\fR;
-	server-id ( \fIquoted_string\fR | none |;
+	recursing\-file \fIquoted_string\fR;
+	random\-device \fIquoted_string\fR;
+	recursive\-clients \fIinteger\fR;
+	serial\-query\-rate \fIinteger\fR;
+	server\-id ( \fIquoted_string\fR | none |;
 	stacksize \fIsize\fR;
-	statistics-file \fIquoted_string\fR;
-	statistics-interval \fIinteger\fR; // not yet implemented
-	tcp-clients \fIinteger\fR;
-	tcp-listen-queue \fIinteger\fR;
-	tkey-dhkey \fIquoted_string\fR \fIinteger\fR;
-	tkey-gssapi-credential \fIquoted_string\fR;
-	tkey-domain \fIquoted_string\fR;
-	transfers-per-ns \fIinteger\fR;
-	transfers-in \fIinteger\fR;
-	transfers-out \fIinteger\fR;
-	use-ixfr \fIboolean\fR;
+	statistics\-file \fIquoted_string\fR;
+	statistics\-interval \fIinteger\fR; // not yet implemented
+	tcp\-clients \fIinteger\fR;
+	tcp\-listen\-queue \fIinteger\fR;
+	tkey\-dhkey \fIquoted_string\fR \fIinteger\fR;
+	tkey\-gssapi\-credential \fIquoted_string\fR;
+	tkey\-domain \fIquoted_string\fR;
+	transfers\-per\-ns \fIinteger\fR;
+	transfers\-in \fIinteger\fR;
+	transfers\-out \fIinteger\fR;
+	use\-ixfr \fIboolean\fR;
 	version ( \fIquoted_string\fR | none );
-	allow-recursion { \fIaddress_match_element\fR; ... };
+	allow\-recursion { \fIaddress_match_element\fR; ... };
 	sortlist { \fIaddress_match_element\fR; ... };
 	topology { \fIaddress_match_element\fR; ... }; // not implemented
-	auth-nxdomain \fIboolean\fR; // default changed
-	minimal-responses \fIboolean\fR;
+	auth\-nxdomain \fIboolean\fR; // default changed
+	minimal\-responses \fIboolean\fR;
 	recursion \fIboolean\fR;
-	rrset-order {
+	rrset\-order {
 		[ class \fIstring\fR ] [ type \fIstring\fR ]
 		[ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
 	};
-	provide-ixfr \fIboolean\fR;
-	request-ixfr \fIboolean\fR;
-	rfc2308-type1 \fIboolean\fR; // not yet implemented
-	additional-from-auth \fIboolean\fR;
-	additional-from-cache \fIboolean\fR;
-	query-source \fIquerysource4\fR;
-	query-source-v6 \fIquerysource6\fR;
-	cleaning-interval \fIinteger\fR;
-	min-roots \fIinteger\fR; // not implemented
-	lame-ttl \fIinteger\fR;
-	max-ncache-ttl \fIinteger\fR;
-	max-cache-ttl \fIinteger\fR;
-	transfer-format ( many-answers | one-answer );
-	max-cache-size \fIsize_no_default\fR;
-	check-names ( master | slave | response )
+	provide\-ixfr \fIboolean\fR;
+	request\-ixfr \fIboolean\fR;
+	rfc2308\-type1 \fIboolean\fR; // not yet implemented
+	additional\-from\-auth \fIboolean\fR;
+	additional\-from\-cache \fIboolean\fR;
+	query\-source \fIquerysource4\fR;
+	query\-source\-v6 \fIquerysource6\fR;
+	cleaning\-interval \fIinteger\fR;
+	min\-roots \fIinteger\fR; // not implemented
+	lame\-ttl \fIinteger\fR;
+	max\-ncache\-ttl \fIinteger\fR;
+	max\-cache\-ttl \fIinteger\fR;
+	transfer\-format ( many\-answers | one\-answer );
+	max\-cache\-size \fIsize_no_default\fR;
+	check\-names ( master | slave | response )
 		( fail | warn | ignore );
-	cache-file \fIquoted_string\fR;
-	suppress-initial-notify \fIboolean\fR; // not yet implemented
-	preferred-glue \fIstring\fR;
-	dual-stack-servers [ port \fIinteger\fR ] {
+	cache\-file \fIquoted_string\fR;
+	suppress\-initial\-notify \fIboolean\fR; // not yet implemented
+	preferred\-glue \fIstring\fR;
+	dual\-stack\-servers [ port \fIinteger\fR ] {
 		( \fIquoted_string\fR [port \fIinteger\fR] |
 		\fIipv4_address\fR [port \fIinteger\fR] |
 		\fIipv6_address\fR [port \fIinteger\fR] ); ...
 	}
-	edns-udp-size \fIinteger\fR;
-	root-delegation-only [ exclude { \fIquoted_string\fR; ... } ];
-	disable-algorithms \fIstring\fR { \fIstring\fR; ... };
-	dnssec-enable \fIboolean\fR;
-	dnssec-lookaside \fIstring\fR trust-anchor \fIstring\fR;
-	dnssec-must-be-secure \fIstring\fR \fIboolean\fR;
-
+	edns\-udp\-size \fIinteger\fR;
+	root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ];
+	disable\-algorithms \fIstring\fR { \fIstring\fR; ... };
+	dnssec\-enable \fIboolean\fR;
+	dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR;
+	dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
 	dialup \fIdialuptype\fR;
-	ixfr-from-differences \fIixfrdiff\fR;
-
-	allow-query { \fIaddress_match_element\fR; ... };
-	allow-transfer { \fIaddress_match_element\fR; ... };
-	allow-update-forwarding { \fIaddress_match_element\fR; ... };
-
+	ixfr\-from\-differences \fIixfrdiff\fR;
+	allow\-query { \fIaddress_match_element\fR; ... };
+	allow\-transfer { \fIaddress_match_element\fR; ... };
+	allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
 	notify \fInotifytype\fR;
-	notify-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
-	notify-source-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
-	also-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
+	notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
+	notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
+	also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
 		[ port \fIinteger\fR ]; ... };
-	allow-notify { \fIaddress_match_element\fR; ... };
-
+	allow\-notify { \fIaddress_match_element\fR; ... };
 	forward ( first | only );
 	forwarders [ port \fIinteger\fR ] {
 		( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
 	};
-
-	max-journal-size \fIsize_no_default\fR;
-	max-transfer-time-in \fIinteger\fR;
-	max-transfer-time-out \fIinteger\fR;
-	max-transfer-idle-in \fIinteger\fR;
-	max-transfer-idle-out \fIinteger\fR;
-	max-retry-time \fIinteger\fR;
-	min-retry-time \fIinteger\fR;
-	max-refresh-time \fIinteger\fR;
-	min-refresh-time \fIinteger\fR;
-	multi-master \fIboolean\fR;
-	sig-validity-interval \fIinteger\fR;
-
-	transfer-source ( \fIipv4_address\fR | * )
+	max\-journal\-size \fIsize_no_default\fR;
+	max\-transfer\-time\-in \fIinteger\fR;
+	max\-transfer\-time\-out \fIinteger\fR;
+	max\-transfer\-idle\-in \fIinteger\fR;
+	max\-transfer\-idle\-out \fIinteger\fR;
+	max\-retry\-time \fIinteger\fR;
+	min\-retry\-time \fIinteger\fR;
+	max\-refresh\-time \fIinteger\fR;
+	min\-refresh\-time \fIinteger\fR;
+	multi\-master \fIboolean\fR;
+	sig\-validity\-interval \fIinteger\fR;
+	transfer\-source ( \fIipv4_address\fR | * )
 		[ port ( \fIinteger\fR | * ) ];
-	transfer-source-v6 ( \fIipv6_address\fR | * )
+	transfer\-source\-v6 ( \fIipv6_address\fR | * )
 		[ port ( \fIinteger\fR | * ) ];
-
-	alt-transfer-source ( \fIipv4_address\fR | * )
+	alt\-transfer\-source ( \fIipv4_address\fR | * )
 		[ port ( \fIinteger\fR | * ) ];
-	alt-transfer-source-v6 ( \fIipv6_address\fR | * )
+	alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
 		[ port ( \fIinteger\fR | * ) ];
-	use-alt-transfer-source \fIboolean\fR;
-
-	zone-statistics \fIboolean\fR;
-	key-directory \fIquoted_string\fR;
-
-	allow-v6-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
-	deallocate-on-exit \fIboolean\fR; // obsolete
-	fake-iquery \fIboolean\fR; // obsolete
-	fetch-glue \fIboolean\fR; // obsolete
-	has-old-clients \fIboolean\fR; // obsolete
-	maintain-ixfr-base \fIboolean\fR; // obsolete
-	max-ixfr-log-size \fIsize\fR; // obsolete
-	multiple-cnames \fIboolean\fR; // obsolete
-	named-xfer \fIquoted_string\fR; // obsolete
-	serial-queries \fIinteger\fR; // obsolete
-	treat-cr-as-space \fIboolean\fR; // obsolete
-	use-id-pool \fIboolean\fR; // obsolete
+	use\-alt\-transfer\-source \fIboolean\fR;
+	zone\-statistics \fIboolean\fR;
+	key\-directory \fIquoted_string\fR;
+	allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
+	deallocate\-on\-exit \fIboolean\fR; // obsolete
+	fake\-iquery \fIboolean\fR; // obsolete
+	fetch\-glue \fIboolean\fR; // obsolete
+	has\-old\-clients \fIboolean\fR; // obsolete
+	maintain\-ixfr\-base \fIboolean\fR; // obsolete
+	max\-ixfr\-log\-size \fIsize\fR; // obsolete
+	multiple\-cnames \fIboolean\fR; // obsolete
+	named\-xfer \fIquoted_string\fR; // obsolete
+	serial\-queries \fIinteger\fR; // obsolete
+	treat\-cr\-as\-space \fIboolean\fR; // obsolete
+	use\-id\-pool \fIboolean\fR; // obsolete
 };
-.sp
 .fi
 .SH "VIEW"
 .sp
 .nf
 view \fIstring\fR \fIoptional_class\fR {
-	match-clients { \fIaddress_match_element\fR; ... };
-	match-destinations { \fIaddress_match_element\fR; ... };
-	match-recursive-only \fIboolean\fR;
-
+	match\-clients { \fIaddress_match_element\fR; ... };
+	match\-destinations { \fIaddress_match_element\fR; ... };
+	match\-recursive\-only \fIboolean\fR;
 	key \fIstring\fR {
 		algorithm \fIstring\fR;
 		secret \fIstring\fR;
 	};
-
 	zone \fIstring\fR \fIoptional_class\fR {
 		...
