This commit was generated by cvs2svn to compensate for changes in r35629,

which included commits to RCS files with non-trunk default branches.

41 files changed, 6862 insertions, 48 deletions

diff --git a/contrib/bind/doc/bog/00title.me b/contrib/bind/doc/bog/00title.me
index c9e708c..be95d8b 100644
--- a/contrib/bind/doc/bog/00title.me
+++ b/contrib/bind/doc/bog/00title.me
@@ -57,7 +57,7 @@
 .b "Name Server Operations Guide"
 .b "for \s-1BIND\s+1"
 .sz
-\fIRelease 4.9.5\fP
+\fIRelease 4.9.3\fP
 .eh 'SMM:10-%''Name Server Operations Guide for \s-1BIND\s+1'
 .oh 'Name Server Operations Guide for \s-1BIND\s+1''\s-1SMM\s+1:10-%'
 .sp
diff --git a/contrib/bind/doc/bog/Makefile b/contrib/bind/doc/bog/Makefile
index 32456a0..09e1908 100644
--- a/contrib/bind/doc/bog/Makefile
+++ b/contrib/bind/doc/bog/Makefile
@@ -62,9 +62,6 @@ ME=	-me
 NROFF=	nroff -rb3
 PRINTER= -Pdp
 TBL=	dtbl $(PRINTER)
-# For Linux:
-#PRINTER=
-#TBL=   tbl $(PRINTER)
 TROFF= ditroff $(PRINTER)
 GROFF= groff -Tps -t $(ME)
 
@@ -84,7 +81,6 @@ cat: $(FILES)
 
 clean:
 	rm -f *.psf *.lst *.BAK *.CKP *~ *.orig
-	rm -f file
 
 spell: $(FILES)
 	@for i in $(FILES); do \
diff --git a/contrib/bind/doc/bog/files.me b/contrib/bind/doc/bog/files.me
index b630eea..ae755ff 100644
--- a/contrib/bind/doc/bog/files.me
+++ b/contrib/bind/doc/bog/files.me
@@ -543,7 +543,7 @@ resolver variable.  Supported options at this time are:
 sets the \s-1RES_DEBUG\s+1 bit in \fB_res.options\fP.
 .ip \fBndots:\fP\fIn\fP
 sets the lower threshold (measured in ``number of dots'') on names given to
-\fIres_query\fP() such that names with at least this number of dots will be
+\fIres_query\fP() such that names with more than this number of dots will be
 tried as absolute names before any \fIlocal-domain\fP or \fIsearch-list\fP
 processing is done.  The default for this internal variable is ``1''.
 .\" .pp
@@ -1046,10 +1046,6 @@ recognize it.
 
 .sh 2 "Discussion about the TTL"
 .pp
-The use of different Time To Live fields with in a RRset have been
-deprecated and this is enforced by the server when loading a primary
-zone.  See the Security section for more discussion of differing TTLs.
-.pp
 The Time To Live assigned to the records and to the zone via the
 Minimum field in the SOA record is very important. High values will
 lead to lower BIND network traffic and faster response time. Lower
diff --git a/contrib/bind/doc/bog/ns.me b/contrib/bind/doc/bog/ns.me
index b507e94..ec3ca3c 100644
--- a/contrib/bind/doc/bog/ns.me
+++ b/contrib/bind/doc/bog/ns.me
@@ -1,3 +1,5 @@
+.\" ++Copyright++ 1986, 1988
+.\" -
 .\" Copyright (c) 1986, 1988
 .\"    The Regents of the University of California.  All rights reserved.
 .\" 
@@ -46,6 +48,8 @@
 .\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
 .\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 .\" SOFTWARE.
+.\" -
+.\" --Copyright--
 .\"
 .\"	@(#)ns.me	6.3 (Berkeley) 9/19/89
 .\"
@@ -90,38 +94,3 @@ Berkeley would look as follows:
 .)b
 The top level domain for educational organizations is EDU;
 Berkeley is a subdomain of EDU and monet is the name of the host.
-.sh 1 Security
-.pp
-This section examines some of the know security implications of various
-versions of BIND. Some of these have been used to attack the nameservers
-in the past.
-.sh 2 "Unnecessary Glue"
-.pp
-Unnecessary glue can lead to incorrect records being loaded into the
-server. This can result in connections going to the wrong machines.
-.pp
-To prevent unnecessary glue being loaded, all the servers of zones being
-servered by a server and the servers of the parent zones need to be
-upgraded to BIND 4.9.3 or later.
-.sh 2 "Insertion of data into a zone that is being servered"
-.pp
-BIND versions prior to BIND 4.9.2 are subject to the insertion of
-resource records into zone that they are serving.
-.sh 2 "Denial of Service: Hash Bug Exploit"
-.pp
-September 1996 saw the COM TLD subject to a denial of service attack by
-injecting into the DNS a record with a final label of COM, eight spaces
-and COM. This effected BIND 4.9.4 servers. Similar attacks are possible
-on BIND 4.9.3 and BIND 4.9.3-P1. 
-.pp
-It is recommend that you run a BIND 4.9.4-P1 or later server to avoid
-this exploit.
-.sh 2 "Denial of Service: TTL Inconsistency Attacks"
-.pp
-If you are still using multiple TTL values within a RRset you can be
-subject to a denial of service attack. BIND 4.9.5 onwards uses multiple
-ttl values within a RRset to reject obviously bad RRset.
-.pp
-It is recommend that you upgrade to BIND 4.9.5 or later as these server
-prevent you loading multiple TTL values and doesn't merge answers received
-across the network.
diff --git a/contrib/bind/doc/html/acl.html b/contrib/bind/doc/html/acl.html
new file mode 100644
index 0000000..cf684b4
--- /dev/null
+++ b/contrib/bind/doc/html/acl.html
@@ -0,0 +1,63 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+<HEAD>
+  <TITLE>BIND acl Statement</TITLE>
+</HEAD>
+
+<BODY>
+<H2>BIND Configuration File Guide--<CODE>acl</CODE> Statement</H2>
+
+<HR>
+
+<A NAME="Syntax"><H3>Syntax</H3></A>
+
+<PRE>
+acl <VAR>name</VAR> {
+  <VAR><A HREF="address_list.html">address_match_list</A></VAR>
+};
+</PRE>
+
+<HR>
+
+<A NAME="Usage"><H3>Definition and Usage</H3></A>
+
+<P>The <CODE>acl</CODE> statement creates a named address match list.
+It gets its name from a primary use of address match lists:  Access
+Control Lists (ACLs).</P>
+
+<P>Note that an address match list's name must be defined with
+<CODE>acl</CODE> before it can be used elsewhere; no forward
+references are allowed.</P>
+
+The following ACLs are built-in:
+
+<DL>
+<DT><CODE>any</CODE>
+<DD>
+Allows all hosts.
+
+<DT><CODE>none</CODE>
+<DD>
+Denies all hosts.
+
+<DT><CODE>localhost</CODE>
+<DD>
+Allows the IP addresses of all interfaces on the system.
+
+<DT><CODE>localnets</CODE>
+<DD>
+Allows any host on a network for which the system has an interface.
+</DL>
+
+<HR>
+
+<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
+| <A HREF="http://www.vix.com/isc/bind.html">BIND Home</A>
+|&nbsp;<A HREF="http://www.isc.org">ISC</A> ]</P></CENTER>
+
+<HR>
+<ADDRESS>
+Last Updated: $Id: acl.html,v 1.4 1998/03/21 01:03:10 halley Exp $
+</ADDRESS>
+</BODY>
+</HTML>
diff --git a/contrib/bind/doc/html/address_list.html b/contrib/bind/doc/html/address_list.html
new file mode 100644
index 0000000..894ef04
--- /dev/null
+++ b/contrib/bind/doc/html/address_list.html
@@ -0,0 +1,87 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+<HEAD>
+  <TITLE>BIND Address Match Lists</TITLE>
+</HEAD>
+<BODY>
+
+<H2>BIND Configuration File Guide--Address Match Lists</H2>
+
+<HR>
+
+<A NAME="Syntax"><H3>Syntax</H3></A>
+
+<PRE>
+<VAR>address_match_list</VAR>    = 1*<VAR>address_match_element</VAR>
+
+<VAR>address_match_element</VAR> = [ "!" ] (<VAR><A HREF="docdef.html">ip_address</A></VAR> / <VAR><A HREF="docdef.html">ip_prefix</A></VAR> / <VAR><A HREF="acl.html">acl_name</A></VAR> / <VAR>address_match_list</VAR>) ";"
+</PRE>
+
+<HR>
+
+<A NAME="Usage"><H3>Definition and Usage</H3></A>
+
+<P>Address match lists are lists of elements.  The elements can be any
+of the following:</P>
+
+<UL>
+<LI>an IP address (in dotted-decimal notation),</LI>
+
+<LI>an IP prefix (in the '/'-notation),</LI>
+
+<LI>the name of an address match list previously defined with 
+the <A HREF="acl.html"><CODE>acl</CODE></A> statment.</LI>
+
+<LI>an IP address match list</LI>
+</UL>
+
+<P>The ACLs "any", "none", "localhost" and "localnets" are
+predefined.  More information can be found in the description of the
+<A HREF="acl.html"><CODE>acl</CODE></A> statement.
+
+<P>Elements can be negated with a leading "!".
+
+<P>When a given IP address or prefix is compared to an address match
+list, the list is traversed in order and the first match (regardless
+of negation) is used.  The interpretation of a match depends on
+whether the list is being used for access control or as a
+topology.</P>
+
+<P>When used as an access control list, a non-negated match allows
+access and a negated match denies access.  If there is no match,
+access is denied.  The clauses <CODE>allow-query</CODE>,
+<CODE>allow-transfer</CODE> and <CODE>allow-update</CODE> all use
+address match lists like this.  Similarly, the <CODE>listen-on</CODE>
+clause can use negation to define local addresses which should not be
+used to accept nameserver connections.</P>
+
+<P>When used with the <CODE>topology</CODE> clause, a non-negated
+match returns a distance based on its postion on the list (the closer
+the match is to the start of the list, the shorter the distance is
+between it and the server).  A negated match will be assigned the
+maximum distance from the server.  If there is no match, the address
+will get a distance which is further than any non-negated list
+element, and closer than any negated element.</P>
+
+<P>Because of the first-match aspect of the algorithm, an element that
+defines a subset of another element in the list should come before the
+broader element, regardless of whether either is negated.  For
+example, in <CODE>1.2.3/24;&nbsp;!&nbsp;1.2.3.13;</CODE> the 1.2.3.13
+element is completely useless, because the algorithm will match
+any lookup for 1.2.3.13 to the 1.2.3/24 element.  Using
+<CODE>!&nbsp;1.2.3.13;&nbsp;1.2.3/24</CODE> fixes that problem by
+having 1.2.3.13 blocked by the negation but all other 1.2.3.* hosts
+fall through.
+
+<HR>
+
+<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
+| <A HREF="http://www.vix.com/isc/bind.html">BIND Home</A>
+| <A HREF="http://www.isc.org">ISC</A> ]</P></CENTER>
+
+<HR>
+<ADDRESS>
+Last Updated: $Id: address_list.html,v 1.5 1998/03/21 01:03:10 halley Exp $
+</ADDRESS>
+</BODY>
+</HTML>
diff --git a/contrib/bind/doc/html/comments.html b/contrib/bind/doc/html/comments.html
new file mode 100644
index 0000000..8ada6b0
--- /dev/null
+++ b/contrib/bind/doc/html/comments.html
@@ -0,0 +1,84 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+<HEAD>
+  <TITLE>BIND Comment Syntax</TITLE>
+</HEAD>
+
+<BODY>
+<H2>BIND Configuration File Guide--Comment Syntax</H2>
+
+<HR>
+
+<A NAME="Syntax"><H3>Syntax</H3></A>
+
+<PRE>
+/* This is a BIND comment as in C */
+
+// This is a BIND comment as in C++
+
+# This is a BIND comment as in common Unix shells and perl
+</PRE>
+
+<A NAME="Usage"><H3>Definition and Usage</H3></A>
+
+<P>Comments may appear anywhere that whitespace may appear in a BIND
+configuration file.</P>
+
+<P>C-style comments start with the two characters <CODE>/*</CODE>
+(slash, star) and end with <CODE>*/</CODE> (star, slash).  Because
+they are completely delimited with these characters, they can be used
+to comment only a portion of a line or to span multiple lines.</P>
+
+<P>C-style comments cannot be nested.  For example, the following is
+not valid because the entire comment ends with the first
+<CODE>*/</CODE>:
+
+<PRE>
+/* This is the start of a comment.
+   This is still part of the comment.
+/* This is an incorrect attempt at nesting a comment. */
+   This is no longer in any comment. */
+</PRE>
+
+
+<P>C++-style comments start with the two characters <CODE>//</CODE>
+(slash, slash) and continue to the end of the physical line.  They
+cannot be continued across multiple physical lines; to have one
+logical comment span multiple lines, each line must use the
+<CODE>//</CODE> pair.  For example:
+
+<PRE>
+// This is the start of a comment.  The next line
+// is a new comment, even though it is logically
+// part of the previous comment.
+</PRE>
+
+<P>Shell-style (or perl-style, if you prefer) comments start with the
+character <CODE>#</CODE> (hash or pound or number or octothorpe or
+whatever) and continue to the end of the physical line, like C++
+comments.</P>  For example:
+
+<PRE>
+# This is the start of a comment.  The next line
+# is a new comment, even though it is logically
+# part of the previous comment.
+</PRE>
+
+<P><STRONG>WARNING:</STRONG> you cannot use the <CODE>;</CODE>
+(semicolon) character to start a comment such as you would in a zone
+file.  The semicolon indicates the end of a configuration statement,
+so whatever follows it will be interpreted as the start of the next
+statement.</P>
+
+<HR>
+
+<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
+| <A HREF="http://www.vix.com/isc/bind.html">BIND Home</A>
+|&nbsp;<A HREF="http://www.isc.org">ISC</A> ]</P></CENTER>
+
+<HR>
+<ADDRESS>
+Last Updated: $Id: comments.html,v 1.4 1998/03/21 01:03:11 halley Exp $
+</ADDRESS>
+</BODY>
+</HTML>
diff --git a/contrib/bind/doc/html/config.html b/contrib/bind/doc/html/config.html
new file mode 100644
index 0000000..dd8e0b4
--- /dev/null
+++ b/contrib/bind/doc/html/config.html
@@ -0,0 +1,83 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+<HEAD>
+  <TITLE>BIND Configuration File Guide</TITLE>
+</HEAD>
+
+<BODY>
+<H2>BIND Configuration File Guide</H2>
+
+<HR>
+
+<H3>Overview</H3>
+
+<P>BIND 8 is much more configurable than previous release of BIND.
+There are entirely new areas of configuration, such as access control lists
+and categorized logging.  Many options that previously applied to all zones
+can now be used selectively.  These features, plus a consideration of future
+configuration needs led to the creation of a new configuration file format.
+
+<H3>The Configuration File</H3>
+
+<H4><A HREF="example.html">Example Configuration</A></H4>
+
+<H4>Statements</H4>
+
+<P>A BIND 8 configuration consists of statements and comments.
+Statements end with a semicolon.  Many statements contain a block of
+substatements, which are also terminated with a semicolon.</P>
+
+<P>The following statements are supported:
+<DL>
+<DT><CODE><A HREF="acl.html">acl</A></CODE>
+<DD>
+defines a named IP address matching list, for access control and other uses
+
+<DT><CODE><A HREF="include.html">include</A></CODE>
+<DD>
+includes a file
+
+<DT><CODE><A HREF="key.html">key</A></CODE>
+<DD>
+specifies key information for use in authentication and authorization
+
+<DT><CODE><A HREF="logging.html">logging</A></CODE>
+<DD>
+specifies what the server logs, and where the log messages are sent
+
+<DT><CODE><A HREF="options.html">options</A></CODE>
+<DD>
+controls global server configuation options and sets defaults for other
+statements
+
+<DT><CODE><A HREF="server.html">server</A></CODE>
+<DD>
+sets certain configuration options on a per-server basis
+
+<DT><CODE><A HREF="zone.html">zone</A></CODE>
+<DD>
+defines a zone
+</DL>
+
+<P>The <CODE>logging</CODE> and <CODE>options</CODE> statements may only
+occur once per configuration.
+
+<H4><A HREF="comments.html">Comments</A></H4>
+
+<H3>Converting from BIND 4.9.x</H3>
+
+<P>BIND 4.9.x configuration files can be converted to the new format
+by using <CODE>src/bin/named/named-bootconf.pl</CODE>, a perl script that
+is part of the BIND 8.1 source kit.
+
+<HR>
+
+<CENTER><P>[ <A HREF="http://www.vix.com/isc/bind.html">BIND Home</A>
+|&nbsp;<A HREF="http://www.isc.org">ISC</A> ]</P></CENTER>
+
+<HR>
+<ADDRESS>
+Last Updated: $Id: config.html,v 1.4 1998/03/21 01:03:11 halley Exp $
+</ADDRESS>
+</BODY>
+</HTML>
diff --git a/contrib/bind/doc/html/docdef.html b/contrib/bind/doc/html/docdef.html
new file mode 100644
index 0000000..da0c9d5
--- /dev/null
+++ b/contrib/bind/doc/html/docdef.html
@@ -0,0 +1,112 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+<HEAD>
+  <TITLE>BIND Documentation Definitions</TITLE>
+</HEAD>
+
+<BODY>
+<H2>BIND Configuration File Guide--Documentation Definitions</H2>
+
+<HR>
+
+<H3>Syntactic Miscellany</H3>
+
+<P>Described below are elements used throughout the BIND configuration
+file documentation.  Elements which are only associated with one
+statement are described only in the section describing that statement.
+
+<DL>
+<DT><VAR>acl_name</VAR>
+<DD>
+The name of an <A HREF="address_list.html">address match list</A>,
+as defined by the <A HREF="acl.html">acl</A> statement.
+
+<DT><VAR>address_match_list</VAR>
+<DD>
+A list of one or more <VAR>ip_address</VAR>, <VAR>ip_prefix</VAR> or
+<VAR>acl_name</VAR> elements, as described in the
+<A HREF="address_list.html">Address Match Lists</A> section.
+
+<DT><VAR>dotted-decimal</VAR>
+<DD>
+One or more integers valued 0 through 255 separated only by dots
+(&quot;.&quot;), such as <CODE>123</CODE> or <CODE>45.67</CODE> or
+<CODE>89.123.45.67</CODE>.
+
+<DT><VAR>domain_name</VAR>
+<DD>
+A quoted string which will be used as a DNS name, for example 
+<CODE>"my.test.domain"</CODE>.
+
+<DT><VAR>path_name</VAR>
+<DD>
+A quoted string which will be used as a pathname, such as 
+<CODE>"zones/master/my.test.domain"</CODE>.
+
+<DT><VAR>ip_addr</VAR>
+<DD>
+An IP address in with exactly four elements in
+<VAR>dotted-decimal</VAR> notation.
+
+<DT><VAR>ip_port</VAR>
+<DD>
+An IP port <VAR>number</VAR>.  <VAR>number</VAR> is limited to 0
+through 65535, with values below 1024 typically restricted to
+root-owned processes.
+
+<DT><VAR>ip_prefix</VAR>
+<DD>
+An IP network specified in <VAR>dotted-decimal</VAR> form, followed by "/"
+and then the number of bits in the netmask.  E.g. <CODE>127/8</CODE> is
+the network <CODE>127.0.0.0</CODE> with netmask <CODE>255.0.0.0</CODE>.
+<CODE>1.2.3.0/24</CODE> is network <CODE>1.2.3.0</CODE> with netmask
+<CODE>255.255.255.0</CODE>.
+
+<DT><VAR>number</VAR>
+<DD>
+A non-negative integer with an entire range limited by the range of a
+C language signed integer (2,147,483,647 on a machine with 32 bit
+integers).  Its acceptable value might further be limited by the
+context in which it is used.
+
+<DT><VAR>size_spec</VAR>
+<DD>
+A <VAR>number</VAR>, the word <CODE>unlimited</CODE>, or the word
+<CODE>default</CODE>.
+
+<P>The maximum value of <VAR>size_spec</VAR> is that of unsigned long
+integers on the machine.  <CODE>unlimited</CODE> requests unlimited use, or
+the maximum available amount.  <CODE>default</CODE> uses the limit that
+was in force when the server was started.</P>
+
+<P>A <VAR>number</VAR> can optionally be followed by a scaling factor:
+<CODE>K</CODE> or <CODE>k</CODE> for kilobytes, <CODE>M</CODE> or
+<CODE>m</CODE> for megabytes, and <CODE>G</CODE> or <CODE>g</CODE> for
+gigabytes, which scale by 1024, 1024*1024, and 1024*1024*1024
+respectively.
+
+<P>Integer storage overflow is currently silently ignored during
+conversion of scaled values, resulting in values less than intended,
+possibly even negative.  Using <CODE>unlimited</CODE> is the best way
+to safely set a really large number.</P>
+
+<DT><VAR>yes_or_no</VAR>
+<DD>
+Either <CODE>yes</CODE> or <CODE>no</CODE>.  The words
+<CODE>true</CODE> and <CODE>false</CODE> are also accepted, as are the
+numbers <CODE>1</CODE> and <CODE>0</CODE>.
+
+</DL>
+
+<HR>
+
+<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
+| <A HREF="http://www.vix.com/isc/bind.html">BIND Home</A>
+| <A HREF="http://www.isc.org">ISC</A> ]</P></CENTER>
+
+<HR>
+<ADDRESS>
+Last Updated: $Id: docdef.html,v 1.4 1998/03/21 01:03:12 halley Exp $
+</ADDRESS>
+</BODY>
+</HTML>
diff --git a/contrib/bind/doc/html/example.html b/contrib/bind/doc/html/example.html
new file mode 100644
index 0000000..729b980
--- /dev/null
+++ b/contrib/bind/doc/html/example.html
@@ -0,0 +1,59 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+<HEAD>
+  <TITLE>BIND Configuration File Guide -- Example Config File</TITLE>
+</HEAD>
+
+<BODY>
+<H2>BIND Configuration File Guide -- Example Config File</H2>
+
+<HR>
+
+<PRE>
+
+/*
+ * A simple BIND 8 configuration
+ */
+
+options {
+	directory "/var/named";
+};
+
+logging {
+	category lame-servers { null; };
+	category cname { null; };
+};
+
+zone "isc.org" in {
+	type master;
+	file "master/isc.org";
+};
+
+zone "vix.com" in {
+	type slave;
+	file "slave/vix.com";
+	masters { 10.0.0.53; };
+};
+
+zone "." in {
+	type hint;
+	file "named.cache";
+};
+
+zone "0.0.127.in-addr.arpa" in {
+	type master;
+	file "master/127.0.0";
+};
+</PRE>
+
+<HR>
+
+<CENTER><P>[ <A HREF="http://www.vix.com/isc/bind.html">BIND Home</A>
+|&nbsp;<A HREF="http://www.isc.org">ISC</A> ]</P></CENTER>
+
+<HR>
+<ADDRESS>
+Last Updated: $Id: example.html,v 1.1 1997/05/06 22:11:31 vixie Exp $
+</ADDRESS>
+</BODY>
+</HTML>
diff --git a/contrib/bind/doc/html/include.html b/contrib/bind/doc/html/include.html
new file mode 100644
index 0000000..4184210
--- /dev/null
+++ b/contrib/bind/doc/html/include.html
@@ -0,0 +1,53 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+<HEAD>
+  <TITLE>BIND include Statement</TITLE>
+</HEAD>
+
+<BODY>
+<H2>BIND Configuration File Guide--<CODE>include</CODE> Statement</H2>
+
+<HR>
+
+<A NAME="Syntax"><H3>Syntax</H3></A>
+
+<P><CODE>include <VAR><A HREF="docdef.html">path_name</A></VAR>;</CODE></P>
+
+<HR>
+
+<A Name="#Usage"><H3>Definition and Usage</H3></A>
+
+<P>The <CODE>include</CODE> statement inserts the specified file at
+the point that the <CODE>include</CODE> statement is encountered.  It
+cannot be used within another statement, though, so a line such as
+<CODE>acl internal_hosts { "include internal_hosts.acl" }</CODE> is
+not allowed.</P>
+
+<P>Use <CODE>include</CODE> to break the configuration up into
+easily-managed chunks.  For example:</P> 
+
+<UL COMPACT>
+<LI><CODE>include &quot;/etc/security/keys.bind&quot;;</CODE></LI>
+<LI><CODE>include &quot;/etc/acls.bind&quot;;</CODE></LI>
+</UL>
+
+<P>could be used at the top of a BIND configuration file in order to
+include any ACL or key information.</P>
+
+<P>Be careful not to type
+&quot;<CODE>#include</CODE>&quot;, like you would in a C
+program, because &quot;<CODE>#</CODE>&quot; is used to start a
+comment.</P>
+
+<HR>
+
+<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
+| <A HREF="http://www.vix.com/isc/bind.html">BIND Home</A>
+| <A HREF="http://www.isc.org">ISC</A> ]</P></CENTER>
+
+<HR>
+<ADDRESS>
+Last Updated: $Id: include.html,v 1.5 1998/03/21 01:03:12 halley Exp $
+</ADDRESS>
+</BODY>
+</HTML>
diff --git a/contrib/bind/doc/html/index.html b/contrib/bind/doc/html/index.html
new file mode 100644
index 0000000..ca8c73c
--- /dev/null
+++ b/contrib/bind/doc/html/index.html
@@ -0,0 +1,63 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+<HEAD>
+  <TITLE>BIND Version 8 Online Documentation</TITLE>
+</HEAD>
+
+<BODY>
+<H2>BIND Version 8 Online Documentation</H2>
+
+<H3>BIND 8 Highlights</H3>
+
+<UL>
+<LI>DNS Dynamic Updates
+(<A HREF=http://ds.internic.net/rfc/rfc2136.txt>RFC 2136</A>)</LI>
+<LI>DNS Change Notification
+(<A HREF=http://ds.internic.net/rfc/rfc1996.txt>RFC 1996</A>)</LI>
+<LI>Completely new configuration syntax</LI>
+<LI>Flexible, categorized logging system</LI>
+<LI>IP-address-based access control for queries, zone transfers, and
+updates that may be specified on a zone-by-zone basis</LI>
+<LI>More efficient zone transfers</LI>
+<LI>Improved performance for servers with thousands of zones</LI>
+<LI>The server no longer forks for outbound zone transfers</LI>
+<LI>Many bug fixes</LI>
+</UL>
+
+<H3><A HREF="config.html">Configuration File Guide</A></H3>
+
+<H3>Kits</H3>
+<UL>
+<LI><A HREF="ftp://ftp.isc.org/isc/bind/src/cur">
+The latest production release</A></LI>
+<LI><A HREF="ftp://ftp.isc.org/isc/bind/src/testing">
+The latest public test release</A></LI>
+</UL>
+
+<H3>Bug Reports and Comments</H3>
+<P>Send bug reports to
+<A HREF="mailto:bind-bugs@isc.org">bind-bugs@isc.org</A>.
+
+<H3>DNS Related Newsgroups</H3>
+<UL>
+<LI><A HREF="news:comp.protocols.dns.bind">Using BIND</A></LI>
+<LI><A HREF="news:comp.protocols.dns.ops">DNS Operations</A></LI>
+<LI><A HREF="news:comp.protocols.dns.std">DNS Standards</A></LI>
+</UL>
+
+<H3><A HREF="http://www.isc.org/">The Internet Software Consortium</A></H3>
+
+BIND is supported by the Internet Software Consortium, and
+although it is free for use and redistribution and incorporation into
+vendor products and export and anything else you can think of, it
+costs money to produce.  That money comes from ISPs, hardware and
+software vendors, companies who make extensive use of the software,
+and generally kind hearted folk such as yourself.
+
+<HR>
+<ADDRESS>
+Last Updated: $Id: index.html,v 1.4 1998/03/21 01:03:12 halley Exp $
+</ADDRESS>
+
+</BODY>
+</HTML>
diff --git a/contrib/bind/doc/html/key.html b/contrib/bind/doc/html/key.html
new file mode 100644
index 0000000..bac6a96
--- /dev/null
+++ b/contrib/bind/doc/html/key.html
@@ -0,0 +1,50 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+<HEAD>
+  <TITLE>BIND key Statement</TITLE>
+</HEAD>
+
+<BODY>
+<H2>BIND Configuration File Guide--<CODE>key</CODE> Statement</H2>
+
+<HR>
+
+<A NAME="Syntax"><H3>Syntax</H3></A>
+
+<PRE>
+key <VAR>key_id</VAR> {
+  algorithm <VAR>algorithm_id</VAR>;
+  secret <VAR>secret_string</VAR>;
+};
+</PRE>
+
+<HR>
+
+<A NAME="Usage"><H3>Definition and Usage</H3></A>
+
+<P>The <CODE>key</CODE> statement defines a key ID which can be used
+in a <A HREF="server.html"><CODE>server</CODE> statement</A> to
+associate an authentication method with a particular name server.
+
+<P>A key ID must be created with the <CODE>key</CODE>
+statement before it can be used in a <CODE>server</CODE>
+definition.</P>
+
+<P>The <VAR>algorithm_id</VAR> is a string that specifies a
+security/authentication algorithm.
+<VAR>secret_string</VAR> is the secret to be used by the algorithm.
+
+<P>The <CODE>key</CODE> statement is intended for future use by the
+server.  It is checked for syntax but is otherwise ignored.
