NSD v3.2.8

59 files changed, 1453 insertions, 55 deletions

diff --git a/usr.sbin/nsd/LICENSE b/usr.sbin/nsd/LICENSE
index 55faacfc49b..955c3665a36 100644
--- a/usr.sbin/nsd/LICENSE
+++ b/usr.sbin/nsd/LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
 
 This software is open source.
 
diff --git a/usr.sbin/nsd/acx_nlnetlabs.m4 b/usr.sbin/nsd/acx_nlnetlabs.m4
index 50a4c69a3d8..10fd9703b60 100644
--- a/usr.sbin/nsd/acx_nlnetlabs.m4
+++ b/usr.sbin/nsd/acx_nlnetlabs.m4
@@ -1,5 +1,5 @@
 # acx_nlnetlabs.m4 - common macros for configure checks
-# Copyright 2009, Wouter Wijngaards, NLnet Labs.   
+# Copyright 2009-2011, NLnet Labs, Wouter Wijngaards.
 # BSD licensed.
 #
 # Version 10
diff --git a/usr.sbin/nsd/answer.c b/usr.sbin/nsd/answer.c
index 198d51f2431..0633f6083c9 100644
--- a/usr.sbin/nsd/answer.c
+++ b/usr.sbin/nsd/answer.c
@@ -1,7 +1,7 @@
 /*
  * answer.c -- manipulating query answers and encoding them.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/answer.h b/usr.sbin/nsd/answer.h
index acb3665af11..85d349f438d 100644
--- a/usr.sbin/nsd/answer.h
+++ b/usr.sbin/nsd/answer.h
@@ -1,7 +1,7 @@
 /*
  * answer.h -- manipulating query answers and encoding them.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/axfr.h b/usr.sbin/nsd/axfr.h
index 33a68629523..b5d7afc29fd 100644
--- a/usr.sbin/nsd/axfr.h
+++ b/usr.sbin/nsd/axfr.h
@@ -1,7 +1,7 @@
 /*
  * axfr.h -- generating AXFR responses.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/buffer.c b/usr.sbin/nsd/buffer.c
index e0f9859a24e..ba10dd2fe88 100644
--- a/usr.sbin/nsd/buffer.c
+++ b/usr.sbin/nsd/buffer.c
@@ -1,7 +1,7 @@
 /*
  * buffer.c -- generic memory buffer .
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/buffer.h b/usr.sbin/nsd/buffer.h
index bee7d8b29eb..28610fe9310 100644
--- a/usr.sbin/nsd/buffer.h
+++ b/usr.sbin/nsd/buffer.h
@@ -1,7 +1,7 @@
 /*
  * buffer.h -- generic memory buffer.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/compat/memcmp.c b/usr.sbin/nsd/compat/memcmp.c
index 9446276f410..1108a769558 100644
--- a/usr.sbin/nsd/compat/memcmp.c
+++ b/usr.sbin/nsd/compat/memcmp.c
@@ -1,7 +1,7 @@
 /*
  *	memcmp.c: memcmp compat implementation.
  *
- *	Copyright (c) 2010, NLnet Labs. All rights reserved.
+ * Copyright (c) 2010-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
 */
diff --git a/usr.sbin/nsd/compat/memmove.c b/usr.sbin/nsd/compat/memmove.c
index 0035bbf7533..74b374134fe 100644
--- a/usr.sbin/nsd/compat/memmove.c
+++ b/usr.sbin/nsd/compat/memmove.c
@@ -1,7 +1,7 @@
 /*
  *	memmove.c: memmove compat implementation.
  *
- *	Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
 */
diff --git a/usr.sbin/nsd/compat/strptime.c b/usr.sbin/nsd/compat/strptime.c
index 0c61cc9008a..6986d35ce73 100644
--- a/usr.sbin/nsd/compat/strptime.c
+++ b/usr.sbin/nsd/compat/strptime.c
@@ -10,7 +10,7 @@
   * - Does not properly processes year day
   *
   * LICENSE
-  * Copyright (c) 2008, NLnet Labs, Matthijs Mekking
+  * Copyright (c) 2008-2011, NLnet Labs, Matthijs Mekking.
   * All rights reserved.
   *
   * Redistribution and use in source and binary forms, with or without
diff --git a/usr.sbin/nsd/configlexer.lex b/usr.sbin/nsd/configlexer.lex
index 88a8c90f659..97923d2676e 100644
--- a/usr.sbin/nsd/configlexer.lex
+++ b/usr.sbin/nsd/configlexer.lex
@@ -2,7 +2,7 @@
 /*
  * configlexer.lex - lexical analyzer for NSD config file
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/configyyrename.h b/usr.sbin/nsd/configyyrename.h
index f1e125a1d1c..0cc377dfee2 100644
--- a/usr.sbin/nsd/configyyrename.h
+++ b/usr.sbin/nsd/configyyrename.h
@@ -1,7 +1,7 @@
 /*
  * configyyrename.h -- renames for config file yy values to avoid conflicts.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/dbaccess.c b/usr.sbin/nsd/dbaccess.c
index 09281aeabb4..76c63749b87 100644
--- a/usr.sbin/nsd/dbaccess.c
+++ b/usr.sbin/nsd/dbaccess.c
@@ -1,7 +1,7 @@
 /*
  * dbaccess.c -- access methods for nsd(8) database
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/dbcreate.c b/usr.sbin/nsd/dbcreate.c
index 17cce792860..1e23c18e2b1 100644
--- a/usr.sbin/nsd/dbcreate.c
+++ b/usr.sbin/nsd/dbcreate.c
@@ -1,7 +1,7 @@
 /*
  * dbcreate.c -- routines to create an nsd(8) name database
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/difffile.c b/usr.sbin/nsd/difffile.c
index 76203718fb5..bd6cbc70891 100644
--- a/usr.sbin/nsd/difffile.c
+++ b/usr.sbin/nsd/difffile.c
@@ -1,7 +1,7 @@
 /*
  * difffile.c - DIFF file handling source code. Read and write diff files.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/difffile.h b/usr.sbin/nsd/difffile.h
index 2f5f6cdf528..5e0123eafa6 100644
--- a/usr.sbin/nsd/difffile.h
+++ b/usr.sbin/nsd/difffile.h
@@ -1,7 +1,7 @@
 /*
  * difffile.h - nsd.diff file handling header file. Read/write diff files.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/dname.h b/usr.sbin/nsd/dname.h
index b68bc0dfe40..ed8e7f0730c 100644
--- a/usr.sbin/nsd/dname.h
+++ b/usr.sbin/nsd/dname.h
@@ -1,7 +1,7 @@
 /*
  * dname.h -- Domain name handling.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/edns.c b/usr.sbin/nsd/edns.c
index ab682d940a0..49f8678c914 100644
--- a/usr.sbin/nsd/edns.c
+++ b/usr.sbin/nsd/edns.c
@@ -1,7 +1,7 @@
 /*
  * edns.c -- EDNS definitions (RFC 2671).
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/edns.h b/usr.sbin/nsd/edns.h
index 79e26a20b4b..48e83e7fca1 100644
--- a/usr.sbin/nsd/edns.h
+++ b/usr.sbin/nsd/edns.h
@@ -1,7 +1,7 @@
 /*
  * edns.h -- EDNS definitions (RFC 2671).