 	};
-
 	server ( \fIipv4_address\fR | \fIipv6_address\fR ) {
 		...
 	};
-
-	trusted-keys {
+	trusted\-keys {
 		\fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; ...
 	};
-
-	allow-recursion { \fIaddress_match_element\fR; ... };
+	allow\-recursion { \fIaddress_match_element\fR; ... };
 	sortlist { \fIaddress_match_element\fR; ... };
 	topology { \fIaddress_match_element\fR; ... }; // not implemented
-	auth-nxdomain \fIboolean\fR; // default changed
-	minimal-responses \fIboolean\fR;
+	auth\-nxdomain \fIboolean\fR; // default changed
+	minimal\-responses \fIboolean\fR;
 	recursion \fIboolean\fR;
-	rrset-order {
+	rrset\-order {
 		[ class \fIstring\fR ] [ type \fIstring\fR ]
 		[ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
 	};
-	provide-ixfr \fIboolean\fR;
-	request-ixfr \fIboolean\fR;
-	rfc2308-type1 \fIboolean\fR; // not yet implemented
-	additional-from-auth \fIboolean\fR;
-	additional-from-cache \fIboolean\fR;
-	query-source \fIquerysource4\fR;
-	query-source-v6 \fIquerysource6\fR;
-	cleaning-interval \fIinteger\fR;
-	min-roots \fIinteger\fR; // not implemented
-	lame-ttl \fIinteger\fR;
-	max-ncache-ttl \fIinteger\fR;
-	max-cache-ttl \fIinteger\fR;
-	transfer-format ( many-answers | one-answer );
-	max-cache-size \fIsize_no_default\fR;
-	check-names ( master | slave | response )
+	provide\-ixfr \fIboolean\fR;
+	request\-ixfr \fIboolean\fR;
+	rfc2308\-type1 \fIboolean\fR; // not yet implemented
+	additional\-from\-auth \fIboolean\fR;
+	additional\-from\-cache \fIboolean\fR;
+	query\-source \fIquerysource4\fR;
+	query\-source\-v6 \fIquerysource6\fR;
+	cleaning\-interval \fIinteger\fR;
+	min\-roots \fIinteger\fR; // not implemented
+	lame\-ttl \fIinteger\fR;
+	max\-ncache\-ttl \fIinteger\fR;
+	max\-cache\-ttl \fIinteger\fR;
+	transfer\-format ( many\-answers | one\-answer );
+	max\-cache\-size \fIsize_no_default\fR;
+	check\-names ( master | slave | response )
 		( fail | warn | ignore );
-	cache-file \fIquoted_string\fR;
-	suppress-initial-notify \fIboolean\fR; // not yet implemented
-	preferred-glue \fIstring\fR;
-	dual-stack-servers [ port \fIinteger\fR ] {
+	cache\-file \fIquoted_string\fR;
+	suppress\-initial\-notify \fIboolean\fR; // not yet implemented
+	preferred\-glue \fIstring\fR;
+	dual\-stack\-servers [ port \fIinteger\fR ] {
 		( \fIquoted_string\fR [port \fIinteger\fR] |
 		\fIipv4_address\fR [port \fIinteger\fR] |
 		\fIipv6_address\fR [port \fIinteger\fR] ); ...
 	};
-	edns-udp-size \fIinteger\fR;
-	root-delegation-only [ exclude { \fIquoted_string\fR; ... } ];
-	disable-algorithms \fIstring\fR { \fIstring\fR; ... };
-	dnssec-enable \fIboolean\fR;
-	dnssec-lookaside \fIstring\fR trust-anchor \fIstring\fR;
-
-	dnssec-must-be-secure \fIstring\fR \fIboolean\fR;
+	edns\-udp\-size \fIinteger\fR;
+	root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ];
+	disable\-algorithms \fIstring\fR { \fIstring\fR; ... };
+	dnssec\-enable \fIboolean\fR;
+	dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR;
+	dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR;
 	dialup \fIdialuptype\fR;
-	ixfr-from-differences \fIixfrdiff\fR;
-
-	allow-query { \fIaddress_match_element\fR; ... };
-	allow-transfer { \fIaddress_match_element\fR; ... };
-	allow-update-forwarding { \fIaddress_match_element\fR; ... };
-
+	ixfr\-from\-differences \fIixfrdiff\fR;
+	allow\-query { \fIaddress_match_element\fR; ... };
+	allow\-transfer { \fIaddress_match_element\fR; ... };
+	allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
 	notify \fInotifytype\fR;
-	notify-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
-	notify-source-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
-	also-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
+	notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
+	notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
+	also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
 		[ port \fIinteger\fR ]; ... };
-	allow-notify { \fIaddress_match_element\fR; ... };
-
+	allow\-notify { \fIaddress_match_element\fR; ... };
 	forward ( first | only );
 	forwarders [ port \fIinteger\fR ] {
 		( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
 	};
-
-	max-journal-size \fIsize_no_default\fR;
-	max-transfer-time-in \fIinteger\fR;
-	max-transfer-time-out \fIinteger\fR;
-	max-transfer-idle-in \fIinteger\fR;
-	max-transfer-idle-out \fIinteger\fR;
-	max-retry-time \fIinteger\fR;
-	min-retry-time \fIinteger\fR;
-	max-refresh-time \fIinteger\fR;
-	min-refresh-time \fIinteger\fR;
-	multi-master \fIboolean\fR;
-	sig-validity-interval \fIinteger\fR;
-
-	transfer-source ( \fIipv4_address\fR | * )
+	max\-journal\-size \fIsize_no_default\fR;
+	max\-transfer\-time\-in \fIinteger\fR;
+	max\-transfer\-time\-out \fIinteger\fR;
+	max\-transfer\-idle\-in \fIinteger\fR;
+	max\-transfer\-idle\-out \fIinteger\fR;
+	max\-retry\-time \fIinteger\fR;
+	min\-retry\-time \fIinteger\fR;
+	max\-refresh\-time \fIinteger\fR;
+	min\-refresh\-time \fIinteger\fR;
+	multi\-master \fIboolean\fR;
+	sig\-validity\-interval \fIinteger\fR;
+	transfer\-source ( \fIipv4_address\fR | * )
 		[ port ( \fIinteger\fR | * ) ];
-	transfer-source-v6 ( \fIipv6_address\fR | * )
+	transfer\-source\-v6 ( \fIipv6_address\fR | * )
 		[ port ( \fIinteger\fR | * ) ];
-
-	alt-transfer-source ( \fIipv4_address\fR | * )
+	alt\-transfer\-source ( \fIipv4_address\fR | * )
 		[ port ( \fIinteger\fR | * ) ];
-	alt-transfer-source-v6 ( \fIipv6_address\fR | * )
+	alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
 		[ port ( \fIinteger\fR | * ) ];
-	use-alt-transfer-source \fIboolean\fR;
-
-	zone-statistics \fIboolean\fR;
-	key-directory \fIquoted_string\fR;
-
-	allow-v6-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
-	fetch-glue \fIboolean\fR; // obsolete
-	maintain-ixfr-base \fIboolean\fR; // obsolete
-	max-ixfr-log-size \fIsize\fR; // obsolete
+	use\-alt\-transfer\-source \fIboolean\fR;
+	zone\-statistics \fIboolean\fR;
+	key\-directory \fIquoted_string\fR;
+	allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
+	fetch\-glue \fIboolean\fR; // obsolete
+	maintain\-ixfr\-base \fIboolean\fR; // obsolete
+	max\-ixfr\-log\-size \fIsize\fR; // obsolete
 };
-.sp
 .fi
 .SH "ZONE"
 .sp
 .nf
 zone \fIstring\fR \fIoptional_class\fR {
 	type ( master | slave | stub | hint |
-		forward | delegation-only );
+		forward | delegation\-only );
 	file \fIquoted_string\fR;
-
 	masters [ port \fIinteger\fR ] {
 		( \fImasters\fR |
 		\fIipv4_address\fR [port \fIinteger\fR] |
 		\fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; ...
 	};
-
 	database \fIstring\fR;
-	delegation-only \fIboolean\fR;
-	check-names ( fail | warn | ignore );
+	delegation\-only \fIboolean\fR;
+	check\-names ( fail | warn | ignore );
 	dialup \fIdialuptype\fR;
-	ixfr-from-differences \fIboolean\fR;
-
-	allow-query { \fIaddress_match_element\fR; ... };
-	allow-transfer { \fIaddress_match_element\fR; ... };
-	allow-update { \fIaddress_match_element\fR; ... };
-	allow-update-forwarding { \fIaddress_match_element\fR; ... };
-	update-policy {
+	ixfr\-from\-differences \fIboolean\fR;
+	allow\-query { \fIaddress_match_element\fR; ... };
+	allow\-transfer { \fIaddress_match_element\fR; ... };
+	allow\-update { \fIaddress_match_element\fR; ... };
+	allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
+	update\-policy {
 		( grant | deny ) \fIstring\fR
 		( name | subdomain | wildcard | self ) \fIstring\fR
 		\fIrrtypelist\fR; ...