+<HR>
+
+<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
+| <A HREF="http://www.vix.com/isc/bind.html">BIND Home</A>
+| <A HREF="http://www.isc.org">ISC</A> ]</P></CENTER>
+
+<HR>
+<ADDRESS>
+Last Updated: $Id: key.html,v 1.5 1998/03/21 01:03:13 halley Exp $
+</ADDRESS>
+</BODY>
+</HTML>
diff --git a/contrib/bind/doc/html/logging.html b/contrib/bind/doc/html/logging.html
new file mode 100644
index 0000000..4af8050
--- /dev/null
+++ b/contrib/bind/doc/html/logging.html
@@ -0,0 +1,346 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+<HEAD>
+  <TITLE>BIND logging Statement</TITLE>
+</HEAD>
+
+<BODY>
+<H2>BIND Configuration File Guide -- <CODE>logging</CODE> Statement</H2>
+
+<HR>
+
+<A NAME="Syntax"><H3>Syntax</H3></A>
+
+<PRE>
+logging {
+  [ channel <VAR>channel_name</VAR> {
+    ( file <VAR><A HREF="docdef.html">path_name</A></VAR>
+       [ versions ( <VAR>number</VAR> | unlimited ) ]
+       [ size <VAR><A HREF="docdef.html">size_spec</A></VAR> ]
+     | syslog ( kern | user | mail | daemon | auth | syslog | lpr |
+                news | uucp | cron | authpriv | ftp |
+                local0 | local1 | local2 | local3 |
+                local4 | local5 | local6 | local7 )
+     | null );
+
+    [ severity ( critical | error | warning | notice |
+                 info  | debug [ <VAR>level</VAR> ] | dynamic ); ]
+    [ print-category <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
+    [ print-severity <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
+    [ print-time <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
+  }; ]
+
+  [ category <VAR>category_name</VAR> {
+    <VAR>channel_name</VAR>; [ <VAR>channel_name</VAR>; ... ]
+  }; ]
+  ...
+};
+</PRE>
+
+<A NAME="Usage"><H3>Definition and Usage</H3></A>
+
+<P>The <CODE>logging</CODE> statement configures a wide variety of
+logging options for the nameserver.  Its <CODE>channel</CODE> phrase
+associates output methods, format options and severity levels with
+a name that can then be used with the <CODE>category</CODE> phrase to
+select how various classes of messages are logged.</P>
+
+<P>Only one <CODE>logging</CODE> statement is used to define as many
+channels and categories as are wanted.  If there are multiple logging
+statements in a configuration, the first defined determines the logging,
+and warnings are issued for the others.  If there is no logging statement,
+the logging configuration will be:</P>
+
+<PRE>
+    logging {
+        category default { default_syslog; default_debug; };
+        category panic { default_syslog; default_stderr; };
+        category packet { default_debug; };
+        category eventlib { default_debug; };
+    };
+</PRE>
+
+<H4>The <CODE>channel</CODE> phrase</H4>
+
+<P>All log output goes to one or more "channels"; you can make as many
+of them as you want.</P>
+
+<P>Every channel definition must include a clause that says whether
+messages selected for the channel go to a file, to a particular syslog
+facility, or are discarded.  It can optionally also limit the message
+severity level that will be accepted by the channel (default is
+"info"), and whether to include a <CODE>named</CODE>-generated time
+stamp, the category name and/or severity level (default is not to
+include any).</P>
+
+<P>The word <CODE>null</CODE> as the destination option for the
+channel will cause all messages sent to it to be discarded; other
+options for the channel are meaningless.</P>
+
+<P>The <CODE>file</CODE> clause can include limitations both on how
+large the file is allowed to become, and how many versions of the file
+will be saved each time the file is opened.  
+
+<P>The <CODE>size</CODE> option for files is simply a hard ceiling on
+log growth.  If the file ever exceeds the size, then
+<CODE>named</CODE> will just not write anything more to it until the
+file is reopened; exceeding the size does not automatically trigger a
+reopen.  The default behavior is to not limit the size of the file.</P>
+
+<P>If you use the <CODE>version</CODE> logfile option, then
+<CODE>named</CODE> will retain that many backup versions of the file
+by renaming them when opening.  For example, if you choose to keep 3
+old versions of the file "lamers.log" then just before it is opened
+lamers.log.1 is renamed to lames.log.2, lamers.log.0 is renamed to
+lamers.log.1, and lamers.log is renamed to lamers.log.0.  No rolled
+versions are kept by default.  The <CODE>unlimited</CODE> keyword is
+synonymous with <CODE>99</CODE> in current BIND releases.</P>
+
+<P>The argument for the <CODE>syslog</CODE> clause is a syslog
+facility as described in the <CODE>syslog</CODE> manual page.  How
+<CODE>syslogd</CODE> will handle messages sent to this facility is
+described in the <CODE>syslog.conf</CODE> manual page.  If you have a
+system which uses a very old version of <CODE>syslog</CODE> that only
+uses two arguments to the <CODE>openlog()</CODE> function, then this
+clause is silently ignored.</P>
+
+<P>The <CODE>severity</CODE> clause works like <CODE>syslog</CODE>'s
+"priorities", except that they can also be used if you are writing
+straight to a file rather than using <CODE>syslog</CODE>.  Messages
+which are not at least of the severity level given will not be
+selected for the channel; messages of higher severity levels will be
+accepted.</P>
+
+<P>If you are using <CODE>syslog</CODE>, then the
+<CODE>syslog.conf</CODE> priorities will also determine what
+eventually passes through.  For example, defining a channel facility
+and severity as <CODE>daemon</CODE> and <CODE>debug</CODE> but only
+logging <CODE>daemon.warning</CODE> via <CODE>syslog.conf</CODE> will
+cause messages of severity <CODE>info</CODE> and <CODE>notice</CODE>
+to be dropped.  If the situation were reversed, with
+<CODE>named</CODE> writing messages of only <CODE>warning</CODE> or
+higher, then <CODE>syslogd</CODE> would print all messages it received
+from the channel.</P>
+
+<P>The server can supply extensive debugging information when it is in
+debugging mode.  If the server's global debug level is greater than
+zero, then debugging mode will be active.  The global debug level is
+set either by starting the server with the "-d" flag followed by a
+positive integer, or by sending the server the SIGUSR1 signal (for
+example, by using "ndc trace").  The global debug level can be set to
+zero, and debugging mode turned off, by sending the server the SIGUSR2
+signal ("ndc notrace".  All debugging messages in the server have a
+debug level, and higher debug levels give more more detailed output.
+Channels that specify a specific debug severity, e.g.
+
+<PRE>
+    channel specific_debug_level {
+        file "foo";
+        severity debug 3;
+    };
+</PRE>
+
+<P>will get debugging output of level 3 or less any time the
+server is in debugging mode, regardless of the global debugging level.
+Channels with <code>dynamic</code> severity use the server's global
+level to determine what messages to print.
+
+<P>If <CODE>print-time</CODE> has been turned on, then the date and
+time will be logged.  <CODE>print-time</CODE> may be specified for a
+syslog channel, but is usually pointless since syslog also prints the
+date and time.  If <CODE>print-category</CODE> is requested,
+then the category of the message will be logged as well.  Finally, if
+<CODE>print-severity</CODE> is on, then the severity level of the
+message will be logged.  The <CODE>print-</CODE> options may be used
+in any combination, and will always be printed in the following order:
+time, category, severity.  Here is an example where all three
+<CODE>print-</CODE> options are on:
+
+<PRE>
+    28-Apr-1997 15:05:32.863 default: notice: Ready to answer queries.
+</PRE>
+
+<P>There are four predefined channels that are used for
+<CODE>named</CODE>'s default logging as follows.  How they are used
+used is described in the next section, The <CODE>category</CODE> phrase.
+
+<PRE>
+    channel default_syslog {
+        syslog daemon;        # send to syslog's daemon facility
+        severity info;        # only send priority info and higher
+    };
+
+    channel default_debug {
+        file "named.run";     # write to named.run in the working directory
+        severity dynamic;     # log at the server's current debug level
+    };
+
+    channel default_stderr {  # writes to stderr
+        file "&lt;stderr&gt;";      # this is illustrative only; there's currently
+                              # no way of specifying an internal file
+                              # descriptor in the configuration language.
+        severity info;        # only send priority info and higher
+    };
+
+    channel null {            
+        null;                 # toss anything sent to this channel
+    };
+</PRE>
+
+<P>Once a channel is defined, it cannot be redefined.  Thus you cannot
+alter the built-in channels directly, but you can modify the default
+logging by pointing categories at channels you have defined.</P>
+
+<H4>The <CODE>category</CODE> phrase</H4>
+
+<P>There are many categories, so you can send the logs you want to see
+wherever you want, without seeing logs you don't want.  If you don't specify
+a list of channels for a category, then log messages in that category will
+be sent to the <CODE>default</CODE> category instead.  If you don't specify
+a default category, the following "default default" is used:
+
+<PRE>
+    category default { default_syslog; default_debug; };
+</PRE>
+
+<P>As an example, let's say you want to log security events to a file,
+but you also want keep the default logging behavior.  You'd specify the
+following:
+
+<PRE>
+    channel my_security_channel {
+        file "my_security_file";
+        severity info;
+    };
+    category security { my_security_channel; default_syslog; default_debug; };
+</PRE>
+
+<P>To discard all messages in a category, specify the
+<CODE>null</CODE> channel:
+
+<PRE>
+    category lame-servers { null; };
+    category cname { null; };
+</PRE>
+
+<P>The following
+categories are available:</P>
+
+<DL>
+<DT><CODE>default</CODE>
+<DD>
+The catch-all.  Many things still aren't classified into categories,
+and they all end up here.  Also, if you don't specify any channels for
+a category, the default category is used instead.  If you do not
+define the default category, the following definition is used:
+<CODE>category default { default_syslog; default_debug; };</CODE>
+
+<DT><CODE>config</CODE>
+<DD>  
+High-level configuration file processing.
+
+<DT><CODE>parser</CODE>
+<DD>
+Low-level configuration file processing.
+
+<DT><CODE>queries</CODE>
+<DD>
+A short log message is generated for every query the server receives.
+
+<DT><CODE>lame-servers</CODE>
+<DD>
+Messages like "Lame server on ..."
+
+<DT><CODE>statistics</CODE>
+<DD>
+Statistics.
+
+<DT><CODE>panic</CODE>
+<DD>
+If the server has to shut itself down due to an internal problem, it
+will log the problem in this category as well as in the problem's native
+category.  If you do not define the panic category, the following definition
+is used: <CODE>category panic { default_syslog; default_stderr; };</CODE>
+
+<DT><CODE>update</CODE>
+<DD>
+Dynamic updates.
+
+<DT><CODE>ncache</CODE>
+<DD>
+Negative caching.
+
+<DT><CODE>xfer-in</CODE>
+<DD>
+Zone transfers the server is receiving.
+
+<DT><CODE>xfer-out</CODE>
+<DD>
+Zone transfers the server is sending.
+
+<DT><CODE>db</CODE>
+<DD>
+All database operations.
+
+<DT><CODE>eventlib</CODE>
+<DD>
+Debugging info from the event system.  Only one channel may be specified for
+this category, and it must be a file channel.  If you do not define the
+eventlib category, the following definition is used: <CODE>category eventlib
+{ default_debug; };</CODE>
+
+<DT><CODE>packet</CODE>
+<DD>
+Dumps of packets received and sent.  Only one channel may be specified for
+this category, and it must be a file channel.  If you do not define the
+packet category, the following definition is used: <CODE>category packet
+{ default_debug; };</CODE>
+
+<DT><CODE>notify</CODE>
+<DD>
+The NOTIFY protocol.
+
+<DT><CODE>cname</CODE>
+<DD>
+Messages like "... points to a CNAME".
+
+<DT><CODE>security</CODE>
+<DD>
+Approved/unapproved requests.
+
+<DT><CODE>os</CODE>
+<DD>
+Operating system problems.
+
+<DT><CODE>insist</CODE>
+<DD>
+Internal consistency check failures.
+
+<DT><CODE>maintenance</CODE>
+<DD>
+Periodic maintenance events.
+
+<DT><CODE>load</CODE>
+<DD>
+Zone loading messages.
+
+<DT><CODE>response-checks</CODE>
+<DD>
+Messages arising from response checking, such as
+"Malformed response ...", "wrong ans. name ...",
+"unrelated additional info ...", "invalid RR type ...", and "bad referral ...".
+
+</DL>
+
+<HR>
+
+<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
+| <A HREF="http://www.vix.com/isc/bind.html">BIND Home</A>
+| <A HREF="http://www.isc.org">ISC</A> ]</P></CENTER>
+
+<HR>
+<ADDRESS>
+Last Updated: $Id: logging.html,v 1.6 1998/03/21 01:03:13 halley Exp $
+</ADDRESS>
+</BODY>
+</HTML>
diff --git a/contrib/bind/doc/html/options.html b/contrib/bind/doc/html/options.html
new file mode 100644
index 0000000..5f0ddce
--- /dev/null
+++ b/contrib/bind/doc/html/options.html
@@ -0,0 +1,462 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+<HEAD>
+  <TITLE>BIND options Statement</TITLE>
+</HEAD>
+
+<BODY>
+<H2>BIND Configuration File Guide -- <CODE>options</CODE> Statement</H2>
+
+<HR>
+
+<A NAME="Syntax"><H3>Syntax</H3></A>
+
+<PRE>
+options {
+  [ directory <VAR>path_name</VAR>; ]
+  [ named-xfer <VAR>path_name</VAR>; ]
+  [ dump-file <VAR>path_name</VAR>; ]
+  [ memstatistics-file <VAR>path_name</VAR>; ]
+  [ pid-file <VAR>path_name</VAR>; ]
+  [ statistics-file <VAR>path_name</VAR>; ]
+  [ auth-nxdomain <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
+  [ deallocate-on-exit <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
+  [ fake-iquery <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
+  [ fetch-glue <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
+  [ multiple-cnames <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
+  [ notify <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
+  [ recursion <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
+  [ forward ( only | first ); ]
+  [ forwarders { [ <VAR><A HREF="docdef.html">in_addr</A></VAR> ; [ <VAR><A HREF="docdef.html">in_addr</A></VAR> ; ... ] ] }; ]
+  [ check-names ( master | slave | response ) ( warn | fail | ignore); ]
+  [ allow-query { <VAR>address_match_list</VAR> }; ]
+  [ allow-transfer { <VAR>address_match_list</VAR> }; ]
+  [ listen-on [ port <VAR><A HREF="docdef.html">ip_port</A></VAR> ] { <VAR>address_match_list</VAR> }; ]
+  [ query-source [ address ( <VAR><A HREF="docdef.html">ip_addr</A></VAR> | * ) ] [ port ( <VAR><A HREF="docdef.html">ip_port</A></VAR> | * ) ] ; ]
+  [ max-transfer-time-in <VAR>number</VAR>; ]
+  [ transfer-format ( one-answer | many-answers ); ]
+  [ transfers-in  <VAR>number</VAR>; ]
+  [ transfers-out <VAR>number</VAR>; ]
+  [ transfers-per-ns <VAR>number</VAR>; ]
+  [ coresize <VAR><A HREF="docdef.html">size_spec</A></VAR> ; ]
+  [ datasize <VAR><A HREF="docdef.html">size_spec</A></VAR> ; ]
+  [ files <VAR><A HREF="docdef.html">size_spec</A></VAR> ; ]
+  [ stacksize <VAR><A HREF="docdef.html">size_spec</A></VAR> ; ]
+  [ cleaning-interval <VAR>number</VAR>; ]
+  [ interface-interval <VAR>number</VAR>; ]
+  [ statistics-interval <VAR>number</VAR>; ]
+  [ topology { <VAR>address_match_list</VAR> }; ]
+};
+</PRE>
+<HR>
+
+<A NAME="Usage"><H3>Definition and Use</H3></A>
+
+<P>The options statement sets up global options to be used by
+BIND. This statement may appear at only once in a
+configuration file; if more than one occurrence is found, the
+first occurrence determines the actual options used,
+and a warning will be generated.  If there is no options statement,
+an options block with each option set to its default will be used.</P>
+
+<H4>Pathnames</H4>
+
+<DL>
+<DT><CODE>directory</CODE>
+<DD>
+The working directory of the server.  Any non-absolute
+pathnames in the configuration file will be taken as relative to this
+directory.  The default location for most server output files
+(e.g. "named.run") is this directory.  If a directory is not
+specified, the working directory defaults to ".", the directory from which the
+server was started.  The directory specified should be an absolute path.
+
+<DT><CODE>named-xfer</CODE>
+<DD>
+The pathname to the named-xfer program that the server uses for
+inbound zone transfers.  If not specified, the default is
+system dependent (e.g.  "/usr/sbin/named-xfer").
+
+<DT><CODE>dump-file</CODE>
+<DD>
+The pathname of the file the server dumps the database to when it
+receives <CODE>SIGINT</CODE> signal (<CODE>ndc dumpdb</CODE>).  If not
+specified, the default is "named_dump.db".
+
+<DT><CODE>memstatistics-file</CODE>
+<DD>
+The pathname of the file the server writes memory usage statistics to on exit,
+if <CODE>deallocate-on-exit</CODE> is <CODE>yes</CODE>.  If not
+specified, the default is "named.memstats".
+
+<DT><CODE>pid-file</CODE>
+<DD>
+The pathname of the file the server writes its process ID in.  If not
+specified, the default is operating system dependent, but is usually
+"/var/run/named.pid" or "/etc/named.pid".  The pid-file is used by
+programs like "ndc" that want to send signals to the running
+nameserver.
+
+<DT><CODE>statistics-file</CODE>
+<DD>
+The pathname of the file the server appends statistics to when it
+receives <CODE>SIGILL</CODE> signal (<CODE>ndc stats</CODE>).  If not
+specified, the default is "named.stats".
+</DL>
+
+<A name="BooleanOptions"><H4>Boolean Options</H4></A>
+
+<DL>
+<DT><CODE>auth-nxdomain</CODE>
+<DD>
+If <CODE>yes</CODE>, then the <CODE>AA</CODE> bit is always set on
+NXDOMAIN responses, even if the server is not actually authoritative.
+The default is <CODE>yes</CODE>.  Do not turn off
+<CODE>auth-nxdomain</CODE> unless you are sure you know what you are
+doing, as some older software won't like it.
+
+<DT><CODE>deallocate-on-exit</CODE>
+<DD>
+If <CODE>yes</CODE>, then when the server exits it will painstakingly
+deallocate every object it allocated, and then write a memory usage report to
+the <CODE>memstatistics-file</CODE>.  The default is <CODE>no</CODE>, because
+it is faster to let the operating system clean up.
+<CODE>deallocate-on-exit</CODE> is handy for detecting memory leaks.
+
+<DT><CODE>fake-iquery</CODE>
+<DD>
+If <CODE>yes</CODE>, the server will simulate the obsolete DNS query type
+IQUERY.  The default is <CODE>no</CODE>.
+
+<DT><CODE>fetch-glue</CODE>
+<DD>
+If <CODE>yes</CODE> (the default), the server will fetch "glue" resource
+records it doesn't have when constructing the additional data section of
+a response.  <CODE>fetch-glue no</CODE> can be used in conjunction with
+<CODE>recursion no</CODE> to prevent the server's cache from growing or
+becoming corrupted (at the cost of requiring more work from the client).
+
+<DT><CODE>multiple-cnames</CODE>
+<DD>
+If <CODE>yes</CODE>, then multiple CNAME resource records will be
+allowed for a domain name.  The default is <CODE>no</CODE>.  Allowing
+multiple CNAME records is against standards and is not recommended.
+Multiple CNAME support is available because previous versions of BIND
+allowed multiple CNAME records, and these records have been used for load
+balancing by a number of sites.
+
+<DT><CODE>notify</CODE>
+<DD>
+If <CODE>yes</CODE> (the default), DNS NOTIFY messages are sent when a
+zone the server is authoritative for changes.  The use of NOTIFY
+speeds convergence between the master and its slaves.  Slave servers
+that receive a NOTIFY message and understand it will contact the
+master server for the zone and see if they need to do a zone transfer, and
+if they do, they will initiate it immediately.  The <CODE>notify</CODE>
+option may also be specified in the <CODE>zone</CODE> statement, in which
+case it overrides the <CODE>options notify</CODE> statement.
+
+<DT><CODE>recursion</CODE>
+<DD>
+If <CODE>yes</CODE>, and a DNS query requests recursion, then the
+server will attempt to do all the work required to answer the query.
+If recursion is not on, the server will return a referral to the
+client if it doesn't know the answer.  The default is <CODE>yes</CODE>.
+See also <CODE>fetch-glue</CODE> above.
+</DL>
+
+<H4>Forwarding</H4>
+
+<P>The forwarding facility can be used to create a large sitewide
+cache on a few servers, reducing traffic over links to external
+nameservers.  It can also be used to allow queries by servers that do
+not have direct access to the Internet, but wish to look up exterior
+names anyway.  Forwarding occurs only on those queries for which the
+server is not authoritative and does not have the answer in its cache.
+
+<DL>
+<DT><CODE>forward</CODE>
+<DD>
+This option is only meaningful if the <CODE>forwarders</CODE> list is
+not empty.  A value of <CODE>first</CODE>, the default, causes the
+server to query the forwarders first, and if that doesn't answer the
+question the server will then look for the answer itself.  If
+<CODE>only</CODE> is specified, the server will only query the
+forwarders. 
+
+<DT><CODE>forwarders</CODE>
+<DD>
+Specifies the IP addresses to be used for forwarding.  The default is the
+empty list (no forwarding).
+</DL>
+
+<P>Future versions of BIND 8 will provide a more powerful forwarding
+system.  The syntax described above will continue to be supported.
+
+<a name="NameChecking"><H4>Name Checking</H4></a>
+
+<P>The server can check domain names based upon their expected client contexts.
+For example, a domain name used as a hostname can be checked for compliance
+with the RFCs defining valid hostnames.
+
+<P>Three checking methods are available:
+
+<DL>
+<DT><CODE>ignore</CODE>
+<DD>
+No checking is done.
+
+<DT><CODE>warn</CODE>
+<DD>
+Names are checked against their expected client contexts.  Invalid names are
+logged, but processing continues normally.
+
+<DT><CODE>fail</CODE>
+<DD>
+Names are checked against their expected client contexts.  Invalid names are
+logged, and the offending data is rejected.
+</DL>
+
+<P>The server can check names three areas: master zone files, slave
+zone files, and in responses to queries the server has initiated.  If
+<CODE>check-names response fail</CODE> has been specified, and
+answering the client's question would require sending an invalid name
+to the client, the server will send a REFUSED response code to the
+client.
+
+<P>The defaults are:
+
+<PRE>
+    check-names master fail;
+    check-names slave warn;
+    check-names response ignore;
+</PRE>
+
+<P><CODE>check-names</CODE> may also be specified in the <CODE>zone</CODE>
+statement, in which case it overrides the <CODE>options check-names</CODE>
+statement.  When used in a <CODE>zone</CODE> statement, the area is not
+specified (because it can be deduced from the zone type).
+
+<A name="AccessControl"><H4>Access Control</H4></A>
+
+<P>Access to the server can be restricted based on the IP address of the
+requesting system.  See
+<VAR><A HREF="address_list.html">address_match_list</A></VAR> for details
+on how to specify IP address lists.
+
+<DL>
+<DT><CODE>allow-query</CODE>
+<DD>
+Specifies which hosts are allowed to ask ordinary questions.
+<CODE>allow-query</CODE> may also be specified in the
+<CODE>zone</CODE> statement, in which case it overrides the
+<CODE>options allow-query</CODE> statement.  If not specified, the default is
+to allow queries from all hosts.
+
+<DT><CODE>allow-transfer</CODE>
+<DD>
+Specifies which hosts are allowed to receive zone transfers from the
+server.  <CODE>allow-transfer</CODE> may also be specified in the
+<CODE>zone</CODE> statement, in which case it overrides the
+<CODE>options allow-transfer</CODE> statement.  If not specified, the default
+is to allow transfers from all hosts.
+</DL>
+
+<H4>Interfaces</H4>
+
+<P>The interfaces and ports that the server will answer queries from may
+be specified using the <CODE>listen-on</CODE> option.  <CODE>listen-on</CODE>
+takes an optional port, and an 
+<VAR><A HREF="address_list.html">address_match_list</A></VAR>.  The server will
+listen on all interfaces allowed by the address match list.  If a port is
+not specified, port 53 will be used.
+
+<P>Multiple <CODE>listen-on</CODE> statements are allowed.  For example,
+
+<PRE>
+    listen-on { 5.6.7.8; };
+    listen-on port 1234 { !1.2.3.4; 1.2/16; };
+</PRE>
+
+<P>If no <CODE>listen-on</CODE> is specified, the server will listen on port
+53 on all interfaces.
+
+<H4>Query Address</H4>
+
+<P>If the server doesn't know the answer to a question, it will query
+other nameservers.  <CODE>query-source</CODE> specifies the address
+and port used for such queries.  If <CODE>address</CODE> is
+<CODE>*</CODE> or is omitted, a wildcard IP address
+(<CODE>INADDR_ANY</CODE>) will be used.  If <CODE>port</CODE> is
+<CODE>*</CODE> or is omitted, a random unprivileged port will be used.
+The default is
+
+<PRE>
+    query-source address * port *;
+</PRE>
+
+<P>Note: <CODE>query-source</CODE> currently applies only to UDP queries;
+TCP queries always use a wildcard IP address and a random unprivileged
+port.
+
+<A name="ZoneTransfers"><H4>Zone Transfers</H4></A>
+
+<DL>
+<DT><CODE>max-transfer-time-in</CODE>
+<DD>
+Inbound zone transfers (<CODE>named-xfer</CODE> processes) running
+longer than this many minutes will be terminated.  The default is 120
+minutes (2 hours).
+
+<DT><CODE>transfer-format</CODE>
+<DD>
+The server supports two zone transfer methods.
+<CODE>one-answer</CODE> uses one DNS message per resource record
+transferred.  <CODE>many-answers</CODE> packs as many resource records
+as possible into a message.  <CODE>many-answers</CODE> is more
+efficient, but is only known to be understood by BIND 8.1 and patched
+versions of BIND 4.9.5.  The default is <CODE>one-answer</CODE>.
+<CODE>transfer-format</CODE> may be
+overridden on a per-server basis by using the <CODE>server</CODE> statement.
+
+<DT><CODE>transfers-in</CODE>
+<DD>
+The maximum number of inbound zone transfers that can be running
+concurrently.  The default value is 10.  Increasing
+<CODE>transfers-in</CODE> may speed up the convergence of slave zones,
+but it also may increase the load on the local system.
+
+<DT><CODE>transfers-out</CODE>
+<DD>
+This option will be used in the future to limit the number of
+concurrent outbound zone transfers.  It is checked for syntax, but is
+otherwise ignored.
+
+<DT><CODE>transfers-per-ns</CODE>
+<DD>
+The maximum number of inbound zone transfers (<CODE>named-xfer</CODE>
+processes) that can be concurrently transferring from a given remote
+nameserver.  The default value is 2.  Increasing
+<CODE>transfers-per-ns</CODE> may speed up the convergence of slave
+zones, but it also may increase the load on the remote nameserver.
+<CODE>transfers-per-ns</CODE> may be overridden on a per-server basis
+by using the <CODE>transfers</CODE> phrase of the <CODE>server</CODE>
+statement.
+</DL>
+
+<H4>Resource Limits</H4>
+
+<P>The server's usage of many system resources can be limited.  Some
+operating systems don't support some of the limits.  On such systems,
+a warning will be issued if the unsupported limit is used.  Some
+operating systems don't support limiting resources, and on these systems
+a <CODE>cannot set resource limits on this system</CODE> message will
+be logged.
+
+<P>Scaled values are allowed when specifying resource limits.  For
+example, <CODE>1G</CODE> can be used instead of
+<CODE>1073741824</CODE> to specify a limit of one gigabyte.
+<CODE>unlimited</CODE> requests unlimited use, or the maximum
+available amount.  <CODE>default</CODE> uses the limit that was in
+force when the server was started.  See
+<VAR><AHREF="docdef.html">size_spec</A></VAR> for more details.
+
+<DL>
+<DT><CODE>coresize</CODE>
+<DD>
+The maximum size of a core dump.  The default is <CODE>default</CODE>.
+
+<DT><CODE>datasize</CODE>
+<DD>
+The maximum amount of data memory the server may use.  The default is
+<CODE>default</CODE>.
+
+<DT><CODE>files</CODE>
+<DD>
+The maximum number of files ther server may have open concurrently.
+The default is <CODE>unlimited</CODE>.  <I>Note:</I> on some operating
+systems the server cannot set an unlimited value and cannot determine
+the maximum number of open files the kernel can support.  On such
+systems, choosing <CODE>unlimited</CODE> will cause the server to use
+the larger of the <CODE>rlim_max</CODE> for <CODE>RLIMIT_NOFILE</CODE>
+and the value returned by <CODE>sysconf(_SC_OPEN_MAX)</CODE>.  If the
+actual kernel limit is larger than this value, use <CODE>limit
+files</CODE> to specify the limit explicitly.
+
+<DT><CODE>stacksize</CODE>
+<DD>
+The maximum amount of stack memory the server may use.  The default is
+<CODE>default</CODE>.
+</DL>
+
+<H4>Periodic Task Intervals</H4>
+
+<DL>
+<DT><CODE>cleaning-interval</CODE>
+<DD>
+The server will remove expired resource records from the cache every
+<CODE>cleaning-interval</CODE> minutes.  The default is 60 minutes.  If set
+to 0, no periodic cleaning will occur.
+
+<DT><CODE>interface-interval</CODE>
+<DD>
+The server will scan the network interface list every
+<CODE>interface-interval</CODE> minutes.  The default is 60 minutes.
+If set to 0, interface scanning will only occur when the configuration
+file is loaded.  After the scan, listeners will be started on any new
+interfaces (provided they are allowed by the <CODE>listen-on</CODE>
+configuration).  Listeners on interfaces that have gone away will be
+cleaned up.
+
+<DT><CODE>statistics-interval</CODE>
+<DD>
+Nameserver statisitics will be logged every <CODE>statistics-interval</CODE>
+minutes.  The default is 60.  If set to 0, no statistics will be logged.
+</DL>
+
+<H4>Topology</H4>
+
+<P>All other things being equal, when the server chooses a nameserver
+to query from a list of nameservers, it prefers the one that is
+topologically closest to itself.  The <CODE>topology</CODE> statement
+takes an <VAR><A HREF="address_list.html">address_match_list</A></VAR>
+and interprets it in a special way.  Each top-level list element is
+assigned a distance.  Non-negated elements get a distance based on
+their position in the list, where the closer the match is to the start
+of the list, the shorter the distance is between it and the server.  A
+negated match will be assigned the maximum distance from the server.