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/ipc.c b/usr.sbin/nsd/ipc.c
index 449c0514fc1..a3b25849c4c 100644
--- a/usr.sbin/nsd/ipc.c
+++ b/usr.sbin/nsd/ipc.c
@@ -1,7 +1,7 @@
 /*
  * ipc.c - Interprocess communication routines. Handlers read and write.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/ipc.h b/usr.sbin/nsd/ipc.h
index 0f057388b2b..61efec5595c 100644
--- a/usr.sbin/nsd/ipc.h
+++ b/usr.sbin/nsd/ipc.h
@@ -1,7 +1,7 @@
 /*
  * ipc.h - Interprocess communication routines. Handlers read and write.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/iterated_hash.c b/usr.sbin/nsd/iterated_hash.c
index da29482087f..411c42903ab 100644
--- a/usr.sbin/nsd/iterated_hash.c
+++ b/usr.sbin/nsd/iterated_hash.c
@@ -1,7 +1,7 @@
 /*
  * iterated_hash.c -- nsec3 hash calculation.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/iterated_hash.h b/usr.sbin/nsd/iterated_hash.h
index 96ea89e8bf8..836b1022519 100644
--- a/usr.sbin/nsd/iterated_hash.h
+++ b/usr.sbin/nsd/iterated_hash.h
@@ -1,7 +1,7 @@
 /*
  * iterated_hash.h -- nsec3 hash calculation.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/namedb.c b/usr.sbin/nsd/namedb.c
index 82801fb545a..eec3759d178 100644
--- a/usr.sbin/nsd/namedb.c
+++ b/usr.sbin/nsd/namedb.c
@@ -1,7 +1,7 @@
 /*
  * namedb.c -- common namedb operations.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/namedb.h b/usr.sbin/nsd/namedb.h
index 2b9fed955f3..bc079261fc0 100644
--- a/usr.sbin/nsd/namedb.h
+++ b/usr.sbin/nsd/namedb.h
@@ -1,7 +1,7 @@
 /*
  * namedb.h -- nsd(8) internal namespace database definitions
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/netio.c b/usr.sbin/nsd/netio.c
index 664edfb3bd1..fb5cf4c5bd2 100644
--- a/usr.sbin/nsd/netio.c
+++ b/usr.sbin/nsd/netio.c
@@ -1,7 +1,7 @@
 /*
  * netio.c -- network I/O support.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/netio.h b/usr.sbin/nsd/netio.h
index 99d9c316aa3..d9097a9039d 100644
--- a/usr.sbin/nsd/netio.h
+++ b/usr.sbin/nsd/netio.h
@@ -1,7 +1,7 @@
 /*
  * netio.h -- network I/O support.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/nsd-checkconf.8.in b/usr.sbin/nsd/nsd-checkconf.8.in
new file mode 100644
index 00000000000..1a8574ff894
--- /dev/null
+++ b/usr.sbin/nsd/nsd-checkconf.8.in
@@ -0,0 +1,94 @@
+.TH "nsd\-checkconf" "8" "Mar 22, 2011" "NLnet Labs" "nsd 3.2.8"
+.\" Copyright (c) 2001\-2011, NLnet Labs. All rights reserved.
+.\" See LICENSE for the license.
+.SH "NAME"
+.LP
+.B nsd\-checkconf
+\- NSD configuration file checker.
+.SH "SYNOPSIS"
+.LP
+.B nsd\-checkconf
+.RB [ \-v ]
+.RB [ \-h ]
+.RB [ \-o
+.IR option ]
+.RB [ \-z
+.IR zonename ]
+.RB [ \-s
+.IR keyname ]
+.I configfile
+.SH "DESCRIPTION"
+.LP
+.B nsd\-checkconf
+reads a configuration file. It prints parse errors to standard 
+error, and performs additional checks on the contents. The 
+configfile format is described in nsd.conf(5).
+.P
+The utility of this program is to check a config file for errors 
+before using it in nsd(8) or zonec(8). This program can also be used 
+for shell scripts to access the nsd config file, using the \-o and 
+\-z options.
+.P
+.SH "OPTIONS"
+.TP
+.B \-v
+After reading print the options to standard output in configfile 
+format. Without this option, only success or parse errors are 
+reported.
+.TP
+.B \-h
+Print usage help information and exit.
+.TP
+.B \-o\fI option
+Return only this option from the config file. This option can
+to be used in conjunction with the 
+.B \-z
+option.
+The special value 
+.I zones
+prints out a list of configured zones.
+.P
+.RS
+This option is primarily used by 
+.B nsdc 
+to parse the config file from the shell. If the
+.B \-z
+option is given, but the 
+.B \-o 
+option is not given, nothing is printed. 
+.RE
+.TP
+.B \-s\fI keyname
+Prints the key secret (base64 blob) configured for this key in the 
+config file. Used to help shell scripts parse the config file.
+.TP
+.B \-z\fI zonename
+Return the option specified with 
+.B \-o
+for zone 'zonename'.
+.P
+.RS
+If this option is not given, the server section of the config file
+is used.  This option is primarily used by 
+.B nsdc 
+to parse the config file from the shell.
+.RE
+.P
+.RS
+The \-o, \-s and \-z option print configfile options to standard output. 
+.RE
+.SH "FILES"
+.TP
+@nsdconfigfile@
+default
+.B NSD
+configuration file
+.SH "SEE ALSO"
+.LP
+nsd(8), nsdc(8), nsd.conf(5), nsd\-notify(8), nsd\-patch(8), 
+nsd-xfer(8), zonec(8)
+.SH "AUTHORS"
+.LP
+.B NSD
+was written by NLnet Labs and RIPE NCC joint team. Please see
+CREDITS file in the distribution for further details.
diff --git a/usr.sbin/nsd/nsd-notify.8.in b/usr.sbin/nsd/nsd-notify.8.in
new file mode 100644
index 00000000000..5cec1dc6ed8
--- /dev/null
+++ b/usr.sbin/nsd/nsd-notify.8.in
@@ -0,0 +1,66 @@
+.TH "nsd\-notify" "8" "Mar 22, 2011" "NLnet Labs" "nsd 3.2.8"
+.\" Copyright (c) 2001\-2011, NLnet Labs. All rights reserved.
+.\" See LICENSE for the license.
+.SH "NAME"
+.LP 
+.B nsd\-notify 
+\- program to send NOTIFY's to remote nameservers.
+.SH "SYNOPSIS"
+.LP
+.B nsd\-notify
+.RB [ \-4 ]
+.RB [ \-6 ]
+.RB [ \-h ]
+.RB [ \-a
+.IR address[@port] ]
+.RB [ \-p
+.IR port ]
+.RB [ \-y
+.IR key:secret[:algorithm] ]
+.B \-z
+.I zone servers
+.SH "DESCRIPTION"
+.LP 
+.B Nsd\-notify 
+is simple program to send NOTIFY's to remote nameservers.
+.B NSD 
+is a complete implementation of an authoritative DNS nameserver.
+.SH "OPTIONS"
+.TP
+.B \-4
+Only send to IPv4 addresses.
+.TP
+.B \-6
+Only send to IPv6 addresses.
+.TP
+.B \-h
+Print help information and exit.
+.TP 
+.B \-a\fI address[@port]
+Specify the source address (and port) to send from.
+.TP 
+.B \-p\fI port
+Specify the port to send to.
+.TP 
+.B \-y\fI key:secret[:algorithm]
+Specify a TSIG key and base64 encoded secret to sign the notification with. If 
+the TSIG algorithm is not defined, MD5 is used.
+.TP 
+.B z\fI zone
+Specify the zone to notify about.
+.TP 
+.I servers
+List of nameservers to send to.
+.SH "EXAMPLES"
+.LP 
+To run this program the standard way type:
+.LP 
+.B # nsd\-notify \-z foobar.cz 1.2.3.4
+.SH "SEE ALSO"
+.LP 
+nsd(8), nsdc(8), nsd.conf(5), nsd\-checkconf(8),
+nsd\-patch(8), nsd\-xfer(8), zonec(8)
+.SH "AUTHORS"
+.B NSD
+was written by NLnet Labs and RIPE NCC joint team. Please see CREDITS
+file in the distribution for further details.
diff --git a/usr.sbin/nsd/nsd-patch.8.in b/usr.sbin/nsd/nsd-patch.8.in
new file mode 100644
index 00000000000..d8b59853262
--- /dev/null
+++ b/usr.sbin/nsd/nsd-patch.8.in
@@ -0,0 +1,69 @@
+.TH "nsd\-patch" "8" "Mar 22, 2011" "NLnet Labs" "nsd 3.2.8"
+.\" Copyright (c) 2001\-2011, NLnet Labs. All rights reserved.
+.\" See LICENSE for the license.
+.SH "NAME"
+.LP
+.B nsd\-patch
+\- NSD zone patcher version 3.2.8.
+.SH "SYNOPSIS"
+.B nsd\-patch
+.RB [ \-c
+.IR configfile ]
+.RB [ \-f ]
+.RB [ \-h ]
+.RB [ \-l ]
+.RB [ \-o
+.IR dbfile ]
+.RB [ \-s ]
+.RB [ \-x
+.IR difffile ]
+.SH "DESCRIPTION"
+.LP
+.B Nsd\-patch
+is the zone patcher for nsd(8). It reads in the nsd database 
+(nsd.db) and difffile (ixfr.db), and overwrites the zone text files 
+if they have been updated. Running this regularly ensures that the 
+difffile does not grow infinitely.