 	};
-
 	notify \fInotifytype\fR;
-	notify-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
-	notify-source-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
-	also-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
+	notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
+	notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
+	also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
 		[ port \fIinteger\fR ]; ... };
-	allow-notify { \fIaddress_match_element\fR; ... };
-
+	allow\-notify { \fIaddress_match_element\fR; ... };
 	forward ( first | only );
 	forwarders [ port \fIinteger\fR ] {
 		( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
 	};
-
-	max-journal-size \fIsize_no_default\fR;
-	max-transfer-time-in \fIinteger\fR;
-	max-transfer-time-out \fIinteger\fR;
-	max-transfer-idle-in \fIinteger\fR;
-	max-transfer-idle-out \fIinteger\fR;
-	max-retry-time \fIinteger\fR;
-	min-retry-time \fIinteger\fR;
-	max-refresh-time \fIinteger\fR;
-	min-refresh-time \fIinteger\fR;
-	multi-master \fIboolean\fR;
-	sig-validity-interval \fIinteger\fR;
-
-	transfer-source ( \fIipv4_address\fR | * )
+	max\-journal\-size \fIsize_no_default\fR;
+	max\-transfer\-time\-in \fIinteger\fR;
+	max\-transfer\-time\-out \fIinteger\fR;
+	max\-transfer\-idle\-in \fIinteger\fR;
+	max\-transfer\-idle\-out \fIinteger\fR;
+	max\-retry\-time \fIinteger\fR;
+	min\-retry\-time \fIinteger\fR;
+	max\-refresh\-time \fIinteger\fR;
+	min\-refresh\-time \fIinteger\fR;
+	multi\-master \fIboolean\fR;
+	sig\-validity\-interval \fIinteger\fR;
+	transfer\-source ( \fIipv4_address\fR | * )
 		[ port ( \fIinteger\fR | * ) ];
-	transfer-source-v6 ( \fIipv6_address\fR | * )
+	transfer\-source\-v6 ( \fIipv6_address\fR | * )
 		[ port ( \fIinteger\fR | * ) ];
-
-	alt-transfer-source ( \fIipv4_address\fR | * )
+	alt\-transfer\-source ( \fIipv4_address\fR | * )
 		[ port ( \fIinteger\fR | * ) ];
-	alt-transfer-source-v6 ( \fIipv6_address\fR | * )
+	alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * )
 		[ port ( \fIinteger\fR | * ) ];
-	use-alt-transfer-source \fIboolean\fR;
-
-	zone-statistics \fIboolean\fR;
-	key-directory \fIquoted_string\fR;
-
-	ixfr-base \fIquoted_string\fR; // obsolete
-	ixfr-tmp-file \fIquoted_string\fR; // obsolete
-	maintain-ixfr-base \fIboolean\fR; // obsolete
-	max-ixfr-log-size \fIsize\fR; // obsolete
+	use\-alt\-transfer\-source \fIboolean\fR;
+	zone\-statistics \fIboolean\fR;
+	key\-directory \fIquoted_string\fR;
+	ixfr\-base \fIquoted_string\fR; // obsolete
+	ixfr\-tmp\-file \fIquoted_string\fR; // obsolete
+	maintain\-ixfr\-base \fIboolean\fR; // obsolete
+	max\-ixfr\-log\-size \fIsize\fR; // obsolete
 	pubkey \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; // obsolete
 };
-.sp
 .fi
 .SH "FILES"
 .PP
@@ -472,4 +435,4 @@ zone \fIstring\fR \fIoptional_class\fR {
 .PP
 \fBnamed\fR(8),
 \fBrndc\fR(8),
-\fBBIND 9 Adminstrators Reference Manual\fR.
+\fBBIND 9 Adminstrators Reference Manual\fR().
diff --git a/usr.sbin/bind/bin/named/named.conf.html b/usr.sbin/bind/bin/named/named.conf.html
index ea3fc0d2ff8..c07dbceec51 100644
--- a/usr.sbin/bind/bin/named/named.conf.html
+++ b/usr.sbin/bind/bin/named/named.conf.html
@@ -1,1897 +1,500 @@
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- -
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - 
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
- -
+ - 
  - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
-<!-- $ISC: named.conf.html,v 1.1.4.4 2004/10/18 02:33:06 marka Exp $ -->
-
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<HTML
-><HEAD
-><TITLE
->named.conf</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="AEN1"
-></A
-><TT
-CLASS="FILENAME"
->named.conf</TT
-></H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN9"
-></A
-><H2
->Name</H2
-><TT
-CLASS="FILENAME"
->named.conf</TT
->&nbsp;--&nbsp;configuration file for named</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN13"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->named.conf</B
-> </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN16"
-></A
-><H2
->DESCRIPTION</H2
-><P
->	<TT
-CLASS="FILENAME"
->named.conf</TT
-> is the configuration file for
-	<B
-CLASS="COMMAND"
->named</B
->.  Statements are enclosed
+<!-- $ISC: named.conf.html,v 1.1.4.10 2005/10/13 02:33:48 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>named.conf</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="id2463721"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><code class="filename">named.conf</code> &#8212; configuration file for named</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525889"></a><h2>DESCRIPTION</h2>
+<p>
+	<code class="filename">named.conf</code> is the configuration file for
+	<span><strong class="command">named</strong></span>.  Statements are enclosed
 	in braces and terminated with a semi-colon.  Clauses in
 	the statements are also semi-colon terminated.  The usual
 	comment styles are supported:
-    </P
-><P
->	C style: /* */
-    </P
-><P
->	C++ style: // to end of line
-    </P
-><P
->	Unix style: # to end of line
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN24"
-></A
-><H2
->ACL</H2
-><P
-CLASS="LITERALLAYOUT"
->acl&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};<br>&#13;</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN29"
-></A
-><H2
->KEY</H2
-><P
-CLASS="LITERALLAYOUT"
->key&nbsp;<VAR
-CLASS="REPLACEABLE"
->domain_name</VAR
->&nbsp;{<br>
-	algorithm&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->;<br>
-	secret&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->;<br>
-};</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN35"
-></A
-><H2
->MASTERS</H2
-><P
-CLASS="LITERALLAYOUT"
->masters&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> </SPAN
->]&nbsp;{<br>
-	(&nbsp;<VAR
-CLASS="REPLACEABLE"
->masters</VAR
->&nbsp;|&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv4_address</VAR
->&nbsp;[<SPAN
-CLASS="OPTIONAL"
->port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-></SPAN
->]&nbsp;|<br>
-	<VAR
-CLASS="REPLACEABLE"
->ipv6_address</VAR
->&nbsp;[<SPAN
-CLASS="OPTIONAL"
->port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-></SPAN
->]&nbsp;)&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> key <VAR
-CLASS="REPLACEABLE"
->string</VAR
-> </SPAN
->];&nbsp;...<br>
-};</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN50"
-></A
-><H2
->SERVER</H2
-><P
-CLASS="LITERALLAYOUT"
->server&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv4_address</VAR
->&nbsp;|&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv6_address</VAR
->&nbsp;)&nbsp;{<br>
-	bogus&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	edns&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	provide-ixfr&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	request-ixfr&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	keys&nbsp;<VAR
-CLASS="REPLACEABLE"
->server_key</VAR
->;<br>
-	transfers&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	transfer-format&nbsp;(&nbsp;many-answers&nbsp;|&nbsp;one-answer&nbsp;);<br>
-	transfer-source&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv4_address</VAR
->&nbsp;|&nbsp;*&nbsp;)<br>
-		[<SPAN
-CLASS="OPTIONAL"
-> port ( <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> | * ) </SPAN
->];<br>
-	transfer-source-v6&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv6_address</VAR
->&nbsp;|&nbsp;*&nbsp;)<br>
-		[<SPAN
-CLASS="OPTIONAL"
-> port ( <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> | * ) </SPAN
->];<br>
-<br>
-	support-ixfr&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;&nbsp;//&nbsp;obsolete<br>
-};</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN68"
-></A
-><H2
->TRUSTED-KEYS</H2
-><P
-CLASS="LITERALLAYOUT"
->trusted-keys&nbsp;{<br>
-	<VAR
-CLASS="REPLACEABLE"
->domain_name</VAR
->&nbsp;<VAR
-CLASS="REPLACEABLE"
->flags</VAR
->&nbsp;<VAR
-CLASS="REPLACEABLE"
->protocol</VAR
->&nbsp;<VAR
-CLASS="REPLACEABLE"
->algorithm</VAR
->&nbsp;<VAR
-CLASS="REPLACEABLE"
->key</VAR
->;&nbsp;...&nbsp;<br>
-};</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN76"
-></A
-><H2
->CONTROLS</H2
-><P
-CLASS="LITERALLAYOUT"
->controls&nbsp;{<br>
-	inet&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv4_address</VAR
->&nbsp;|&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv6_address</VAR
->&nbsp;|&nbsp;*&nbsp;)<br>
-		[<SPAN
-CLASS="OPTIONAL"
-> port ( <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> | * ) </SPAN
->]<br>
-		allow&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;}<br>
-		[<SPAN
-CLASS="OPTIONAL"
-> keys { <VAR
-CLASS="REPLACEABLE"
->string</VAR
->; ... } </SPAN
->];<br>
-	unix&nbsp;<VAR
-CLASS="REPLACEABLE"
->unsupported</VAR
->;&nbsp;//&nbsp;not&nbsp;implemented<br>
-};</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN87"
-></A
-><H2
->LOGGING</H2
-><P
-CLASS="LITERALLAYOUT"
->logging&nbsp;{<br>
-	channel&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->&nbsp;{<br>
-		file&nbsp;<VAR
-CLASS="REPLACEABLE"
->log_file</VAR
->;<br>
-		syslog&nbsp;<VAR
-CLASS="REPLACEABLE"
->optional_facility</VAR
->;<br>
+    </p>
+<p>
+	C style: /* */
+    </p>
+<p>
+	C++ style: // to end of line
+    </p>
+<p>
+	Unix style: # to end of line
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525917"></a><h2>ACL</h2>
+<div class="literallayout"><p><br>
+acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525933"></a><h2>KEY</h2>
+<div class="literallayout"><p><br>
+key <em class="replaceable"><code>domain_name</code></em> {<br>
+	algorithm <em class="replaceable"><code>string</code></em>;<br>
+	secret <em class="replaceable"><code>string</code></em>;<br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525953"></a><h2>MASTERS</h2>
+<div class="literallayout"><p><br>
+masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+	( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
+	<em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ...<br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525998"></a><h2>SERVER</h2>
+<div class="literallayout"><p><br>
+server ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) {<br>
+	bogus <em class="replaceable"><code>boolean</code></em>;<br>
+	edns <em class="replaceable"><code>boolean</code></em>;<br>
+	provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+	request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+	keys <em class="replaceable"><code>server_key</code></em>;<br>
+	transfers <em class="replaceable"><code>integer</code></em>;<br>
+	transfer-format ( many-answers | one-answer );<br>
+	transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
+		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+<br>
+	support-ixfr <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526056"></a><h2>TRUSTED-KEYS</h2>
+<div class="literallayout"><p><br>
+trusted-keys {<br>
+	<em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526082"></a><h2>CONTROLS</h2>
+<div class="literallayout"><p><br>
+controls {<br>
+	inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>]<br>
+		allow { <em class="replaceable"><code>address_match_element</code></em>; ... }<br>
+		[<span class="optional"> keys { <em class="replaceable"><code>string</code></em>; ... } </span>];<br>
+	unix <em class="replaceable"><code>unsupported</code></em>; // not implemented<br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526117"></a><h2>LOGGING</h2>
+<div class="literallayout"><p><br>
+logging {<br>
+	channel <em class="replaceable"><code>string</code></em> {<br>
+		file <em class="replaceable"><code>log_file</code></em>;<br>
+		syslog <em class="replaceable"><code>optional_facility</code></em>;<br>
 		null;<br>
 		stderr;<br>
-		severity&nbsp;<VAR
-CLASS="REPLACEABLE"
->log_severity</VAR
->;<br>
-		print-time&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-		print-severity&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-		print-category&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
+		severity <em class="replaceable"><code>log_severity</code></em>;<br>
+		print-time <em class="replaceable"><code>boolean</code></em>;<br>
+		print-severity <em class="replaceable"><code>boolean</code></em>;<br>
+		print-category <em class="replaceable"><code>boolean</code></em>;<br>
 	};<br>
-	category&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->;&nbsp;...&nbsp;};<br>
-};</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN99"
-></A
-><H2
->LWRES</H2
-><P
-CLASS="LITERALLAYOUT"
->lwres&nbsp;{<br>
-	listen-on&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> </SPAN
->]&nbsp;{<br>
-		(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv4_address</VAR