+If there is no match, the address will get a distance which is further
+than any non-negated list element, and closer than any negated
+element.  For example,
+
+<PRE>
+    topology {
+        10/8;
+        !1.2.3/24;
+        { 1.2/16; 3/8; };
+    };
+</PRE>
+
+<P>will prefer servers on network 10 the most, followed by hosts on
+network 1.2.0.0 (netmask 255.255.0.0) and network 3, with the exception
+of hosts on network 1.2.3 (netmask 255.255.255.0), which is preferred least
+of all.
+
+<P>The default topology is
+
+<PRE>
+    topology { localhost; localnets; };
+</PRE>
+
+<HR>
+
+<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
+| <A HREF="http://www.vix.com/isc/bind.html">BIND Home</A>
+| <A HREF="http://www.isc.org">ISC</A> ]</P></CENTER>
+
+<HR>
+<ADDRESS>
+Last Updated: $Id: options.html,v 1.9 1998/03/21 01:02:59 halley Exp $
+</ADDRESS>
+</BODY>
+</HTML>
diff --git a/contrib/bind/doc/html/server.html b/contrib/bind/doc/html/server.html
new file mode 100644
index 0000000..0eb4dca
--- /dev/null
+++ b/contrib/bind/doc/html/server.html
@@ -0,0 +1,62 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+<HEAD>
+  <TITLE>BIND server Statement</TITLE>
+</HEAD>
+
+<BODY>
+<H2>BIND Configuration File Guide--<CODE>server</CODE> Statement</H2>
+
+<HR>
+
+<A NAME="Syntax"><H3>Syntax</H3></A>
+
+<PRE>
+server <VAR><A HREF="docdef.html">ip_addr</A></VAR> {
+  [ bogus <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
+  [ transfers <VAR><A HREF="docdef.html">number</A></VAR>; ]
+  [ transfer-format ( one-answer | many-answers ); ]
+  [ keys { <VAR><A HREF="key.html">key_id</A></VAR> [<VAR>key_id</VAR> ... ] }; ]
+};
+</PRE>
+
+<HR>
+
+<A NAME="Usage"><H3>Definition and Usage</H3></A>
+
+<P>The server statement defines the characteristics to be
+associated with a remote name server.</P>
+
+<P>If you discover that a server is giving out bad data, marking it as
+<CODE>bogus</CODE> will prevent further queries to it.  The default value of
+<CODE>bogus</CODE> is <CODE>no</CODE>.
+
+<P>The server supports two zone transfer methods.  The first,
+<CODE>one-answer</CODE>, uses one DNS message per resource record
+transferred.  <CODE>many-answers</CODE> packs as many resource records
+as possible into a message.  <CODE>many-answers</CODE> is more
+efficient, but is only known to be understood by BIND 8.1 and patched
+versions of BIND 4.9.5.  You can specify which method to use for a
+server with the <CODE>transfer-format</CODE> option.  If
+<CODE>transfer-format</CODE> is not specified, the <CODE>transfer-format</CODE>
+specified by the <CODE>options</CODE> statement will be used.
+
+<P>The <CODE>transfers</CODE> will be used in a future release of the server
+to limit the number of concurrent in-bound zone transfers from the specified
+server.  It is checked for syntax but is otherwise ignored.
+
+<P>The <CODE>keys</CODE> statement is intended for future use by the
+server.  It is checked for syntax but is otherwise ignored.
+
+<HR>
+
+<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
+| <A HREF="http://www.vix.com/isc/bind.html">BIND Home</A>
+|&nbsp;<A HREF="http://www.isc.org">ISC</A> ]</P></CENTER>
+
+<HR>
+<ADDRESS>
+Last Updated: $Id: server.html,v 1.6 1998/03/21 01:03:13 halley Exp $
+</ADDRESS>
+</BODY>
+</HTML>
diff --git a/contrib/bind/doc/html/zone.html b/contrib/bind/doc/html/zone.html
new file mode 100644
index 0000000..b6edb38
--- /dev/null
+++ b/contrib/bind/doc/html/zone.html
@@ -0,0 +1,140 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+<HEAD>
+  <TITLE>BIND zone Statement</TITLE>
+</HEAD>
+
+<BODY>
+<H2>BIND Configuration File Guide--<CODE>zone</CODE> Statement</H2>
+
+<HR>
+
+<A NAME="Syntax"><H3>Syntax</H3></A>
+
+<PRE>
+zone <VAR><A HREF="docdef.html">domain_name</A></VAR> [ ( in | hs | hesiod | chaos ) ] { 
+  type master;
+  file <VAR><A HREF="docdef.html">path_name</A></VAR>;
+  [ check-names ( warn | fail | ignore ); ]
+  [ allow-update { <VAR><A NAME="address_list.html">address_match_list</A></VAR> }; ]
+  [ allow-query { <VAR><A NAME="address_list.html">address_match_list</A></VAR> }; ]
+  [ allow-transfer { <VAR><A NAME="address_list.html">address_match_list</A></VAR> }; ]
+  [ notify <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
+  [ also-notify { <VAR><A HREF="docdef.html">ip_addr</A></VAR>; [ <VAR>ip_addr</VAR>; ... ] };
+};
+
+zone <VAR><A HREF="docdef.html">domain_name</A></VAR> [ ( in | hs | hesiod | chaos ) ] { 
+  type ( slave | stub );
+  [ file <VAR><A HREF="docdef.html">path_name</A></VAR>; ]
+  masters { <VAR><A HREF="docdef.html">ip_addr</A></VAR>; [ <VAR>ip_addr</VAR>; ... ] };
+  [ check-names ( warn | fail | ignore ); ]
+  [ allow-update { <VAR><A NAME="address_list.html">address_match_list</A></VAR> }; ]
+  [ allow-query { <VAR><A NAME="address_list.html">address_match_list</A></VAR> }; ]
+  [ allow-transfer { <VAR><A NAME="address_list.html">address_match_list</A></VAR> }; ]
+  [ max-transfer-time-in <VAR>number</VAR>; ]
+  [ notify <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
+  [ also-notify { <VAR><A HREF="docdef.html">ip_addr</A></VAR>; [ <VAR>ip_addr</VAR>; ... ] };
+};
+
+zone "." [ ( in | hs | hesiod | chaos ) ] { 
+  type hint;
+  file <VAR><A HREF="docdef.html">path_name</A></VAR>;
+  [ check-names ( warn | fail | ignore ); ]
+};
+</PRE>
+
+<HR>
+
+<A NAME="Usage"><H3>Definition and Usage</H3></A>
+
+<H4>Zone Types</H4>
+
+<DL>
+<DT><CODE>master</CODE>
+<DD>
+The master copy of the data in a zone.
+
+<DT><CODE>slave</CODE>
+<DD>
+A <CODE>slave</CODE> zone is a replica of a master zone.  The
+<CODE>masters</CODE> list specifies one or more IP addresses that the
+slave contacts to update its copy of the zone.  If <CODE>file</CODE>
+is specified, then the replica will be written to the file.  Use of
+<CODE>file</CODE> is recommended, since it often speeds server startup
+and eliminates a needless waste of bandwidth.
+
+<DT><CODE>stub</CODE>
+<DD>
+A <CODE>stub</CODE> zone is like a slave zone, except that it replicates
+only the NS records of a master zone instead of the entire zone.
+
+<DT><CODE>hint</CODE>
+<DD>
+The initial set of root nameservers is specified using a
+<CODE>hint</CODE> zone.  When the server starts up, it uses the root hints
+to find a root nameserver and get the most recent list of root nameservers.
+</DL>
+
+<P>Note: previous releases of BIND used the term <EM>primary</EM> for a
+master zone, <EM>secondary</EM> for a slave zone, and <EM>cache</EM> for
+a hint zone.</P>
+
+<H4>Class</H4>
+
+<P>The zone's name may optionally be followed by a class.  If a class is not
+specified, class <CODE>in</CODE> is used.
+
+<H4>Options</H4>
+
+<DL>
+<DT><CODE>check-names</CODE>
+<DD>
+See <A HREF="options.html#NameChecking">Name Checking</A>.
+
+<DT><CODE>allow-query</CODE>
+<DD>
+See the description of <CODE>allow-query</CODE> in the
+<A HREF="options.html#AccessControl">Access Control</A> section.
+
+<DT><CODE>allow-update</CODE>
+<DD>
+Specifies which hosts are allowed to submit Dynamic DNS updates to the
+server.  The default is to deny updates from all hosts.
+
+<DT><CODE>allow-transfer</CODE>
+<DD>
+See the description of <CODE>allow-transfer</CODE> in
+the <A HREF="options.html#AccessControl">Access Control</A> section.
+
+<DT><CODE>max-transfer-time-in</CODE>
+<DD>
+See the description of <CODE>max-transfer-time-in</CODE> in
+the <A HREF="options.html#ZoneTransfers">Zone Transfers</A> section.
+
+<DT><CODE>notify</CODE>
+<DD>
+See the description of <CODE>notify</CODE> in
+the <A HREF="options.html#BooleanOptions">Boolean Options</A> section.
+
+<DT><CODE>also-notify</CODE>
+<DD>
+<CODE>also-notify</CODE> is only meaningful if <CODE>notify</CODE> is
+active for this zone.  The set of machines that will receive a DNS
+NOTIFY message for this zone is made up of all the listed nameservers
+for the zone (other than the primary master) plus any IP addresses
+specified with <CODE>also-notify</CODE>.  <CODE>also-notify</CODE> is not
+meaningful for <CODE>stub</CODE> zones.  The default is the empty list.
+</DL>
+
+<HR>
+
+<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
+| <A HREF="http://www.vix.com/isc/bind.html">BIND Home</A>
+| <A HREF="http://www.isc.org">ISC</A> ]</P></CENTER>
+
+<HR>
+<ADDRESS>
+Last Updated: $Id: zone.html,v 1.6 1998/03/21 01:03:14 halley Exp $
+</ADDRESS>
+</BODY>
+</HTML>
diff --git a/contrib/bind/doc/man/Makefile b/contrib/bind/doc/man/Makefile
new file mode 100644
index 0000000..4ac138f
--- /dev/null
+++ b/contrib/bind/doc/man/Makefile
@@ -0,0 +1,385 @@
+## Portions Copyright (c) 1993 by Digital Equipment Corporation.
+## 
+## Permission to use, copy, modify, and distribute this software for any
+## purpose with or without fee is hereby granted, provided that the above
+## copyright notice and this permission notice appear in all copies, and that
+## the name of Digital Equipment Corporation not be used in advertising or
+## publicity pertaining to distribution of the document or software without
+## specific, written prior permission.
+## 
+## THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
+## WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
+## OF MERCHANTABILITY AND FITNESS.   IN NO EVENT SHALL DIGITAL EQUIPMENT
+## CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+## DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+## PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+## ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+## SOFTWARE.
+
+## Portions Copyright (c) 1996 by Internet Software Consortium
+##
+## Permission to use, copy, modify, and distribute this software for any
+## purpose with or without fee is hereby granted, provided that the above
+## copyright notice and this permission notice appear in all copies.
+##
+## THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+## ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+## OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+## CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+## DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+## PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+## ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+## SOFTWARE.
+
+#
+# Makefile to install the BIND 4.9 manual entries.
+#
+# Default Configuration:
+# 	There are a set of default assignments immediately following this 
+#	note. These defaults are for BSD4.4, BSD/386, other net2-alikes, 
+#	and will install manual entries with following characteristics:
+#	o  They will be catable (i.e., passed through nroff)
+#	o  They will be installed in the directories
+#		/usr/share/man/catN, where N is 1, 3, 5, 7, 8
+#	o  They will have an extension of `.0'
+#
+# Don't change these defaults. Instead, following the default configuration
+# are sets of commented values for particular systems that can be used
+# to override the default values.
+#
+
+#
+# Target directory for the manual directory tree. Eg., may be used to 
+# specify the path of an NFS-mounted directory for common files.
+#
+DESTDIR=
+
+#
+# Default location for manual section directories.
+#
+DESTMAN= /usr/share/man
+
+#
+# Install manuals in ${MANDIR}N. For systems that generate catable manual 
+# entries on the fly, use
+#	MANDIR = man
+#
+MANDIR = cat
+
+#
+# Default extension for manual entries. To install the manual entries under
+# their `real' extensions use 
+#	CATEXT = $$N
+#
+CATEXT = 0
+
+#
+# Command to install manual entries
+#
+INSTALL= install
+
+#
+# `install' options to set Owner and Group for manual entries. Eg. for 
+# BSD `install' use
+# 	MAN_OWNER = -o bin
+#	MAN_GROUP = -g bin
+#
+MAN_OWNER =
+MAN_GROUP =
+
+SHELL= /bin/sh
+
+INDOT=
+XFER_INDOT=
+#
+# Uppercase versions of the above variables (`INDOT_U' and `XFER_INDOT_U')
+# are defined for use in `.TH' lines.
+#
+
+#
+# Command used to generate a manual entry. By default this produces catable
+# manual entries.
+#
+# For systems that store manuals in MDOC form (eg modern BSD systems) and
+# can generate catable manual entries on the fly the following assignment
+# can be used. 
+#	MANROFF = cat
+#
+MANROFF = ( tbl | nroff -mandoc )
+
+#
+# Default extensions for installed manual entries. The following variables 
+# have been defined to allow BIND's manual entries to be installed in the 
+# right place for a given platform.
+#
+# 	CMD_EXT = extension for user commands (eg, dig)
+# 	LIB_NETWORK_EXT = extension for network library routines (eg, 
+#			gethostbyname)
+# 	FORMAT_EXT = extension for files describing file formats
+#			(eg, resolver)
+# 	DESC_EXT = extension for descriptive files (eg, mailaddr)
+# 	SYS_OPS_EXT =  extension system operation and maintenance commands 
+#			and applications. (eg, named, named-xfer, syslog)
+#
+# Associated with each variable is an additional variable with the suffix
+# `_DIR' that specifies the suffix to ${MANDIR}. It's needed because on
+# some systems, eg., Ultrix, multiple subsections (eg 3x, 3m 3n) are 
+# stored in generic manual section directories (eg., man3).
+#
+# Associated with each variable is an additional variable with the suffix
+# `_U' which gives the upper case form of the variable for use in `.TH'
+# commands. Useful for platforms (such as Solaris 2) that include letters
+# in manual sections.
+#
+CMD_EXT = 1
+CMD_EXT_DIR = ${CMD_EXT}
+LIB_NETWORK_EXT = 3
+LIB_NETWORK_EXT_DIR = ${LIB_NETWORK_EXT}
+FORMAT_EXT = 5
+FORMAT_EXT_DIR = ${FORMAT_EXT}
+DESC_EXT = 7
+DESC_EXT_DIR = ${DESC_EXT}
+SYS_OPS_EXT = 8
+SYS_OPS_EXT_DIR = ${SYS_OPS_EXT}
+
+#
+# Additional variables are defined for cross-references within manual
+# entries:
+#	SYSCALL_EXT = extension for system calls
+#	BSD_SYSCALL_EXT = extension for BSD-specifc system calls. On some
+#			systems (eg Ultrix) these appear in section 2.
+#			On other system (eg SunOS 5) these are implemented
+#			via a BSD-compatibility library and appear in 
+#			section 3.
+#	LIB_C_EXT = extension for C library routines (eg, signal)
+#
+SYSCALL_EXT = 2
+SYSCALL_EXT_DIR = ${SYSCALL_EXT}
+BSD_SYSCALL_EXT = 2
+BSD_SYSCALL_EXT_DIR = ${BSD_SYSCALL_EXT}
+LIB_C_EXT = 3
+LIB_C_EXT_DIR = ${LIB_C_EXT}
+
+######################################################################
+#
+# No user changes needed past this point.
+#
+######################################################################
+#
+# This sed command is used to update the manual entries so they refer to 
+# the appropriate section of the manual for a given platform.
+#
+EXT_SED_CMD =	INDOT_U=`echo "${INDOT}"|tr "[a-z]" "[A-Z]"`; \
+		export INDOT_U; \
+		XFER_INDOT_U=`echo "${XFER_INDOT}"|tr "[a-z]" "[A-Z]"`; \
+		export XFER_INDOT_U; \
+		CMD_EXT_U=`echo "${CMD_EXT}"|tr "[a-z]" "[A-Z]"`; \
+		export CMD_EXT_U; \
+		SYS_OPS_EXT_U=`echo "${SYS_OPS_EXT}"|tr "[a-z]" "[A-Z]"`; \
+		export SYS_OPS_EXT_U; \
+		LIB_NETWORK_EXT_U=`echo "${LIB_NETWORK_EXT}"|tr "[a-z]" "[A-Z]"`; \
+		export LIB_NETWORK_EXT_U; \
+		FORMAT_EXT_U=`echo "${FORMAT_EXT}"|tr "[a-z]" "[A-Z]"`; \
+		export FORMAT_EXT_U; \
+		DESC_EXT_U=`echo "${DESC_EXT}"|tr "[a-z]" "[A-Z]"`; \
+		export DESC_EXT_U; \
+		SYSCALL_EXT_U=`echo "${SYSCALL_EXT}"|tr "[a-z]" "[A-Z]"`; \
+		export SYSCALL_EXT_U; \
+		BSD_SYSCALL_EXT_U=`echo "${BSD_SYSCALL_EXT}"|tr "[a-z]" "[A-Z]"`; \
+		export BSD_SYSCALL_EXT_U; \
+		LIB_C_EXT_U=`echo "${LIB_C_EXT}"|tr "[a-z]" "[A-Z]"`; \
+		export LIB_C_EXT_U; \
+		sed -e "s/@INDOT@/${INDOT}/g" \
+		-e "s/@INDOT_U@/$${INDOT_U}/g" \
+		-e "s/@XFER_INDOT@/${XFER_INDOT}/g" \
+		-e "s/@XFER_INDOT_U@/$${XFER_INDOT_U}/g" \
+		-e "s/@CMD_EXT@/${CMD_EXT}/g" \
+		-e "s/@CMD_EXT_U@/$${CMD_EXT_U}/g" \
+		-e "s/@LIB_NETWORK_EXT@/${LIB_NETWORK_EXT}/g" \
+		-e "s/@LIB_NETWORK_EXT_U@/$${LIB_NETWORK_EXT_U}/g" \
+		-e "s/@FORMAT_EXT@/${FORMAT_EXT}/g" \
+		-e "s/@FORMAT_EXT_U@/$${FORMAT_EXT_U}/g" \
+		-e "s/@DESC_EXT@/${DESC_EXT}/g" \
+		-e "s/@DESC_EXT_U@/$${DESC_EXT_U}/g" \
+		-e "s/@SYS_OPS_EXT@/${SYS_OPS_EXT}/g" \
+		-e "s/@SYS_OPS_EXT_U@/$${SYS_OPS_EXT_U}/g" \
+		-e "s/@SYSCALL_EXT@/${SYSCALL_EXT}/g" \
+		-e "s/@SYSCALL_EXT_U@/$${SYSCALL_EXT_U}/g" \
+		-e "s/@BSD_SYSCALL_EXT@/${BSD_SYSCALL_EXT}/g" \
+		-e "s/@BSD_SYSCALL_EXT_U@/$${BSD_SYSCALL_EXT_U}/g" \
+		-e "s/@LIB_C_EXT@/${LIB_C_EXT}/g" \
+		-e "s/@LIB_C_EXT_U@/$${LIB_C_EXT_U}/g"
+
+#
+# Command used to produce manual entries
+#
+MK_MANFILE = ( ${EXT_SED_CMD} | ${MANROFF} )
+
+#
+# Extensions for the generated manual entries
+#
+OUT_EXT = lst
+CMD_OUT_EXT = ${OUT_EXT}${CMD_EXT}
+LIB_NETWORK_OUT_EXT = ${OUT_EXT}${LIB_NETWORK_EXT}
+FORMAT_OUT_EXT = ${OUT_EXT}${FORMAT_EXT}
+DESC_OUT_EXT = ${OUT_EXT}${DESC_EXT}
+SYS_OPS_OUT_EXT = ${OUT_EXT}${SYS_OPS_EXT}
+
+#
+# User command manual entries
+#
+CMD_BASE = 	dig host dnsquery
+CMD_SRC_EXT = 	1
+CMD_SRC = 	dig.${CMD_SRC_EXT} \
+		host.${CMD_SRC_EXT} \
+		dnsquery.${CMD_SRC_EXT} \
+		dnskeygen.${CMD_SRC_EXT} \
+		dnssigner.${CMD_SRC_EXT}
+CMD_OUT =	dig.${CMD_OUT_EXT} \
+		host.${CMD_OUT_EXT} \
+		dnsquery.${CMD_OUT_EXT} \
+		dnskeygen.${CMD_OUT_EXT} \
+		dnssigner.${CMD_OUT_EXT}
+
+#
+# named manual entries
+#
+NAMED_BASE =	named ndc
+SYS_OPS_SRC_EXT = 8
+NAMED_SRC = 	named.${SYS_OPS_SRC_EXT} ndc.${SYS_OPS_SRC_EXT}
+NAMED_OUT = 	named.${SYS_OPS_OUT_EXT} ndc.${SYS_OPS_OUT_EXT}
+
+#
+# named-xfer manual entry
+#
+NAMED_XFER_BASE = named-xfer
+NAMED_XFER_SRC = named-xfer.${SYS_OPS_SRC_EXT}
+NAMED_XFER_OUT = named-xfer.${SYS_OPS_OUT_EXT}
+
+#
+# nslookup manual entry
+#
+NSLOOKUP_BASE = nslookup
+NSLOOKUP_SRC = 	nslookup.${SYS_OPS_SRC_EXT}
+NSLOOKUP_OUT = 	nslookup.${SYS_OPS_OUT_EXT}
+
+#
+# Network library routines manual entries
+#
+LIB_NETWORK_BASE =	gethostbyname resolver getnetent
+LIB_NETWORK_SRC_EXT =	3
+LIB_NETWORK_SRC = 	gethostbyname.${LIB_NETWORK_SRC_EXT} \
+			resolver.${LIB_NETWORK_SRC_EXT} \
+			getnetent.${LIB_NETWORK_SRC_EXT}
+LIB_NETWORK_OUT =	gethostbyname.${LIB_NETWORK_OUT_EXT} \
+			resolver.${LIB_NETWORK_OUT_EXT} \
+			getnetent.${LIB_NETWORK_OUT_EXT}
+
+#
+# File format manual entries
+#
+FORMAT_BASE =	resolver irs.conf
+FORMAT_SRC_EXT = 5
+FORMAT_SRC = 	resolver.${FORMAT_SRC_EXT} \
+		irs.conf.${FORMAT_SRC_EXT}
+FORMAT_OUT = 	resolver.${FORMAT_OUT_EXT} \
+		irs.conf.${FORMAT_OUT_EXT}
+
+#
+# Feature Description manual entries
+#
+DESC_BASE =	hostname mailaddr
+DESC_SRC_EXT = 	7
+DESC_SRC = 	hostname.${DESC_SRC_EXT} mailaddr.${DESC_SRC_EXT}
+DESC_OUT = 	hostname.${DESC_OUT_EXT} mailaddr.${DESC_OUT_EXT}
+
+.SUFFIXES:	.${CMD_SRC_EXT} .${CMD_OUT_EXT} \
+		.${SYS_OPS_SRC_EXT} .${SYS_OPS_OUT_EXT} \
+		.${LIB_NETWORK_SRC_EXT} .${LIB_NETWORK_OUT_EXT} \
+		.${FORMAT_SRC_EXT} .${FORMAT_OUT_EXT} \
+		.${DESC_SRC_EXT} .${DESC_OUT_EXT} 
+
+.${CMD_SRC_EXT}.${CMD_OUT_EXT}:
+	@echo "$*.${CMD_SRC_EXT} -> $*.${CMD_OUT_EXT}"
+	@${MK_MANFILE} <$*.${CMD_SRC_EXT} >$*.${CMD_OUT_EXT}
+
+.${SYS_OPS_SRC_EXT}.${SYS_OPS_OUT_EXT}:
+	@echo "$*.${SYS_OPS_SRC_EXT} -> $*.${SYS_OPS_OUT_EXT}"
+	@${MK_MANFILE} <$*.${SYS_OPS_SRC_EXT} >$*.${SYS_OPS_OUT_EXT}
+
+.${LIB_NETWORK_SRC_EXT}.${LIB_NETWORK_OUT_EXT}:
+	@echo "$*.${LIB_NETWORK_SRC_EXT} -> $*.${LIB_NETWORK_OUT_EXT}"
+	@${MK_MANFILE} <$*.${LIB_NETWORK_SRC_EXT} >$*.${LIB_NETWORK_OUT_EXT}
+
+.${FORMAT_SRC_EXT}.${FORMAT_OUT_EXT}:
+	@echo "$*.${FORMAT_SRC_EXT} -> $*.${FORMAT_OUT_EXT}"
+	@${MK_MANFILE} <$*.${FORMAT_SRC_EXT} >$*.${FORMAT_OUT_EXT}
+
+.${DESC_SRC_EXT}.${DESC_OUT_EXT}:
+	@echo "$*.${DESC_SRC_EXT} -> $*.${DESC_OUT_EXT}"
+	@${MK_MANFILE} <$*.${DESC_SRC_EXT} >$*.${DESC_OUT_EXT}
+
+OUTFILES =	${CMD_OUT} ${NAMED_OUT} ${NAMED_XFER_OUT} ${NSLOOKUP_OUT} \
+		${LIB_NETWORK_OUT} ${FORMAT_OUT} ${DESC_OUT}
+
+all:	${OUTFILES}
+
+install:	${OUTFILES} \
+		${DESTDIR}${DESTMAN}/${MANDIR}${CMD_EXT_DIR} \
+		${DESTDIR}${DESTMAN}/${MANDIR}${SYS_OPS_EXT_DIR} \
+		${DESTDIR}${DESTMAN}/${MANDIR}${LIB_NETWORK_EXT_DIR} \
+		${DESTDIR}${DESTMAN}/${MANDIR}${FORMAT_EXT_DIR} \
+		${DESTDIR}${DESTMAN}/${MANDIR}${DESC_EXT_DIR}
+	@set -x; N=${CMD_EXT}; for f in ${CMD_BASE}; do \
+		${INSTALL} -c -m 444 ${MAN_OWNER} ${MAN_GROUP} \
+		$${f}.${CMD_OUT_EXT} \
+		${DESTDIR}${DESTMAN}/${MANDIR}${CMD_EXT_DIR}/$${f}.${CATEXT}; \
+	done
+	@set -x; N=${SYS_OPS_EXT}; for f in ${NAMED_BASE}; do \
+		${INSTALL} -c -m 444 ${MAN_OWNER} ${MAN_GROUP} \
+		$${f}.${SYS_OPS_OUT_EXT} \
+		${DESTDIR}${DESTMAN}/${MANDIR}${SYS_OPS_EXT_DIR}/${INDOT}$${f}.${CATEXT}; \
+	done
+	@set -x; N=${SYS_OPS_EXT}; for f in ${NAMED_XFER_BASE}; do \
+		${INSTALL} -c -m 444 ${MAN_OWNER} ${MAN_GROUP} \
+		$${f}.${SYS_OPS_OUT_EXT} \
+		${DESTDIR}${DESTMAN}/${MANDIR}${SYS_OPS_EXT_DIR}/${XFER_INDOT}$${f}.${CATEXT}; \
+	done
+	@set -x; N=${SYS_OPS_EXT}; for f in ${NSLOOKUP_BASE}; do \
+		${INSTALL} -c -m 444 ${MAN_OWNER} ${MAN_GROUP} \
+		$${f}.${SYS_OPS_OUT_EXT} \
+		${DESTDIR}${DESTMAN}/${MANDIR}${SYS_OPS_EXT_DIR}/$${f}.${CATEXT}; \
+	done
+	@set -x; N=${LIB_NETWORK_EXT}; for f in ${LIB_NETWORK_BASE}; do \
+		${INSTALL} -c -m 444 ${MAN_OWNER} ${MAN_GROUP} \
+		$${f}.${LIB_NETWORK_OUT_EXT} \
+		${DESTDIR}${DESTMAN}/${MANDIR}${LIB_NETWORK_EXT_DIR}/$${f}.${CATEXT}; \
+	done
+	@set -x; N=${FORMAT_EXT}; for f in ${FORMAT_BASE}; do \
+		${INSTALL} -c -m 444 ${MAN_OWNER} ${MAN_GROUP} \
+		$${f}.${FORMAT_OUT_EXT} \
+		${DESTDIR}${DESTMAN}/${MANDIR}${FORMAT_EXT_DIR}/$${f}.${CATEXT}; \
+	done
+	@set -x; N=${DESC_EXT}; for f in ${DESC_BASE}; do \
+		${INSTALL} -c -m 444 ${MAN_OWNER} ${MAN_GROUP} \
+		$${f}.${DESC_OUT_EXT} \
+		${DESTDIR}${DESTMAN}/${MANDIR}${DESC_EXT_DIR}/$${f}.${CATEXT}; \
+	done
+
+${DESTDIR}${DESTMAN}/${MANDIR}${CMD_EXT_DIR} \
+${DESTDIR}${DESTMAN}/${MANDIR}${SYS_OPS_EXT_DIR} \
+${DESTDIR}${DESTMAN}/${MANDIR}${LIB_NETWORK_EXT_DIR} \
+${DESTDIR}${DESTMAN}/${MANDIR}${FORMAT_EXT_DIR} \
+${DESTDIR}${DESTMAN}/${MANDIR}${DESC_EXT_DIR}:
+	mkdir $@
+
+links: FRC
+	@set -ex; ln -s SRC/*.[0-9] .
+
+depend:
+
+clean:
+	rm -f *~ *.BAK *.CKP *.orig
+	rm -f ${OUTFILES}
+
+FRC:
diff --git a/contrib/bind/doc/man/dig.1 b/contrib/bind/doc/man/dig.1
new file mode 100644
index 0000000..72de71f
--- /dev/null
+++ b/contrib/bind/doc/man/dig.1
@@ -0,0 +1,680 @@
+.\" $Id: dig.1,v 8.3 1998/03/21 01:01:23 halley Exp $
+.\"
+.\" ++Copyright++ 1993
+.\" -
+.\" Copyright (c) 1993
+.\"    The Regents of the University of California.  All rights reserved.