+.SH "OPTIONS" 
+.TP
+.B \-c\fI configfile
+Read specified configfile instead of the default
+.IR @nsdconfigfile@ .
+.TP
+.B \-f
+Forces writing zone files. Also zones that have not changed are written
+back to their zone files.
+.TP
+.B \-h
+Print usage help information and exit.
+.TP
+.B \-l
+List the journal entries from the difffile. Does not write to zone files.
+.TP
+.B \-o\fI dbfile
+Store the output directly to dbfile.
+.TP
+.B \-s
+Skip writing zone files. No zones are written back to their zone files.
+.TP
+.B \-x\fI difffile
+Read specified difffile. Overrides the config file setting.
+.SH "FILES"
+.TP
+@dbfile@
+default
+.B NSD
+database
+.TP
+@nsdconfigfile@
+default
+.B NSD
+configuration file
+.SH "SEE ALSO"
+nsd(8), nsdc(8), nsd.conf(5), nsd-checkconf(8), nsd-notify(8), 
+nsd-xfer(8), zonec(8)
+.SH "AUTHORS"
+.LP
+.B NSD
+was written by NLnet Labs and RIPE NCC joint team. Please see
+CREDITS file in the distribution for further details.
diff --git a/usr.sbin/nsd/nsd-xfer.8.in b/usr.sbin/nsd/nsd-xfer.8.in
new file mode 100644
index 00000000000..7bba9ea0ac0
--- /dev/null
+++ b/usr.sbin/nsd/nsd-xfer.8.in
@@ -0,0 +1,83 @@
+.TH "nsd\-xfer" "8" "Mar 22, 2011" "NLnet Labs" "nsd 3.2.8"
+.\" Copyright (c) 2001\-2011, NLnet Labs. All rights reserved.
+.\" See LICENSE for the license.
+.SH "NAME"
+.LP
+.B nsd\-xfer
+\- AXFR client to transfer zones from a name server
+.SH "SYNOPSIS"
+.LP 
+.B nsd\-xfer
+.RB [ \-4 ] 
+.RB [ \-6 ] 
+.RB [ \-a
+.IR address[@port] ]
+.RB [ \-p
+.IR port ]
+.RB [ \-s
+.IR serial ]
+.RB [ \-T
+.IR tsiginfo ]
+.RB [ \-v ]
+.B \-z
+.I zone
+.B \-f
+.I file
+.I servers
+.SH "DESCRIPTION"
+.LP 
+.B Nsd\-xfer 
+is program to transfer zones from a name server using AXFR.
+.B NSD 
+is a complete implementation of an authoritative DNS nameserver.
+.SH "OPTIONS"
+.LP 
+.TP
+.B \-4
+Only send to IPv4 addresses.
+.TP
+.B \-6
+Only send to IPv6 addresses.
+.TP
+.B \-a\fI address[@port]
+Specify the source address (and port) to send from.
+.TP
+.B \-f\fI file
+The file to store the zone in.
+.TP
+.B \-p\fI port
+Specify the port to send to.
+.TP
+.B \-s\fI serial
+Specify the serial of the current zone. The zone is only transferred
+if the master server has a zone with a greater serial number.
+.TP
+.B \-T\fI tsiginfo
+Use TSIG to verify the zone transfer. The
+.I tsiginfo
+file must contain the TSIG key information. The file is removed 
+upon successful reading of the key. The format of the tsiginfo file
+is described in the doc/README file (section 3.3).
+.TP 
+.B \-v
+Be more verbose.
+.TP
+.B \-z\fI zone
+Specify the zone to receive.
+.TP 
+.I servers
+List of nameservers to try.
+.SH "EXAMPLES"
+.LP 
+To run this program the standard way type:
+.LP 
+# nsd\-xfer \-z foobar.cz \-f foobar.cz.zone 1.2.3.4
+.SH "SEE ALSO"
+.LP
+nsd(8), nsdc(8), nsd.conf(5), nsd-checkconf(8),
+nsd-notify(8), nsd-patch(8), zonec(8)
+.SH "AUTHORS"
+.LP
+.B NSD
+was written by NLnet Labs and RIPE NCC joint team. Please see CREDITS
+file in the distribution for further details.
diff --git a/usr.sbin/nsd/nsd.8.in b/usr.sbin/nsd/nsd.8.in
new file mode 100644
index 00000000000..6b3c9dc2caa
--- /dev/null
+++ b/usr.sbin/nsd/nsd.8.in
@@ -0,0 +1,265 @@
+.TH "NSD" "8" "Mar 22, 2011" "NLnet Labs" "NSD 3.2.8"
+.\" Copyright (c) 2001\-2011, NLnet Labs. All rights reserved.
+.\" See LICENSE for the license.
+.SH "NAME"
+.LP
+.B nsd
+\- Name Server Daemon (NSD) version 3.2.8.
+.SH "SYNOPSIS"
+.LP
+.B nsd
+.RB [ \-4 ] 
+.RB [ \-6 ] 
+.RB [ \-a 
+.IR ip\-address[@port] ]
+.RB [ \-c
+.IR configfile ]
+.RB [ \-d ] 
+.RB [ \-f
+.IR database ]
+.RB [ \-h ] 
+.RB [ \-i
+.IR identity ]
+.RB [ \-I
+.IR nsid ]
+.RB [ \-l
+.IR logfile ]
+.RB [ \-N
+.IR server\-count ]
+.RB [ \-n
+.IR noncurrent\-tcp\-count ]
+.RB [ \-P
+.IR pidfile ]
+.RB [ \-p
+.IR port ]
+.RB [ \-s
+.IR seconds ]
+.RB [ \-t
+.IR chrootdir ]
+.RB [ \-u
+.IR username ]
+.RB [ \-V
+.IR level ]
+.RB [ \-v ]
+.SH "DESCRIPTION"
+.LP
+.B NSD
+is a complete implementation of an authoritative DNS nameserver. 
+Upon startup,
+.B NSD
+will read the database specified with 
+.B \-f
+.I database
+argument and put itself into background and answers queries on port 
+53 or a different port specified with 
+.B \-p
+.I port
+option. The
+.I database
+must be generated beforehand with zonec(8). By default, 
+.B NSD 
+will bind to all local interfaces available. Use the 
+.B \-a
+.I ip\-address[@port]
+option to specify a single particular interface address to be
+bound. If this option is given more than once,
+.B NSD
+will bind its UDP and TCP sockets to all the specified ip\-addresses
+separately. If IPv6 is enabled when 
+.B NSD 
+is compiled an IPv6 address can also be specified.
+.P
+.SH "OPTIONS"
+.LP
+All the options can be specified in the configfile (
+.B \-c 
+argument), except for the 
+.B \-v 
+and 
+.B \-h 
+options. If options are specified on the commandline, the options 
+on the commandline take precedence over the options in the 
+configfile.
+.P
+Normally
+.B NSD
+should be started with the `nsdc(8) start` command invoked from a
+.I /etc/rc.d/nsd.sh
+script or similar at the operating system startup.
+.TP
+.B \-4
+Only listen to IPv4 connections.
+.TP
+.B \-6
+Only listen to IPv6 connections.
+.TP
+.B \-a\fI ip\-address[@port]
+Listen to the specified
+.IR ip\-address .
+The
+.I ip\-address
+must be specified in numeric format (using the standard IPv4 or IPv6
+notation). Optionally, a port number can be given.
+This flag can be specified multiple times to listen to
+multiple IP addresses. If this flag is not specified, 
+.B NSD
+listens to the wildcard interface.
+.TP
+.B \-c\fI configfile
+Read specified 
+.I configfile instead of the default
+.IR @nsdconfigfile@ .
+For format description see nsd.conf(5).
+.TP
+.B \-d
+Turn on debugging mode, do not fork, stay in the foreground.
+.TP
+.B \-f\fI database
+Use the specified
+.I database
+instead of the default of
+.IR @dbfile@ .
+If a 
+.B zonesdir: 
+is specified in the config file this path can be relative to that 
+directory.
+.TP
+.B \-h
+Print help information and exit.