->&nbsp;|&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv6_address</VAR
->&nbsp;)&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> </SPAN
->];&nbsp;...<br>
+	category <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526155"></a><h2>LWRES</h2>
+<div class="literallayout"><p><br>
+lwres {<br>
+	listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+		( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
 	};<br>
-	view&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->&nbsp;<VAR
-CLASS="REPLACEABLE"
->optional_class</VAR
->;<br>
-	search&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->;&nbsp;...&nbsp;};<br>
-	ndots&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-};</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN112"
-></A
-><H2
->OPTIONS</H2
-><P
-CLASS="LITERALLAYOUT"
->options&nbsp;{<br>
-	avoid-v4-udp-ports&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->port</VAR
->;&nbsp;...&nbsp;};<br>
-	avoid-v6-udp-ports&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->port</VAR
->;&nbsp;...&nbsp;};<br>
-	blackhole&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};<br>
-	coresize&nbsp;<VAR
-CLASS="REPLACEABLE"
->size</VAR
->;<br>
-	datasize&nbsp;<VAR
-CLASS="REPLACEABLE"
->size</VAR
->;<br>
-	directory&nbsp;<VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->;<br>
-	dump-file&nbsp;<VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->;<br>
-	files&nbsp;<VAR
-CLASS="REPLACEABLE"
->size</VAR
->;<br>
-	heartbeat-interval&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	host-statistics&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;&nbsp;//&nbsp;not&nbsp;implemented<br>
-	host-statistics-max&nbsp;<VAR
-CLASS="REPLACEABLE"
->number</VAR
->;&nbsp;//&nbsp;not&nbsp;implemented<br>
-	hostname&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->&nbsp;|&nbsp;none&nbsp;);<br>
-	interface-interval&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	listen-on&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> </SPAN
->]&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};<br>
-	listen-on-v6&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> </SPAN
->]&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};<br>
-	match-mapped-addresses&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	memstatistics-file&nbsp;<VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->;<br>
-	pid-file&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->&nbsp;|&nbsp;none&nbsp;);<br>
-	port&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	querylog&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	recursing-file&nbsp;<VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->;<br>
-	random-device&nbsp;<VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->;<br>
-	recursive-clients&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	serial-query-rate&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	server-id&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->&nbsp;|&nbsp;none&nbsp;|;<br>
-	stacksize&nbsp;<VAR
-CLASS="REPLACEABLE"
->size</VAR
->;<br>
-	statistics-file&nbsp;<VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->;<br>
-	statistics-interval&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;&nbsp;//&nbsp;not&nbsp;yet&nbsp;implemented<br>
-	tcp-clients&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	tcp-listen-queue&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	tkey-dhkey&nbsp;<VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	tkey-gssapi-credential&nbsp;<VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->;<br>
-	tkey-domain&nbsp;<VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->;<br>
-	transfers-per-ns&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	transfers-in&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	transfers-out&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	use-ixfr&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	version&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->&nbsp;|&nbsp;none&nbsp;);<br>
-	allow-recursion&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};<br>
-	sortlist&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};<br>
-	topology&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};&nbsp;//&nbsp;not&nbsp;implemented<br>
-	auth-nxdomain&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;&nbsp;//&nbsp;default&nbsp;changed<br>
-	minimal-responses&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	recursion&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	rrset-order&nbsp;{<br>
-		[<SPAN
-CLASS="OPTIONAL"
-> class <VAR
-CLASS="REPLACEABLE"
->string</VAR
-> </SPAN
->]&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> type <VAR
-CLASS="REPLACEABLE"
->string</VAR
-> </SPAN
->]<br>
-		[<SPAN
-CLASS="OPTIONAL"
-> name <VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
-> </SPAN
->]&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->;&nbsp;...<br>
+	view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em>;<br>
+	search { <em class="replaceable"><code>string</code></em>; ... };<br>
+	ndots <em class="replaceable"><code>integer</code></em>;<br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526197"></a><h2>OPTIONS</h2>
+<div class="literallayout"><p><br>
+options {<br>
+	avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
+	avoid-v6-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
+	blackhole { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	coresize <em class="replaceable"><code>size</code></em>;<br>
+	datasize <em class="replaceable"><code>size</code></em>;<br>
+	directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+	dump-file <em class="replaceable"><code>quoted_string</code></em>;<br>
+	files <em class="replaceable"><code>size</code></em>;<br>
+	heartbeat-interval <em class="replaceable"><code>integer</code></em>;<br>
+	host-statistics <em class="replaceable"><code>boolean</code></em>; // not implemented<br>
+	host-statistics-max <em class="replaceable"><code>number</code></em>; // not implemented<br>
+	hostname ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
+	interface-interval <em class="replaceable"><code>integer</code></em>;<br>
+	listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	listen-on-v6 [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	match-mapped-addresses <em class="replaceable"><code>boolean</code></em>;<br>
+	memstatistics-file <em class="replaceable"><code>quoted_string</code></em>;<br>
+	pid-file ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
+	port <em class="replaceable"><code>integer</code></em>;<br>
+	querylog <em class="replaceable"><code>boolean</code></em>;<br>
+	recursing-file <em class="replaceable"><code>quoted_string</code></em>;<br>
+	random-device <em class="replaceable"><code>quoted_string</code></em>;<br>
+	recursive-clients <em class="replaceable"><code>integer</code></em>;<br>
+	serial-query-rate <em class="replaceable"><code>integer</code></em>;<br>
+	server-id ( <em class="replaceable"><code>quoted_string</code></em> | none |;<br>
+	stacksize <em class="replaceable"><code>size</code></em>;<br>
+	statistics-file <em class="replaceable"><code>quoted_string</code></em>;<br>
+	statistics-interval <em class="replaceable"><code>integer</code></em>; // not yet implemented<br>
+	tcp-clients <em class="replaceable"><code>integer</code></em>;<br>
+	tcp-listen-queue <em class="replaceable"><code>integer</code></em>;<br>
+	tkey-dhkey <em class="replaceable"><code>quoted_string</code></em> <em class="replaceable"><code>integer</code></em>;<br>
+	tkey-gssapi-credential <em class="replaceable"><code>quoted_string</code></em>;<br>
+	tkey-domain <em class="replaceable"><code>quoted_string</code></em>;<br>
+	transfers-per-ns <em class="replaceable"><code>integer</code></em>;<br>
+	transfers-in <em class="replaceable"><code>integer</code></em>;<br>
+	transfers-out <em class="replaceable"><code>integer</code></em>;<br>
+	use-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+	version ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
+	allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	topology { <em class="replaceable"><code>address_match_element</code></em>; ... }; // not implemented<br>
+	auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
+	minimal-responses <em class="replaceable"><code>boolean</code></em>;<br>
+	recursion <em class="replaceable"><code>boolean</code></em>;<br>
+	rrset-order {<br>
+		[<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>]<br>
+		[<span class="optional"> name <em class="replaceable"><code>quoted_string</code></em> </span>] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ...<br>
 	};<br>
-	provide-ixfr&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	request-ixfr&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	rfc2308-type1&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;&nbsp;//&nbsp;not&nbsp;yet&nbsp;implemented<br>
-	additional-from-auth&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	additional-from-cache&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	query-source&nbsp;<VAR
-CLASS="REPLACEABLE"
->querysource4</VAR
->;<br>
-	query-source-v6&nbsp;<VAR
-CLASS="REPLACEABLE"
->querysource6</VAR
->;<br>
-	cleaning-interval&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	min-roots&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;&nbsp;//&nbsp;not&nbsp;implemented<br>
-	lame-ttl&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	max-ncache-ttl&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	max-cache-ttl&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	transfer-format&nbsp;(&nbsp;many-answers&nbsp;|&nbsp;one-answer&nbsp;);<br>
-	max-cache-size&nbsp;<VAR
-CLASS="REPLACEABLE"
->size_no_default</VAR
->;<br>
-	check-names&nbsp;(&nbsp;master&nbsp;|&nbsp;slave&nbsp;|&nbsp;response&nbsp;)<br>
-		(&nbsp;fail&nbsp;|&nbsp;warn&nbsp;|&nbsp;ignore&nbsp;);<br>
-	cache-file&nbsp;<VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->;<br>
-	suppress-initial-notify&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;&nbsp;//&nbsp;not&nbsp;yet&nbsp;implemented<br>
-	preferred-glue&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->;<br>
-	dual-stack-servers&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> </SPAN
->]&nbsp;{<br>
-		(&nbsp;<VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->&nbsp;[<SPAN
-CLASS="OPTIONAL"
->port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-></SPAN
->]&nbsp;|<br>
-		<VAR
-CLASS="REPLACEABLE"
->ipv4_address</VAR
->&nbsp;[<SPAN
-CLASS="OPTIONAL"
->port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-></SPAN
->]&nbsp;|<br>
-		<VAR
-CLASS="REPLACEABLE"
->ipv6_address</VAR
->&nbsp;[<SPAN
-CLASS="OPTIONAL"
->port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-></SPAN
->]&nbsp;);&nbsp;...<br>
+	provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+	request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+	rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
+	additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
+	additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
+	query-source <em class="replaceable"><code>querysource4</code></em>;<br>
+	query-source-v6 <em class="replaceable"><code>querysource6</code></em>;<br>
+	cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
+	min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
+	lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
+	max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
+	max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
+	transfer-format ( many-answers | one-answer );<br>
+	max-cache-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+	check-names ( master | slave | response )<br>
+		( fail | warn | ignore );<br>
+	cache-file <em class="replaceable"><code>quoted_string</code></em>;<br>
+	suppress-initial-notify <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
+	preferred-glue <em class="replaceable"><code>string</code></em>;<br>
+	dual-stack-servers [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+		( <em class="replaceable"><code>quoted_string</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
+		<em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
+		<em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ); ...<br>
 	}<br>
-	edns-udp-size&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	root-delegation-only&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> exclude { <VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->; ... } </SPAN
->];<br>
-	disable-algorithms&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->;&nbsp;...&nbsp;};<br>