+.\" 
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\" 	This product includes software developed by the University of
+.\" 	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\" 
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\" -
+.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
+.\" 
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies, and that
+.\" the name of Digital Equipment Corporation not be used in advertising or
+.\" publicity pertaining to distribution of the document or software without
+.\" specific, written prior permission.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
+.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS.   IN NO EVENT SHALL DIGITAL EQUIPMENT
+.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+.\" SOFTWARE.
+.\" -
+.\" --Copyright--
+.\"
+.\" Distributed with 'dig' version 2.0 from University of Southern
+.\" California Information Sciences Institute (USC-ISI).
+.\"
+.\"       dig.1   2.0 (USC-ISI) 8/30/90
+.\"
+.Dd August 30, 1990
+.Dt DIG @CMD_EXT_U@
+.Os BSD 4
+.Sh NAME
+.Nm dig
+.Nd send domain name query packets to name servers
+.Sh SYNOPSIS
+.Nm dig 
+.Op Ic @ Ns Ar server
+.Ar domain
+.Op Aq Ar query-type
+.Op Aq Ar query-class
+.Op Ic + Ns Aq Ar query-option
+.Op Fl Aq Ar dig-option
+.Op Ar %comment
+.Sh DESCRIPTION
+.Ic Dig
+(domain information groper) is a flexible command line tool
+which can be used to gather information from the Domain
+Name System servers. 
+.Ic Dig
+has two modes: simple interactive mode
+for a single query, and batch mode which executes a query for
+each in a list of several query lines. All query options are
+accessible from the command line.
+.Pp
+The usual simple use of 
+.Ic dig
+will take the form:
+.Pp
+.Bd -ragged -offset indent-two
+.Ic dig @ Ns Ar server  domain   query-type  query-class
+.Ed
+.Pp
+where:
+.Bl -tag -width Fl
+.It Ar server
+may be either a domain name or a dot-notation
+Internet address. If this optional field is omitted, 
+.Ic dig
+will attempt to use the default name server for your machine.
+.sp 1
+.Em Note:
+If a domain name is specified, this will be resolved
+using the domain name system resolver (i.e., BIND). If your
+system does not support DNS, you may 
+.Em have
+to specify a
+dot-notation address.  Alternatively, if there is a server
+at your disposal somewhere,  all that is required is that
+.Pa /etc/resolv.conf 
+be present and indicate where the default
+name servers reside,  so that  
+.Ar server 
+itself can be resolved. See 
+.Xr resolver @FORMAT_EXT@
+for information on 
+.Pa /etc/resolv.conf .
+.Sy WARNING: 
+Changing 
+.Pa /etc/resolv.conf 
+will affect both the standard resolver library and 
+.Pq potentially 
+several programs which use it.
+As an option, the user may set the
+environment variable 
+.Ev LOCALRES 
+to name a file which is to
+be used instead of 
+.Pa /etc/resolv.conf 
+.Po Ns Ev LOCALRES 
+is specific to the 
+.Ic dig
+resolver and is not referenced by the standard resolver
+.Pc .
+If the 
+.Ev LOCALRES 
+variable is not set or the specified file
+is not readable, then 
+.Pa /etc/resolv.conf 
+will be used.
+.It Ar domain
+is the domain name for which you are requesting information.
+See the 
+.Fl x 
+option (documented in the
+.Sx OTHER OPTIONS 
+subsection of this section) for convenient way to specify inverse address
+query.
+.It Ar query-type
+is the type of information (DNS query type) that
+you are requesting. If omitted, the default is 
+.Dq Ar a 
+.Pq Dv T_A = Ar address .
+The following types are recognized:
+.Pp
+.Bl -hang -width "hinfo  T_HINFO   " -compact
+.It Ar a\ \ \ \ \ \  Dv T_A
+network address
+.It Ar any\ \ \ \  Dv T_ANY
+all/any information about specified domain
+.It Ar mx\ \ \ \ \  Dv T_MX
+mail exchanger for the domain
+.It Ar ns\ \ \ \ \  Dv T_NS
+name servers
+.It Ar soa\ \ \ \  Dv T_SOA
+zone of authority record
+.It Ar hinfo\ \  Dv T_HINFO
+host information
+.It Ar axfr\ \ \  Dv T_AXFR
+zone transfer (must ask an authoritative server)
+.It Ar txt\ \ \ \  Dv T_TXT
+arbitrary number of strings
+.El
+.Pp
+(See RFC 1035 for the complete list.)
+.It Ar query-class
+is the network class requested in the query. If
+omitted, the default is 
+.Dq Ar in 
+.Pq Dv C_IN = Ar Internet .
+The following classes are recognized:
+.Pp
+.Bl -tag -width "hinfo  T_HINFO   " -compact
+.It Ar in\ \ \ \ \  Dv C_IN
+Internet class domain
+.It Ar any\ \ \ \  Dv C_ANY
+all/any class information
+.El
+.Pp
+(See RFC 1035 for the complete list.)
+.Pp
+.Em Note:
+.Dq Ar Any
+can be used to specify a 
+.Em class 
+and/or a 
+.Em type 
+of query. 
+.Ic Dig
+will parse the first occurrence of 
+.Dq Ar any
+to mean 
+.Ar query-type = Dv T_ANY . 
+To specify 
+.Ar query-class = Dv C_ANY ,
+you must either specify 
+.Dq any 
+twice, or set
+.Ar query-class 
+using the 
+.Fl c 
+option (see below).
+.El
+.Ss OTHER OPTIONS
+.Bl -tag -width Fl
+.It % Ns Ar ignored-comment
+.Dq % 
+is used to included an argument that is simply not
+parsed.  This may be useful  if running 
+.Ic dig
+in batch
+mode. Instead of resolving every 
+.Ar @server-domain-name 
+in a list of queries, you can avoid the overhead of doing
+so, and still have the domain name on the command line
+as a reference. Example:
+.Pp
+.Bd -ragged -offset indent-two
+.Ic dig  @128.9.0.32  %venera.isi.edu  mx  isi.edu
+.Ed
+.Pp
+.It Fl Aq Ar dig option
+.Dq Fl
+is used to specify an option which affects the operation of 
+.Ic dig . 
+The following options are currently
+available (although not guaranteed to be useful):
+.Bl -tag -width Fl
+.It Fl x Ar dot-notation-address
+Convenient form to specify inverse address mapping.
+Instead of 
+.Dq Ic dig 32.0.9.128.in-addr.arpa , 
+one can simply 
+.Dq Ic dig -x 128.9.0.32 .
+.It Fl f Ar file
+File for 
+.Ic dig
+batch mode. The file contains a list
+of query specifications
+(
+.Ns Ic dig 
+command lines) which are to be executed successively.  Lines beginning with 
+.Sq \&; ,
+.Sq # ,
+or
+.Sq \en 
+are ignored.  Other options
+may still appear on command line, and will be in
+effect for each batch query.
+.It Fl T Ar time
+Time in seconds between start of successive
+queries when running in batch mode. Can be used
+to keep two or more batch 
+.Ic dig
+commands running
+roughly in sync.  Default is zero.
+.It Fl p Ar port
+Port number. Query a name server listening to a
+non-standard port number.  Default is 53.
+.It Fl P Ns Bq Ar ping-string
+After query returns, execute a 
+.Xr ping @SYS_OPS_EXT@
+command for response time comparison.  This rather
+unelegantly makes a call to the shell.  The last
+three lines of statistics is printed for the
+command:
+.Pp
+.Bd -ragged -offset indent-two
+.Ic ping Fl s server_name 56 3
+.Ed 
+.Pp
+If the optional 
+.Dq Ar ping_string 
+is present, it
+replaces 
+.Dq Ic ping Fl s 
+in the shell command.
+.It Fl t Ar query-type
+Specify type of query.  May specify either an
+integer value to be included in the type field
+or use the abbreviated mnemonic as discussed
+above (i.e., 
+.Ar mx  = Dv T_MX ) .
+.It Fl c Ar query-class
+Specify class of query. May specify either an
+integer value to be included in the class field
+or use the abbreviated mnemonic as discussed
+above (i.e., in = C_IN).
+.It Fl envsav
+This flag specifies that the 
+.Ic dig
+environment
+(defaults, print options, etc.), after
+all of the arguments are parsed, should be saved
+to a file to become the default environment.
+This is useful if you do not like the standard set of
+defaults and do not desire to include a
+large number of options each time 
+.Ic dig
+is used.  The environment consists of resolver state
+variable flags, timeout, and retries as well as the flags detailing 
+.Ic dig
+output (see below).
+If the shell environment variable 
+.Ev LOCALDEF 
+is set to the name of a file, this is where the default
+.Ic dig
+environment is saved.  If not, the file
+.Dq Pa DiG.env 
+is created in the current working directory.
+.Pp
+.Em Note: 
+.Ev LOCALDEF 
+is specific to the 
+.Ic dig
+resolver,
+and will not affect operation of the standard
+resolver library.
+.Pp
+Each time 
+.Ic dig
+is executed, it looks for 
+.Dq Pa ./DiG.env
+or the file specified by the shell environment variable
+.Ev LOCALDEF . 
+If such file exists and is readable, then the
+environment is restored from this file before any arguments are parsed.
+.It Fl envset
+This flag only affects batch query runs. When 
+.Dq Fl envset 
+is specified on a line in a 
+.Ic dig
+batch file, the 
+.Ic dig
+environment after the arguments are parsed
+becomes the default environment for the duration of
+the batch file, or until the next line which specifies
+.Dq Fl envset .
+.It Xo
+.Fl Op Cm no 
+.Ns Cm stick
+.Xc
+This flag only affects batch query runs.
+It specifies that the 
+.Ic dig
+environment (as read initially
+or set by 
+.Dq Fl envset 
+switch) is to be restored before each query (line) in a 
+.Ic dig
+batch file.
+The default 
+.Dq Fl nostick 
+means that the 
+.Ic dig
+environment does not stick, hence options specified on a single line
+in a 
+.Ic dig
+batch file will remain in effect for
+subsequent lines (i.e. they are not restored to the 
+.Dq sticky 
+default).
+.El
+.It Ic + Ns Aq Ar query-option
+.Dq +
+is used to specify an option to be changed in the query packet or to change 
+.Ic dig
+output specifics. Many of these are the same parameters accepted by 
+.Xr nslookup @SYS_OPS_EXT@ .
+If an option requires a parameter, the form is as follows:
+.Pp
+.Bd -ragged -offset indent-two
+.Ic + 
+.Ns Ar keyword 
+.Ns Op = Ns Ar value
+.Ed
+.Pp
+Most keywords can be abbreviated.  Parsing of the 
+.Dq +
+options  is very  simplistic \(em a value must not be
+separated from its keyword by white space. The following
+keywords are currently available:
+.Pp
+Keyword      Abbrev.  Meaning [default]
+.Pp
+.Bl -tag -width "[no]primary  (ret)    " -compact
+.It Xo
+.Op Cm no 
+.Ns Cm debug\ \ \ \ 
+.Pq Cm deb
+.Xc
+turn on/off debugging mode 
+.Bq Cm deb
+.It Xo
+.Op Cm no 
+.Ns Cm d2\ \ \ \ \ \ \ \ \ \ 
+.Xc
+turn on/off extra debugging mode 
+.Bq Cm nod2
+.It Xo
+.Op Cm no 
+.Ns Cm recurse\ \ 
+.Pq Cm rec
+.Xc
+use/don't use recursive lookup 
+.Bq Cm rec
+.It Xo
+.Cm retry= Ns Ar #
+.Cm \ \ \ \ \ 
+.Pq Cm ret
+.Xc 
+set number of retries to # 
+.Bq 4
+.It Xo
+.Cm time= Ns Ar #
+.Cm \ \ \ \ \ \ 
+.Pq Cm ti
+.Xc
+set timeout length to # seconds 
+.Bq 4
+.It Xo
+.Op Cm no 
+.Ns Cm ko
+.Xc
+keep open option (implies vc) 
+.Bq Cm noko
+.It Xo
+.Op Cm no 
+.Ns Cm vc
+.Xc
+use/don't use virtual circuit 
+.Bq Cm novc
+.It Xo
+.Op Cm no 
+.Ns Cm defname\ \ 
+.Pq Cm def
+.Xc
+use/don't use default domain name 
+.Bq Cm def
+.It Xo
+.Op Cm no 
+.Ns Cm search\ \ \ 
+.Pq Cm sea
+.Xc
+use/don't use domain search list 
+.Bq Cm sea
+.It Xo
+.Cm domain= Ns Ar NAME\ \ 
+.Pq Cm do
+.Xc
+set default domain name to 
+.Ar NAME
+.It Xo
+.Op Cm no 
+.Ns Cm ignore\ \ \ 
+.Pq Cm i
+.Xc
+ignore/don't ignore trunc. errors 
+.Bq Cm noi
+.It Xo
+.Op Cm no 
+.Ns Cm primary\ \ 
+.Pq Cm pr
+.Xc
+use/don't use primary server 
+.Bq Cm nopr
+.It Xo
+.Op Cm no 
+.Ns Cm aaonly\ \ \ 
+.Pq Cm aa
+.Xc
+authoritative query only flag 
+.Bq Cm noaa
+.It Xo
+.Op Cm no 
+.Ns Cm cmd
+.Xc
+echo parsed arguments 
+.Bq Cm cmd
+.It Xo
+.Op Cm no 
+.Ns Cm stats\ \ \ \ 
+.Pq Cm st
+.Xc
+print query statistics 
+.Bq Cm st
+.It Xo
+.Op Cm no 
+.Ns Cm Header\ \ \ 
+.Pq Cm H
+.Xc
+print basic header 
+.Bq Cm H
+.It Xo
+.Op Cm no 
+.Ns Cm header\ \ \ 
+.Pq Cm he
+.Xc
+print header flags 
+.Bq Cm he
+.It Xo
+.Op Cm no 
+.Ns Cm ttlid\ \ \ \ 
+.Pq Cm tt
+.Xc
+print TTLs 
+.Bq Cm tt
+.It Xo
+.Op Cm no 
+.Ns Cm cl
+.Xc
+print class info 
+.Bq Cm nocl
+.It Xo
+.Op Cm no 
+.Ns Cm qr
+.Xc
+print outgoing query 
+.Bq Cm noqr
+.It Xo
+.Op Cm no 
+.Ns Cm reply\ \ \ \ 
+.Pq Cm rep
+.Xc
+print reply 
+.Bq Cm rep
+.It Xo
+.Op Cm no 
+.Ns Cm ques\ \ \ \ \ 
+.Pq Cm qu
+.Xc
+print question section 
+.Bq Cm qu
+.It Xo
+.Op Cm no 
+.Ns Cm answer\ \ \ 
+.Pq Cm an
+.Xc
+print answer section 
+.Bq Cm an
+.It Xo
+.Op Cm no 
+.Ns Cm author\ \ \ 
+.Pq Cm au
+.Xc
+print authoritative section 
+.Bq Cm au
+.It Xo
+.Op Cm no 
+.Ns Cm addit\ \ \ \ 
+.Pq Cm ad
+.Xc
+print additional section 
+.Bq Cm ad
+.It Cm pfdef 
+set to default print flags
+.It Cm pfmin 
+set to minimal default print flags
+.It Cm pfset= Ns Ar # 
+set print flags to #
+(# can be hex/octal/decimal)
+.It Cm pfand= Ns Ar #
+bitwise and print flags with #
+.It Cm pfor= Ns Ar #
+bitwise or print flags with #
+.El
+.Pp
+The 
+.Cm retry 
+and 
+.Cm time 
+options affect the retransmission strategy used by the resolver 
+library when sending datagram queries.  The algorithm is as follows:
+.Pp
+.Bd -literal -offset indent
+for i = 0 to retry - 1
+    for j = 1 to num_servers
+	send_query
+	wait((time * (2**i)) / num_servers)
+    end
+end
+.Ed
+.Pp
+(Note: 
+.Ic dig
+always uses a value of 1 for 
+.Dq Li num_servers . ) 
+.El
+.Ss DETAILS
+.Ic Dig
+once required a slightly modified version of the BIND 
+.Xr resolver @LIB_NETWORK_EXT@
+library.  As of BIND 4.9, BIND's resolver has been augmented to work
+properly with 
+.Ic dig .  
+Essentially, 
+.Ic dig
+is a straight-forward
+(albeit not pretty) effort of parsing arguments and setting appropriate
+parameters.  
+.Ic Dig
+uses 
+.Xr resolver @LIB_NETWORK_EXT@
+routines 
+.Fn res_init , 
+.Fn res_mkquery ,
+.Fn res_send 
+as well as accessing the 
+.Ft _res 
+structure. 
+.Sh ENVIRONMENT
+.Bl -tag -width "LOCALRES  " -compact
+.It Ev LOCALRES
+file to use in place of Pa /etc/resolv.conf
+.It Ev LOCALDEF
+default environment file
+.El
+.Pp
+See also the explanation of the
+.Fl envsav ,
+.Fl envset , 
+and
+.Xo
+.Fl Op Cm no 
+.Ns Cm stick
+.Xc
+options, above.
+.Sh FILES
+.Bl -tag -width "/etc/resolv.conf  " -compact
+.It Pa /etc/resolv.conf	
+initial domain name and name server addresses
+.It Pa \./DiG.env
+default save file for default options
+.El
+.Sh SEE ALSO
+.Xr @INDOT@named @SYS_OPS_EXT@ , 
+.Xr resolver @LIB_NETWORK_EXT@ , 
+.Xr resolver @FORMAT_EXT@ ,  
+.Xr nslookup @SYS_OPS_EXT@ . 
+.Sh STANDARDS
+RFC 1035.
+.Sh AUTHOR
+Steve Hotz 
+hotz@isi.edu
+.Sh ACKNOWLEDGMENTS
+.Ic Dig
+uses functions from 
+.Xr nslookup @SYS_OPS_EXT@
+authored by Andrew Cherenson.
+.Sh BUGS
+.Ic Dig
+has a serious case of "creeping featurism" -- the result of
+considering several potential uses during it's development.  It would
+probably benefit from a rigorous diet.  Similarly, the print flags
+and granularity of the items they specify make evident their
+rather ad hoc genesis.
+.Pp
+.Ic Dig
+does not consistently exit nicely (with appropriate status)
+when a problem occurs somewhere in the resolver 
+.Po Sy NOTE: 
+most of the common exit cases are handled
+.Pc .  
+This is particularly annoying when running in
+batch mode.  If it exits abnormally (and is not caught), the entire
+batch aborts; when such an event is trapped, 
+.Ic dig
+simply
+continues with the next query.
diff --git a/contrib/bind/doc/man/dnskeygen.1 b/contrib/bind/doc/man/dnskeygen.1
new file mode 100644
index 0000000..bdc2df9
--- /dev/null
+++ b/contrib/bind/doc/man/dnskeygen.1
@@ -0,0 +1,175 @@
+.\" Copyright (c) 1996 by Internet Software Consortium
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+.\" SOFTWARE.
+.\"
+.\" $Id: dnskeygen.1,v 8.2 1997/03/14 02:29:41 vixie Exp $
+.\"
+.Dd October 25, 1996
+.Dt DNSKEYGEN @CMD_EXT_U@
+.Os BSD 4
+.Sh NAME
+.Nm dnskeygen 
+.Nd generate and display public and private RSA keys for DNS
+.Sh SYNOPSIS
+.Nm dnskeygen
+.Bo Fl g Ns Op Ar size 
+.Op Fl f
+.Bc
+.Bo Fl z 
+| 
+.Fl e 
+| 
+.Fl u 
+.Bc
+.Op Fl i
+.Op Fl m 
+.Op Fl p Ns Ar # 
+.Op Fl s Ns Ar # 
+.Op Fl x 
+.Ar name
+.Sh DESCRIPTION
+.Ic Dnskeygen
+(DNS Key Generator) is a tool to generate and maintain RSA keys
+for DNS (Domain Name System). 
+.Bl -tag -width Fl
+.It Fl g Ns Op Ar size 
+.Ic Dnskeygen 
+will generate a new key when
+the 
+.Dq Fl g 
+flag is specified.  If the 
+.Dq Fl g 
+flag is not specified, then it
+will attempt to display an existing key that is stored in the current
+directory.  If no 
+.Ar size 
+is specified after the 
+.Dq Fl g 
+flag, a key of 512 bits
+will be generated; otherwise, 
+.Ar size
+is the size of the modulus in the newly-generated key.
+.It Fl f
+flag can only be specified with the 
+.Dq Fl g
+flag; this changes the
+exponent used on the key.  If 
+.Dq Fl f
+is specified, the exponent is 65537,
+which is suitable for encryption keys.  If 
+.Dq Fl f
+is not specified,
+the exponent is 3, which is suitable for signatures and
+verification of public data such as DNS records.  Signing and
+verifying with exponent of 65537 takes significantly more CPU time than
+with exponent of 3.
+.It Fl z Fl e Fl u
+These flags define the type of key being generated: Zone (DNS
+validation) key, End Entity (host or service) key or User (e.g. email) key,
+respectively.
+Each key is only allowed to be one of these.  When
+keys are displayed, the type of key can be changed.
+.It Fl i 
+Indicates that the key can be used for IPSEC (Internet Protocol Security 
+services).
+.It Fl m 
+Indicates that the key can be used for secure email.
+.It Fl p Ns Ar # 
+Indicates that the key can be used for protocol number 
+.Ar # . 
+A value of 
+.Ar 0 
+denies the use of the key for 
+.Em any 
+protocol (other than those specified by other option flags like 
+.Fl m ) .
+A value of 
+.Ar 255 
+allows it to be used with 
+.Em all 
+protocols.
+These protocol numbers will be assigned in the latest Assigned Numbers
+RFC from the Internet Assigned Numbers Authority (IANA).
+.It Fl s Ns Ar # 
+Strength value; this value is only used when key is signing.
+Interpretation of this field is to be specified later. Default value is 7.
+.It Fl x 
+Experimental key.  This indicates that software should not assume
+that it should use secure protocols when talking to this zone, host, or user.
+Instead, the key is being published experimentally, to debug the software
+to be used to run the secure protocols, for example.
+Data signed by Experimental keys will not be treated as trusted by DNS servers.
+.It Ar name
+The DNS name the key is for.  This can be any valid DNS name.
+.El
+.Ss DETAILS
+.Ic Dnskeygen
+uses two files for each key:  
+.Pa <name>.priv
+and 
+.Pa <name>.public .
+File 
+.Pa <name>.public 
+contains the public key in the pubkey format:
+.Pp
+.D1 Ar <flags> <algorithm> <protocol> <exponent|modulus>
+.Pp
+.Ic Dnskeygen
+.Ar name 
+displays the public key in both DNS RR format and pubkey format.  
+.Ic Dnskeygen
+can display the key with different flags on subsequent runs.
+The contents of the public key file will not be changed.
+.Pa <name>.priv 
+stores the private key, in either a password-protected 
+format file or in a open file. The advantage of
+a password-protected file is that it is harder to use the key if the file is
+stolen. The disadvantage is that the password has to be given each time
+the key is read. If the key is to be stored in a safe off-line place,
+and only used for signing zones, then local policy may allow storing the
+key in an unencrypted format.
+.Sh ENVIRONMENT
+No environmental variables are used.
+.Sh SEE ALSO
+RSAREF documentation,
+.Em RFC 2065
+on secure DNS.
+.Sh AUTHOR
+Olafur Gudmundsson (ogud@tis.com).
+.Sh ACKNOWLEDGMENTS
+The underlying cryptographic math is done by the RSAREF or BSAFE libraries.
+.Sh BUGS
+.Ic Dnskeygen 
+renames old keys in such a way that only one 
+.Dq previous
+key for a given name is kept; older keys are overwritten.  (For example,
+the third time a key is generated for a given name, the second key is kept
+as the
+.Dq previous
+key, while the first key is lost.  If a key is generated 
+.Em again
+for this name--i.e., if the fourth key is generated--then the third key
+will become the
+.Dq previous
+key and the second key will be lost.)
+.Ic Dnskeygen
+will not overwrite existing keys.
+Only one key for each name can be stored in the current directory.  If you 
+want to keep your old keys, rename the files before running 
+.Ic dnskeygen . 
+Otherwise you must delete them before running 
+.Ic dnskeygen . 
+.Pp
+Portability of Private key file must be better tested between
+different implementations of RSA. 
diff --git a/contrib/bind/doc/man/dnsquery.1 b/contrib/bind/doc/man/dnsquery.1
new file mode 100644
index 0000000..048d29e
--- /dev/null
+++ b/contrib/bind/doc/man/dnsquery.1
@@ -0,0 +1,178 @@
+.\" $Id: dnsquery.1,v 8.2 1997/03/14 02:29:41 vixie Exp $
+.\"
+.\"Copyright (c) 1995, 1996 by Internet Software Consortium
+.\"
+.\"Permission to use, copy, modify, and distribute this software for any
+.\"purpose with or without fee is hereby granted, provided that the above
+.\"copyright notice and this permission notice appear in all copies.
+.\"
+.\"THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+.\"ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+.\"OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+.\"CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+.\"DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+.\"PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+.\"ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+.\"SOFTWARE.
+.\"
+.Dd March 10, 1990
+.Dt DNSQUERY @CMD_EXT_U@
+.Os BSD 4
+.Sh NAME
+.Nm dnsquery 
+.Nd query domain name servers using resolver
+.Sh SYNOPSIS
+.Nm dnsquery
+.Op Fl n Ar nameserver
+.Op Fl t Ar type
+.Op Fl c Ar class
+.Op Fl r Ar retry
+.Op Fl p Ar period
+.Op Fl d
+.Op Fl s
+.Op Fl v
+.Ar host
+.Sh DESCRIPTION
+The
+.Ic dnsquery
+program is a general interface to nameservers via
+BIND resolver library calls.  The program supports
+queries to the nameserver with an opcode of QUERY.
+This program is intended to be a replacement or
+supplement to programs like nstest, nsquery and
+nslookup.  All arguments except for
+.Ar host
+and
+.Ar nameserver
+are treated without case-sensitivity.
+.Sh OPTIONS
+.Bl -tag -width Fl
+.It Fl n Ar nameserver
+The nameserver to be used in the query.  Nameservers can appear as either 
+Internet addresses of the form 
+.Ar w.x.y.z 
+or can appear as domain names.
+(Default: as specified in 
+.Pa /etc/resolv.conf . ) 
+.It Fl t Ar type
+The type of resource record of interest.  Types include:
+.Bl -tag -width "AFSDB  " -compact -offset indent
+.It Ar A
+address
+.It Ar NS
+nameserver
+.It Ar CNAME
+canonical name
+.It Ar PTR	
+domain name pointer
+.It Ar SOA	
+start of authority
+.It Ar WKS	
+well-known service
+.It Ar HINFO
+host information
+.It Ar MINFO
+mailbox information
+.It Ar MX	
+mail exchange
+.It Ar RP	
+responsible person
+.It Ar MG	
+mail group member
+.It Ar AFSDB	
+DCE or AFS server
+.It Ar ANY	
+wildcard
+.El
+.Pp
+Note that any case may be used.  (Default:  
+.Ar ANY . )
+.It Fl c Ar class
+The class of resource records of interest.
+Classes include:
+.Bl -tag -width "CHAOS  " -compact -offset indent
+.It Ar IN	
+Internet
+.It Ar HS	
+Hesiod
+.It Ar CHAOS
+Chaos
+.It Ar ANY	
+wildcard
+.El
+.Pp
+Note that any case may be used.  (Default:  
+.Ar IN . )
+.It Fl r Ar retry
+The number of times to retry if the nameserver is
+not responding.  (Default:  4.)
+.It Fl p Ar period
+Period to wait before timing out.  (Default:  
+.Dv RES_TIMEOUT . )
+.It Fl d
+Turn on debugging.  This sets the 
+.Dv RES_DEBUG 
+bit of the resolver's
+.Ft options
+field.  (Default:  no debugging.)
+.It Fl s
+Use a
+.Em stream
+rather than a packet.  This uses a TCP stream connection with
+the nameserver rather than a UDP datagram.  This sets the
+.Dv RES_USEVC 
+bit of the resolver's
+.Ft options
+field.  (Default:  UDP datagram.)
+.It Fl v
+Synonym for the 
+.Dq Fl s 
+flag.
+.It Ar host
+The name of the host (or domain) of interest.
+.El
+.Sh FILES
+.Bl -tag -width "<arpa/nameser.h>  " -compact
+.It Pa /etc/resolv.conf 
+to get the default ns and search lists
+.It Pa <arpa/nameser.h> 	
+list of usable RR types and classes
+.It Pa <resolv.h>		
+list of resolver flags
+.El
+.Sh DIAGNOSTICS
+If the resolver fails to answer the query and debugging has not been
+turned on,
+.Ic dnsquery
+will simply print a message like:
+.Dl Query failed (rc = 1) : Unknown host
+.Pp
+The value of the return code is supplied by 
+.Ft h_errno .
+.Sh SEE ALSO
+.Xr nslookup @SYS_OPS_EXT@ , 
+.Xr nstest @CMD_EXT@ , 
+.Xr nsquery @CMD_EXT@ , 
+.Xr named @SYS_OPS_EXT@ , 
+.Xr resolver @FORMAT_EXT@ .
+.Sh AUTHOR
+Bryan Beecher
+.Sh BUGS
+Queries of a class other than 
+.Ar IN 
+can have interesting results
+since ordinarily a nameserver only has a list of root nameservers
+for class 
+.Ar IN 
+resource records.
+.Pp
+.Ic Dnsquery 
+uses a call to 
+.Fn inet_addr 
+to determine if the argument
+for the 
+.Dq Fl n
+option is a valid Internet address.  Unfortunately,
+.Fn inet_addr 
+seems to cause a segmentation fault with some (bad)
+IP addresses (e.g., 1.2.3.4.5).
diff --git a/contrib/bind/doc/man/dnssigner.1 b/contrib/bind/doc/man/dnssigner.1
new file mode 100644
index 0000000..1fb4ce4
--- /dev/null
+++ b/contrib/bind/doc/man/dnssigner.1
@@ -0,0 +1,213 @@
+.\" Copyright (c) 1996 by Internet Software Consortium
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+.\" SOFTWARE.