+.TP
+.B \-i\fI identity
+Return the specified
+.I identity
+when asked for
+.I CH TXT ID.SERVER
+(This option is used to determine which server is answering the queries
+when they are multicast). The default is the name returned by
+gethostname(3).
+.TP
+.B \-I\fI nsid
+Add the specified
+.I nsid
+to the EDNS section of the answer when queried with an NSID EDNS 
+enabled packet.
+.TP
+.B \-l\fI logfile
+Log messages to the specified 
+.IR logfile .
+The default is to log to stderr and syslog. If a 
+.B zonesdir: 
+is specified in the config file this path can be relative to that 
+directory.
+.TP
+.B \-N\fI count
+Start
+.I count
+.B NSD 
+servers. The default is 1. Starting more than a single server is 
+only useful on machines with multiple CPUs and/or network adapters. 
+.TP
+.B \-n\fI number
+The maximum
+.I number
+of concurrent TCP connection that can be handled by each server. The
+default is 10.
+.TP
+.B \-P\fI pidfile
+Use the specified
+.I pidfile
+instead of the platform specific default, which is mostly
+.IR @pidfile@ .
+If a 
+.B zonesdir: 
+is specified in the config file, this path can be relative to that 
+directory.
+.TP
+.B \-p\fI port
+Answer the queries on the specified
+.IR port .
+Normally this is port 53.
+.TP
+.B \-s\fI seconds
+Produce statistics dump every 
+.I seconds
+seconds. This is equal to sending
+.I SIGUSR1
+to the daemon periodically.
+.TP
+.B \-t\fI chroot
+Specifies a directory to 
+.I chroot 
+to upon startup. This option requires you to ensure that appropriate 
+syslogd(8) socket (e.g.
+.I chrootdir 
+/dev/log) is available, otherwise
+.B NSD
+won't produce any log output.
+.TP
+.B \-u\fI username
+Drop user and group privileges to those of
+.I username
+after binding the socket.
+The
+.I username
+must be one of: username, id, or id.gid. For example: nsd, 80, or 
+80.80.
+.TP
+.B \-V\fI level
+This value specifies the verbosity level for (non\-debug) logging. 
+Default is 0.
+.TP
+.B \-v
+Print the version number of 
+.B NSD 
+to standard error and exit.
+.LP
+.B NSD
+reacts to the following signals:
+.TP
+SIGTERM
+Stop answering queries, shutdown, and exit normally.
+.TP 
+SIGHUP
+Reload the database.
+.TP
+SIGUSR1
+Dump BIND8\-style statistics into the log. Ignored otherwise.
+.SH "FILES"
+.TP
+@dbfile@
+default
+.B NSD
+database
+.TP
+@pidfile@
+the process id of the name server.
+.TP
+@nsdconfigfile@
+default
+.B NSD
+configuration file
+.SH "DIAGNOSTICS"
+.LP
+will log all the problems via the standard syslog(8)
+.I daemon
+facility, unless the
+.B \-d
+option is specified.
+.SH "SEE ALSO"
+.LP
+nsdc(8), nsd.conf(5), nsd\-checkconf(8), nsd\-notify(8), 
+nsd\-patch(8), nsd\-xfer(8), zonec(8)
+.SH "AUTHORS"
+.LP
+.B NSD
+was written by NLnet Labs and RIPE NCC joint team. Please see
+CREDITS file in the distribution for further details.
+.SH "BUGS"
+.LP
+.B NSD
+will answer the queries erroneously if the
+.I database
+was not properly compiled with zonec(8). Therefore problems with 
+misconfigured master zone files or zonec(8) bugs may not be visible 
+until the queries are actually answered with
+.BR NSD .
diff --git a/usr.sbin/nsd/nsd.conf.5.in b/usr.sbin/nsd/nsd.conf.5.in
new file mode 100644
index 00000000000..f5700d0650f
--- /dev/null
+++ b/usr.sbin/nsd/nsd.conf.5.in
@@ -0,0 +1,520 @@
+.TH "nsd.conf" "5" "Mar 22, 2011" "NLnet Labs" "nsd 3.2.8"
+.\" Copyright (c) 2001\-2011, NLnet Labs. All rights reserved.
+.\" See LICENSE for the license.
+.SH "NAME"
+.LP
+.B nsd.conf
+\- NSD configuration file
+.SH "SYNOPSIS"
+.LP
+.B nsd.conf
+.SH "DESCRIPTION"
+.B Nsd.conf
+is used to configure nsd(8). The file format has attributes and 
+values. Some attributes have attributes inside them. The notation 
+is: attribute: value. 
+.PP
+Comments start with # and last to the end of line. Empty lines are
+ignored as is whitespace at the beginning of a line.
+.PP
+.B Nsd.conf
+specifies options for the nsd server, zone files, primaries and 
+secondaries.
+.SH "EXAMPLE"
+.LP
+An example of a short nsd.conf file is below.
+.LP
+# Example.com nsd.conf file
+.RS 0
+# This is a comment.
+.RE
+.TP
+server:
+.RS 5
+database: "@dbfile@"
+.RE
+.RS 5
+username: @user@
+.RE
+.RS 5
+logfile: "@logfile@"
+.RE
+.RS 5
+pidfile: "@pidfile@"
+.RE
+.RS 5
+difffile: "@difffile@"
+.RE
+.RS 5
+xfrdfile: "@xfrdfile@"
+.RE
+.TP
+zone:
+.RS 5
+name: example.com
+.RE
+.RS 5
+# note that quotes are optional on the value
+.RE
+.RS 5
+zonefile: @configdir@/example.com.zone 
+.RE
+.SH "FILE FORMAT"
+There must be whitespace between keywords. Attribute keywords end 
+with a colon ':'. An attribute is followed by its containing 
+attributes, or a value. 
+.P
+At the top level only 
+.B server:
+or
+.B zone: 
+or 
+.B key: 
+are allowed. These are followed by their attributes or the start of 
+a new 
+.B server:
+or
+.B zone: 
+or 
+.B key: 
+clause. The 
+.B zone:
+attribute is followed by zone options. The 
+.B server: 
+attribute is followed by global options for the 
+.B NSD 
+server. A 
+.B key: 
+attribute is used to define keys for authentication.
+.P
+Files can be included using the 
+.B include:
+directive. It can appear anywhere, and takes a single filename as 
+an argument. Processing continues as if the text from the included 
+file was copied into the config file at that point.
+.S "Server Options"
+.LP
+The global options (if not overridden from the NSD commandline) are 
+taken from the 
+.B server: 
+clause. There may only be one 
+.B server: 
+clause.
+.TP
+.B ip\-address:\fR <ip4 or ip6>[@port]
+NSD will bind to the listed ip\-address. Can be give multiple times 
+to bind multiple ip\-addresses. Optionally, a port number can be given.
+If none are given NSD listens to the wildcard interface. Same as commandline option 
+.BR \-a.
+.TP
+.B debug\-mode:\fR <yes or no>
+Turns on debugging mode for nsd, does not fork a daemon process. 
+Default is no. Same as commandline option 
+.BR \-d.
+.TP
+.B ip4\-only:\fR <yes or no>
+If yes, NSD only listens to IPv4 connections. Same as commandline 
+option 
+.BR \-4.
+.TP
+.B ip6\-only:\fR <yes or no>
+If yes, NSD only listens to IPv6 connections. Same as commandline 
+option 
+.BR \-6.
+.TP
+.B database:\fR <filename>
+By default 
+.I @dbfile@
+is used. The specified file is used to store the compiled 
+zone information. Same as commandline option 
+.BR \-f.
+.TP
+.B identity:\fR <string>
+Returns the specified identity when asked for CH TXT ID.SERVER. 
+Default is the name as returned by gethostname(3). Same as 
+commandline option 
+.BR \-i .
+.TP
+.B nsid:\fR <string>
+Add the specified nsid to the EDNS section of the answer when queried
+with an NSID EDNS enabled packet. Same as commandline option
+.BR \-I .
+.TP
+.B logfile:\fR <filename>
+Log messages to the logfile. The default is to log to stderr and 
+syslog (with facility LOG_DAEMON). Same as commandline option 
+.BR \-l .
+.TP
+.B server\-count:\fR <number>
+Start this many NSD servers. Default is 1. Same as commandline 
+option 
+.BR \-N .