-	dnssec-enable&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	dnssec-lookaside&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->&nbsp;trust-anchor&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->;<br>
-	dnssec-must-be-secure&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-<br>
-	dialup&nbsp;<VAR
-CLASS="REPLACEABLE"
->dialuptype</VAR
->;<br>
-	ixfr-from-differences&nbsp;<VAR
-CLASS="REPLACEABLE"
->ixfrdiff</VAR
->;<br>
-<br>
-	allow-query&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};<br>
-	allow-transfer&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};<br>
-	allow-update-forwarding&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};<br>
-<br>
-	notify&nbsp;<VAR
-CLASS="REPLACEABLE"
->notifytype</VAR
->;<br>
-	notify-source&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv4_address</VAR
->&nbsp;|&nbsp;*&nbsp;)&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> port ( <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> | * ) </SPAN
->];<br>
-	notify-source-v6&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv6_address</VAR
->&nbsp;|&nbsp;*&nbsp;)&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> port ( <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> | * ) </SPAN
->];<br>
-	also-notify&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> </SPAN
->]&nbsp;{&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv4_address</VAR
->&nbsp;|&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv6_address</VAR
->&nbsp;)<br>
-		[<SPAN
-CLASS="OPTIONAL"
-> port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> </SPAN
->];&nbsp;...&nbsp;};<br>
-	allow-notify&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};<br>
-<br>
-	forward&nbsp;(&nbsp;first&nbsp;|&nbsp;only&nbsp;);<br>
-	forwarders&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> </SPAN
->]&nbsp;{<br>
-		(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv4_address</VAR
->&nbsp;|&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv6_address</VAR
->&nbsp;)&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> </SPAN
->];&nbsp;...<br>
+	edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+	root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
+	disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
+	dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br>
+	dnssec-lookaside <em class="replaceable"><code>string</code></em> trust-anchor <em class="replaceable"><code>string</code></em>;<br>
+	dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+	dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
+	ixfr-from-differences <em class="replaceable"><code>ixfrdiff</code></em>;<br>
+<br>
+	allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+<br>
+	notify <em class="replaceable"><code>notifytype</code></em>;<br>
+	notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
+		[<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
+	allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+<br>
+	forward ( first | only );<br>
+	forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+		( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
 	};<br>
 <br>
-	max-journal-size&nbsp;<VAR
-CLASS="REPLACEABLE"
->size_no_default</VAR
->;<br>
-	max-transfer-time-in&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	max-transfer-time-out&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	max-transfer-idle-in&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	max-transfer-idle-out&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	max-retry-time&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	min-retry-time&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	max-refresh-time&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	min-refresh-time&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	multi-master&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	sig-validity-interval&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-<br>
-	transfer-source&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv4_address</VAR
->&nbsp;|&nbsp;*&nbsp;)<br>
-		[<SPAN
-CLASS="OPTIONAL"
-> port ( <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> | * ) </SPAN
->];<br>
-	transfer-source-v6&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv6_address</VAR
->&nbsp;|&nbsp;*&nbsp;)<br>
-		[<SPAN
-CLASS="OPTIONAL"
-> port ( <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> | * ) </SPAN
->];<br>
-<br>
-	alt-transfer-source&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv4_address</VAR
->&nbsp;|&nbsp;*&nbsp;)<br>
-		[<SPAN
-CLASS="OPTIONAL"
-> port ( <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> | * ) </SPAN
->];<br>
-	alt-transfer-source-v6&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv6_address</VAR
->&nbsp;|&nbsp;*&nbsp;)<br>
-		[<SPAN
-CLASS="OPTIONAL"
-> port ( <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> | * ) </SPAN
->];<br>
-	use-alt-transfer-source&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-<br>
-	zone-statistics&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	key-directory&nbsp;<VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->;<br>
-<br>
-	allow-v6-synthesis&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};&nbsp;//&nbsp;obsolete<br>
-	deallocate-on-exit&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;&nbsp;//&nbsp;obsolete<br>
-	fake-iquery&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;&nbsp;//&nbsp;obsolete<br>
-	fetch-glue&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;&nbsp;//&nbsp;obsolete<br>
-	has-old-clients&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;&nbsp;//&nbsp;obsolete<br>
-	maintain-ixfr-base&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;&nbsp;//&nbsp;obsolete<br>
-	max-ixfr-log-size&nbsp;<VAR
-CLASS="REPLACEABLE"
->size</VAR
->;&nbsp;//&nbsp;obsolete<br>
-	multiple-cnames&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;&nbsp;//&nbsp;obsolete<br>
-	named-xfer&nbsp;<VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->;&nbsp;//&nbsp;obsolete<br>
-	serial-queries&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;&nbsp;//&nbsp;obsolete<br>
-	treat-cr-as-space&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;&nbsp;//&nbsp;obsolete<br>
-	use-id-pool&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;&nbsp;//&nbsp;obsolete<br>
-};</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN272"
-></A
-><H2
->VIEW</H2
-><P
-CLASS="LITERALLAYOUT"
->view&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->&nbsp;<VAR
-CLASS="REPLACEABLE"
->optional_class</VAR
->&nbsp;{<br>
-	match-clients&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};<br>
-	match-destinations&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};<br>
-	match-recursive-only&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-<br>
-	key&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->&nbsp;{<br>
-		algorithm&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->;<br>
-		secret&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->;<br>
+	max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+	max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
+	max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
+	max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
+	max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
+	max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+	min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+	max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+	min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+	multi-master <em class="replaceable"><code>boolean</code></em>;<br>
+	sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
+<br>
+	transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
+		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+<br>
+	alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
+		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+	zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
+	key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+<br>
+	allow-v6-synthesis { <em class="replaceable"><code>address_match_element</code></em>; ... }; // obsolete<br>
+	deallocate-on-exit <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+	fake-iquery <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+	fetch-glue <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+	has-old-clients <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+	maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+	max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
+	multiple-cnames <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+	named-xfer <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
+	serial-queries <em class="replaceable"><code>integer</code></em>; // obsolete<br>
+	treat-cr-as-space <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+	use-id-pool <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526858"></a><h2>VIEW</h2>
+<div class="literallayout"><p><br>
+view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
+	match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	match-destinations { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	match-recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+	key <em class="replaceable"><code>string</code></em> {<br>
+		algorithm <em class="replaceable"><code>string</code></em>;<br>
+		secret <em class="replaceable"><code>string</code></em>;<br>
 	};<br>
 <br>
-	zone&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->&nbsp;<VAR
-CLASS="REPLACEABLE"
->optional_class</VAR
->&nbsp;{<br>
+	zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
 		...<br>
 	};<br>
 <br>
-	server&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv4_address</VAR
->&nbsp;|&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv6_address</VAR
->&nbsp;)&nbsp;{<br>
+	server ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) {<br>
 		...<br>
 	};<br>
 <br>
-	trusted-keys&nbsp;{<br>
-		<VAR
-CLASS="REPLACEABLE"
->string</VAR
->&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->&nbsp;<VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->;&nbsp;...<br>
+	trusted-keys {<br>
+		<em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>; ...<br>
 	};<br>
 <br>
-	allow-recursion&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};<br>
-	sortlist&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};<br>
-	topology&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};&nbsp;//&nbsp;not&nbsp;implemented<br>
-	auth-nxdomain&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;&nbsp;//&nbsp;default&nbsp;changed<br>
-	minimal-responses&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	recursion&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	rrset-order&nbsp;{<br>
-		[<SPAN
-CLASS="OPTIONAL"
-> class <VAR
-CLASS="REPLACEABLE"
->string</VAR
-> </SPAN
->]&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> type <VAR
-CLASS="REPLACEABLE"
->string</VAR
-> </SPAN
->]<br>
-		[<SPAN
-CLASS="OPTIONAL"
-> name <VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
-> </SPAN
->]&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->;&nbsp;...<br>
+	allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	topology { <em class="replaceable"><code>address_match_element</code></em>; ... }; // not implemented<br>
+	auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
+	minimal-responses <em class="replaceable"><code>boolean</code></em>;<br>
+	recursion <em class="replaceable"><code>boolean</code></em>;<br>
+	rrset-order {<br>
+		[<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>]<br>
+		[<span class="optional"> name <em class="replaceable"><code>quoted_string</code></em> </span>] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ...<br>
 	};<br>
-	provide-ixfr&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	request-ixfr&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	rfc2308-type1&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;&nbsp;//&nbsp;not&nbsp;yet&nbsp;implemented<br>
-	additional-from-auth&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	additional-from-cache&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	query-source&nbsp;<VAR
-CLASS="REPLACEABLE"
->querysource4</VAR
->;<br>
-	query-source-v6&nbsp;<VAR
-CLASS="REPLACEABLE"
->querysource6</VAR
->;<br>
-	cleaning-interval&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	min-roots&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;&nbsp;//&nbsp;not&nbsp;implemented<br>
-	lame-ttl&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	max-ncache-ttl&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	max-cache-ttl&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	transfer-format&nbsp;(&nbsp;many-answers&nbsp;|&nbsp;one-answer&nbsp;);<br>