+.\"
+.\" $Id: dnssigner.1,v 8.2 1997/03/14 02:29:42 vixie Exp $
+.\"
+.Dd October 25, 1996
+.Dt DNSSIGNER @CMD_EXT_U@
+.Os BSD 4
+.Sh NAME
+.Nm dnssigner 
+.Nd add signatures to DNS zone files
+.Sh SYNOPSIS
+.Nm dnssigner
+.Op Cm signer-name Ar default_signer
+.Op Cm boot-file Ar file
+.Op Cm debug-file Ar file
+.Op Cm out-dir Ar directory
+.Op Cm seq-no Ar number
+.Oo
+.Cm expiration-time 
+.Oo Po Cm + 
+.Ns \&| 
+.Ns Cm = 
+.Pc Oc
+.Ns Ar time
+.Oc
+.Op Cm hide 
+.Op Cm noaxfr 
+.Op Cm nosign 
+.Op Cm verify 
+.Op Cm update-zonekey 
+.Op Fl d Ns Ar level
+.Sh DESCRIPTION
+.Ic Dnssigner
+(Sign DNS zone database) is a tool to generate signatures
+for DNS (Domain Name System) resource records.  It also generates
+NXT records for each zone.
+.Pp
+.Bl -tag -width Fl
+.It Cm signer-name Ar default_signer
+Specifies a name of the key to use if no signer is defined using the
+.Em Li $SIGNER  
+directive in the boot files.
+.It Cm boot-file Ar file
+Specifies the control file for 
+.Ic dnssigner , 
+which is in the same format as the BIND-4 
+.Pa named.boot 
+file.
+.It Cm debug-file Ar file
+Redirect debug output to the specified 
+.Ar file ; 
+default is
+.Pa signer_out 
+in the current directory.
+.It Cm out-dir Ar directory
+Write signed files to thie specified
+.Ar directory ; 
+default is to use
+.Pa /tmp .
+.Pp
+.Sy NOTE :  
+Specify the full path to this directory; relative paths may not work.
+.It Xo Cm expiration-time 
+.Oo Po Cm + 
+.Ns \&| 
+.Ns Cm = 
+.Pc Oc
+.Ns Ar time
+.Xc
+Time when the signature records are to
+expire.  Using either
+.Dq Cm =
+or 
+.Em no 
+sign before the 
+.Ar time
+argument
+.Po i.e., 
+.Do Op Cm = 
+.Ns Ar time
+.Dc 
+.Pc , 
+the 
+.Ar time 
+is interpreted as an absolute time in seconds when the records will expire.  
+.Po Sy NOTE :
+  All such times are interpreted as Universal Times.
+.Pc 
+With 
+.Dq Cm +
+specified 
+.Pq i.e., Dq Cm + Ns Ar time ,
+the
+.Ar time 
+time is interpreted as an offset into the future.
+.Pp
+If not specified on the command line, the default 
+.Cm expiration-time
+is 3600*24*30 sec (30 days).
+.It Cm seq-no Ar number
+Force the serial number in the SOA records to the specified value. 
+If this parameter is not set, the serial number will be set to a value
+based on the current time.
+.It Cm hide 
+This flag will cause NXT records in zones with wildcard
+records to point to 
+.Li *.<zone> 
+as the next host. The purpose of this
+flag is to hide all information about valid names in a zone.
+.It Cm noaxfr
+Turn of generation of zone transfer signature records,
+which validate the transfer of an entire zone.
+.It Cm nosign
+When this flag is specified, the boot files are read, NXT
+records are generated and zone file is written to the output
+directory. No SIG records are generated. This flag is useful for
+quickly checking the format of the data in the boot files, and to 
+have boot files sorted into DNSSEC order.  
+.It Cm verify
+When this flag is present,
+.Ic dnssigner
+will verify all
+signed records and print out a confirmation message for each SIG
+verified. The main use of this flag is to see how long it takes to
+generate each signature. 
+.It Cm update-zonekey 
+If this flag is specified, then the zonekeys used
+to sign files will be updated with new records.  Specify this flag if
+one or more of the keys have been updated.  If there are no zonekeys
+specified in the boot files, this flag will insert them. Omitting
+zonekeys will cause primary nameservers to reject the zone. 
+.It Fl d Ns Ar level
+Debug level to use for running 
+.Ic dnssigner ;
+these levels are the same as those used by 
+.Xr @INDOT_U@NAMED @SYS_OPS_EXT_U@ 
+.El
+.Ss DETAILS
+.Ic Dnssigner
+reads BIND-4 
+.Pa named.boot 
+and zone files, adds SIG and NXT
+records and writes out the records (to one file per zone, regardless of
+how many include files the original zone was in).  The files generated by
+.Ic dnssigner
+are ordinary textual zone files and are then normally
+loaded by 
+.Xr @INDOT_U@NAMED @SYS_OPS_EXT_U@ 
+to serve the zone.
+.Ic Dnssigner
+\fBrequires that the PRIVATE key(s) reside in the input directory\fP.
+.Pp
+Making manual changes to the output files is hazardous, because most
+changes will invalidate one or more signatures contained therein.  This
+will cause the zone to fail to load into 
+.Xr @INDOT_U@NAMED @SYS_OPS_EXT_U@ , 
+or will cause subsequent
+failures in retrieving records from the zone.  It is far better to make
+changes in 
+.Ic dnssigner's
+input files, and rerun 
+.Ic dnssigner .
+.Pp
+When 
+.Ic dnssigner
+detects a delegation point, it creates a special file
+.Pa <zone_name>.PARENT 
+which contains the RR's the parent zone signs for the 
+child zone (NS, KEY, NXT). The intent is that the child will include this
+file when loading primary nameservers.  Similarly, each zone file ends
+with the 
+.Dq Li #include <zone_name>.PARENT 
+command.  The records 
+in the
+.Pa .PARENT 
+files are omitted from the SIG(AXFR) calculations as these
+records usualy are on a different signing cycle.  
+.Pp
+The 
+.Em Li Dq $SIGNER Op Ar keyname
+directive can be used to change signers in a
+zone.  If 
+.Ar keyname 
+is omitted, signing is turned off.  Keys are loaded the
+first time the keys are accessed.  Only records that are signed by the
+zone signer (the key that signs the SOA) are included in the SIG(AXFR)
+calculation.  It is not generally recommended that multiple keys sign
+records in the same zone, unless this is useful for dynamic updates.
+.Sh ENVIRONMENT
+No environmental variables are used.
+.Sh SEE ALSO
+.Xr @INDOT_U@NAMED @SYS_OPS_EXT_U@ ,
+RSAREF documentation,
+Internet-Draft 
+.Em draft-ietf-dnssec-secext-10.txt
+on Secure DNS, or its successor.
+.Sh AUTHOR
+Olafur Gudmundsson (ogud@tis.com)
+.Sh ACKNOWLEDGMENTS
+The underlying crypto math is done by the RSAREF or BSAFE libraries.
diff --git a/contrib/bind/doc/man/gethostbyname.3 b/contrib/bind/doc/man/gethostbyname.3
new file mode 100644
index 0000000..0498bd8
--- /dev/null
+++ b/contrib/bind/doc/man/gethostbyname.3
@@ -0,0 +1,246 @@
+.\" Copyright (c) 1983, 1987 The Regents of the University of California.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms are permitted provided
+.\" that: (1) source distributions retain this entire copyright notice and
+.\" comment, and (2) distributions including binaries display the following
+.\" acknowledgement:  ``This product includes software developed by the
+.\" University of California, Berkeley and its contributors'' in the
+.\" documentation or other materials provided with the distribution and in
+.\" all advertising materials mentioning features or use of this software.
+.\" Neither the name of the University nor the names of its contributors may
+.\" be used to endorse or promote products derived from this software without
+.\" specific prior written permission.
+.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+.\"
+.\"	@(#)gethostbyname.3	6.12 (Berkeley) 6/23/90
+.\"
+.Dd June 23, 1990
+.Dt GETHOSTBYNAME @LIB_NETWORK_EXT_U@ 
+.Os BSD 4
+.Sh NAME
+.Nm gethostbyname ,
+.Nm gethostbyaddr ,
+.Nm gethostent ,
+.Nm sethostent ,
+.Nm endhostent ,
+.Nm herror 
+.Nd get network host entry
+.Sh SYNOPSIS
+.Fd #include <netdb.h>
+.Ft extern int 
+.Fa h_errno;
+.Pp
+.Ft struct hostent *
+.Fn gethostbyname "char *name";
+.Ft struct hostent *
+.Fn gethostbyname2 "char *name" "int af";
+.Ft struct hostent *
+.Fn gethostbyaddr "char *addr" "int len, type";
+.Ft struct hostent *
+.Fn gethostent
+.Fn sethostent "int stayopen";
+.Fn endhostent
+.Fn herror "char *string";
+.Sh DESCRIPTION
+.Fn Gethostbyname ,
+.Fn gethostbyname2 ,
+and
+.Fn gethostbyaddr
+each return a pointer to a
+.Ft hostent
+structure (see below) describing an internet host
+referenced by name or by address, as the function names indicate.
+This structure contains either the information obtained from the name server,
+.Xr @INDOT@named @SYS_OPS_EXT@ ,
+or broken-out fields from a line in 
+.Pa /etc/hosts .
+If the local name server is not running, these routines do a lookup in
+.Pa /etc/hosts .
+.Bd -literal -offset indent
+struct	hostent {
+	char	*h_name;	/* official name of host */
+	char	**h_aliases;	/* alias list */
+	int	h_addrtype;	/* host address type */
+	int	h_length;	/* length of address */
+	char	**h_addr_list;	/* list of addresses from name server */
+};
+
+#define	h_addr  h_addr_list[0]	/* address, for backward compatibility */
+.Ed
+.Pp
+The members of this structure are:
+.Bl -tag -width "h_addr_list" 
+.It h_name
+Official name of the host.
+.It h_aliases
+A zero-terminated array of alternate names for the host.
+.It h_addrtype
+The type of address being returned; usually 
+.Dv AF_INET .
+.It h_length
+The length, in bytes, of the address.
+.It h_addr_list
+A zero-terminated array of network addresses for the host.
+Host addresses are returned in network byte order.
+.It h_addr
+The first address in 
+.Li h_addr_list ; 
+this is for backward compatibility.
+.El
+.Pp
+When using the nameserver,
+.Fn gethostbyname
+will search for the named host in each parent domain given in the 
+.Dq Li search
+directive of
+.Xr resolv.conf @FORMAT_EXT@
+unless the name contains a dot
+.Pq Dq \&. .
+If the name contains no dot, and if the environment variable 
+.Ev HOSTALIASES
+contains the name of an alias file, the alias file will first be searched
+for an alias matching the input name.
+See
+.Xr hostname @DESC_EXT@
+for the domain search procedure and the alias file format.
+.Pp
+.Fn Gethostbyname2
+is an evolution of
+.Fn gethostbyname
+intended to allow lookups in address families other than 
+.Dv AF_INET , 
+for example, 
+.Dv AF_INET6 .  
+Currently, the
+.Fa af
+argument must be specified as
+.Dv AF_INET
+else the function will return 
+.Dv NULL 
+after having set
+.Ft h_errno
+to 
+.Dv NETDB_INTERNAL .
+.Pp
+.Fn Sethostent
+may be used to request the use of a connected TCP socket for queries.
+If the
+.Fa stayopen
+flag is non-zero,
+this sets the option to send all queries to the name server using TCP
+and to retain the connection after each call to 
+.Fn gethostbyname
+or
+.Fn gethostbyaddr .
+Otherwise, queries are performed using UDP datagrams.
+.Pp
+.Fn Endhostent
+closes the TCP connection.
+.Sh ENVIRONMENT
+.Bl -tag -width "HOSTALIASES  " -compress
+.It Ev HOSTALIASES
+Name of file containing 
+.Pq Ar host alias , full hostname
+pairs.
+.El
+.Sh FILES
+.Bl -tag -width "HOSTALIASES  " -compress
+.It Pa /etc/hosts
+See
+.Xr hosts @FORMAT_EXT@ .
+.It Ev HOSTALIASES
+Name of file containing 
+.Pq Ar host alias , full hostname
+pairs.
+.El
+.Sh DIAGNOSTICS
+.Pp
+Error return status from 
+.Fn gethostbyname
+and
+.Fn gethostbyaddr
+is indicated by return of a null pointer.
+The external integer
+.Ft h_errno
+may then be checked to see whether this is a temporary failure
+or an invalid or unknown host.
+The routine
+.Fn herror
+can be used to print an error message describing the failure.
+If its argument
+.Fa string
+is non-NULL, it is printed, followed by a colon and a space.
+The error message is printed with a trailing newline.
+.Pp
+.Ft h_errno
+can have the following values:
+.Bl -tag -width "HOST_NOT_FOUND  " -offset indent 
+.It Dv NETDB_INTERNAL 
+This indicates an internal error in the library, unrelated to the network
+or name service.
+.Ft errno
+will be valid in this case; see
+.Xr perror @SYSCALL_EXT@ .
+.It Dv HOST_NOT_FOUND
+No such host is known.
+.It Dv TRY_AGAIN 
+This is usually a temporary error
+and means that the local server did not receive
+a response from an authoritative server.
+A retry at some later time may succeed.
+.It Dv NO_RECOVERY 
+Some unexpected server failure was encountered.
+This is a non-recoverable error, as one might expect.
+.It Dv NO_DATA
+The requested name is valid but does not have an IP address; 
+this is not a temporary error.  
+This means that the name is known to the name server but there is no address
+associated with this name.
+Another type of request to the name server using this domain name
+will result in an answer;
+for example, a mail-forwarder may be registered for this domain.
+.El
+.Sh SEE ALSO
+.Xr hosts @FORMAT_EXT@ , 
+.Xr hostname @DESC_EXT@ , 
+.Xr @INDOT@named @SYS_OPS_EXT@ ,
+.Xr resolver @LIB_NETWORK_EXT@ , 
+.Xr resolver @FORMAT_EXT@ . 
+.Sh CAVEAT
+.Pp
+.Fn Gethostent
+is defined, and
+.Fn sethostent
+and
+.Fn endhostent
+are redefined,
+when
+.Pa libc
+is built to use only the routines to lookup in
+.Pa /etc/hosts 
+and not the name server:
+.Bd  -filled -offset indent
+.Pp
+.Fn Gethostent
+reads the next line of
+.Pa /etc/hosts ,
+opening the file if necessary.
+.Pp
+.Fn Sethostent 
+is redefined to open and rewind the file.  If the
+.Fa stayopen
+argument is non-zero,
+the hosts data base will not be closed after each call to
+.Fn gethostbyname
+or
+.Fn gethostbyaddr .
+.Pp
+.Fn Endhostent
+is redefined to close the file.
+.Ed
+.Sh BUGS
+All information is contained in a static area so it must be copied if it is
+to be saved.  Only the Internet address format is currently understood.
diff --git a/contrib/bind/doc/man/getnetent.3 b/contrib/bind/doc/man/getnetent.3
new file mode 100644
index 0000000..3b941e2
--- /dev/null
+++ b/contrib/bind/doc/man/getnetent.3
@@ -0,0 +1,153 @@
+.\" $Id: getnetent.3,v 8.3 1997/03/14 02:29:43 vixie Exp $
+.\"
+.\"Copyright (c) 1995, 1996 by Internet Software Consortium
+.\"
+.\"Permission to use, copy, modify, and distribute this software for any
+.\"purpose with or without fee is hereby granted, provided that the above
+.\"copyright notice and this permission notice appear in all copies.
+.\"
+.\"THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+.\"ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+.\"OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+.\"CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+.\"DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+.\"PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+.\"ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+.\"SOFTWARE.
+.\"
+.Dd May 20, 1996
+.Dt GETNETENT @LIB_NETWORK_EXT_U@
+.Os BSD 4
+.Sh NAME
+.Nm getnetent ,
+.Nm getnetbyaddr ,
+.Nm getnetbyname ,
+.Nm setnetent ,
+.Nm endnetent 
+.Nd get networks entry
+.Sh SYNOPSIS
+.Fd #include <netdb.h>
+.Ft struct netent *
+.Fn getnetent
+.Ft struct netent *
+.Fn getnetbyname "char name";
+.Ft struct netent *
+.Fn getnetbyaddr "unsigned long net" "int type";
+.Ft void 
+.Fn setnetent "int stayopen";
+.Ft void 
+.Fn endnetent
+.Sh DESCRIPTION
+The
+.Fn getnetent ,
+.Fn getnetbyname ,
+and
+.Fn getnetbyaddr
+subroutines
+each return a pointer to an object with the following structure
+containing the broken-out fields of a line in the 
+.Pa networks 
+database.
+.Bd -literal -offset indent
+struct	netent {
+	char	*n_name;	/* official name of net */
+	char	**n_aliases;	/* alias list */
+	int	n_addrtype;	/* net number type */
+	long	n_net;		/* net number */
+};
+.Ed
+.Pp
+The members of this structure are:
+.Bl -tag -width "n_addrtype" 
+.It n_name
+The official name of the network.
+.It n_aliases
+A zero-terminated list of alternate names for the network.
+.It n_addrtype
+The type of the network number returned: 
+.Dv AF_INET .
+.It n_net
+The network number.  Network numbers are returned in machine byte
+order.
+.El
+.Pp
+If the
+.Fa stayopen
+flag on a 
+.Fn setnetent
+subroutine is NULL, the
+.Pa networks
+database is opened.  Otherwise, the
+.Fn setnetent
+has the effect of rewinding the 
+.Pa networks 
+database.
+The
+.Fn endnetent
+subroutine may be called to
+close the 
+.Pa networks 
+database when processing is complete.
+.Pp
+The
+.Fn getnetent
+subroutine simply reads the next
+line while
+.Fn getnetbyname
+and
+.Fn getnetbyaddr
+search until a matching
+.Fa name
+or
+.Fa net
+number is found
+(or until 
+.Dv EOF 
+is encountered).  The 
+.Fa type must be 
+.Dv AF_INET .
+The
+.Fn getnetent
+subroutine keeps a pointer in the database, allowing
+successive calls to be used to search the entire file.
+.Pp
+Before a
+.Ic while
+loop using
+.Fn getnetent ,
+a call to
+.Fn setnetent
+must be made 
+in order to perform initialization; a call to 
+.Fn endnetent
+must be used after the loop.  Both
+.Fn getnetbyname
+and
+.Fn getnetbyaddr
+make calls to
+.Fn setnetent
+and
+.Fn endnetent .
+.Sh FILES
+.Pa /etc/networks
+.Sh DIAGNOSTICS
+Null pointer (0) returned on 
+.Dv EOF 
+or error.
+.Sh SEE ALSO
+.Xr networks @FORMAT_EXT@ ,
+RFC 1101.
+.Sh HISTORY
+The 
+.Fn "getnetent" , 
+.Fn "getnetbyaddr" , 
+.Fn "getnetbyname" , 
+.Fn "setnetent" , 
+and
+.Fn "endnetent"
+functions appeared in 4.2BSD.
+.Sh BUGS
+The data space used by these functions is static; if future use requires the
+data, it should be copied before any subsequent calls to these functions
+overwrite it.  Only Internet network numbers are currently understood.
+Expecting network numbers to fit in no more than 32 bits is probably naive.
diff --git a/contrib/bind/doc/man/host.1 b/contrib/bind/doc/man/host.1
new file mode 100644
index 0000000..017d082
--- /dev/null
+++ b/contrib/bind/doc/man/host.1
@@ -0,0 +1,316 @@
+.\" ++Copyright++ 1993
+.\" -
+.\" Copyright (c) 1993
+.\"    The Regents of the University of California.  All rights reserved.
+.\" 
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\" 	This product includes software developed by the University of
+.\" 	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\" 
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\" -
+.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
+.\" 
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies, and that
+.\" the name of Digital Equipment Corporation not be used in advertising or
+.\" publicity pertaining to distribution of the document or software without
+.\" specific, written prior permission.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
+.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS.   IN NO EVENT SHALL DIGITAL EQUIPMENT
+.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+.\" SOFTWARE.
+.\" -
+.\" --Copyright--
+.\" $Id: host.1,v 8.2 1997/03/14 02:29:44 vixie Exp $
+.Dd December 15, 1994
+.Dt HOST @CMD_EXT_U@
+.Os BSD 4
+.Sh NAME
+.Nm host 
+.Nd look up host names using domain server
+.Sh SYNOPSIS 
+.Nm host 
+.Op Fl l
+.Op Fl v
+.Op Fl w
+.Op Fl r
+.Op Fl d
+.Op Fl t Ar querytype
+.Op Fl a 
+.Ar host 
+.Op Ar server 
+.Sh DESCRIPTION 
+.Ic Host
+looks for information about Internet hosts.  It gets this information
+from a set of interconnected servers that are spread across the
+country.  By default, it simply converts between host names and
+Internet addresses.  However, with the 
+.Dq Fl t 
+or 
+.Dq Fl a 
+options, it can be used
+to find all of the information about this host that is maintained
+by the domain server.
+.Pp
+The arguments can be either host names or host numbers.  The program
+first attempts to interpret them as host numbers.  If this fails,
+it will treat them as host names.  A host number consists of
+first decimal numbers separated by dots, e.g. 128.6.4.194
+A host name consists of names separated by dots, e.g. topaz.rutgers.edu.  
+Unless the name ends in a dot, the local domain
+is automatically tacked on the end.  Thus, a Rutgers user can say
+.Pp
+.D1 Ic host topaz 
+.Pp
+and it will actually look up "topaz.rutgers.edu".
+If this fails, the name is tried unchanged (in this case, "topaz").
+This same convention is used for mail and other network utilities.
+The actual suffix to tack on the end is obtained
+by looking at the results of a 
+.Xr hostname @CMD_EXT@
+call, and using everything
+starting at the first dot.  (See below for a description of
+.Sx CUSTOMIZING HOST NAME LOOKUP . )
+.Pp
+The first argument is the host name you want to look up.
+If this is a number, an 
+.Dq inverse query 
+is done, i.e. the domain
+system looks in a separate set of databases used to convert numbers
+to names.
+.Pp
+The second argument is optional.  It
+allows you to specify a particular server to query.  If you don't
+specify this argument, the default server (normally the local machine)
+is used.
+.Pp
+If a name is specified, you may see output of three different kinds.
+Here is an example that shows all of them:
+.Pp
+.D1 Ic % host sun4
+.Dl sun4.rutgers.edu is a nickname for ATHOS.RUTGERS.EDU
+.Dl ATHOS.RUTGERS.EDU has address 128.6.5.46
+.Dl ATHOS.RUTGERS.EDU has address 128.6.4.4
+.Dl ATHOS.RUTGERS.EDU mail is handled by ARAMIS.RUTGERS.EDU
+.Pp
+The user has typed the command 
+.Dq Ic host sun4 .  
+The first line indicates that the name 
+.Dq Li sun4.rutgers.edu 
+is actually a nickname.  The official host name is 
+.Dq Li ATHOS.RUTGERS.EDU .  
+The next two lines show the
+address.  If a system has more than one network interface, there
+will be a separate address for each.  The last line indicates
+that 
+.Li ATHOS.RUTGERS.EDU 
+does not receive its own mail.  Mail for
+it is taken by 
+.Li ARAMIS.RUTGERS.EDU .  
+There may be more than one
+such line, since some systems have more than one other system
+that will handle mail for them.  Technically, every system that
+can receive mail is supposed to have an entry of this kind.  If
+the system receives its own mail, there should be an entry
+the mentions the system itself; for example,
+.Pp
+.D1 Li XXX mail is handled by XXX 
+.Pp
+However, many systems that receive
+their own mail do not bother to mention that fact.  If a system
+has a 
+.Dq Li mail is handled by 
+entry, but no address, this indicates
+that it is not really part of the Internet, but a system that is
+on the network will forward mail to it.  Systems on Usenet, Bitnet,
+and a number of other networks have entries of this kind.
+.Sh OPTIONS
+There are a number of options that can be used before the
+host name.  Most of these options are meaningful only to the
+staff who have to maintain the domain database.
+.Bl -tag -width Fl
+.It Fl w 
+This causes 
+.Ic host 
+to wait forever for a response.  Normally
+it will time out after approximate one minute.
+.It Fl v
+Use "verbose" format for printout.  This
+is the official domain master file format, which is documented 
+in the man page for 
+.Xr @INDOT@named @SYS_OPS_EXT@ .
+Without this option, output still follows
+this format in general terms, but some attempt is made to make it
+more intelligible to normal users.  Without 
+.Dq Fl v ,
+any "a", "mx", and "cname" records
+are written out as "has address", "mail is handled by", and
+"is a nickname for" (respectively), and TTL and class fields are not shown.
+.It Fl r
+Turn off recursion in the request.
+This means that the name server will return only data it has in
+its own database.  It will not ask other servers for more 
+information.
+.It Fl d
+Turn on debugging.  Network transactions are shown in detail.
+.It Fl t Ar querytype
+Allows you to specify a particular 
+.Ar querytype 
+of information
+to be looked up.  The arguments are defined in the man page for
+.Xr @INDOT@named @SYS_OPS_EXT@ .
+Currently-supported types include: 
+.Dq Cm a , 
+.Dq Cm ns , 
+.Dq Cm md , 
+.Dq Cm mf , 
+.Dq Cm cname ,
+.Dq Cm soa , 
+.Dq Cm mb , 
+.Dq Cm mg , 
+.Dq Cm mr , 
+.Dq Cm null , 
+.Dq Cm wks , 
+.Dq Cm ptr , 
+.Dq Cm hinfo , 
+.Dq Cm minfo , 
+.Dq Cm mx , 
+.Dq Cm uinfo ,
+.Dq Cm uid , 
+.Dq Cm gid , 
+.Dq Cm unspec .  
+Additionally, the wildcard, which may be written
+as either 
+.Dq Cm any 
+or 
+.Dq Cm * ,
+can be used to specify any (all) of the above types.  
+Types must be given in lower case.
+Note that the default is to look first for 
+.Dq Cm a , 
+and then 
+.Dq Cm mx , 
+except that if the verbose option is turned on, the default is only 
+.Dq Cm a .
+The
+.Dq Fl t
+option is particularly useful for filtering information returned by 
+.Ic host ;
+see the explanation of the
+.Dq Fl l
+option, below, for more information.
+.It Fl a 
+.Dq all ;
+this is equivalent to 
+.Dq Fl v Fl t Cm any .
+.It Fl l
+List a complete domain; e.g.:
+.Pp
+.D1 Ic host -l rutgers.edu
+.Pp
+will give a listing of all hosts in the rutgers.edu domain.  The 
+.Dq Fl t
+option is used to filter what information is presented, as you 
+would expect.  The default is address information, which also
+include PTR and NS records.  The command
+.Pp
+.D1 Ic host -l -v -t any rutgers.edu
+.Pp
+will give a complete download of the zone data for rutgers.edu,
+in the official master file format.  (However the SOA record is
+listed twice, for arcane reasons.)  
+.Pp
+.Sy NOTE: 
+.Dq Fl l 
+is implemented by
+doing a complete zone transfer and then filtering out the information
+the you have asked for.  This command should be used only if it
+is absolutely necessary.
+.Sh CUSTOMIZING HOST NAME LOOKUP
+In general, if the name supplied by the user does not
+have any dots in it, a default domain is appended to the end.
+This domain can be defined in 
+.Pa /etc/resolv.conf , 
+but is normally derived
+by taking the local hostname after its first dot.  The user can override
+this, and specify a different default domain, using the environment
+variable
+.Ev LOCALDOMAIN .
+In addition, the user can supply his own abbreviations for host names.
+They should be in a file consisting of one line per abbreviation.
+Each line contains an abbreviation, a space, and then the full
+host name.  The name file must be contained in the 
+.Ev HOSTALIASES 
+environment variable.
+.Sh ENVIRONMENT
+.Bl -tag -width "/etc/resolv.conf  " -compress
+.It Ev HOSTALIASES
+Name of file containing
+.Pq Ar host alias , full hostname
+pairs.
+.El
+.Sh FILES
+.Bl -tag -width "/etc/resolv.conf  " -compress
+.It Pa /etc/resolv.conf 
+See
+.Xr resolver @FORMAT_EXT@ .
+.It Ev HOSTALIASES
+Name of file containing
+.Pq Ar host alias , full hostname
+pairs.
+.El
+.Sh SEE ALSO
+.Xr @INDOT@named  @SYS_OPS_EXT@ , 
+.Xr resolver @FORMAT_EXT@ .
+.Sh BUGS
+Unexpected effects can happen when you type a name that is not
+part of the local domain.  Please always keep in mind the
+fact that the local domain name is tacked onto the end of every
+name, unless it ends in a dot.  Only if this fails is the name
+used unchanged.
+.Pp
+The 
+.Dq Fl l 
+option only tries the first name server listed for the
+domain that you have requested.  If this server is dead, you
+may need to specify a server manually. E.g., to get a listing
+of foo.edu, you could try 
+.Pp
+.D1 Ic host -t ns foo.edu 
+.Pp
+to get a list of all the name servers for foo.edu, and then try 
+.Pp
+.D1 Ic host -l foo.edu xxx
+.Pp
+for all 
+.Dq Ic xxx 
+on the list of name servers, until you find one that works.
diff --git a/contrib/bind/doc/man/hostname.7 b/contrib/bind/doc/man/hostname.7
new file mode 100644
index 0000000..6a92d64
--- /dev/null
+++ b/contrib/bind/doc/man/hostname.7
@@ -0,0 +1,171 @@
+.\" Copyright (c) 1987 The Regents of the University of California.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms are permitted
+.\" provided that the above copyright notice and this paragraph are
+.\" duplicated in all such forms and that any documentation,
+.\" advertising materials, and other materials related to such
+.\" distribution and use acknowledge that the software was developed
+.\" by the University of California, Berkeley.  The name of the
+.\" University may not be used to endorse or promote products derived
+.\" from this software without specific prior written permission.