+.TP
+.B tcp\-count:\fR <number>
+The maximum number of concurrent, active TCP connections by each server. 
+Default is 10. This option should have a value below 1000.
+Same as commandline option 
+.BR \-n .
+.TP
+.B tcp\-query\-count:\fR <number>
+The maximum number of queries served on a single TCP connection.
+Default is 0, meaning there is no maximum.
+.TP
+.B tcp\-timeout:\fR <number>
+Overrides the default TCP timeout. This also affects zone transfers over TCP.
+.TP
+.B ipv4\-edns\-size:\fR <number>
+Preferred EDNS buffer size for IPv4. 
+.TP
+.B ipv6\-edns\-size:\fR <number>
+Preferred EDNS buffer size for IPv6. 
+.TP
+.B pidfile:\fR <filename>
+Use the pid file instead of the platform specific default, usually 
+.IR @pidfile@. 
+Same as commandline option 
+.BR \-P .
+.TP
+.B port:\fR <number>
+Answer queries on the specified port. Default is 53. Same as 
+commandline option 
+.BR \-p .
+.TP
+.B statistics:\fR <number>
+If not present no statistics are dumped. Statistics are produced 
+every number seconds. Same as commandline option 
+.BR \-s .
+.TP
+.B chroot:\fR <directory>
+NSD will chroot on startup to the specified directory. Same as 
+commandline option 
+.BR \-t .
+.TP
+.B username:\fR <username>
+After binding the socket, drop user privileges and assume the 
+username. Can be username, id or id.gid. Same as commandline option 
+.BR \-u .
+.TP
+.B zonesdir:\fR <directory>
+Change the working directory to the specified directory before 
+accessing zone files. Same as commandline option 
+.B \-d 
+for zonec(8). Also nsd(8) will access files (pid file, database 
+file, log file) relative to this directory. Set the value to "" 
+(the empty string) to disable the change of working directory.
+.TP
+.B difffile:\fR <filename>
+When NSD receives IXFR updates it will store them in this file. 
+This file contains the differences between the database file and the 
+latest zone version. Default is 
+.IR @difffile@ .
+.TP
+.B xfrdfile:\fR <filename>
+The soa timeout and zone transfer daemon in NSD will save its state 
+to this file. State is read back after a restart. The state file can 
+be deleted without too much harm, but timestamps of zones will be 
+gone. For more details see the section on zone expiry behavior of 
+NSD. Default is
+.IR @xfrdfile@ .
+.TP
+.B xrfd\-reload\-timeout:\fR <number>
+If this value is \-1, xfrd will not trigger a reload after a zone 
+transfer. If positive xfrd will trigger a reload after a zone 
+transfer, then it will wait for the number of seconds before it will 
+trigger a new reload. Setting this value throttles the reloads to 
+once per the number of seconds. The default is 10 seconds.
+.TP
+.B verbosity:\fR <level>
+This value specifies the verbosity level for (non\-debug) logging. 
+Default is 0. 1 gives more information about incoming notifies and
+zone transfers. 2 lists soft warnings that are encountered.
+.TP
+.B hide\-version:\fR <yes or no>
+Prevent NSD from replying with the version string on CHAOS class 
+queries.
+.SS "Zone Options"
+.LP 
+For every zone the options need to be specified in one 
+.B zone: 
+clause. The access control list elements can be given multiple 
+times to add multiple servers. These elements need to be added
+explicitly.
+.TP
+.B name:\fR <string>
+The name of the zone. This is the domain name of the apex of the 
+zone. May end with a '.' (in FQDN notation). For example 
+"example.com", "sub.example.net.". This attribute must be present in 
+each zone.
+.TP
+.B zonefile:\fR <filename>
+The file containing the zone information. This file is used by 
+zonec(8). This attribute must be present in each zone.
+.TP
+.B allow\-notify:\fR <ip\-spec> <key\-name | NOKEY | BLOCKED>
+Access control list. The listed (primary) address is allowed to 
+send notifies to this (secondary) server. Notifies from unlisted or 
+specifically BLOCKED addresses are discarded. If NOKEY is given no 
+TSIG signature is required.
+.P
+.RS
+The ip\-spec is either a plain IP address (IPv4 or IPv6), or can be 
+a subnet of the form 1.2.3.4/24, or masked like 
+1.2.3.4&255.255.255.0 or a range of the form 1.2.3.4\-1.2.3.25. 
+A port number can be added using a suffix of @number, for example 
+1.2.3.4@5300 or 1.2.3.4/24@5300 for port 5300.
+Note the ip\-spec ranges do not use spaces around the /, &, @ and \- 
+symbols.
+.RE
+.TP
+.B request\-xfr:\fR [AXFR|UDP] <ip\-address> <key\-name | NOKEY>
+Access control list. The listed address (the master) is queried for 
+AXFR/IXFR on update. A port number can be added using a suffix of @number,
+for example 1.2.3.4@5300. The specified key is used during AXFR/IXFR.
+.P
+.RS
+If the AXFR option is given, the server will not be contacted with 
+IXFR queries but only AXFR requests will be made to the server. This 
+allows an NSD secondary to have a master server that runs NSD. If 
+the AXFR option is left out then both IXFR and AXFR requests are 
+made to the master server.
+.P
+If the UDP option is given, the secondary will use UDP to transmit the IXFR 
+requests. You should deploy TSIG when allowing UDP transport, to authenticate
+notifies and zone transfers. Otherwise, NSD is more vulnerable for 
+Kaminsky-style attacks. If the UDP option is left out then IXFR will be 
+transmitted using TCP.
+.RE
+.TP
+.B allow\-axfr\-fallback:\fR <yes or no>
+This option should be accompanied by request-xfr. It (dis)allows NSD (as secondary) 
+to fallback to AXFR if the primary name server does not support IXFR. Default is yes.
+.TP
+.B notify:\fR <ip\-address> <key\-name | NOKEY>
+Access control list. The listed address (a secondary) is notified 
+of updates to this zone. A port number can be added using a suffix of @number,
+for example 1.2.3.4@5300. The specified key is used to sign the 
+notify. Only on secondary configurations will NSD be able to detect 
+zone updates (as it gets notified itself, or refreshes after a 
+time).
+.TP
+.B notify\-retry:\fR <number>
+This option should be accompanied by notify. It sets the number of retries
+when sending notifies.
+.TP
+.B provide\-xfr:\fR <ip\-spec> <key\-name | NOKEY | BLOCKED>
+Access control list. The listed address (a secondary) is allowed to 
+request AXFR from this server. Zone data will be provided to the 
+address. The specified key is used during AXFR. For unlisted or 
+BLOCKED addresses no data is provided, requests are discarded.
+.P
+.RS
+The ip\-spec is either a plain IP address (IPv4 or IPv6), or can be 
+a subnet of the form 1.2.3.4/24, or masked like 
+1.2.3.4&255.255.255.0 or a range of the form 1.2.3.4\-1.2.3.25. 
+A port number can be added using a suffix of @number, for example 
+1.2.3.4@5300 or 1.2.3.4/24@5300 for port 5300. Note the ip\-spec 
+ranges do not use spaces around the /, &, @ and \- symbols.
+.RE
+.TP
+.B outgoing\-interface:\fR <ip\-address>
+Access control list. The listed address is used to request AXFR|IXFR (in case of 
+a secondary) or used to send notifies (in case of a primary). 
+.P
+.RS
+The ip\-address is a plain IP address (IPv4 or IPv6).
+A port number can be added using a suffix of @number, for example 
+1.2.3.4@5300.
+.RE
+.SS "Key Declarations"
+The 
+.B key: 
+clause establishes a key for use in access control lists. It has 
+the following attributes.
+.TP
+.B name:\fR <string>
+The key name. Used to refer to this key in the access control list.
+.TP
+.B algorithm:\fR <string>
+Authentication algorithm for this key.
+.TP
+.B secret:\fR <base64 blob>
+The base64 encoded shared secret. It is possible to put the 
+.B secret:
+declaration (and base64 blob) into a different file, and then to
+.B include:
+that file. In this way the key secret and the rest of the configuration
+file, which may have different security policies, can be split apart.
+.SH "NSD CONFIGURATION FOR BIND9 HACKERS"
+BIND9 is a name server implementation with its own configuration 
+file format, named.conf(5). BIND9 types zones as 'Master' or 'Slave'. 