-	max-cache-size&nbsp;<VAR
-CLASS="REPLACEABLE"
->size_no_default</VAR
->;<br>
-	check-names&nbsp;(&nbsp;master&nbsp;|&nbsp;slave&nbsp;|&nbsp;response&nbsp;)<br>
-		(&nbsp;fail&nbsp;|&nbsp;warn&nbsp;|&nbsp;ignore&nbsp;);<br>
-	cache-file&nbsp;<VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->;<br>
-	suppress-initial-notify&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;&nbsp;//&nbsp;not&nbsp;yet&nbsp;implemented<br>
-	preferred-glue&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->;<br>
-	dual-stack-servers&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> </SPAN
->]&nbsp;{<br>
-		(&nbsp;<VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->&nbsp;[<SPAN
-CLASS="OPTIONAL"
->port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-></SPAN
->]&nbsp;|<br>
-		<VAR
-CLASS="REPLACEABLE"
->ipv4_address</VAR
->&nbsp;[<SPAN
-CLASS="OPTIONAL"
->port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-></SPAN
->]&nbsp;|<br>
-		<VAR
-CLASS="REPLACEABLE"
->ipv6_address</VAR
->&nbsp;[<SPAN
-CLASS="OPTIONAL"
->port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-></SPAN
->]&nbsp;);&nbsp;...<br>
+	provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+	request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+	rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
+	additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
+	additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
+	query-source <em class="replaceable"><code>querysource4</code></em>;<br>
+	query-source-v6 <em class="replaceable"><code>querysource6</code></em>;<br>
+	cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
+	min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
+	lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
+	max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
+	max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
+	transfer-format ( many-answers | one-answer );<br>
+	max-cache-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+	check-names ( master | slave | response )<br>
+		( fail | warn | ignore );<br>
+	cache-file <em class="replaceable"><code>quoted_string</code></em>;<br>
+	suppress-initial-notify <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
+	preferred-glue <em class="replaceable"><code>string</code></em>;<br>
+	dual-stack-servers [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+		( <em class="replaceable"><code>quoted_string</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
+		<em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
+		<em class="replaceable"><code>ipv6_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] ); ...<br>
 	};<br>
-	edns-udp-size&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	root-delegation-only&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> exclude { <VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->; ... } </SPAN
->];<br>
-	disable-algorithms&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->;&nbsp;...&nbsp;};<br>
-	dnssec-enable&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	dnssec-lookaside&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->&nbsp;trust-anchor&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->;<br>
-<br>
-	dnssec-must-be-secure&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	dialup&nbsp;<VAR
-CLASS="REPLACEABLE"
->dialuptype</VAR
->;<br>
-	ixfr-from-differences&nbsp;<VAR
-CLASS="REPLACEABLE"
->ixfrdiff</VAR
->;<br>
-<br>
-	allow-query&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};<br>
-	allow-transfer&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};<br>
-	allow-update-forwarding&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};<br>
-<br>
-	notify&nbsp;<VAR
-CLASS="REPLACEABLE"
->notifytype</VAR
->;<br>
-	notify-source&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv4_address</VAR
->&nbsp;|&nbsp;*&nbsp;)&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> port ( <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> | * ) </SPAN
->];<br>
-	notify-source-v6&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv6_address</VAR
->&nbsp;|&nbsp;*&nbsp;)&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> port ( <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> | * ) </SPAN
->];<br>
-	also-notify&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> </SPAN
->]&nbsp;{&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv4_address</VAR
->&nbsp;|&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv6_address</VAR
->&nbsp;)<br>
-		[<SPAN
-CLASS="OPTIONAL"
-> port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> </SPAN
->];&nbsp;...&nbsp;};<br>
-	allow-notify&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};<br>
-<br>
-	forward&nbsp;(&nbsp;first&nbsp;|&nbsp;only&nbsp;);<br>
-	forwarders&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> </SPAN
->]&nbsp;{<br>
-		(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv4_address</VAR
->&nbsp;|&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv6_address</VAR
->&nbsp;)&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> </SPAN
->];&nbsp;...<br>
+	edns-udp-size <em class="replaceable"><code>integer</code></em>;<br>
+	root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
+	disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
+	dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br>
+	dnssec-lookaside <em class="replaceable"><code>string</code></em> trust-anchor <em class="replaceable"><code>string</code></em>;<br>
+<br>
+	dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br>
+	dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
+	ixfr-from-differences <em class="replaceable"><code>ixfrdiff</code></em>;<br>
+<br>
+	allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+<br>
+	notify <em class="replaceable"><code>notifytype</code></em>;<br>
+	notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
+		[<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
+	allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+<br>
+	forward ( first | only );<br>
+	forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+		( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
 	};<br>
 <br>
-	max-journal-size&nbsp;<VAR
-CLASS="REPLACEABLE"
->size_no_default</VAR
->;<br>
-	max-transfer-time-in&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	max-transfer-time-out&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	max-transfer-idle-in&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	max-transfer-idle-out&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	max-retry-time&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	min-retry-time&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	max-refresh-time&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	min-refresh-time&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	multi-master&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	sig-validity-interval&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-<br>
-	transfer-source&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv4_address</VAR
->&nbsp;|&nbsp;*&nbsp;)<br>
-		[<SPAN
-CLASS="OPTIONAL"
-> port ( <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> | * ) </SPAN
->];<br>
-	transfer-source-v6&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv6_address</VAR
->&nbsp;|&nbsp;*&nbsp;)<br>
-		[<SPAN
-CLASS="OPTIONAL"
-> port ( <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> | * ) </SPAN
->];<br>
-<br>
-	alt-transfer-source&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv4_address</VAR
->&nbsp;|&nbsp;*&nbsp;)<br>
-		[<SPAN
-CLASS="OPTIONAL"
-> port ( <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> | * ) </SPAN
->];<br>
-	alt-transfer-source-v6&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv6_address</VAR
->&nbsp;|&nbsp;*&nbsp;)<br>
-		[<SPAN
-CLASS="OPTIONAL"
-> port ( <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> | * ) </SPAN
->];<br>
-	use-alt-transfer-source&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-<br>
-	zone-statistics&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	key-directory&nbsp;<VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->;<br>
-<br>
-	allow-v6-synthesis&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};&nbsp;//&nbsp;obsolete<br>
-	fetch-glue&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;&nbsp;//&nbsp;obsolete<br>
-	maintain-ixfr-base&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;&nbsp;//&nbsp;obsolete<br>
-	max-ixfr-log-size&nbsp;<VAR
-CLASS="REPLACEABLE"
->size</VAR
->;&nbsp;//&nbsp;obsolete<br>
-};</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN398"
-></A
-><H2
->ZONE</H2
-><P
-CLASS="LITERALLAYOUT"
->zone&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->&nbsp;<VAR
-CLASS="REPLACEABLE"
->optional_class</VAR
->&nbsp;{<br>
-	type&nbsp;(&nbsp;master&nbsp;|&nbsp;slave&nbsp;|&nbsp;stub&nbsp;|&nbsp;hint&nbsp;|<br>
-		forward&nbsp;|&nbsp;delegation-only&nbsp;);<br>
-	file&nbsp;<VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->;<br>
-<br>
-	masters&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> </SPAN
->]&nbsp;{<br>
-		(&nbsp;<VAR
-CLASS="REPLACEABLE"
->masters</VAR
->&nbsp;|<br>
-		<VAR
-CLASS="REPLACEABLE"
->ipv4_address</VAR
->&nbsp;[<SPAN
-CLASS="OPTIONAL"
->port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-></SPAN
->]&nbsp;|<br>
-		<VAR
-CLASS="REPLACEABLE"
->ipv6_address</VAR
->&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> </SPAN
->]&nbsp;)&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> key <VAR
-CLASS="REPLACEABLE"
->string</VAR
-> </SPAN
->];&nbsp;...<br>
+	max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+	max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
+	max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
+	max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
+	max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
+	max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+	min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+	max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+	min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+	multi-master <em class="replaceable"><code>boolean</code></em>;<br>
+	sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
+<br>
+	transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
+		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+<br>
+	alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
+		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+	zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
+	key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+<br>
+	allow-v6-synthesis { <em class="replaceable"><code>address_match_element</code></em>; ... }; // obsolete<br>
+	fetch-glue <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+	maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+	max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2527269"></a><h2>ZONE</h2>
+<div class="literallayout"><p><br>
+zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
+	type ( master | slave | stub | hint |<br>
+		forward | delegation-only );<br>
+	file <em class="replaceable"><code>quoted_string</code></em>;<br>
+<br>
+	masters [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+		( <em class="replaceable"><code>masters</code></em> |<br>
+		<em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
+		<em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ...<br>
 	};<br>
 <br>
-	database&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
->;<br>
-	delegation-only&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	check-names&nbsp;(&nbsp;fail&nbsp;|&nbsp;warn&nbsp;|&nbsp;ignore&nbsp;);<br>
-	dialup&nbsp;<VAR
-CLASS="REPLACEABLE"
->dialuptype</VAR
->;<br>
-	ixfr-from-differences&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-<br>
-	allow-query&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};<br>
-	allow-transfer&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};<br>
-	allow-update&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};<br>
-	allow-update-forwarding&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};<br>
-	update-policy&nbsp;{<br>
-		(&nbsp;grant&nbsp;|&nbsp;deny&nbsp;)&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
-><br>
-		(&nbsp;name&nbsp;|&nbsp;subdomain&nbsp;|&nbsp;wildcard&nbsp;|&nbsp;self&nbsp;)&nbsp;<VAR
-CLASS="REPLACEABLE"
->string</VAR
-><br>
-		<VAR
-CLASS="REPLACEABLE"
->rrtypelist</VAR
->;&nbsp;...<br>
+	database <em class="replaceable"><code>string</code></em>;<br>
+	delegation-only <em class="replaceable"><code>boolean</code></em>;<br>
+	check-names ( fail | warn | ignore );<br>