+.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+.\"
+.\"	@(#)hostname.7	6.4 (Berkeley) 1/16/90
+.\"
+.Dd February 16, 1994
+.Dt HOSTNAME @DESC_EXT_U@
+.Os BSD 4
+.Sh NAME
+.Nm hostname 
+.Nd host name resolution description
+.Sh DESCRIPTION
+Hostnames are domains.  A domain is a hierarchical, dot-separated list
+of subdomains.  For example, the machine 
+.Dq Li monet , 
+in the 
+.Dq Li Berkeley
+subdomain of the 
+.Dq Li EDU
+subdomain of the Internet Domain Name System would be represented as
+.Pp
+.Dl monet.Berkeley.EDU
+.Pp
+(with no trailing dot).
+.Pp
+Hostnames are often used with network client and server programs,
+which must generally translate the name to an address for use.
+(This task is usually performed by the library routine
+.Xr gethostbyname  @LIB_NETWORK_EXT@ . )
+The default method for resolving hostnames by the Internet name resolver is
+to follow RFC 1535's security recommendations.  Actions can be taken
+by the administrator to override these recommendations and to have the
+resolver behave the same as earlier, non-RFC 1535 
+resolvers.
+.Pp
+The default method (using RFC 1535 guidelines) follows:
+.Pp
+If the name consists of a single component, i.e. contains no dot, and if the
+environment variable 
+.Dq Ev HOSTALIASES 
+is set to the name of a file,
+that file is searched for a string matching the input hostname.  The file
+should consist of lines made up of two strings separated by white-space, the
+first of which is the hostname alias, and the second of which is the complete
+hostname to be substituted for that alias.  If a case-insensitive match is
+found between the hostname to be resolved and the first field of a line in
+the file, the substituted name is looked up with no further processing.
+.Pp
+If there is at least one dot in the name, then the name is first tried 
+.Dq as-is .  
+The number of dots to cause this action is configurable by setting the
+threshold using the 
+.Dq Li ndots
+option in 
+.Pa /etc/resolv.conf
+(default:  1).  If the name ends with a dot, the trailing dot is
+removed, and the remaining name is looked up (regardless of the setting of
+the 
+.Li ndots 
+option), without further processing. 
+.Pp
+If the input name does not end with a trailing dot, it is looked up by
+searching through a list of domains until a match is found.  If neither the
+search option in the
+.Pa /etc/resolv.conf
+file or the 
+.Dq Ev LOCALDOMAIN 
+environment variable is used, then the
+search list of domains contains only the full domain specified by the 
+.Li domain
+option (in
+.Pa /etc/resolv.conf )
+or the domain used in the local hostname (see 
+.Xr hostname @CMD_EXT@
+and
+.Xr resolver @FORMAT_EXT@ ) .
+For example, if the 
+.Dq Li domain 
+option is set to 
+.Li CS.Berkeley.EDU ,
+then only 
+.Li CS.Berkeley.EDU 
+will be in the search list, and this will be the only
+domain appended to the partial hostname.  For example, if 
+.Dq Li lithium 
+is the name to be resolved, this would make
+.Li lithium.CS.Berkeley.EDU 
+the only name to be tried using the search list.
+.Pp
+If the 
+.Li search 
+option is used in
+.Pa /etc/resolv.conf
+or the environment variable 
+.Dq Ev LOCALDOMAIN 
+is set by the user, then
+the search list will include what is set by these methods.  For
+example, if the 
+.Dq Li search 
+option contained
+.Pp
+.Dl CS.Berkeley.EDU CChem.Berkeley.EDU Berkeley.EDU
+.Pp
+then the partial hostname (e.g., 
+.Dq Li lithium ) 
+will be tried with 
+.Em each
+domain name appended (in the same order specified); the resulting hostnames 
+that would be tried are:
+.Bd -literal -offset indent
+lithium.CS.Berkeley.EDU
+lithium.CChem.Berkeley.EDU
+lithium.Berkeley.EDU
+.Ed
+.Pp
+The environment variable 
+.Dq Ev LOCALDOMAIN 
+overrides the
+.Dq Li search 
+and 
+.Dq Li domain 
+options, and if both 
+.Li search 
+and 
+.Li domain
+options are present in the resolver configuration file, then only the 
+.Em last
+one listed is used (see
+.Xr resolver @FORMAT_EXT@ ) .
+.Pp
+If the name was not previously tried 
+.Dq as-is 
+(i.e., it fell below the
+.Dq Li ndots 
+threshold or did not contain a dot), then the name as
+originally provided is attempted.
+.Sh ENVIRONMENT
+.Bl -tag -width "/etc/resolv.conf  " -compress
+.It Ev LOCALDOMAIN   
+Affects domains appended to partial hostnames.
+.It Ev HOSTALIASES
+Name of file containing
+.Pq Ar host alias , full hostname
+pairs.
+.El
+.Sh FILES
+.Bl -tag -width "/etc/resolv.conf  " -compress
+.It Pa /etc/resolv.conf
+See
+.Xr resolve @FORMAT_EXT@ .
+.It Ev HOSTALIASES
+Name of file containing 
+.Pq Ar host alias , full hostname
+pairs.
+.Sh SEE ALSO
+.Xr gethostbyname @LIB_NETWORK_EXT@ ,
+.Xr resolver @FORMAT_EXT@ ,
+.Xr mailaddr @DESC_EXT@ ,
+.Xr @INDOT@named @SYS_OPS_EXT@ .
diff --git a/contrib/bind/doc/man/irs.conf.5 b/contrib/bind/doc/man/irs.conf.5
new file mode 100644
index 0000000..50216e3
--- /dev/null
+++ b/contrib/bind/doc/man/irs.conf.5
@@ -0,0 +1,197 @@
+.\" Copyright (c) 1996 by Internet Software Consortium
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+.\" SOFTWARE.
+.\"
+.\" Copyright (c) 1986, 1991, 1993
+.\"	The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $Id: irs.conf.5,v 8.2 1997/11/17 06:46:27 vixie Exp $
+.\"
+.Dd November 16, 1997
+.Dt IRS.CONF 5
+.Os BIND 8.1
+.Sh NAME
+.Nm irs.conf
+.Nd Information Retrieval System configuration file
+.Sh SYNOPSIS
+.Nm irs.conf
+.Sh DESCRIPTION
+The
+.Xr irs 3
+functions are a set of routines in the C library which provide access to
+various system maps.
+The maps that irs currently controls are the following: passwd, group,
+services, protocols, hosts, networks and netgroup.
+When a program first calls a function that accesses one of these maps,
+the irs configuration file is read,
+and the source of each map is determined for the life of the process. 
+.Pp
+If this file does not exist,
+the irs routines default to using local sources for all information,
+with the exception of the host and networks maps,
+which use the Domain Name System (DNS).
+.Pp
+Each record in the file consists of one line.
+A record consists of a map-name, an access-method and possibly a (comma
+delimited) set of options,
+separated by tabs or spaces.
+Blank lines, and text between a # and a newline are ignored.
+.Pp
+Available maps:
+.Bd -literal -offset indent
+Map name	Information in map
+=========	==================================
+passwd          User authentication information
+group           User group membership information
+services        Network services directory
+protocols       Network protocols directory
+hosts           Network hosts directory
+networks        Network "network names" directory
+netgroup        Network "host groups" directory
+.Ed
+.Pp
+Available access methods:
+.Bd -literal -offset indent
+Access method	Description
+=============	=================================================
+local           Use a local file, usually in /etc
+dns             Use the domain name service (includes hesiod)
+nis             Use the Sun-compatible Network Information Service
+.Ed
+.Pp
+Available options:
+.Bd -literal -offset indent
+Option		Description
+========	================================================
+continue        don't stop searching if you can't find something
+merge           don't stop searching if you CAN find something
+.Ed
+.Pp
+The continue option creates
+.Dq "union namespaces"
+whereby subsequent access methods of the same map type can be tried
+if a name cannot be found using earlier access methods.
+This can be quite confusing in the case of host names,
+since the name to address and address to name mappings can be visibly
+asymmetric even though the data used by any given access method is
+entirely consistent.  This behavior is, therefore, not the default.
+.Pp
+The merge option only affects lookups in the groups map.
+If set, subsequent access methods will be tried in order to cause
+local users to appear in NIS (or other remote) groups in addition
+to the local groups.
+.Sh EXAMPLE
+.Bd -literal -offset indent
+# Get password entries from local file, or failing that, NIS
+passwd          local	continue
+passwd		nis
+
+# Build group membership from both local file, and NIS.
+group		local	continue,merge
+group		nis
+
+# Services comes from just the local file.
+services	local
+
+protocols	local
+
+# Hosts comes first from DNS, failing that, the local file
+hosts		dns	continue
+hosts		local
+
+networks	local
+
+netgroup        local
+.Ed
+.Sh NOTES
+If a local user needs to be in the local host's
+.Dq wheel
+group but not in every host's
+.Dq wheel
+group, put them in the local host's
+.Pa /etc/group
+.Dq wheel
+entry and set up the
+.Dq groups
+portion of your
+.Pa /etc/irs.conf
+file as:
+.Bd -literal -offset indent
+group   local   continue,merge
+group   nis
+.Ed
+.Pp
+NIS takes a long time to time out.
+Especially for hosts if you use the
+.Fl d
+option to your server's
+.Dq ypserv
+daemon.
+.Pp
+It is important that the
+.Pa irs.conf
+file contain an entry for each map.
+If a map is not mentioned in the
+.Pa irs.conf
+file, all queries to that map will fail.
+.Pp
+The classic NIS mechanism for specifying union namespaces is to add an entry
+to a local map file whose name is ``+''.  In IRS, this is done via ``continue''
+and/or ``merge'' map options.  While this results in a small incompatibility
+when local map files are imported from non-IRS systems to IRS systems, there
+are compensating advantages in security and configurability.
+.Sh FILES
+.Bl -tag -width /etc/irs.confXXXX -compact
+.It Pa /etc/irs.conf
+The file
+.Nm irs.conf
+resides in
+.Pa /etc .
+.El
+.Sh SEE ALSO
+.Xr groups 5 ,
+.Xr hosts 5 ,
+.Xr netgroup 5 ,
+.Xr networks 5 ,
+.Xr passwd 5 ,
+.Xr protocols 5 ,
+.Xr services 5
diff --git a/contrib/bind/doc/man/mailaddr.7 b/contrib/bind/doc/man/mailaddr.7
new file mode 100644
index 0000000..270fe9c
--- /dev/null
+++ b/contrib/bind/doc/man/mailaddr.7
@@ -0,0 +1,179 @@
+.\" Copyright (c) 1983, 1987 The Regents of the University of California.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms are permitted
+.\" provided that the above copyright notice and this paragraph are
+.\" duplicated in all such forms and that any documentation,
+.\" advertising materials, and other materials related to such
+.\" distribution and use acknowledge that the software was developed
+.\" by the University of California, Berkeley.  The name of the
+.\" University may not be used to endorse or promote products derived
+.\" from this software without specific prior written permission.
+.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+.\"
+.\"	@(#)mailaddr.7	6.5 (Berkeley) 2/14/89
+.\"
+.Dd February 14, 1989
+.Dt MAILADDR @DESC_EXT_U@ 
+.Os BSD 4
+.Sh NAME
+.Nm mailaddr 
+.Nd mail addressing description
+.Sh DESCRIPTION
+Mail addresses are based on the ARPANET protocol listed at the end of this
+manual page.  These addresses are in the general format
+.Pp
+.Bd -ragged -offset indent-two
+.Li user@domain
+.Ed
+.Pp
+where a domain is a hierarchical, dot-separated list of subdomains.  For
+example, the address
+.Pp
+.Bd -ragged -offset indent-two
+.Li eric@monet.berkeley.edu
+.Ed
+.Pp
+is normally interpreted from right to left: the message should go to the
+ARPA name tables (which do not correspond exactly to the physical ARPANET),
+then to the Berkeley gateway, after which it should go to the local host
+.Dq Li monet .  
+When the message reaches 
+.Li monet , 
+it is delivered to the user 
+.Dq Li eric .
+.Pp
+Unlike some other forms of addressing, this does not imply any routing.
+Thus, although this address is specified as an ARPA address, it might
+travel by an alternate route if that were more convenient or efficient.
+For example, at Berkeley, the associated message would probably go directly
+to 
+.Li monet 
+over the Ethernet rather than going via the Berkeley ARPANET gateway.
+.Ss Abbreviation
+.Pp
+Under certain circumstances, it may not be necessary to type the entire
+domain name.  In general, anything following the first dot may be omitted
+if it is the same as the domain from which you are sending the message.
+For example, a user on 
+.Dq Li calder.berkeley.edu 
+could send to 
+.Dq Li eric@monet
+without adding the 
+.Dq Li berkeley.edu 
+since it is the same on both sending and receiving hosts.
+.Pp
+Certain other abbreviations may be permitted as special cases.  For
+example, at Berkeley, ARPANET hosts may be referenced without adding the 
+.Dq Li berkeley.edu 
+as long as their names do not conflict with a local host name.
+.Ss Compatibility
+.Pp
+Certain old address formats are converted to the new format to provide
+compatibility with the previous mail system.  In particular,
+.Bd -ragged -offset indent-two
+.Li user@host.ARPA
+.Ed
+.Pp
+is allowed and
+.Bd -ragged -offset indent-two
+.Li host:user
+.Ed
+.Pp
+is converted to
+.Bd -ragged -offset indent-two
+.Li user@host
+.Ed
+.Pp
+in order to be consistent with the 
+.Xr rcp @CMD_EXT@ 
+command.
+.Pp
+Also, the syntax
+.Bd -ragged -offset indent-two
+.Li host!user
+.Ed
+.Pp
+is converted to:
+.Bd -ragged -offset indent-two
+.Li user@host.UUCP
+.Ed
+.Pp
+This is normally converted back to the 
+.Dq Li host!user 
+form before being sent on, for compatibility with older UUCP hosts.
+.Pp
+The current implementation is not able to route messages automatically through
+the UUCP network.  Until that time you must explicitly tell the mail system
+which hosts to send your message through to get to your final destination.
+.Ss Case Distinctions
+.Pp
+Domain names (i.e., anything after the 
+.Dq Li @ 
+sign) may be given in any mixture
+of upper and lower case with the exception of UUCP hostnames.  Most hosts
+accept any combination of case in user names, with the notable exception of
+MULTICS sites.
+.Ss Route-addrs.
+.Pp
+Under some circumstances it may be necessary to route a message through
+several hosts to get it to the final destination.  Normally this routing
+is done automatically, but sometimes it is desirable to route the message
+manually.  Addresses which show these relays are termed 
+.Dq route-addrs.
+These use the syntax:
+.Bd -ragged -offset indent-two
+.Li <@hosta,@hostb:user@hostc>
+.Ed
+.Pp
+This specifies that the message should be sent to 
+.Li hosta , 
+from there to 
+.Li hostb ,
+and finally to 
+.Li hostc .  
+This path is forced even if there is a more efficient path to 
+.Li hostc .
+.Pp
+Route-addrs occur frequently on return addresses, since these are generally
+augmented by the software at each host.  It is generally possible to ignore
+all but the 
+.Dq Li user@domain 
+part of the address to determine the actual sender.
+.Ss Postmaster
+.Pp
+Every site is required to have a user or user alias designated 
+.Dq Li postmaster
+to which problems with the mail system may be addressed.
+.Ss Other Networks
+.Pp
+Some other networks can be reached by giving the name of the network as the
+last component of the domain.  
+.Em This is not a standard feature
+and may
+.Em not 
+be supported at all sites.  For example, messages to CSNET or BITNET sites
+can often be sent to 
+.Dq Li user@host.CSNET 
+or 
+.Dq Li user@host.BITNET , 
+respectively.
+.Sh BUGS
+The RFC822 group syntax 
+.Pq Dq Li group:user1,user2,user3; 
+is not supported except in the special case of 
+.Dq LI group:; 
+because of a conflict with old berknet-style addresses.
+.Pp
+Route-Address syntax is grotty.
+.Pp
+UUCP- and ARPANET-style addresses do not coexist politely.
+.Sh SEE ALSO
+.Xr mail @CMD_EXT@ , 
+.Xr sendmail @SYS_OPS_EXT@ ;
+Crocker, D. H., RFC822, 
+.Do
+Standard for the Format of Arpa Internet Text Messages
+.Dc .
diff --git a/contrib/bind/doc/man/mkdep.1 b/contrib/bind/doc/man/mkdep.1
new file mode 100644
index 0000000..177ab1a
--- /dev/null
+++ b/contrib/bind/doc/man/mkdep.1
@@ -0,0 +1,84 @@
+.\" Copyright (c) 1987 Regents of the University of California.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms are permitted
+.\" provided that the above copyright notice and this paragraph are
+.\" duplicated in all such forms and that any documentation,
+.\" advertising materials, and other materials related to such
+.\" distribution and use acknowledge that the software was developed
+.\" by the University of California, Berkeley.  The name of the
+.\" University may not be used to endorse or promote products derived
+.\" from this software without specific prior written permission.
+.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+.\" WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+.\"
+.\"	@(#)mkdep.1	5.8 (Berkeley) 10/24/88
+.\"
+.Dd October 24, 1988
+.Dt MKDEP @CMD_EXT_U@
+.Os BSD 4
+.Sh NAME
+.Nm mkdep 
+.Nd construct Makefile dependency list
+.Sh SYNOPSIS
+.Nm mkdep
+.Op Fl ap
+.Op Fl f Ar depend_file
+.Op Ar flags 
+.Ar file ...
+.Sh DESCRIPTION
+.Ic Mkdep
+takes a set of flags for the C compiler and a list
+of C source files as arguments and constructs a set of 
+.Li include
+file dependencies which are written into the file 
+.Pa depend_file ,
+or 
+.Dq Pa .depend 
+by default.  An example of its use in a 
+.Pa Makefile 
+might be:
+.Bd -literal -offset indent
+CFLAGS= -O -DDEBUG -I../include -I.
+SRCS= file1.c file2.c
+
+depend:
+	mkdep ${CFLAGS} ${SRCS}
+.Ed
+.Pp
+where the macro 
+.Dq Li SRCS 
+is the list of C source files and the macro
+.Dq Li CFLAGS 
+is the list of flags for the C compiler.
+.Pp
+If the 
+.Dq Fl p 
+option is provided, 
+.Ic mkdep 
+produces dependencies
+of the form 
+.Dq Li program: program.c 
+so that subsequent calls to 
+.Xr make @CMD_EXT@ 
+will produce 
+.Dq Pa program 
+directly from its C module rather than using an intermediate 
+.Dq Pa \&.o 
+module.  This is useful in directories which
+contain many programs, each of whose source is contained in a single
+C module.  
+.Pp 
+The 
+.Dq Fl a 
+option causes appending to the output file, so that multiple 
+.Xo Ic mkdep 
+.Ns 's 
+.Xc
+may be run from a single 
+.Pa Makefile .
+.Sh SEE ALSO
+.Xr cc @CMD_EXT@ , 
+.Xr cpp @CMD_EXT@ , 
+.Xr make @CMD_EXT@ .
diff --git a/contrib/bind/doc/man/named-xfer.8 b/contrib/bind/doc/man/named-xfer.8
new file mode 100644
index 0000000..766d583
--- /dev/null
+++ b/contrib/bind/doc/man/named-xfer.8
@@ -0,0 +1,147 @@
+.\" ++Copyright++ 1985
+.\" -
+.\" Copyright (c) 1985
+.\"    The Regents of the University of California.  All rights reserved.
+.\" 
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\" 	This product includes software developed by the University of
+.\" 	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\" 
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\" -
+.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
+.\" 
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies, and that
+.\" the name of Digital Equipment Corporation not be used in advertising or
+.\" publicity pertaining to distribution of the document or software without
+.\" specific, written prior permission.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
+.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS.   IN NO EVENT SHALL DIGITAL EQUIPMENT
+.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+.\" SOFTWARE.
+.\" -
+.\" --Copyright--
+.\"
+.\"	from named.8	6.6 (Berkeley) 2/14/89
+.\"
+.Dd June 26, 1993
+.Dt @XFER_INDOT_U@NAMED-XFER @SYS_OPS_EXT_U@ 
+.Os BSD 4
+.Sh NAME
+.Nm @XFER_INDOT@named-xfer 
+.Nd ancillary agent for inbound zone transfers
+.Sh SYNOPSIS
+.Nm named-xfer
+.Fl z Ar zone_to_transfer
+.Fl f Ar db_file
+.Fl s Ar serial_no
+.Op Fl d Ar debuglevel
+.Op Fl l Ar debug_log_file
+.Op Fl t Ar trace_file
+.Op Fl p Ar port#
+.Op Fl S 
+.Ar nameserver ...
+.Sh DESCRIPTION
+.Ic Named-xfer
+is an ancillary program executed by
+.Xr @INDOT@named @SYS_OPS_EXT@
+to perform an inbound zone transfer.  It is rarely executed directly, and then
+only by system administrators who are trying to debug a zone transfer problem.
+See RFC's 1033, 1034, and 1035 for more information on the Internet
+name-domain system.
+.Pp
+Options are:
+.Bl -tag -width Fl
+.It Fl z Ar zone_to_transfer
+specifies the name of the zone to be transferred.
+.It Fl f Ar db_file
+specifies the name of the 
+.Ar db_file 
+into which the zone should be dumped
+when it is received from the primary server.
+.It Fl s Ar serial_no
+specifies the serial number of our current copy of this zone.  If the
+.Sy SOA RR 
+we get from the primary server does not have a serial
+number higher than this, the transfer will be aborted.
+.It Fl d Ar debuglevel
+Print debugging information.
+The 
+.Ar debuglevel 
+is a number determines the level of messages printed.
+.It Fl l Ar debug_log_file
+Specifies a log file for debugging messages.  The default is system- 
+dependent but is usually in
+.Pa /var/tmp
+or
+.Pa /usr/tmp .
+Note that this only applies if
+.Dq Fl d
+is also specified.
+.It Fl t Ar trace_file
+Specifies a 
+.Ar trace_file 
+which will contain a protocol trace of the zone
+transfer.  This is probably only of interest to people debugging the name
+server itself.
+.It Fl p Ar port#
+Use a different port number.  The default is the standard port number
+as returned by 
+.Xr getservbyname @LIB_NETWORK_EXT@  
+for the service 
+.Dq Li domain .
+.It Fl S
+Perform a restricted transfer of only the SOA, NS records and glue A records
+for the zone. The SOA record will not be loaded by 
+.Xr @INDOT@named @SYS_OPS_EXT@
+but will be used to
+determine when to verify the NS records.  See the 
+.Dq Li stubs 
+directive in
+.Xr @INDOT@named @SYS_OPS_EXT@
+for more information.
+.El
+.Pp
+Additional arguments are taken as name server addresses in so-called
+.Dq dotted-quad 
+syntax 
+.Em only; 
+no host name are allowed here.  At least one address must be specified.  
+Any additional addresses will be tried, in order, if the first one fails 
+to transfer to us successfully.
+.Sh SEE ALSO
+.Xr hostname @DESC_EXT@ ,
+.Xr @INDOT@named @SYS_OPS_EXT@ ,
+.Xr resolver @LIB_NETWORK_EXT@ ,
+.Xr resolver @FORMAT_EXT@ ,
+RFC 882, RFC 883, RFC 973, RFC 974, RFC 1033, RFC 1034, RFC 1035, RFC 1123,
+.Dq Name Server Operations Guide for Sy BIND .
diff --git a/contrib/bind/doc/man/named.8 b/contrib/bind/doc/man/named.8
new file mode 100644
index 0000000..e3c0b82
--- /dev/null
+++ b/contrib/bind/doc/man/named.8
@@ -0,0 +1,417 @@
+.\" ++Copyright++ 1985, 1996
+.\" -
+.\" Copyright (c) 1985, 1996
+.\"    The Regents of the University of California.  All rights reserved.
+.\" 
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\" 	This product includes software developed by the University of
+.\" 	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\" 
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\" -
+.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
+.\" 
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies, and that
+.\" the name of Digital Equipment Corporation not be used in advertising or
+.\" publicity pertaining to distribution of the document or software without
+.\" specific, written prior permission.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
+.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS.   IN NO EVENT SHALL DIGITAL EQUIPMENT
+.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+.\" SOFTWARE.
+.\" -
+.\" --Copyright--
+.\"
+.\"	@(#)named.8	6.6 (Berkeley) 2/14/89
+.\"
+.Dd February 1, 1996
+.Dt @INDOT_U@NAMED @SYS_OPS_EXT_U@ 
+.Os BSD 4
+.Sh NAME
+.Nm @INDOT@named 
+.Nd Internet domain name server (DNS)
+.Sh SYNOPSIS
+.Nm @INDOT@NAMED
+.Op Fl d Ar debuglevel
+.Op Fl p Ar port# 
+.Oo Fl Po 
+.Cm b Ns \&| Ns Cm c
+.Pc
+.Ar config_file
+.Oc
+.Op Fl f q r
+.Op Fl w Ar directory
+.Op Ar config_file
+.Sh DESCRIPTION
+.Ic Named
+is the Internet domain name server.
+See RFC's 1033, 1034, and 1035 for more information on the Internet
+name-domain system.  Without any arguments,
+.Ic named
+will read the default configuration file
+.Pa /etc/named.conf ,
+read any initial data, and listen for queries.  A 
+.Ar config_file
+argument given at the end of the command line will override any
+.Ar config_file
+specified by using the
+.Dq Fl b
+or
+.Dq Fl c
+flags.
+.Pp
+.Sy NOTE:
+Several of 
+.Nm named Ns 's
+options, and much more of its behaviour, can be controlled in the configuration 
+file.  Please refer to the configuration file guide included with this 
+.Sy BIND
+distribution for further information.
+.Pp
+Options are:
+.Bl -tag -width Fl
+.It Fl d Ar debuglevel
+Print debugging information.
+The 
+.Ar debuglevel 
+is a number determines the level of messages printed.  If negative,
+.Ar debuglevel
+is set to 
+.Dq 1 .
+.Pp
+.Sy NOTE:
+The new debugging framework is considerably more sophisticated than it
+was in older versions of 
+.Nm @INDOT@NAMED .
+The configuration file's
+.Dq Li logging
+statement allows for multiple, distinct levels of debugging for each of
+a large set of categories of events (such as queries, transfers in or out,
+etc.).  Please refer to the configuration file guide included with this 
+.Sy BIND
+distribution for further information about these extensive new capabilities.
+.It Fl p Ar port#
+Use the specified remote port number; this is the port number to which 
+.Nm @INDOT@NAMED
+will send queries.  The default value is the standard port number, i.e.,
+the port number returned by 
+.Xr getservbyname @LIB_NETWORK_EXT@ 
+for service 
+.Dq Li domain .
+.Pp
+.Sy NOTE:
+Previously, the syntax
+.Dq Fl p Ar port# Ns Op Ar \&/localport#
+was supported; the first port was that used when contacting 
+.Em remote 
+servers, and the second one was the service port bound by the 
+.Em local 
+instance of
+.Nm @INDOT_U@NAMED .
+The current usage is equivalent to the old usage without the 
+.Ar localport#
+specified; this functionality can be specified with the 
+.Dq Li listen-on
+clause of the configuration file's
+.Dq Li options
+statement.
+.It Xo Fl Po 
+.Cm b Ns \&| Ns Cm c
+.Pc Ar config_file
+.Xc
+Use an alternate 
+.Ar config_file ;
+this argument is overridden by any 
+.Ar config_file
+which is specified at the end of the command line.
+The default value is
+.Pa /etc/named.conf .
+.It Fl f
+Run this process in the foreground; don't 
+.Xr fork @SYSCALL_EXT@
+and daemonize.  (The default is to daemonize.)
+.It Fl q
+Trace all incoming queries if 
+.Nm @INDOT_U@NAMED 
+has been compiled with
+.Li QRYLOG 
+defined.  
+.Pp
+.Sy NOTE: 
+This option is deprecated in favor of the
+.Dq Li queries
+.Em logging category 
+of the configuration file's
+.Dq Li logging 
+statement; for more information, please refer to the configuration file guide 
+included with this distribution of 
+.Sy BIND .
+.It Fl r
+Turns recursion off in the server.  Answers can come only from local
+(primary or secondary) zones.  This can be used on root servers.
+The default is to use recursion.
+.Pp
+.Sy NOTE: 
+This option can be overridden by and is deprecated in favor of the
+.Dq Li recursion 
+clause of the configuration file's
+.Dq Li options
+statement.
+.It Fl w Ar directory
+Sets the working directory of the server.  The
+.Dq Li directory 
+clause of the configuration file's
+.Dq Li options
+statement overrides any value specified on the command line.
+The default working directory is the current directory
+.Pq Dq \&. .
+.El
+.Pp
+Any additional argument is taken as the name of the configuration file, for
+compatibility with older implementations; as noted above, this argument
+overrides any
+.Ar config_file
+specified by the use of the
+.Dq Fl b
+or 
+.Dq Fl c
+flags.  If no further argument is given, then the default configuration file
+is used
+.Pq Pa /etc/named.conf .
+.Ss Master File Format
+The master file consists of control information and a list of resource
+records for objects in the zone of the forms:
+.Bd -literal -offset indent
+$INCLUDE <filename> <opt_domain>
+$ORIGIN <domain>
+<domain> <opt_ttl> <opt_class> <type> <resource_record_data>
+.Ed
+.Pp
+where:
+.Bl -tag -width "opt_domain  " 
+.It Ar domain
+is 
+.Dq Li \&. 
+for root, 
+.Dq Li @ 
+for the current origin, or a standard domain name. If
+.Ar domain
+is a standard domain name that does 
+.Em not 
+end with 
+.Dq Li \&. , 
+the current origin is appended to the domain. Domain names ending with 
+.Dq Li \&.
+are unmodified.
+.It Ar opt_domain
+This field is used to define an origin for the data in an included file.
+It is equivalent to placing an 
+.Li $ORIGIN 
+statement before the first line of the included file.  The field is optional.
+Neither the 
+.Ar opt_domain
+field nor 
+.Li $ORIGIN 
+statements in the included file modify the current origin for this file.
+.It Ar opt_ttl
+An optional integer number for the time-to-live field.
+It defaults to zero, meaning the minimum value specified in the SOA
+record for the zone.
+.It Ar opt_class
+The object address type; currently only one type is supported,
+.Dv IN ,
+for objects connected to the DARPA Internet. 