+.SS "Slave zones"
+For a slave zone, the master servers are listed. The master servers are 
+queried for zone data, and are listened to for update notifications. 
+In NSD these two properties need to be configured seperately, by listing 
+the master address in allow\-notify and request\-xfr statements. 
+.P
+In BIND9 you only need to provide allow\-notify elements for
+any extra sources of notifications (i.e. the operators), NSD needs to have
+allow\-notify for both masters and operators. BIND9 allows 
+additional transfer sources, in NSD you list those as request\-xfr.
+.P
+Here is an example of a slave zone in BIND9 syntax.
+.P
+# Config file for example.org
+options {
+.RS 5
+dnssec\-enable yes;
+.RE
+.RS 0
+};
+.RE
+.LP
+key tsig.example.org. {
+.RS 5
+algorithm hmac\-md5;
+.RE
+.RS 5
+secret "aaaaaabbbbbbccccccdddddd";
+.RE
+};
+.LP
+server 162.0.4.49 {
+.RS 5
+keys { tsig.example.org. ; };
+.RE
+};
+.LP
+zone "example.org" {
+.RS 5
+type slave;
+.RE
+.RS 5
+file "secondary/example.org.signed";
+.RE
+.RS 5
+masters { 162.0.4.49; };
+.RE
+};
+.P
+For NSD, DNSSEC is enabled automatically for zones that are signed. The 
+dnssec\-enable statement in the options clause is not needed. In NSD 
+keys are associated with an IP address in the access control list 
+statement, therefore the server{} statement is not needed. Below is 
+the same example in an NSD config file.
+.LP
+# Config file for example.org
+.RS 0
+key:
+.RE
+.RS 5
+name: tsig.example.org.
+.RE
+.RS 5
+algorithm: hmac\-md5
+.RE
+.RS 5
+secret: "aaaaaabbbbbbccccccdddddd"
+.RE
+.LP
+zone:
+.RS 5
+name: "example.org"
+.RE
+.RS 5
+zonefile: "secondary/example.org.signed"
+.RE
+.RS 5
+# the master is allowed to notify and will provide zone data.
+.RE
+.RS 5
+allow\-notify: 162.0.4.49 NOKEY 
+.RE
+.RS 5
+request\-xfr: 162.0.4.49 tsig.example.org.
+.RE
+.P
+Notice that the master is listed twice, once to allow it to send notifies
+to this slave server and once to tell the slave server where to look for
+updates zone data. More allow\-notify and request\-xfr lines can be 
+added to specify more masters.
+.P
+It is possible to specify extra allow\-notify lines for addresses 
+that are also allowed to send notifications to this slave server.
+.SS "Master zones"
+For a master zone in BIND9, the slave servers are listed. These slave
+servers are sent notifications of updated and are allowed to request
+transfer of the zone data. In NSD these two properties need to be 
+configured seperately.
+.P
+Here is an example of a master zone in BIND9 syntax.
+.LP
+zone "example.nl" {
+.RS 5
+type master;
+.RE
+.RS 5
+file "example.nl";
+.RE
+};
+.LP
+In NSD syntax this becomes:
+.LP
+zone:
+.RS 5
+name: "example.nl"
+.RE
+.RS 5
+zonefile: "example.nl"
+.RE
+.RS 5
+# allow anybody to request xfr.
+.RE
+.RS 5
+provide\-xfr: 0.0.0.0/0 NOKEY
+.RE
+.RS 5
+provide\-xfr: ::0/0 NOKEY
+.RE
+.P
+.RS 5
+# to list a slave server you would in general give
+.RE
+.RS 5
+# provide\-xfr: 1.2.3.4 tsig\-key.name.
+.RE
+.RS 5
+# notify: 1.2.3.4 NOKEY
+.RE
+.SS "Other"
+NSD is an authoritative only DNS server. This means that it is 
+meant as a primary or secondary server for zones, providing DNS 
+data to DNS resolvers and caches. BIND9 can function as an 
+authoritative DNS server, the configuration options for that are 
+compared with those for NSD in this section. However, BIND9 can 
+also function as a resolver or cache. The configuration options that
+BIND9 has for the resolver or caching thus have no equivalents for NSD.
+.SH "FILES"
+.TP
+@dbfile@
+default
+.B NSD
+database
+.TP
+@nsdconfigfile@
+default
+.B NSD
+configuration file
+.SH "SEE ALSO" 
+.LP
+nsd(8), nsdc(8), nsd\-checkconf(8), nsd-notify(8), 
+nsd-patch(8), nsd-xfer(8), zonec(8)
+.SH "AUTHORS"
+.LP
+.B NSD
+was written by NLnet Labs and RIPE NCC joint team. Please see 
+CREDITS file in the distribution for further details.
+.SH "BUGS"
+.LP
+.B nsd.conf
+is parsed by a primitive parser, error messages may not be to the 
+point.
diff --git a/usr.sbin/nsd/nsd.conf.sample.in b/usr.sbin/nsd/nsd.conf.sample.in
index cc29880b066..b668f30ba38 100644
--- a/usr.sbin/nsd/nsd.conf.sample.in
+++ b/usr.sbin/nsd/nsd.conf.sample.in
@@ -1,7 +1,7 @@
 #
 # nsd.conf -- the NSD(8) configuration file, nsd.conf(5).
 #
-# Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+# Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
 #
 # See LICENSE for the license.
 #
@@ -38,7 +38,7 @@ server:
 	# nsid: "aabbccdd"
 
 	# log messages to file. Default to stderr and syslog (with facility LOG_DAEMON).
-	# logfile: "/var/log/nsd.log"
+	# logfile: "@logfile@"
 
 	# Number of NSD servers to fork.
 	# server-count: 1
diff --git a/usr.sbin/nsd/nsd.h b/usr.sbin/nsd/nsd.h
index 6432b568d90..0ababb13cb1 100644
--- a/usr.sbin/nsd/nsd.h
+++ b/usr.sbin/nsd/nsd.h
@@ -1,7 +1,7 @@
 /*
  * nsd.h -- nsd(8) definitions and prototypes
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/nsdc.8.in b/usr.sbin/nsd/nsdc.8.in
new file mode 100644
index 00000000000..e79a5899674
--- /dev/null
+++ b/usr.sbin/nsd/nsdc.8.in
@@ -0,0 +1,169 @@
+.TH "NSDC" "8" "Mar 22, 2011" "NLnet Labs" "NSDC 3.2.8"
+.\" Copyright (c) 2001\-2011, NLnet Labs. All rights reserved.
+.\" See LICENSE for the license.
+.SH "NAME"
+.LP
+.B nsdc
+\- Name Server Daemon (NSD) control script.
+.SH "SYNOPSIS"
+.LP
+.B nsdc
+.RB [ \-c
+.IR configfile ]
+.I start
+|
+.I stop
+|
+.I reload
+|
+.I rebuild
+|
+.I restart
+|
+.I running
+|
+.I update
+|
+.I notify
+|
+.I patch
+.SH "DESCRIPTION"
+.LP
+.B Nsdc
+is the shell script that used to control nsd(8) and zonec(8) from 
+.B NSD
+distribution.
+.B Nsdc
+is also suitable to be linked into
+.I /etc/rc.d
+directory on
+.I BSD
+like systems for automatic startup of nsd(8) at boot time.
+.P
+At every invokation,
+.B nsdc
+will try to read the nsd.conf(5) configuration file. An example of 
+such configuration file is distributed with the
+.B NSD
+package as
+.IR nsd.conf.sample .
+The config file is checked for errors before it is used, see 
+nsd\-checkconf(8).
+.P
+Possible
+.B nsdc
+applications are:
+.TP
+.I start
+Start nsd(8).
+.TP
+.I stop
+Shut down nsd(8) by sending 
+.I SIGTERM 
+to it. 
+.TP
+.I reload
+Initiate nsd(8) name space database reload by sending
+.IR SIGHUP.
+.TP 
+.I rebuild
+Rebuild the nsd(8) database by invoking zonec(8) with appropriate 
+arguments.
+.TP 
+.I restart
+Restart nsdc(8). This equals to nsdc stop && nsdc start.
+.TP
+.I running
+Check whether nsd(8) is running. Returns error message and error 
+code if it is not running, and no message and zero error code 
+otherwise. 