+	dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
+	ixfr-from-differences <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+	allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	update-policy {<br>
+		( grant | deny ) <em class="replaceable"><code>string</code></em><br>
+		( name | subdomain | wildcard | self ) <em class="replaceable"><code>string</code></em><br>
+		<em class="replaceable"><code>rrtypelist</code></em>; ...<br>
 	};<br>
 <br>
-	notify&nbsp;<VAR
-CLASS="REPLACEABLE"
->notifytype</VAR
->;<br>
-	notify-source&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv4_address</VAR
->&nbsp;|&nbsp;*&nbsp;)&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> port ( <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> | * ) </SPAN
->];<br>
-	notify-source-v6&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv6_address</VAR
->&nbsp;|&nbsp;*&nbsp;)&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> port ( <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> | * ) </SPAN
->];<br>
-	also-notify&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> </SPAN
->]&nbsp;{&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv4_address</VAR
->&nbsp;|&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv6_address</VAR
->&nbsp;)<br>
-		[<SPAN
-CLASS="OPTIONAL"
-> port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> </SPAN
->];&nbsp;...&nbsp;};<br>
-	allow-notify&nbsp;{&nbsp;<VAR
-CLASS="REPLACEABLE"
->address_match_element</VAR
->;&nbsp;...&nbsp;};<br>
+	notify <em class="replaceable"><code>notifytype</code></em>;<br>
+	notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
+		[<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
+	allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
 <br>
-	forward&nbsp;(&nbsp;first&nbsp;|&nbsp;only&nbsp;);<br>
-	forwarders&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> </SPAN
->]&nbsp;{<br>
-		(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv4_address</VAR
->&nbsp;|&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv6_address</VAR
->&nbsp;)&nbsp;[<SPAN
-CLASS="OPTIONAL"
-> port <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> </SPAN
->];&nbsp;...<br>
+	forward ( first | only );<br>
+	forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+		( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
 	};<br>
 <br>
-	max-journal-size&nbsp;<VAR
-CLASS="REPLACEABLE"
->size_no_default</VAR
->;<br>
-	max-transfer-time-in&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	max-transfer-time-out&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	max-transfer-idle-in&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	max-transfer-idle-out&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	max-retry-time&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	min-retry-time&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	max-refresh-time&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	min-refresh-time&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-	multi-master&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	sig-validity-interval&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->;<br>
-<br>
-	transfer-source&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv4_address</VAR
->&nbsp;|&nbsp;*&nbsp;)<br>
-		[<SPAN
-CLASS="OPTIONAL"
-> port ( <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> | * ) </SPAN
->];<br>
-	transfer-source-v6&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv6_address</VAR
->&nbsp;|&nbsp;*&nbsp;)<br>
-		[<SPAN
-CLASS="OPTIONAL"
-> port ( <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> | * ) </SPAN
->];<br>
-<br>
-	alt-transfer-source&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv4_address</VAR
->&nbsp;|&nbsp;*&nbsp;)<br>
-		[<SPAN
-CLASS="OPTIONAL"
-> port ( <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> | * ) </SPAN
->];<br>
-	alt-transfer-source-v6&nbsp;(&nbsp;<VAR
-CLASS="REPLACEABLE"
->ipv6_address</VAR
->&nbsp;|&nbsp;*&nbsp;)<br>
-		[<SPAN
-CLASS="OPTIONAL"
-> port ( <VAR
-CLASS="REPLACEABLE"
->integer</VAR
-> | * ) </SPAN
->];<br>
-	use-alt-transfer-source&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-<br>
-	zone-statistics&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;<br>
-	key-directory&nbsp;<VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->;<br>
-<br>
-	ixfr-base&nbsp;<VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->;&nbsp;//&nbsp;obsolete<br>
-	ixfr-tmp-file&nbsp;<VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->;&nbsp;//&nbsp;obsolete<br>
-	maintain-ixfr-base&nbsp;<VAR
-CLASS="REPLACEABLE"
->boolean</VAR
->;&nbsp;//&nbsp;obsolete<br>
-	max-ixfr-log-size&nbsp;<VAR
-CLASS="REPLACEABLE"
->size</VAR
->;&nbsp;//&nbsp;obsolete<br>
-	pubkey&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->&nbsp;<VAR
-CLASS="REPLACEABLE"
->integer</VAR
->&nbsp;<VAR
-CLASS="REPLACEABLE"
->quoted_string</VAR
->;&nbsp;//&nbsp;obsolete<br>
-};</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN480"
-></A
-><H2
->FILES</H2
-><P
-><TT
-CLASS="FILENAME"
->/etc/named.conf</TT
-></P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN484"
-></A
-><H2
->SEE ALSO</H2
-><P
-><SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->named</SPAN
->(8)</SPAN
->,
-<SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->rndc</SPAN
->(8)</SPAN
->,
-<SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->BIND 9 Adminstrators Reference Manual</SPAN
-></SPAN
->.</P
-></DIV
-></BODY
-></HTML
->
+	max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+	max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
+	max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
+	max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
+	max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
+	max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+	min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+	max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+	min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+	multi-master <em class="replaceable"><code>boolean</code></em>;<br>
+	sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
+<br>
+	transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
+		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+<br>
+	alt-transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
+		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+	zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
+	key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+<br>
+	ixfr-base <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
+	ixfr-tmp-file <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
+	maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+	max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
+	pubkey <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2527606"></a><h2>FILES</h2>
+<p>
+<code class="filename">/etc/named.conf</code>
+</p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2527619"></a><h2>SEE ALSO</h2>
+<p>
+<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+<span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
+<span class="citerefentry"><span class="refentrytitle">BIND 9 Adminstrators Reference Manual</span></span>.
+</p>
+</div>
+</div></body>
+</html>
diff --git a/usr.sbin/bind/bin/named/zoneconf.c b/usr.sbin/bind/bin/named/zoneconf.c
index ccca1487c43..5ece8787e7d 100644
--- a/usr.sbin/bind/bin/named/zoneconf.c
+++ b/usr.sbin/bind/bin/named/zoneconf.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $ISC: zoneconf.c,v 1.87.2.4.10.13 2004/04/20 14:12:09 marka Exp $ */
+/* $ISC: zoneconf.c,v 1.87.2.4.10.15 2005/09/06 02:12:39 marka Exp $ */
 
 #include <config.h>
 
@@ -375,17 +375,30 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig,
 	obj = NULL;
 	result = cfg_map_get(zoptions, "database", &obj);
 	if (result == ISC_R_SUCCESS)
-		cpval = cfg_obj_asstring(obj);
+		cpval = isc_mem_strdup(mctx, cfg_obj_asstring(obj));
 	else
 		cpval = default_dbtype;
-	RETERR(strtoargv(mctx, cpval, &dbargc, &dbargv));
+
+	if (cpval == NULL)
+		return(ISC_R_NOMEMORY);
+
+	result = strtoargv(mctx, cpval, &dbargc, &dbargv);
+	if (result != ISC_R_SUCCESS && cpval != default_dbtype) {
+		isc_mem_free(mctx, cpval);
+		return (result);
+	}
+
 	/*
 	 * ANSI C is strange here.  There is no logical reason why (char **)
 	 * cannot be promoted automatically to (const char * const *) by the
 	 * compiler w/o generating a warning.
 	 */
-	RETERR(dns_zone_setdbtype(zone, dbargc, (const char * const *)dbargv));
+	result = dns_zone_setdbtype(zone, dbargc, (const char * const *)dbargv);
 	isc_mem_put(mctx, dbargv, dbargc * sizeof(*dbargv));
+	if (cpval != default_dbtype)
+		isc_mem_free(mctx, cpval);
+	if (result != ISC_R_SUCCESS)
+		return (result);
 
 	obj = NULL;
 	result = cfg_map_get(zoptions, "file", &obj);
diff --git a/usr.sbin/bind/bin/rndc/rndc.conf.5 b/usr.sbin/bind/bin/rndc/rndc.conf.5
index ad1f9150b6d..c8ce8e7d255 100644
--- a/usr.sbin/bind/bin/rndc/rndc.conf.5
+++ b/usr.sbin/bind/bin/rndc/rndc.conf.5
@@ -1,35 +1,42 @@
-.\" Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001  Internet Software Consortium.
-.\"
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
+.\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
-.\"
+.\" 
 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $ISC: rndc.conf.5,v 1.21.206.2 2004/06/03 05:35:50 marka Exp $
+.\" $ISC: rndc.conf.5,v 1.21.206.5 2005/10/13 02:33:50 marka Exp $
 .\"
-.TH "RNDC.CONF" "5" "June 30, 2000" "BIND9" ""
-.SH NAME
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "\\FIRNDC.CONF\\FR" "5" "June 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
 rndc.conf \- rndc configuration file
-.SH SYNOPSIS
-.sp
+.SH "SYNOPSIS"
+.HP 10
 \fBrndc.conf\fR
 .SH "DESCRIPTION"
 .PP
-\fIrndc.conf\fR is the configuration file
-for \fBrndc\fR, the BIND 9 name server control
-utility. This file has a similar structure and syntax to
-\fInamed.conf\fR. Statements are enclosed
-in braces and terminated with a semi-colon. Clauses in
-the statements are also semi-colon terminated. The usual
-comment styles are supported:
+\fIrndc.conf\fR
+is the configuration file for
+\fBrndc\fR, the BIND 9 name server control utility. This file has a similar structure and syntax to
+\fInamed.conf\fR. Statements are enclosed in braces and terminated with a semi\-colon. Clauses in the statements are also semi\-colon terminated. The usual comment styles are supported:
 .PP
 C style: /* */
 .PP
@@ -37,106 +44,111 @@ C++ style: // to end of line
 .PP
 Unix style: # to end of line
 .PP
-\fIrndc.conf\fR is much simpler than
-\fInamed.conf\fR. The file uses three
-statements: an options statement, a server statement
-and a key statement.
-.PP
-The \fBoptions\fR statement contains three clauses.
-The \fBdefault-server\fR clause is followed by the
-name or address of a name server. This host will be used when
-no name server is given as an argument to
-\fBrndc\fR. The \fBdefault-key\fR
-clause is followed by the name of a key which is identified by
-a \fBkey\fR statement. If no
-\fBkeyid\fR is provided on the rndc command line,
-and no \fBkey\fR clause is found in a matching
-\fBserver\fR statement, this default key will be
-used to authenticate the server's commands and responses. The
-\fBdefault-port\fR clause is followed by the port
-to connect to on the remote name server. If no
-\fBport\fR option is provided on the rndc command
-line, and no \fBport\fR clause is found in a
-matching \fBserver\fR statement, this default port
-will be used to connect.
-.PP
-After the \fBserver\fR keyword, the server statement
-includes a string which is the hostname or address for a name
-server. The statement has two possible clauses:
-\fBkey\fR and \fBport\fR. The key name must
-match the name of a key statement in the file. The port number
-specifies the port to connect to.
-.PP
-The \fBkey\fR statement begins with an identifying
-string, the name of the key. The statement has two clauses.
-\fBalgorithm\fR identifies the encryption algorithm
-for \fBrndc\fR to use; currently only HMAC-MD5 is
-supported. This is followed by a secret clause which contains
-the base-64 encoding of the algorithm's encryption key. The
-base-64 string is enclosed in double quotes.
-.PP
-There are two common ways to generate the base-64 string for the
-secret. The BIND 9 program \fBrndc-confgen\fR can
-be used to generate a random key, or the
-\fBmmencode\fR program, also known as
-\fBmimencode\fR, can be used to generate a base-64
-string from known input. \fBmmencode\fR does not
-ship with BIND 9 but is available on many systems. See the
-EXAMPLE section for sample command lines for each.