+.It Ar type
+This field contains one of the following tokens; the data expected in the
+.Ar resource_record_data
+field is in parentheses:
+.Bl -tag -width "HINFO    "  -offset indent
+.It Dv A
+a host address (dotted-quad IP address)
+.It Dv NS
+an authoritative name server (domain)
+.It Dv MX
+a mail exchanger (domain), preceded by a preference value (0..32767),
+with lower numeric values representing higher logical preferences.
+.It Dv CNAME
+the canonical name for an alias (domain)
+.It Dv SOA
+marks the start of a zone of authority (domain of originating host,
+domain address of maintainer, a serial number and the following
+parameters in seconds: refresh, retry, expire and minimum TTL (see RFC 883)).
+.It Dv NULL
+a null resource record (no format or data)
+.It Dv RP
+a Responsible Person for some domain name (mailbox, TXT-referral)
+.It Dv PTR
+a domain name pointer (domain)
+.It Dv HINFO
+host information (cpu_type OS_type)
+.El
+.El
+.Pp
+Resource records normally end at the end of a line,
+but may be continued across lines between opening and closing parentheses.
+Comments are introduced by semicolons and continue to the end of the line.
+.Pp
+.Sy NOTE:
+There are other resource record types not shown here.  You should
+consult the 
+.Sy BIND 
+Operations Guide 
+.Pq Dq BOG 
+for the complete
+list.  Some resource record types may have been standardized in newer RFC's
+but not yet implemented in this version of 
+.Sy BIND .
+.Ss SOA Record Format
+Each master zone file should begin with an SOA record for the zone.
+An example SOA record is as follows:
+.Bd -literal
+@	IN	SOA	ucbvax.Berkeley.EDU. rwh.ucbvax.Berkeley.EDU. (
+				1989020501	; serial
+				10800	; refresh
+				3600	; retry
+				3600000	; expire
+				86400 )	; minimum
+.Ed
+.Pp
+The SOA specifies a serial number, which should be changed each time the
+master file is changed.  Note that the serial number can be given as a
+dotted number, but this is a 
+.Em very 
+unwise thing to do since the
+translation to normal integers is via concatenation rather than
+multiplication and addition.  You can spell out the year, month, day of
+month, and 0..99 version number and still fit inside the unsigned 32-bit
+size of this field.  (It's true that we will have to rethink this strategy in
+the year 4294, but we're not worried about it.)
+.Pp
+Secondary servers
+check the serial number at intervals specified by the refresh time in
+seconds; if the serial number changes, a zone transfer will be done to load
+the new data.  If a master server cannot be contacted when a refresh is due,
+the retry time specifies the interval at which refreshes should be attempted.
+If a master server cannot be contacted within the interval given by the
+expire time, all data from the zone is discarded by secondary servers.  The
+minimum value is the time-to-live 
+.Pq Dq TTL 
+used by records in the file with no explicit time-to-live value.
+.Sh NOTES
+The boot file directives 
+.Dq Li domain 
+and 
+.Dq Li suffixes 
+have been
+obsoleted by a more useful, resolver-based implementation of
+suffixing for partially-qualified domain names.  The prior mechanisms
+could fail under a number of situations, especially when then local
+nameserver did not have complete information.
+.Pp
+The following signals have the specified effect when sent to the
+server process using the
+.Xr kill @CMD_EXT@
+command:
+.Pp
+.Bl -tag -width "SIGWINCH" 
+.It Dv SIGHUP
+Causes server to read 
+.Pa named.conf 
+and reload the database.  If the server
+is built with the 
+.Li FORCED_RELOAD 
+compile-time option, then 
+.Dv SIGHUP 
+will
+also cause the server to check the serial number on all secondary zones;
+normally, the serial numbers are only checked at the SOA-specified intervals.
+.It Dv SIGINT
+Dumps the current data base and cache to 
+.Dq Pa /var/tmp/named_dump.db 
+or the value of 
+.Dv _PATH_DUMPFILE .
+.It Dv SIGILL
+Dumps statistics data into 
+.Pa named.stats 
+if the server is compiled with 
+.Li -DSTATS .  
+Statistics data is appended to the file.
+.It Dv SIGSYS
+Dumps the profiling data in 
+.Pa /var/tmp 
+if the server is compiled with profiling (server forks, chdirs and exits).
+.It Dv SIGTERM
+Dumps the primary and secondary database files.
+Used to save modified data on shutdown if the
+server is compiled with dynamic updating enabled.
+.It Dv SIGUSR1
+Turns on debugging; each 
+.Dv SIGUSR1 
+increments debug level.
+.Po Dv SIGEMT 
+on older systems without 
+.Dv SIGUSR1 .
+.Pc 
+.It Dv SIGUSR2
+Turns off debugging completely.
+.Po Dv SIGFPE 
+on older systems without 
+.Dv SIGUSR2 .
+.Pc
+.It Dv SIGWINCH
+Toggles logging of all incoming queries via 
+.Xr syslog @SYS_OPS_EXT@
+(requires server to have been built with the 
+.Li QRYLOG 
+option).
+.Sh FILES
+.Bl -tag -width "/var/tmp/named_dump.db (_PATH_DUMPFILE)   " -compact
+.It Pa /etc/named.conf
+default name server configuration file
+.It Pa /var/run/named.pid Pq Dv _PATH_PIDFILE
+the process id 
+.It Pa /var/tmp/named_dump.db Pq Dv _PATH_DUMPFILE
+dump of the name server database
+.It Pa /var/tmp/named.run Pq file:  Dv _PATH_DEBUG
+debug output
+.It Pa /var/tmp/named.stats Pq file:  Dv _PATH_STATS
+nameserver statistics data
+.El
+.Sh SEE ALSO
+.Xr gethostbyname @LIB_NETWORK_EXT@ ,
+.Xr hostname @DESC_EXT@ ,
+.Xr kill @CMD_EXT@ ,
+.Xr resolver @LIB_NETWORK_EXT@ , 
+.Xr resolver @FORMAT_EXT@ , 
+.Xr signal @SYSCALL_EXT@ ,
+RFC 882, RFC 883, RFC 973, RFC 974, RFC 1033, RFC 1034, RFC 1035, RFC 1123,
+.Dq Name Server Operations Guide for Sy BIND
diff --git a/contrib/bind/doc/man/ndc.8 b/contrib/bind/doc/man/ndc.8
new file mode 100644
index 0000000..247ef96
--- /dev/null
+++ b/contrib/bind/doc/man/ndc.8
@@ -0,0 +1,142 @@
+.\" Copyright (c) 1994
+.\"    The Regents of the University of California.  All rights reserved.
+.\" 
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\" 	This product includes software developed by the University of
+.\" 	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\" 
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.Dd November 27, 1994
+.Dt @INDOT_U@NDC @SYS_OPS_EXT_U@ 
+.Os BSD 4
+.Sh NAME
+.Nm @INDOT@ndc 
+.Nd name daemon control interface
+.Sh SYNOPSIS
+.Nm @INDOT@ndc
+.Ar directive
+.Op Ar ... 
+.Sh DESCRIPTION
+This command allows the name server administrator to send various signals
+to the name server, or to restart it.  Zero or more directives may be given,
+from the following list:
+.Bl -tag -width "querylog"
+.It Ic status
+Displays the current status of
+.Xr @INDOT@named @SYS_OPS_EXT@
+as shown by
+.Xr ps @CMD_EXT@ .
+.It Ic dumpdb
+Causes
+.Ic @INDOT@named
+to dump its database and cache to
+.Pa /var/tmp/named_dump.db
+(uses the 
+.Dv INT 
+signal.)
+.It Ic reload
+Causes
+.Ic @INDOT@named
+to check the serial numbers of all primary and secondary zones
+and to reload those that have changed (uses the 
+.Dv HUP 
+signal.)
+.It Ic stats
+Causes
+.Ic @INDOT@named
+to dump its statistics to
+.Pa /var/tmp/named.stats
+(uses the 
+.Dv IOT 
+or 
+.Dv ABRT 
+signal.)
+.It Ic trace
+Causes
+.Ic @INDOT@named
+to increment its 
+.Dq tracing level 
+by one.  Whenever the tracing level
+is nonzero, trace information will be written to
+.Pa /var/tmp/named.run .
+Higher tracing levels result in more detailed information.
+(Uses the 
+.Dv USR1 
+signal.)
+.It Ic notrace
+Causes
+.Ic @INDOT@named
+to set its 
+.Dq tracing level 
+to zero, closing 
+.Pa /var/tmp/named.run , 
+if it is open (uses the 
+.Dv USR2 
+signal.)
+.It Ic querylog
+Causes
+.Ic @INDOT@named
+to toggle the 
+.Dq query logging 
+feature, which while on will result in a
+.Xr syslog @SYSCALL_EXT@
+of each incoming query (uses the 
+.Dv WINCH 
+signal.)  Note that query logging
+consumes quite a lot of log file space.  This directive may also be given as
+.Ic qrylog .
+.It Ic start
+Causes
+.Ic @INDOT@named
+to be started, as long as it isn't already running.
+.It Ic stop
+Causes
+.Ic @INDOT@named
+to be stopped, if it is running.
+.It Ic restart
+Causes
+.Ic @INDOT@named
+to be killed and restarted.
+.El
+.Sh BUGS
+Arguments to
+.Ic @INDOT@named
+are not preserved by
+.Ic restart ,
+or known by
+.Ic start .
+.Pp
+Some mechanism for controlling the parameters and environment should exist.
+.Pp
+Implemented as a
+.Xr sh @CMD_EXT@
+script.
+.Sh AUTHOR
+Paul Vixie (Internet Software Consortium)
+.Sh SEE ALSO
+.Xr @INDOT@named @SYS_OPS_EXT@ ,
+.Xr @INDOT@named.reload @SYS_OPS_EXT@ ,
+.Xr @INDOT@named.restart @SYS_OPS_EXT@ .
diff --git a/contrib/bind/doc/man/nslookup.8 b/contrib/bind/doc/man/nslookup.8
new file mode 100644
index 0000000..5ba1850
--- /dev/null
+++ b/contrib/bind/doc/man/nslookup.8
@@ -0,0 +1,534 @@
+.\"
+.\" ++Copyright++ 1985, 1989
+.\" -
+.\" Copyright (c) 1985, 1989
+.\"    The Regents of the University of California.  All rights reserved.
+.\" 
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\" 	This product includes software developed by the University of
+.\" 	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\" 
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\" -
+.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
+.\" 
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies, and that
+.\" the name of Digital Equipment Corporation not be used in advertising or
+.\" publicity pertaining to distribution of the document or software without
+.\" specific, written prior permission.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
+.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS.   IN NO EVENT SHALL DIGITAL EQUIPMENT
+.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+.\" SOFTWARE.
+.\" -
+.\" --Copyright--
+.\"
+.\"	@(#)nslookup.8	5.3 (Berkeley) 6/24/90
+.\"
+.Dd June 24, 1990
+.Dt NSLOOKUP @SYS_OPS_EXT_U@ 
+.Os BSD 4
+.Sh NAME
+.Nm nslookup 
+.Nd query Internet name servers interactively
+.Sh SYNOPSIS
+.Nm nslookup
+.Op Fl option Ar ...
+.Op Ar host-to-find | Fl Op Ar server
+.Sh DESCRIPTION
+.Ic Nslookup
+is a program to query Internet domain name servers. 
+.Ic Nslookup 
+has two modes: interactive and non-interactive.
+Interactive mode allows the user to query name servers for
+information about various hosts and domains or to print a list of hosts 
+in a domain. 
+Non-interactive mode is used to print just the name and requested information
+for a host or domain.
+.Sh ARGUMENTS
+Interactive mode is entered in the following cases:
+.Bl -tag -width "a)  " 
+.It a)
+when no arguments are given (the default name server will be used),
+.It b)
+when the first argument is a hyphen (-) and the second argument
+is the host name or Internet address of a name server.
+.El
+.Pp
+Non-interactive mode is used when the name or Internet address 
+of the host to be looked up
+is given as the first argument. The optional second argument specifies
+the host name or address of a name server.
+.Pp
+The options listed under the 
+.Dq Li set 
+command below can be specified in
+the 
+.Pa .nslookuprc 
+file in the user's home directory if they are listed 
+one per line.  Options can also be specified
+on the command line if they precede the arguments and are prefixed with
+a hyphen.  For example, to change the default query type to host information,
+and the initial timeout to 10 seconds, type:
+.Bd -literal -offset indent
+	nslookup -query=hinfo  -timeout=10
+.Ed
+.Sh INTERACTIVE COMMANDS
+Commands may be interrupted at any time by typing a control-C.
+To exit, type a control-D 
+.Pq Dv EOF 
+or type 
+.Li exit .
+The command line length must be less than 256 characters.
+To treat a built-in command as a host name, 
+precede it with an escape character 
+.Pq .&\\ . 
+.Sy N.B.:  An unrecognized command will be interpreted as a host name.
+.Bl -tag -width "lserver" 
+.It Ar host Op Ar server
+Look up information for 
+.Ar host 
+using the current default server or using 
+.Ar server , 
+if specified.
+If 
+.Ar host 
+is an Internet address and the query type is 
+.Dv A 
+or 
+.Dv PTR , 
+the name of the host is returned.
+If 
+.Ar host 
+is a name and does not have a trailing period, the default 
+domain name is appended to the name.  (This behavior depends on the state of the
+.Ic set
+options 
+.Ic domain , srchlist , defname , 
+and 
+.Ic search . )
+.Pp
+To look up a host not in the current domain, append a period to 
+the name.
+.It Ic server Ar domain
+.It Ic lserver Ar domain
+Change the default server to 
+.Ar domain ; 
+.Ic lserver 
+uses the initial server to look up information about 
+.Ar domain ,
+while 
+.Ic server
+uses the current default server. 
+If an authoritative answer can't be found, the names of servers
+that might have the answer are returned.
+.It Ic root
+Changes the default server to the server for the root of the domain name space.
+Currently, the host 
+.Li ns.internic.net 
+is used.
+(This command is a synonym for 
+.Dq Ic lserver ns.internic.net . )
+The name of the root server can be changed with the 
+.Dq Ic set root 
+command.
+.It Xo Ic finger Op Ar name 
+.Op Ic > Ar filename
+.Xc
+.It Xo Ic finger Op Ar name 
+.Op Ic >> Ar filename
+.Xc
+Connects with the finger server on the current host. 
+The current host is defined when a previous lookup for a host
+was successful and returned address information (see the 
+.Dq Ic set querytype=A 
+command).
+The 
+.Ar name 
+is optional. 
+.Ic > 
+and 
+.Ic >> 
+can be used to redirect output in the usual manner.
+.It Xo Ic ls Op Ar option 
+.Ar domain Op Ic > Ar filename
+.Xc
+.It Xo Ic ls Op Ar option 
+.Ar domain Op Ic >> Ar filename
+.Xc
+List the information available for 
+.Ar domain , 
+optionally creating or appending to 
+.Ar filename .
+The default output contains host names and their Internet addresses. 
+.Ar Option 
+can be one of the following:
+.Bl -tag -width "-a  "
+.It Fl t Ar querytype
+lists all records of the specified type (see 
+.Ar querytype 
+below).
+.It Fl a
+lists aliases of hosts in the domain;
+synonym for 
+.Dq Fl t Dv CNAME .
+.It Fl d
+lists all records for the domain;
+synonym for 
+.Dq Fl t Dv ANY .
+.It Fl h
+lists CPU and operating system information for the domain;
+synonym for 
+.Dq Fl t Dv HINFO .
+.It Fl s
+lists well-known services of hosts in the domain;
+synonym for 
+.Dq Fl t Dv WKS .
+.El
+.Pp
+When output is directed to a file, hash marks are printed for every
+50 records received from the server.
+.It Ic view Ar filename
+Sorts and lists the output of previous 
+.Ic ls 
+command(s) with 
+.Xr more @CMD_EXT@ .
+.It Ic help
+.It Ic ?
+Prints a brief summary of commands.
+.It Ic exit
+Exits the program.
+.It Xo Ic set Ar keyword 
+.Ns Op = Ns Ar value
+.Xc
+This command is used to change state information that affects the lookups.
+Valid keywords are:
+.Bl -tag -width "class=v"
+.It Ic all
+Prints the current values of the frequently-used options to 
+.Ic set .
+Information about the  current default server and host is also printed.
+.It Ic class= Ns Ar value
+Change the query class to one of:
+.Bl -tag -width "HESIOD  "
+.It Dv IN
+the Internet class
+.It Dv CHAOS
+the Chaos class
+.It Dv HESIOD
+the MIT Athena Hesiod class
+.It Dv ANY
+wildcard (any of the above)
+.El
+.Pp
+The class specifies the protocol group of the information.
+.Pp
+(Default = 
+.Dv IN ; 
+abbreviation = 
+.Ic cl )
+.It Xo Op Ic no 
+.Ns Ic debug
+.Xc
+Turn debugging mode on.  A lot more information is printed about the
+packet sent to the server and the resulting answer.
+.Pp
+(Default = 
+.Ic nodebug ; 
+abbreviation = 
+.Xo Op Ic no
+.Ns Ic deb )
+.Xc
+.It Xo Op Ic no 
+.Ns Ic d2
+.Xc
+Turn exhaustive debugging mode on.
+Essentially all fields of every packet are printed.
+.Pp
+(Default = 
+.Ic nod2 )
+.It Ic domain= Ns Ar name
+Change the default domain name to 
+.Ar name . 
+The default domain name is appended to a lookup request depending on the
+state of the 
+.Ic defname 
+and 
+.Ic search 
+options.
+The domain search list contains the parents of the default domain if it has 
+at least two components in its name. 
+For example, if the default domain
+is CC.Berkeley.EDU, the search list is CC.Berkeley.EDU and Berkeley.EDU.
+Use the 
+.Dq Ic set srchlist 
+command to specify a different list.
+Use the 
+.Dq Ic set all 
+command to display the list.
+.Pp
+(Default = value from 
+.Xr hostname @CMD_EXT@ , 
+.Pa /etc/resolv.conf ,
+or 
+.Ev LOCALDOMAIN;
+abbreviation = 
+.Ic do )
+.It Ic srchlist= Ns Ar name1/name2/...
+Change the default domain name to 
+.Ar name1 
+and the domain search list
+to 
+.Ar name1 , name2 , 
+etc.  A maximum of 6 names separated by slashes (/)
+can be specified.
+For example,
+.Bd -literal -offset indent
+set srchlist=lcs.MIT.EDU/ai.MIT.EDU/MIT.EDU
+.Ed
+.Pp
+sets the domain to lcs.MIT.EDU and the search list to the three names.
+This command overrides the
+default domain name and search list of the 
+.Dq Ic set domain 
+command.
+Use the 
+.Dq Ic set all 
+command to display the list.
+.Pp
+(Default = value based on 
+.Xr hostname @CMD_EXT@ , 
+.Pa /etc/resolv.conf ,
+or 
+.Ev LOCALDOMAIN;
+abbreviation = 
+.Ic srchl )
+.It Xo Op Ic no
+.Ns Ic defname
+.Xc
+If set, append the default domain name to a single-component lookup request 
+(i.e., one that does not contain a period).
+.Pp
+(Default = 
+.Ic defname ; 
+abbreviation = 
+.Xo Op Ic no
+.Ns Ic defname )
+.Xc
+.It Xo Op Ic no 
+.Ns Ic search
+.Xc
+If the lookup request contains at least one period but 
+.Em doesn't 
+end with a trailing period, append the domain names in the domain search list
+to the request until an answer is received.
+.Pp
+(Default = 
+.Ic search ; 
+abbreviation = 
+.Xo Op Ic no 
+.Ns Ic sea )
+.Xc
+.It Ic port= Ns Ar value
+Change the default TCP/UDP name server port to 
+.Ar value .
+.Pp
+(Default = 53; 
+abbreviation = 
+.Ic \&po )
+.It Ic querytype= Ns Ar value
+.It Ic type= Ns Ar value
+Change the type of information query to one of:
+.Bl -tag -width "HINFO   "
+.It Dv A
+the host's Internet address.
+.It Dv CNAME
+the canonical name for an alias.
+.It Dv HINFO
+the host CPU and operating system type.
+.It Dv MINFO
+the mailbox or mail list information.
+.It Dv MX
+the mail exchanger.
+.It Dv NS
+the name server for the named zone.
+.It Dv PTR
+the host name if the query is an Internet address;
+otherwise, the pointer to other information.
+.It Dv SOA
+the domain's 
+.Dq start-of-authority 
+information.
+.It Dv TXT
+the text information.
+.It Dv UINFO
+the user information.
+.It Dv WKS
+the supported well-known services.
+.El
+.Pp
+Other types 
+.Pq Dv ANY, AXFR, MB, MD, MF, NULL 
+are described in the RFC-1035 document.
+.Pp
+(Default = 
+.Dv A ; 
+abbreviations = 
+.Ic q , ty )
+.It Xo Op Ic no
+.Ns Ic recurse
+.Xc
+Tell the name server to query other servers if it does not have the
+information.
+.Pp
+(Default = 
+.Ic recurse ; 
+abbreviation =
+.Xo Op Ic no
+.Ns Ic rec )
+.Xc
+.It Ic retry= Ns Ar number
+Set the number of retries to 
+.Ar number .
+When a reply to a request is not received within a certain 
+amount of time (changed with 
+.Dq Ic set timeout ) , 
+the timeout period is doubled and the request is resent. 
+The retry value controls how many times a request is resent before giving up.
+.Pp
+(Default = 4, abbreviation = 
+.Ic ret )
+.It Ic root= Ns Ar host
+Change the name of the root server to 
+.Ar host . 
+This affects the 
+.Dq Ic root 
+command. 
+.Pp
+(Default = 
+.Ic ns.internic.net. ;
+abbreviation = 
+.Ic ro )
+.It Ic timeout= Ns Ar number
+Change the initial timeout interval for waiting for a reply to 
+.Ar number 
+seconds. Each retry doubles the timeout period.
+.Pp
+(Default = 5 seconds; abbreviation = 
+.Ic ti )
+.It Xo Op Ic no
+.Ns Ic vc
+.Xc
+Always use a virtual circuit when sending requests to the server.
+.Pp
+(Default = 
+.Ic novc ; 
+abbreviation = 
+.Xo Op Ic no
+.Ns Ic v )
+.Xc
+.It Xo Op Ic no
+.Ns Ic ignoretc
+.Xc 
+Ignore packet truncation errors.
+.Pp
+(Default = 
+.Ic noignoretc ; 
+abbreviation = 
+.Xo Op Ic no
+.Ns Ic ig )
+.Xc 
+.El
+.El
+.Sh DIAGNOSTICS
+If the lookup request was not successful, an error message is printed.
+Possible errors are:
+.Bl -tag -width "Timed"
+.It Li Timed out
+The server did not respond to a request after a certain amount of
+time (changed with 
+.Dq Ic set timeout= Ns Ar value ) 
+and a certain number of retries (changed with 
+.Dq Ic set retry= Ns Ar value ) .
+.It Li \&No response from server
+No name server is running on the server machine.
+.It Li \&No records
+The server does not have resource records of the current query type for the
+host, although the host name is valid.
+The query type is specified with the 
+.Dq Ic set querytype 
+command.
+.It Li Non-existent domain
+The host or domain name does not exist.
+.It Li Connection refused
+.It Li Network is unreachable
+The connection to the name or finger server could not be made 
+at the current time.
+This error commonly occurs with 
+.Ic ls 
+and 
+.Ic finger 
+requests. 
+.It Li Server failure
+The name server found an internal inconsistency in its database
+and could not return a valid answer.
+.It Li Refused
+The name server refused to service the request.
+.It Li Format error
+The name server found that the request packet was not in the proper format.
+It may indicate an error in 
+.Nm nslookup .
+.El
+.Sh FILES
+.Bl -tag -width "/usr/share/misc/nslookup.helpXXX" -compact
+.It Pa /etc/resolv.conf
+initial domain name and name server addresses
+.It Pa $HOME/.nslookuprc
+user's initial options
+.It Pa /usr/share/misc/nslookup.help
+summary of commands
+.Sh ENVIRONMENT
+.Bl -tag -width "HOSTALIASESXXXX" -compact
+.It Ev HOSTALIASES
+file containing host aliases
+.It Ev LOCALDOMAIN
+overrides default domain
+.Sh SEE ALSO
+.Xr @INDOT@named @SYS_OPS_EXT@ ,
+.Xr resolver @LIB_NETWORK_EXT@ , 
+.Xr resolver @FORMAT_EXT@ ;
+RFC-1034,
+.Dq Domain Names - Concepts and Facilities ;
+RFC-1035,
+.Dq Domain Names - Implementation and Specification .
+.Sh AUTHOR
+Andrew Cherenson
diff --git a/contrib/bind/doc/man/resolver.3 b/contrib/bind/doc/man/resolver.3
new file mode 100644
index 0000000..fe0c3f7
--- /dev/null
+++ b/contrib/bind/doc/man/resolver.3
@@ -0,0 +1,300 @@
+.\" Copyright (c) 1985, 1995 The Regents of the University of California.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms are permitted provided
+.\" that: (1) source distributions retain this entire copyright notice and
+.\" comment, and (2) distributions including binaries display the following
+.\" acknowledgement:  ``This product includes software developed by the
+.\" University of California, Berkeley and its contributors'' in the
+.\" documentation or other materials provided with the distribution and in
+.\" all advertising materials mentioning features or use of this software.
+.\" Neither the name of the University nor the names of its contributors may
+.\" be used to endorse or promote products derived from this software without
+.\" specific prior written permission.
+.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+.\"
+.\"	@(#)resolver.3	6.5 (Berkeley) 6/23/90
+.\"	$Id: resolver.3,v 8.5 1997/03/14 02:29:48 vixie Exp $
+.\"
+.Dd December 11, 1995
+.Dt RESOLVER @LIB_NETWORK_EXT_U@ 
+.Os BSD 4
+.Sh NAME
+.Nm res_query ,
+.Nm res_search ,
+.Nm res_mkquery ,
+.Nm res_send ,
+.Nm res_init ,
+.Nm dn_comp ,
+.Nm dn_expand 
+.Nd resolver routines
+.Sh SYNOPSIS
+.Fd #include <sys/types.h>
+.Fd #include <netinet/in.h>
+.Fd #include <arpa/nameser.h>
+.Fd #include <resolv.h>
+.Fn res_query "const char *dname" "int class, type" "u_char *answer" "int anslen"
+.Fn res_search "const char *dname" "int class, type" "u_char *answer" "int anslen"
+.Fn res_mkquery "int op" "const char *dname" "int class, type" "const char *data" "int datalen" "struct rrec *newrr" "u_char *buf" "int buflen"
+.Fn res_send "const u_char *msg" "int msglen" "u_char *answer" "int anslen"
+.Fn res_init
+.Fn dn_comp "const char *exp_dn" "u_char *comp_dn" "int length" "u_char **dnptrs, **lastdnptr"
+.Fn dn_expand "const u_char *msg, *eomorig, *comp_dn" "char *exp_dn" "int  length"
+.Fn herror "const char *s"
+.Fn hstrerror "int err"
+.Sh DESCRIPTION
+These routines are used for making, sending and interpreting
+query and reply messages with Internet domain name servers.
+.Pp
+Global configuration and state information that is used by the
+resolver routines is kept in the structure
+.Ft _res .
+Most of the values have reasonable defaults and can be ignored.
+Options
+stored in
+.Ft _res.options
+are defined in
+.Pa resolv.h
+and are as follows.
+Options are stored as a simple bit mask containing the bitwise 
+.Dq OR
+of the options enabled.
+.Bl -tag -width "RES_DEB"
+.It Dv RES_INIT
+True if the initial name server address and default domain name are
+initialized (i.e.,
+.Fn res_init
+has been called).
+.It Dv RES_DEBUG
+Print debugging messages.
+.It Dv RES_AAONLY
+Accept authoritative answers only.
+With this option,
+.Fn res_send
+should continue until it finds an authoritative answer or finds an error.
+Currently this is not implemented.
+.It Dv RES_USEVC
+Use TCP connections for queries instead of UDP datagrams.
+.It Dv RES_STAYOPEN
+Used with 
+.Dv RES_USEVC 
+to keep the TCP connection open between queries.
+This is useful only in programs that regularly do many queries.
+UDP should be the normal mode used.
+.It Dv RES_IGNTC
+Unused currently (ignore truncation errors, i.e., don't retry with TCP).
+.It Dv RES_RECURSE
+Set the recursion-desired bit in queries.
+This is the default.
+(\c
+.Fn res_send
+does not do iterative queries and expects the name server
+to handle recursion.)
+.It Dv RES_DEFNAMES
+If set,
+.Fn res_search
+will append the default domain name to single-component names
+(those that do not contain a dot).
+This option is enabled by default.
+.It Dv RES_DNSRCH
+If this option is set,
+.Fn res_search
+will search for host names in the current domain and in parent domains; see
+.Xr hostname @DESC_EXT@ .
+This is used by the standard host lookup routine
+.Xr gethostbyname @LIB_NETWORK_EXT@ .
+This option is enabled by default.
+.It Dv RES_NOALIASES
+This option turns off the user level aliasing feature controlled by
+the 
+.Ev HOSTALIASES 
+environment variable.  Network daemons should set this option.
+.El
+.Pp
+The
+.Fn res_init
+routine
+reads the configuration file (if any; see
+.Xr resolver @FORMAT_EXT@ )
+to get the default domain name, search list and
+the Internet address of the local name server(s).
+If no server is configured, the host running the resolver is tried.
+The current domain name is defined by the hostname
+if not specified in the configuration file;
+it can be overridden by the environment variable 
+.Ev LOCALDOMAIN .
+This environment variable may contain several blank-separated
+tokens if you wish to override the
+.Dq search list
+on a per-process basis.  This is similar to the
+.Ic search
+command in the configuration file.
+Another environment variable 
+.Pq Dq Ev RES_OPTIONS 
+can be set to override certain internal resolver options which are otherwise
+set by changing fields in the
+.Ft _res
+structure or are inherited from the configuration file's
+.Ic options
+command.  The syntax of the 
+.Dq Ev RES_OPTIONS 
+environment variable is explained in
+.Xr resolver @FORMAT_EXT@ .