+.TP
+.I update
+Updates all the slave zones which have
+.I allow\-notify:
+from localhost (127.0.0.1 or ::1) allowed.
+If a TSIG key is specified for the allow\-notify statement in the 
+config file, it will be used to secure the notify. Note that NSD 
+keeps track of zone timeouts automatically, this is only needed if 
+you want to manually force updates by sending notify messages to the 
+localhost. 
+.P
+.RS
+Another method you can use is to stop nsd, delete the xfrd.state
+file and then start nsd again. It will try to update all zones.
+This method does not require allow\-notify: statements.
+.RE
+.TP
+.I notify
+Sends notify messages to all the slaves for all the zones that have the
+.I notify:
+keyword in the
+.I nsd.conf
+file. If a TSIG key is specified for a notify statement, it will be 
+used to secure the notification message to that slave server.
+.TP
+.I patch
+Merge zone transfer changes back to zone files. It reads in the nsd 
+database (nsd.db) and difffile (ixfr.db), and overwrites the zone 
+text files if they have been updated. Running this regularly 
+ensures that the difffile does not grow infinitely. If any zone text
+files have been changed (including those of the master zones), the
+nsd.db is rebuild and nsd is reloaded.
+.SH "OPTIONS"
+.TP
+.B \-c\fI configfile
+Specify configfile to use instead of the default
+.IR @nsdconfigfile@ .
+.SH "FILES"
+.TP
+@nsdconfigfile@
+Configuration file for nsd to change default pathnames and
+.B NSD 
+flags. The zone names, pathnames to zone files and access control 
+lists are also in nsd.conf(5).
+.TP
+@dbfile@
+default
+.B NSD
+database
+.TP
+@dbfile@.lock
+Lockfile for the
+.B NSD
+database access by operator tools.
+.TP
+@difffile@
+Journal of zone transfers, the diff file containing the new zone 
+contents transferred.
+.TP
+@xfrdfile@
+State for the zone transfer process of 
+.BR NSD. 
+Contains timeouts for the zones and whether zones are expired.
+.TP
+@pidfile@
+the process id of the name server.
+.SH "DIAGNOSTICS"
+.LP
+.B Nsdc
+will return zero return code if operation was successful and
+an error message to standard output plus a non\-zero return code
+otherwise.
+.SH "SEE ALSO"
+.LP
+nsd(8), nsd.conf(5), nsd\-checkconf(8), nsd\-notify(8), 
+nsd\-patch(8), nsd\-xfer(8), zonec(8)
+.SH "AUTHORS"
+.LP
+.B NSD
+was written by NLnet Labs and RIPE NCC joint team. Please see
+CREDITS file in the distribution for further details.
+.SH "BUGS"
+Syntax checking of the config file is rudimentary and error 
+messages may be wrong. If you do a nsdc patch, whilst a (long) zone 
+transfer is busy, the zone transfer contents will be partially 
+lost. After a reload, this will be detected and the zone transfer 
+should be restarted. The reload that happens at the end of nsdc 
+patch also frees up memory churn in 
+.B NSD 
+caused by zone transfers.
diff --git a/usr.sbin/nsd/nsec3.h b/usr.sbin/nsd/nsec3.h
index af87113ed56..b3b6c9e03d7 100644
--- a/usr.sbin/nsd/nsec3.h
+++ b/usr.sbin/nsd/nsec3.h
@@ -1,7 +1,7 @@
 /*
  * nsec3.h -- nsec3 handling.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/options.c b/usr.sbin/nsd/options.c
index 84406ef96d9..44d017a9760 100644
--- a/usr.sbin/nsd/options.c
+++ b/usr.sbin/nsd/options.c
@@ -1,7 +1,7 @@
 /*
  * options.c -- options functions.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/options.h b/usr.sbin/nsd/options.h
index 9a86830828b..bc9500ebc0d 100644
--- a/usr.sbin/nsd/options.h
+++ b/usr.sbin/nsd/options.h
@@ -1,7 +1,7 @@
 /*
  * options.h -- nsd.conf options definitions and prototypes
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/packet.c b/usr.sbin/nsd/packet.c
index c3c9a8a1aad..1eff74cb72b 100644
--- a/usr.sbin/nsd/packet.c
+++ b/usr.sbin/nsd/packet.c
@@ -1,7 +1,7 @@
 /*
  * packet.c -- low-level DNS packet encoding and decoding functions.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/packet.h b/usr.sbin/nsd/packet.h
index fe5dedb606f..c7d3602a779 100644
--- a/usr.sbin/nsd/packet.h
+++ b/usr.sbin/nsd/packet.h
@@ -1,7 +1,7 @@
 /*
  * packet.h -- low-level DNS packet encoding and decoding functions.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/query.h b/usr.sbin/nsd/query.h
index 6b480604686..ff2eb0a6840 100644
--- a/usr.sbin/nsd/query.h
+++ b/usr.sbin/nsd/query.h
@@ -1,7 +1,7 @@
 /*
  * query.h -- manipulation with the queries
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
@@ -155,7 +155,7 @@ void query_clear_dname_offsets(struct query *query, size_t max_offset);
  * Clear the compression tables.
  */
 void query_clear_compression_tables(struct query *query);
-	
+
 /*
  * Enter the specified domain into the compression table starting at
  * the specified offset.
diff --git a/usr.sbin/nsd/rbtree.c b/usr.sbin/nsd/rbtree.c
index d683fe10c62..e8e86a8fd71 100644
--- a/usr.sbin/nsd/rbtree.c
+++ b/usr.sbin/nsd/rbtree.c
@@ -1,7 +1,7 @@
 /*
  * rbtree.c -- generic red black tree
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/rbtree.h b/usr.sbin/nsd/rbtree.h
index a381cf0788f..7c9163de23d 100644
--- a/usr.sbin/nsd/rbtree.h
+++ b/usr.sbin/nsd/rbtree.h
@@ -1,7 +1,7 @@
 /*
  * rbtree.h -- generic red-black tree
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/rdata.h b/usr.sbin/nsd/rdata.h
index 0da8eab6ec0..0cddb16e0f4 100644
--- a/usr.sbin/nsd/rdata.h
+++ b/usr.sbin/nsd/rdata.h
@@ -1,7 +1,7 @@
 /*
  * rdata.h -- RDATA conversion functions.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/region-allocator.h b/usr.sbin/nsd/region-allocator.h
index 976b7875044..a047a1dfc5a 100644
--- a/usr.sbin/nsd/region-allocator.h
+++ b/usr.sbin/nsd/region-allocator.h
@@ -1,7 +1,7 @@
 /*
  * region-allocator.h -- region based memory allocator.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
@@ -76,6 +76,11 @@ size_t region_add_cleanup(region_type *region,
 			  void (*action)(void *),
 			  void *data);
 
+/* 
+ * Remove cleanup, both action and data must match exactly.
+ */
+void region_remove_cleanup(region_type *region,
+        void (*action)(void *), void *data);
 
 /*
  * Allocate SIZE bytes of memory inside REGION.  The memory is
diff --git a/usr.sbin/nsd/tsig-openssl.c b/usr.sbin/nsd/tsig-openssl.c
index c7a1fa33791..abdb141be48 100644
--- a/usr.sbin/nsd/tsig-openssl.c
+++ b/usr.sbin/nsd/tsig-openssl.c
@@ -1,7 +1,7 @@
 /*
  * tsig-openssl.h -- Interface to OpenSSL for TSIG support.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/tsig-openssl.h b/usr.sbin/nsd/tsig-openssl.h
index 859c280c4c0..263c715b113 100644
--- a/usr.sbin/nsd/tsig-openssl.h
+++ b/usr.sbin/nsd/tsig-openssl.h
@@ -1,7 +1,7 @@
 /*
  * tsig-openssl.h -- Interface to OpenSSL for TSIG support.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/tsig.c b/usr.sbin/nsd/tsig.c
index 886d5e1f27b..d12208394eb 100644
--- a/usr.sbin/nsd/tsig.c
+++ b/usr.sbin/nsd/tsig.c
@@ -1,7 +1,7 @@
 /*
  * tsig.h -- TSIG definitions (RFC 2845).