+\fIrndc.conf\fR
+is much simpler than
+\fInamed.conf\fR. The file uses three statements: an options statement, a server statement and a key statement.
+.PP
+The
+\fBoptions\fR
+statement contains three clauses. The
+\fBdefault\-server\fR
+clause is followed by the name or address of a name server. This host will be used when no name server is given as an argument to
+\fBrndc\fR. The
+\fBdefault\-key\fR
+clause is followed by the name of a key which is identified by a
+\fBkey\fR
+statement. If no
+\fBkeyid\fR
+is provided on the rndc command line, and no
+\fBkey\fR
+clause is found in a matching
+\fBserver\fR
+statement, this default key will be used to authenticate the server's commands and responses. The
+\fBdefault\-port\fR
+clause is followed by the port to connect to on the remote name server. If no
+\fBport\fR
+option is provided on the rndc command line, and no
+\fBport\fR
+clause is found in a matching
+\fBserver\fR
+statement, this default port will be used to connect.
+.PP
+After the
+\fBserver\fR
+keyword, the server statement includes a string which is the hostname or address for a name server. The statement has two possible clauses:
+\fBkey\fR
+and
+\fBport\fR. The key name must match the name of a key statement in the file. The port number specifies the port to connect to.
+.PP
+The
+\fBkey\fR
+statement begins with an identifying string, the name of the key. The statement has two clauses.
+\fBalgorithm\fR
+identifies the encryption algorithm for
+\fBrndc\fR
+to use; currently only HMAC\-MD5 is supported. This is followed by a secret clause which contains the base\-64 encoding of the algorithm's encryption key. The base\-64 string is enclosed in double quotes.
+.PP
+There are two common ways to generate the base\-64 string for the secret. The BIND 9 program
+\fBrndc\-confgen\fR
+can be used to generate a random key, or the
+\fBmmencode\fR
+program, also known as
+\fBmimencode\fR, can be used to generate a base\-64 string from known input.
+\fBmmencode\fR
+does not ship with BIND 9 but is available on many systems. See the EXAMPLE section for sample command lines for each.
 .SH "EXAMPLE"
 .sp
 .nf
     options {
-        default-server  localhost;
-        default-key     samplekey;
+        default\-server  localhost;
+        default\-key     samplekey;
       };
-
       server localhost {
         key             samplekey;
       };
-
       key samplekey {
-        algorithm       hmac-md5;
+        algorithm       hmac\-md5;
         secret          "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
       };
-    
-.sp
 .fi
 .PP
-In the above example, \fBrndc\fR will by default use
-the server at localhost (127.0.0.1) and the key called samplekey.
-Commands to the localhost server will use the samplekey key, which
-must also be defined in the server's configuration file with the
-same name and secret. The key statement indicates that samplekey
-uses the HMAC-MD5 algorithm and its secret clause contains the
-base-64 encoding of the HMAC-MD5 secret enclosed in double quotes.
+In the above example,
+\fBrndc\fR
+will by default use the server at localhost (127.0.0.1) and the key called samplekey. Commands to the localhost server will use the samplekey key, which must also be defined in the server's configuration file with the same name and secret. The key statement indicates that samplekey uses the HMAC\-MD5 algorithm and its secret clause contains the base\-64 encoding of the HMAC\-MD5 secret enclosed in double quotes.
 .PP
-To generate a random secret with \fBrndc-confgen\fR:
+To generate a random secret with
+\fBrndc\-confgen\fR:
 .PP
-\fBrndc-confgen\fR
+\fBrndc\-confgen\fR
 .PP
-A complete \fIrndc.conf\fR file, including the
-randomly generated key, will be written to the standard
-output. Commented out \fBkey\fR and
-\fBcontrols\fR statements for
-\fInamed.conf\fR are also printed.
+A complete
+\fIrndc.conf\fR
+file, including the randomly generated key, will be written to the standard output. Commented out
+\fBkey\fR
+and
+\fBcontrols\fR
+statements for
+\fInamed.conf\fR
+are also printed.
 .PP
-To generate a base-64 secret with \fBmmencode\fR:
+To generate a base\-64 secret with
+\fBmmencode\fR:
 .PP
 \fBecho "known plaintext for a secret" | mmencode\fR
 .SH "NAME SERVER CONFIGURATION"
 .PP
-The name server must be configured to accept rndc connections and
-to recognize the key specified in the \fIrndc.conf\fR
-file, using the controls statement in \fInamed.conf\fR.
-See the sections on the \fBcontrols\fR statement in the
-BIND 9 Administrator Reference Manual for details.
+The name server must be configured to accept rndc connections and to recognize the key specified in the
+\fIrndc.conf\fR
+file, using the controls statement in
+\fInamed.conf\fR. See the sections on the
+\fBcontrols\fR
+statement in the BIND 9 Administrator Reference Manual for details.
 .SH "SEE ALSO"
 .PP
 \fBrndc\fR(8),
-\fBrndc-confgen\fR(8),
+\fBrndc\-confgen\fR(8),
 \fBmmencode\fR(1),
-\fIBIND 9 Administrator Reference Manual\fR.
+BIND 9 Administrator Reference Manual.
 .SH "AUTHOR"
 .PP
 Internet Systems Consortium
diff --git a/usr.sbin/bind/bin/rndc/rndc.conf.docbook b/usr.sbin/bind/bin/rndc/rndc.conf.docbook
index 85f352fdb34..78738688fe7 100644
--- a/usr.sbin/bind/bin/rndc/rndc.conf.docbook
+++ b/usr.sbin/bind/bin/rndc/rndc.conf.docbook
@@ -1,7 +1,9 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2001  Internet Software Consortium.
+ - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $ISC: rndc.conf.docbook,v 1.4.206.2 2004/06/03 02:24:58 marka Exp $ -->
+<!-- $ISC: rndc.conf.docbook,v 1.4.206.4 2005/05/12 21:36:04 sra Exp $ -->
 
 <refentry>
   <refentryinfo>
@@ -29,6 +31,19 @@
     <refmiscinfo>BIND9</refmiscinfo>
   </refmeta>
 
+  <docinfo>
+    <copyright>
+      <year>2004</year>
+      <year>2005</year>
+      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+    </copyright>
+    <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <holder>Internet Software Consortium.</holder>
+    </copyright>
+  </docinfo>
+
   <refnamediv>
     <refname><filename>rndc.conf</filename></refname>
     <refpurpose>rndc configuration file</refpurpose>
diff --git a/usr.sbin/bind/bin/tests/system/checkconf/bad.conf b/usr.sbin/bind/bin/tests/system/checkconf/bad.conf
new file mode 100644
index 00000000000..91f50f86dcb
--- /dev/null
+++ b/usr.sbin/bind/bin/tests/system/checkconf/bad.conf
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2005  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $ISC: bad.conf,v 1.2.4.1 2005/06/23 07:49:58 marka Exp $ */
+
+options {
+	avoid-v4-udp-ports { 100; }
+	avoid-v6-udp-ports { 100; };
+	blackhole { 10.0.0.0/8; };
+	coresize 1G;
+	datasize 100M;
+	deallocate-on-exit yes;
+	directory ".";
+	dump-file "named_dumpdb";
+	fake-iquery yes;
+	files 1000;
+	has-old-clients no;
+	heartbeat-interval 30;
+	host-statistics yes;
+	host-statistics-max 100;
+	hostname none;
+	interface-interval 30;
+	listen-on port 90 { any; };
+	listen-on port 100 { 127.0.0.1; };
+	listen-on-v6 port 53 { none; };
+	match-mapped-addresses yes;
+	memstatistics-file "named.memstats";
+	multiple-cnames no;
+	named-xfer "this is no longer needed";
+	pid-file none;
+	port 5300;
+	querylog yes;
+	recursing-file "named.recursing";
+	random-device "/dev/random";
+	recursive-clients 3000;
+	serial-queries 10;
+	serial-query-rate 100;
+	server-id none;
+};
diff --git a/usr.sbin/bind/bin/tests/system/checkconf/good.conf b/usr.sbin/bind/bin/tests/system/checkconf/good.conf
new file mode 100644
index 00000000000..f9dad3492fb
--- /dev/null
+++ b/usr.sbin/bind/bin/tests/system/checkconf/good.conf
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2005  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $ISC: good.conf,v 1.2.4.1 2005/06/23 07:49:59 marka Exp $ */
+
+/*
+ * This is just a random selection of configuration options.
+ */
+
+options {
+	avoid-v4-udp-ports { 100; };
+	avoid-v6-udp-ports { 100; };
+	blackhole { 10.0.0.0/8; };
+	coresize 1G;
+	datasize 100M;
+	deallocate-on-exit yes;
+	directory ".";
+	dump-file "named_dumpdb";
+	fake-iquery yes;
+	files 1000;
+	has-old-clients no;
+	heartbeat-interval 30;
+	host-statistics yes;
+	host-statistics-max 100;
+	hostname none;
+	interface-interval 30;
+	listen-on port 90 { any; };
+	listen-on port 100 { 127.0.0.1; };
+	listen-on-v6 port 53 { none; };
+	match-mapped-addresses yes;
+	memstatistics-file "named.memstats";
+	multiple-cnames no;
+	named-xfer "this is no longer needed";
+	pid-file none;
+	port 5300;
+	querylog yes;
+	recursing-file "named.recursing";
+	random-device "/dev/random";
+	recursive-clients 3000;
+	serial-queries 10;
+	serial-query-rate 100;
+	server-id none;
+};
diff --git a/usr.sbin/bind/bin/tests/system/checkconf/tests.sh b/usr.sbin/bind/bin/tests/system/checkconf/tests.sh
new file mode 100644
index 00000000000..2edd5b0fd02
--- /dev/null
+++ b/usr.sbin/bind/bin/tests/system/checkconf/tests.sh
@@ -0,0 +1,37 @@
+# Copyright (C) 2005  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $ISC: tests.sh,v 1.1.4.1 2005/06/23 07:49:59 marka Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+
+echo "I: checking that named-checkconf handles a known good config"
+
+ret=0
+$CHECKCONF good.conf > /dev/null 2>&1 || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I: checking that named-checkconf handles a known bad config"
+
+ret=1
+$CHECKCONF bad.conf > /dev/null 2>&1 || ret=0
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:exit status: $status"
+exit $status