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
@@ -105,7 +105,7 @@ tsig_init(region_type *region)
 
 #if defined(HAVE_SSL)
 	return tsig_openssl_init(region);
-#endif
+#endif /* defined(HAVE_SSL) */
 	return 1;
 }
 
@@ -670,5 +670,5 @@ tsig_finalize()
 {
 #if defined(HAVE_SSL)
 	tsig_openssl_finalize();
-#endif
+#endif /* defined(HAVE_SSL) */
 }
diff --git a/usr.sbin/nsd/tsig.h b/usr.sbin/nsd/tsig.h
index 7af8dfe5886..a142d65d936 100644
--- a/usr.sbin/nsd/tsig.h
+++ b/usr.sbin/nsd/tsig.h
@@ -1,7 +1,7 @@
 /*
  * tsig.h -- TSIG definitions (RFC 2845).
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/xfrd-disk.c b/usr.sbin/nsd/xfrd-disk.c
index 4925a97da66..09bc4f4ce33 100644
--- a/usr.sbin/nsd/xfrd-disk.c
+++ b/usr.sbin/nsd/xfrd-disk.c
@@ -1,7 +1,7 @@
 /*
  * xfrd-disk.c - XFR (transfer) Daemon TCP system source file. Read/Write state to disk.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/xfrd-disk.h b/usr.sbin/nsd/xfrd-disk.h
index 217ecc122b9..7d1ac9c32a0 100644
--- a/usr.sbin/nsd/xfrd-disk.h
+++ b/usr.sbin/nsd/xfrd-disk.h
@@ -1,7 +1,7 @@
 /*
  * xfrd-disk.h - XFR (transfer) Daemon TCP system header file. Save/Load state to disk.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/xfrd-notify.c b/usr.sbin/nsd/xfrd-notify.c
index 26606fb8885..522eaeb8133 100644
--- a/usr.sbin/nsd/xfrd-notify.c
+++ b/usr.sbin/nsd/xfrd-notify.c
@@ -1,7 +1,7 @@
 /*
  * xfrd-notify.c - notify sending routines
  *
- * Copyright (c) 2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2006-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/xfrd-notify.h b/usr.sbin/nsd/xfrd-notify.h
index cb034698e04..74222f9887c 100644
--- a/usr.sbin/nsd/xfrd-notify.h
+++ b/usr.sbin/nsd/xfrd-notify.h
@@ -1,7 +1,7 @@
 /*
  * xfrd-notify.h - notify sending routines.
  *
- * Copyright (c) 2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2006-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/xfrd-tcp.h b/usr.sbin/nsd/xfrd-tcp.h
index 99e88862df7..9604e419ce1 100644
--- a/usr.sbin/nsd/xfrd-tcp.h
+++ b/usr.sbin/nsd/xfrd-tcp.h
@@ -1,7 +1,7 @@
 /*
  * xfrd-tcp.h - XFR (transfer) Daemon TCP system header file. Manages tcp conn.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/xfrd.c b/usr.sbin/nsd/xfrd.c
index 3fea8541628..6e13e4fdac1 100644
--- a/usr.sbin/nsd/xfrd.c
+++ b/usr.sbin/nsd/xfrd.c
@@ -1,7 +1,7 @@
 /*
  * xfrd.c - XFR (transfer) Daemon source file. Coordinates SOA updates.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
@@ -204,6 +204,7 @@ xfrd_shutdown()
 	}
 
 	/* shouldn't we clean up memory used by xfrd process */
+	DEBUG(DEBUG_XFRD,1, (LOG_INFO, "xfrd shutdown complete"));
 
 	exit(0);
 }
diff --git a/usr.sbin/nsd/xfrd.h b/usr.sbin/nsd/xfrd.h
index 60338a8e0d6..15719ecaafe 100644
--- a/usr.sbin/nsd/xfrd.h
+++ b/usr.sbin/nsd/xfrd.h
@@ -1,7 +1,7 @@
 /*
  * xfrd.h - XFR (transfer) Daemon header file. Coordinates SOA updates.
  *
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/zlexer.lex b/usr.sbin/nsd/zlexer.lex
index 0efe7865860..c0434707fba 100644
--- a/usr.sbin/nsd/zlexer.lex
+++ b/usr.sbin/nsd/zlexer.lex
@@ -2,7 +2,7 @@
 /*
  * zlexer.lex - lexical analyzer for (DNS) zone files
  * 
- * Copyright (c) 2001-2006, NLnet Labs. All rights reserved
+ * Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
  *
  * See LICENSE for the license.
  *
diff --git a/usr.sbin/nsd/zonec.8.in b/usr.sbin/nsd/zonec.8.in
new file mode 100644
index 00000000000..fd79650685b
--- /dev/null
+++ b/usr.sbin/nsd/zonec.8.in
@@ -0,0 +1,126 @@
+.TH "zonec" "8" "Mar 22, 2011" "NLnet Labs" "nsd 3.2.8"
+.\" Copyright (c) 2001\-2011, NLnet Labs. All rights reserved.
+.\" See LICENSE for the license.
+.SH "NAME"
+.LP
+.B zonec
+\- NSD zone compiler version 3.2.8.
+.SH "SYNOPSIS"
+.LP
+.B zonec
+.RB [ \-v ]
+.RB [ \-h ]
+.RB [ \-C ]
+.RB [ \-L ]
+.RB [ \-F ]
+.RB [ \-c
+.IR configfile ]
+.RB [ \-d
+.IR directory ]
+.RB [ \-o
+.IR origin ]
+.RB [ \-z
+.IR zonefile ]
+.RB [ \-f
+.IR database ]
+.SH "DESCRIPTION"
+.LP
+.B Zonec
+is the nsd(8) database compiler for creating name space databases 
+from a set of input master zone files specified in nsd.conf(5) file. 
+.LP
+It is normally invoked via nsdc(8) rebuild command. 
+.B Zonec
+will then parse every zone in nsd.conf(5) file and add it to the 
+name space database,
+.I @dbfile@
+by default, that is used by nsd(8) to answer incoming queries.
+.SH "OPTIONS"
+.TP
+.B \-c\fI configfile
+Read specified configfile instead of the default 
+.IR @nsdconfigfile@ .
+.TP
+.B \-C 
+No config file is read (use with \-f, \-o and \-z).
+.TP
+.B \-d\fI directory
+Change the working directory to
+.I directory
+before doing any work. Overrides zonesdir: option in config file.
+.TP
+.B \-f\fI database
+Create the specified
+.I database
+instead of the file specified as database: in the config file.
+.TP
+.B \-o\fI origin
+Use this as the first origin. Zone information is read from 
+zonefile specified with \-z. When reading zones from config file 
+this option is ignored.
+.TP
+.B \-z\fI zonefile
+Reads all zone information from
+.IR zonefile .
+If 
+.IR zonefile
+equals `\-`, then all zone information is read from stdin, making 
+constructs like:
+.LP
+.RS
+.B # cat zones* 
+| 
+.B ./zonec \-C \-f nsd.db \-o example.net \-z \-
+.RE
+.LP
+.RS
+possible. When reading zones from config file this option is 
+ignored.
+.RE
+.TP
+.B \-v
+Increase the verbosity of zonec. This flag can be specified multiple 
+times to increase the level of verbosity. The first level of
+verbosity will print per zone summary information. The second level 
+of will print progress information for each 10,000 RRs processed.
+.TP
+.B \-F
+Set debug facilities. (If compiled with \-\-enable\-checking.)
+.TP
+.B \-L
+Set debug level. (If compiled with \-\-enable\-checking.)
+.SH "FILES"
+.TP
+@dbfile@
+default
+.B NSD
+database
+.TP
+@nsdconfigfile@
+default
+.B NSD
+configuration file
+.SH "DIAGNOSTICS"
+.LP
+.B Zonec
+will log all the problems via the standard error output and
+progress via stdout if the
+.B v
+option is specified.
+.SH "SEE ALSO"
+.LP
+nsd(8), nsdc(8), nsd.conf(5), nsd\-checkconf(8), nsd-notify(8), 
+nsd-patch(8), nsd-xfer(8)
+.SH "AUTHORS"
+.LP
+.B NSD
+was written by NLnet Labs and RIPE NCC joint team. Please see 
+CREDITS file in the distribution for further details.
+.SH "BUGS"
+.LP
+.B Zonec 
+has rather weak error diagnostics that will change in further 
+versions.
+.B Zonec
+expects the input files to be free of syntax errors and very little
+fool proof checks are done.