+Initialization normally occurs on the first call
+to one of the other resolver routines.
+.Pp
+The
+.Fn res_query
+function provides an interface to the server query mechanism.
+It constructs a query, sends it to the local server,
+awaits a response, and makes preliminary checks on the reply.
+The query requests information of the specified
+.Fa type
+and
+.Fa class
+for the specified fully-qualified domain name
+.Fa dname .
+The reply message is left in the
+.Fa answer
+buffer with length
+.Fa anslen
+supplied by the caller.
+.Pp
+The
+.Fn res_search
+routine makes a query and awaits a response like
+.Fn res_query ,
+but in addition, it implements the default and search rules
+controlled by the 
+.Dv RES_DEFNAMES 
+and 
+.Dv RES_DNSRCH 
+options.
+It returns the first successful reply.
+.Pp
+The remaining routines are lower-level routines used by
+.Fn res_query .
+The
+.Fn res_mkquery
+function
+constructs a standard query message and places it in
+.Fa buf .
+It returns the size of the query, or \-1 if the query is
+larger than
+.Fa buflen .
+The query type
+.Fa op
+is usually 
+.Dv QUERY , 
+but can be any of the query types defined in
+.Pa <arpa/nameser.h> .
+The domain name for the query is given by
+.Fa dname .
+.Fa Newrr
+is currently unused but is intended for making update messages.
+.Pp
+The
+.Fn res_send
+routine
+sends a pre-formatted query and returns an answer.
+It will call
+.Fn res_init
+if 
+.Dv RES_INIT 
+is not set, send the query to the local name server, and
+handle timeouts and retries.
+The length of the reply message is returned, or \-1 if there were errors.
+.Pp
+The
+.Fn dn_comp
+function
+compresses the domain name
+.Fa exp_dn
+and stores it in
+.Fa comp_dn .
+The size of the compressed name is returned or \-1 if there were errors.
+The size of the array pointed to by
+.Fa comp_dn
+is given by
+.Fa length .
+The compression uses
+an array of pointers
+.Fa dnptrs
+to previously-compressed names in the current message.
+The first pointer points to
+to the beginning of the message and the list ends with 
+.Dv NULL .
+The limit to the array is specified by
+.Fa lastdnptr .
+A side effect of
+.Fn dn_comp
+is to update the list of pointers for labels inserted into the message
+as the name is compressed.  If
+.Fa dnptr
+is 
+.Dv NULL , 
+names are not compressed.  If
+.Fa lastdnptr
+is 
+.Dv NULL , 
+the list of labels is not updated.
+.Pp
+The
+.Fn dn_expand
+entry
+expands the compressed domain name
+.Fa comp_dn
+to a full domain name.
+The compressed name is contained in a query or reply message;
+.Fa msg
+is a pointer to the beginning of the message.
+The uncompressed name is placed in the buffer indicated by
+.Fa exp_dn
+which is of size
+.Fa length .
+The size of compressed name is returned or \-1 if there was an error.
+.Pp
+The external variable
+.Ft h_errno
+is set whenever an error occurs during resolver operation.  The following
+definitions are given in
+.Pa <netdb.h> :
+.Bd -literal
+#define NETDB_INTERNAL -1  /* see errno */
+#define NETDB_SUCCESS  0   /* no problem */
+#define HOST_NOT_FOUND 1   /* Authoritative Answer Host not found */
+#define TRY_AGAIN      2   /* Non-Authoritive not found, or SERVFAIL */
+#define NO_RECOVERY    3   /* Nonrecoverable: FORMERR, REFUSED, NOTIMP */
+#define NO_DATA        4   /* Valid name, no data for requested type */
+.Ed
+.Pp
+The
+.Fn herror
+function writes a message to the diagnostic output consisting of the string
+parameter
+.Fa s ,
+the constant string ": ", and a message corresponding to the value of
+.Ft h_errno .
+.Pp
+The
+.Fn hstrerror
+function returns a string which is the message text corresponding to the
+value of the
+.Fa err
+parameter.
+.Sh FILES
+.Bl -tag -width "/etc/resolv.conf    "
+.It Pa /etc/resolv.conf	
+See 
+.Xr resolver @FORMAT_EXT@ . 
+.El
+.Sh SEE ALSO
+.Xr gethostbyname @LIB_NETWORK_EXT@ , 
+.Xr hostname @DESC_EXT@ ,
+.Xr @INDOT@named @SYS_OPS_EXT@ , 
+.Xr resolver @FORMAT_EXT@ ;
+RFC1032, RFC1033, RFC1034, RFC1035, RFC974;
+SMM:11, 
+.Dq Name Server Operations Guide for Sy BIND
diff --git a/contrib/bind/doc/man/resolver.5 b/contrib/bind/doc/man/resolver.5
new file mode 100644
index 0000000..044bf60
--- /dev/null
+++ b/contrib/bind/doc/man/resolver.5
@@ -0,0 +1,183 @@
+.\" Copyright (c) 1986 The Regents of the University of California.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms are permitted
+.\" provided that the above copyright notice and this paragraph are
+.\" duplicated in all such forms and that any documentation,
+.\" advertising materials, and other materials related to such
+.\" distribution and use acknowledge that the software was developed
+.\" by the University of California, Berkeley.  The name of the
+.\" University may not be used to endorse or promote products derived
+.\" from this software without specific prior written permission.
+.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+.\"
+.\"	@(#)resolver.5	5.9 (Berkeley) 12/14/89
+.\"	$Id: resolver.5,v 8.4 1997/03/14 02:29:49 vixie Exp $
+.\"
+.Dd November 11, 1993
+.Dt RESOLVER @FORMAT_EXT_U@ 
+.Os BSD 4
+.Sh NAME
+.Nm resolver 
+.Nd resolver configuration file
+.Sh SYNOPSIS
+.Pa /etc/resolv.conf
+.Sh DESCRIPTION
+The
+.Nm resolver
+is a set of routines in the C library
+.Pq Xr resolve @LIB_NETWORK_EXT@
+that provide access to the Internet Domain Name System.
+The 
+.Nm resolver 
+configuration file contains information that is read
+by the 
+.Nm resolver 
+routines the first time they are invoked by a process.
+The file is designed to be human readable and contains a list of
+keywords with values that provide various types of 
+.Nm resolver 
+information.
+.Pp
+On a normally configured system, this file should not be necessary.
+The only name server to be queried will be on the local machine,
+the domain name is determined from the host name,
+and the domain search path is constructed from the domain name.
+.Pp
+The different configuration options are:
+.Bl -tag -width "nameser"
+.It Li nameserver
+Internet address (in dot notation) of a name server that the 
+.Nm resolver 
+should query.  Up to 
+.Dv MAXNS 
+(currently 3) name servers may be listed, one per keyword.
+If there are multiple servers, the 
+.Nm resolver 
+library queries them in the order listed.
+If no 
+.Li nameserver 
+entries are present, the default is to use the name server on the local machine.
+(The algorithm used is to try a name server, and if the query times out,
+try the next, until out of name servers,
+then repeat trying all the name servers
+until a maximum number of retries are made).
+.It Li domain
+Local domain name.
+Most queries for names within this domain can use short names
+relative to the local domain.
+If no 
+.Li domain 
+entry is present, the domain is determined from the local host name returned by
+.Xr gethostname @BSD_SYSCALL_EXT@ ;
+the domain part is taken to be everything after the first 
+.Sq \&. .
+Finally, if the host name does not contain a domain part, the root
+domain is assumed.
+.It Li search
+Search list for host-name lookup.
+The search list is normally determined from the local domain name;
+by default, it contains only the local domain name.
+This may be changed by listing the desired domain search path
+following the 
+.Li search 
+keyword with spaces or tabs separating the names.
+Most 
+.Nm resolver 
+queries will be attempted using each component
+of the search path in turn until a match is found.
+Note that this process may be slow and will generate a lot of network
+traffic if the servers for the listed domains are not local,
+and that queries will time out if no server is available
+for one of the domains.
+.Pp
+The search list is currently limited to six domains
+with a total of 256 characters.
+.It Li sortlist
+Allows addresses returned by gethostbyname to be sorted.
+A 
+.Li sortlist 
+is specified by IP address netmask pairs. The netmask is
+optional and defaults to the natural netmask of the net. The IP address
+and optional network pairs are separated by slashes. Up to 10 pairs may
+be specified.  For example:
+.Bd -literal -offset indent
+sortlist 130.155.160.0/255.255.240.0 130.155.0.0
+.Ed
+.It Li options
+Allows certain internal 
+.Nm resolver 
+variables to be modified.
+The syntax is
+.D1 Li options Ar option ...
+where 
+.Ar option 
+is one of the following:
+.Bl -tag -width "ndots:n " 
+.It Li debug 
+sets 
+.Dv RES_DEBUG 
+in 
+.Ft _res.options .
+.It Li ndots: Ns Ar n 
+sets a threshold for the number of dots which
+must appear in a name given to 
+.Fn res_query 
+(see 
+.Xr resolver @LIB_NETWORK_EXT@ )
+before an 
+.Em initial absolute query 
+will be made.  The default for
+.Ar n 
+is 
+.Dq 1 , 
+meaning that if there are 
+.Em any 
+dots in a name, the name will be tried first as an absolute name before any 
+.Em search list
+elements are appended to it.
+.El
+.El
+.Pp
+The 
+.Li domain 
+and 
+.Li search 
+keywords are mutually exclusive.
+If more than one instance of these keywords is present,
+the last instance wins.
+.Pp
+The 
+.Li search 
+keyword of a system's 
+.Pa resolv.conf 
+file can be
+overridden on a per-process basis by setting the environment variable
+.Dq Ev LOCALDOMAIN 
+to a space-separated list of search domains.
+.Pp
+The 
+.Li options 
+keyword of a system's 
+.Pa resolv.conf 
+file can be amended on a per-process basis by setting the environment variable
+.Dq Ev RES_OPTIONS to a space-separated list of 
+.Nm resolver 
+options as explained above under 
+.Li options .
+.Pp
+The keyword and value must appear on a single line, and the keyword
+(e.g., 
+.Li nameserver ) 
+must start the line.  The value follows the keyword, separated by white space.
+.Sh FILES
+.Pa /etc/resolv.conf
+.Sh SEE ALSO
+.Xr gethostbyname @LIB_NETWORK_EXT@ , 
+.Xr hostname @DESC_EXT@ , 
+.Xr @INDOT@named @SYS_OPS_EXT@ ,
+.Xr resolver @LIB_NETWORK_EXT@ , 
+.Xr resolver @FORMAT_EXT@ .
+.Dq Name Server Operations Guide for Sy BIND
diff --git a/contrib/bind/doc/misc/DynamicUpdate b/contrib/bind/doc/misc/DynamicUpdate
index 4cd43a1..fb4152c 100644
--- a/contrib/bind/doc/misc/DynamicUpdate
+++ b/contrib/bind/doc/misc/DynamicUpdate
@@ -1,5 +1,3 @@
-[ Deprecated, unsupported, nonfunctional, but not yet completely excised. ]
-
  
  
 		Description of Dynamic Update and T_UNSPEC Code
diff --git a/contrib/bind/doc/misc/FAQ.1of2 b/contrib/bind/doc/misc/FAQ.1of2
index e1d7c0a..99619eb 100644
--- a/contrib/bind/doc/misc/FAQ.1of2
+++ b/contrib/bind/doc/misc/FAQ.1of2
@@ -25,7 +25,7 @@ Revision: 1.14 1996/12/07 06:42:05
 
 Note that this posting has been split into two parts because of its size.
 
-$Id: FAQ.1of2,v 8.4 1996/12/18 04:09:47 vixie Exp $
+$Id: FAQ.1of2,v 8.4 1996/12/18 04:22:33 vixie Exp $
 
 A new version of this document appears monthly.  If this copy is more
 than a month old it may be out of date.
diff --git a/contrib/bind/doc/secure/copyright.txt b/contrib/bind/doc/secure/copyright.txt
new file mode 100644
index 0000000..cc38356
--- /dev/null
+++ b/contrib/bind/doc/secure/copyright.txt
@@ -0,0 +1,28 @@
+/*
+ * Portions Copyright (c) 1995,1996 by Trusted Information Systems, Inc.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL TRUSTED INFORMATION 
+ * SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ *
+ * Trusted Information Systems, Inc. has received approval from the
+ * United States Government for export and reexport of TIS/DNSSEC
+ * software from the United States of America under the provisions of
+ * the Export Administration Regulations (EAR) General Software Note
+ * (GSN) license exception for mass market software.  Under the
+ * provisions of this license, this software may be exported or
+ * reexported to all destinations except for the embargoed countries of
+ * Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria.  Any export
+ * or reexport of TIS/DNSSEC software to the embargoed countries
+ * requires additional, specific licensing approval from the United
+ * States Government. 
+ */
diff --git a/contrib/bind/doc/secure/install.txt b/contrib/bind/doc/secure/install.txt
new file mode 100644
index 0000000..bb5bc94
--- /dev/null
+++ b/contrib/bind/doc/secure/install.txt
@@ -0,0 +1,155 @@
+
+INSTALL_SEC
+
+		 Bind with Secure DNS (TIS/DNSSEC)
+			Version 1.3.0 Beta
+			  September 1996
+
+This version has been compiled and tested on SUNOS 4.1.3,
+FreeBSD-2.1.5-REL and Linux 2.0.11.
+There may be still be portability problems. 
+If you have access to other hardware platforms please let us know if
+there are any problems porting and send us patches, to include in
+future releases. 
+
+This version of secure Bind uses RSAREF-2.0 library from RSA,
+First you should get/read the RSAREF FAQ 
+		http://www.consensus.com/rsaref-faq.html
+Then you can copy RSAREF from 
+		ftp://ftp.rsa.com/rsaref/README
+
+You need to read this README file carefully for further instructions.
+
+Installation: (this version is based on 4.9.4-REL-P1). 
+
+1. The tar ball will create a directory sec_bind in the current	directory 
+	untar the archive
+	The content of the sec_bind directory has the same directory 
+	structure as bind distribution with the addition of the directories 
+	dnssec_lib/ and signer/, some named directories have been 
+	deleted from the distribution. 
+
+	dnssec_lib/ contains the library files for signature generation 
+	signer/     contains tools for signing bind boot files and 
+	            generating keys.  
+
+	In addition, there is a new file, "res/res_sign.c", which 
+	contains library routines that are required in the resolver
+	for displaying new RR types. 
+
+	You need to tailor sec_bind/Makefile to your system as you do
+	with bind distributions.  
+
+	The sec_bind distribution expects to find RSAREF in the
+	rsaref/ subdirectory. If you install RSAREF in a different
+	place you can place a pointer to the RSAREF installation
+	directory in place of sec_bind/rsaref. 
+
+	sec_bind/Makefile expects to find the RSAREF library file
+	at  sec_bind/rsaref/lib/rsaref.a. The RSAREF distribution 
+	does not contain that directory. If you are installing RSAREF
+	for the first time create that directory copy the correct
+	Makefile from the appropriate rsaref/install/ subdirectory.  
+	Sec_bind will compile RSAREF for you. 	
+
+	We recommend that you use an ANSI C compliant compiler to
+	compile this distribution. 
+
+2. Follow Bind installation guidelines on your system 
+
+	Set your normal configuration in conf/options.h with the
+	following exceptions/additions:
+		ROUND_ROBIN  must be OFF  (for right now)
+		DNS_SECURITY must be ON 
+		RSAREF       must be ON if you have a copy of RSAREF.
+	This version of sec_bind does not work well without RSAREF. 
+
+3. make
+	If you are going to use make install everything will work right 
+	out of the box. If you are going to run programs out of the
+	sec_bind directory you need to set the DESTEXEC variables
+	accordingly. 
+
+4. Once everything compiles you can run the simple test that is include in
+	the distribution. 
+	
+	First you need to edit the file signer/simple_test/test.boot to
+	set directory directive to the full path of the directory this
+	file is in.
+
+	Now the signer program can be run to sign the simple_test data.
+	The signed zone will be	written to /tmp
+		% cd sec_bind/signer
+		% make test
+	The passwords for the keys in the distribution are:
+		Key:			Password:
+		foo.bar			foo.bar
+		mobile.foo.bar		mobile
+		fix.foo.bar		fix.foo.bar
+		sub.foo.bar		sub.foo.bar
+		some.bar		some.bar
+
+	Notice the differences between simple_test/test.boot and
+	/tmp/test.boot. The pubkey directive are required for correct
+	behavior of new named.  	
+
+	To check the if named can read the new zone files and verify
+	the signatures run following commands 
+		% cd ../named
+		% make test
+
+	Exit/error code 66 indicates that program completed normally
+	in "load-only" mode (new -l flag).  
+
+	If you want to load up named run same command as make test does 
+	without -l flag. (the -d 3 flag is to make sure the process
+	does not do a fork). 
+		% ./named -p 12345 -b /tmp/test.boot  -d 3
+	
+		% cd ../tools
+		% ./dig @localhost snore.foo.bar. -p 12345
+	This should return an A record + SIG(A) record 
+		% ./dig @localhost no_such_name.foo.bar. -p 12345
+	This should return a NXT record +SIG(NXT) for *.foo.bar.
+
+	You can also test against our nameserver for zone sd-bogus.tis.com
+		the host is uranus.hq.tis.com(192.94.214.95)
+		% ./dig @uranus.hq.tis.com sd-bogus.tis.com. soa 
+	will return the SOA and SIG(SOA) + KEY
+		% ./dig @uranus.hq.tis.com sd-bogus.tis.com. mb    
+	will return NXT   for sd-bogus.tis.com
+		% ./dig @uranus.hq.tis.com foo.sd-bogus.tis.com. ns 
+	will NS +KEY for foo.sd-bog.tis.com. 
+
+5. Converting your setup to secure DNS zones. 
+	need to create a key for your zone.
+	If you have a copy of the last release of sec_bind the key file 
+	format has changed and you need to regenerate all your keys, Sorry.
+	The new format for private key files is portable between
+	different architectures and operating systems, the encryption
+	of the key file is compatible with the des program.
+	
+	To generate key use sec_bind/signer/key_gen.  To generate zone key
+	for name you.bar, with 512 bit modulus and exponent of 3, 
+	execute following command
+
+		% cd signer
+		% ./key_gen -z -g 512 you.bar
+
+	key_gen will ask for an encryption password for the private
+	key file, if you do not want to encrypt the key hit <Return>.
+	The program will output resource record suitable for zone file.
+	key_gen creates two files you.bar.priv and foo.bar.public. 
+
+	If you want, at any time, to display the public key for foo.bar
+	run key_gen without the -g flag or cat file foo.bar.public. 
+	key_gen without any flags will print out the usage information.  
+	key_gen has extensive error checking on flags.
+
+	To modify the flags field for an existing key run key_gen with
+	the new flags but without the -g flag. 
+	
+	Note: The key above is suitable for signing records but not for
+	encrypting data.
+
+6. Send problems, fixes and suggestions to dns-security@tis.com. 
diff --git a/contrib/bind/doc/secure/readme.txt b/contrib/bind/doc/secure/readme.txt
new file mode 100644
index 0000000..d7b422a
--- /dev/null
+++ b/contrib/bind/doc/secure/readme.txt
@@ -0,0 +1,93 @@
+
+			Secure DNS (TIS/DNSSEC)
+			    September 1996
+
+Copyright (C) 1995,1996 Trusted Information Systems, Incorporated
+
+Trusted Information Systems, Inc. has received approval from the
+United States Government for export and reexport of TIS/DNSSEC
+software from the United States of America under the provisions of
+the Export Administration Regulations (EAR) General Software Note
+(GSN) license exception for mass market software.  Under the
+provisions of this license, this software may be exported or
+reexported to all destinations except for the embargoed countries of
+Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria.  Any export
+or reexport of TIS/DNSSEC software to the embargoed countries
+requires additional, specific licensing approval from the United
+States Government.
+
+Trusted Information Systems, Inc., is pleased to
+provide a reference implementation of the secure Domain Name System
+(TIS/DNSSEC).  In order to foster acceptance of secure DNS and provide
+the community with a usable, working version of this technology,
+TIS/DNSSEC is being made available for broad use on the following basis.
+
+- Trusted Information Systems makes no representation about the
+  suitability of this software for any purpose.  It is provided "as is"
+  without express or implied warranty.
+
+- TIS/DNSSEC is distributed in source code form, with all modules written
+  in the C programming language.  It runs on many UNIX derived platforms
+  and is integrated with the Bind implementation of the DNS protocol.
+
+- This beta version of TIS/DNSSEC may be used, copied, and modified for
+  testing and evaluation purposes without fee during the beta test
+  period, provided that this notice appears in supporting documentation
+  and is retained in all software modules in which it appears.  Any other
+  use requires specific, written prior permission from Trusted Information
+  Systems.
+
+TIS maintains the email distribution list dns-security@tis.com for
+discussion of secure DNS.  To join, send email to
+	dns-security-request@tis.com.
+
+TIS/DNSSEC technical questions and bug reports should be addressed to
+	dns-security@tis.com. 
+
+To reach the maintainers of TIS/DNSSEC send mail to
+	tisdnssec-support@tis.com
+
+TIS/DNSSEC is a product of Trusted Information Systems, Inc.
+
+This is an beta version of Bind with secure DNS extensions it uses 
+RSAREF which you must obtain separately.
+
+Implemented and tested in this version:
+	Portable key storage format. 
+	Improved authentication API 
+	Support for using different authentication packages.
+	All Security RRs including KEY SIG, NXT, and support for wild cards
+	tool for generating KEYs 
+	tool for signing RRs in boot files
+	verification of RRs on load 
+	verification of RRs over the wire
+	transmission of SIG RRs
+	returns NXT when name and/or type does not exist
+	storage of NXT, KEY, and SIG RRs with CNAME RR
+	AD/ID bits added to header and setting of these bits
+	key storage and retrieval
+	dig and nslookup can display new header bits and RRs
+	AXFR signature RR
+	keyfile directive 
+	$SIGNER directive (to turn on and off signing)
+	adding KEY to answers with NS or SOA
+	SOA sequence numbers are now set each time zone is signed
+	SIG AXFR ignores label count of names
+	generation and inclusion of .PARENT files
+	Returns only one NXT at delegation points unless two are required
+	Expired SIG records are now returned in response to query
+	
+Implemented but not fully tested:
+
+Known bugs:
+	
+Not implemented:
+	ROUND_ROBIN behaviour 
+	zone transfer in SIG(AXFR) sort order. 
+	transaction SIGs
+	verification in resolver. (stub resolvers must trust local servers
+		resolver library is to low level to implement security)
+	knowing when to trust the AD bit in responses
+
+Read files INSTALL_SEC and USAGE_SEC for installation and user
+instructions, respectively.
diff --git a/contrib/bind/doc/secure/usage.txt b/contrib/bind/doc/secure/usage.txt
new file mode 100644
index 0000000..aa8eebc
--- /dev/null
+++ b/contrib/bind/doc/secure/usage.txt
@@ -0,0 +1,215 @@
+
+			   USAGE_SEC
+			Secure DNS (TIS/DNSSEC)
+			   September 1996
+
+This is the usage documentation for TIS' Secure DNS (TIS/DNSSEC) version
+BETA-1.3.  This looks like a standard named distribution, with
+the following exceptions
+
+	this version is coded against BIND-4.9.4-P1
+
+	there are three new directories in this distribution
+		dnssec_lib
+		signer
+		rsaref
+		
+
+	rsaref/ is place holder directory for RSAREF distribution.
+	You must get RSAREF on your own. 
+
+	signer/  contains two applications needed by DNSSEC: 
+		signer:  tool to sign zones
+		key_gen: tool to generate keys
+	dnssec_lib/ contains common library routines that are used by
+		named, key_gen and signer. 
+		This is where most of the DNSSEC work is done. 
+
+Before compiling you need to do your standard configurations for named
+and the edits explained in INSTALL_SEC.  This version has been tested
+on SUNOS4.1.3. This version includes portability fixes from previous
+beta releases for Linux, Solaris-2.4, HPUX-9 and FreeBSD.
+
+CHANGES TO BIND
+
+res/
+
+	There are minor changes to the files in the res directory.  Most of
+	the changes have to do with displaying NXT
+	records. There are also some changes related to translating
+	domain names into uncompressed lower case names upon request.
+
+tools/
+	Minor changes to recognize NXT records and display them.
+
+named/
+	Added code to read and write new record types. 
+	Added code to do signature validation on read. 
+	Added code to return appropriate SIG records.
+	Added security flags to databuf and zoneinfo structures. 
+	Names can now have CNAME record and security RR's. 
+	Records are stored and transmitted in DNS SEC sort order.
+
+conf/
+
+	Turned off ROUND_ROBIN option and installed new sorting required
+	for signature verification. 
+
+signer/
+	NXT record generation.
+	Key generation
+	Signing of zones
+	Converting data records to format required for signatures.
+
+dnssec_lib/
+	Interfacing with Crypto library.
+	Verifying signatures, 
+	preparing data for signing and verification
+
+The role of <zone>.PARENT files:
+
+DNSSEC specification requires change who is authorative for certain
+resource records. In order to support certification hierarchy each
+zone KEY RR must be signed by parent zone. The parent signed KEY RR
+must be distributed by the zone itself as it is the most authorative
+for its own records. 
+
+To facilitate this TIS/DNSSEC signer program creates a <name>.PARENT
+file for every name in a zone that has a NS record. This file contains
+the KEY records stored under this name and 
+NXT record and corresponding SIG records. If no KEY record is found
+for a name with a NS record a NULL-KEY record is generated to indicate
+that the child is INSECURE. 
+
+Each <zone>.PARENT file must be sent via an out of band mechanism to
+the appropriate primary for the zone, for inclusion.  signer program
+adds an $INCLUDE <zone>.PARENT command at the end of each zone file,
+if no file exists an warning message is printed.
+
+Potential PROBLEM: It is likely that the parent and child are on a
+different signing schedule. If new <zone>.PARENT file is put on the
+primary, due to the fact that the zone data changed but the SOA did
+not, it may take a long time for new records to propagate to the
+secondaries.  This is only a problem if zone has added/deleted a KEY
+or if the the signatures will expire in the near future. To overcome
+this problem, resign your zone when any of above conditions is true.
+DNS NOTIFY and/or DNS DYNUPDATE may fix this problem in the future.
+
+TIS/DNSSEC SOA serial numbers. To facilitate prompt distribution of
+zone data to secondaries, signer takes over the management of SOA
+serial numbers. Each time signer signs a zone it sets the serial
+number to a value reflecting the time the zone was signed, in standard
+Unix time seconds since 1970/1/1 0:0:0 GMT.
+
+How to configure a secure zone. 
+	Create a directory <zone> to contain your zone files.
+	Create a output directory <outdir> for the signer output.
+	Put in <zone> a boot file that includes the files from that zone.
+	Create a KEY for the zone by running key_gen, Name the key <domain>.
+
+	Run signer on your zone writing to the output directory <outdir>. 
+	Signer will rewrite the boot file to include new directive 
+		"pubkey" of the key used to sign the file. If there where
+		any pubkey declarations in the input boot file they will be
+		deleted. 
+	Signer generates files that correspond to the load files specified.
+
+	In case of load file that $INCLUDEs another load file, signer will 
+		merge them to the output file. 
+	You will notice that the output files are significantly larger. 
+	The output files will be in a different order than the input files,
+		all records are sorted into DNSSEC sort order. 
+	NXT and SIG records have been added. 
+
+	If there are any NS records for a name other than the zone name of
+		each input file you will see messages that NULL KEY records 
+		have been created, if this is not correct behavior, add 
+		the correct KEY RRs.
+	For each domain name that has a NS record but is not a zone name 
+		of load file you will see a file named  <name>.PARENT, 
+		this file contains the KEY record for that name and an 
+		NXT record + 2 SIG records. 
+	This file needs to be sent to the nameserver that is primary for that
+		zone. There are two reasons for this: 
+		1. To support Certification Hierarchy, each zone key is 
+	        signed by the parent zone key. 
+		2. Zone is the most trustworthy source for itself unless 
+		these records are loaded into the primary server for
+		the zone, the records may not get propagated.
+
+how to run SEC_NAMED:
+
+Included in the distribution there is a small test setup:
+
+# run signer 
+./signer boot-f simple_test/test.boot [out-dir /tmp] 
+# or 
+make test
+# This takes few minutes to run depending on your machine and the size
+# of the key selected 
+# all output files will be stored in /tmp unless out-dir is specified
+
+# 
+# Now we are ready to run named 
+cd ../named
+./named -p 12345 -b /tmp/test.boot.save [-d x] 
+
+# 
+# you can now check for data in the data base
+# using the new dig. 
+#
+cd ../tools
+./dig @yourhost snore.foo.bar. any in -p 12345 
+
+#
+# Output from new dig will be something like this
+#
+; <<>> DiG 2.1 <<>> @dnssrv snore.foo.bar. any in -p 
+; (1 server found)
+;; res options: init recurs defnam dnsrch
+;; got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
+;; flags: qr rd ra; Ques: 1, Ans: 11, Auth: 0, Addit: 1
+;; QUESTIONS:
+;;      snore.foo.bar, type = ANY, class = IN
+
+;; ANSWERS:
+snore.foo.bar.  259200  A       10.17.3.20
+snore.foo.bar.  259200  SIG     A (
+                 1 3; alg labels
+        259200  ; TTL
+        19950506200636  ; Signature expiration
+        19950406200659  ; time signed 
+        47437   ; Key foot print
+        foo.bar.        ; Signers name  
+                FsqeW3hstM8Q6v8PMCGPsVMfO6dEpHjFgKm2dJRaofFtCQ/CT9O6Vo7J5zgkV+5ciWQwuZwvzW071jnZ1i27Ip/8vqdKGHC63tjWkCHSZV0=
+        ) ; END Signature
+snore.foo.bar.  259200  MX      96 who.foo.bar.
+snore.foo.bar.  259200  MX      100 foo.bar.
+snore.foo.bar.  259200  MX      120 xxx.foo.bar.
+snore.foo.bar.  259200  MX      130 maGellan.foo.bar.
+snore.foo.bar.  259200  MX      140 bozo.foo.bar.
+snore.foo.bar.  259200  SIG     MX (
+                 1 3; alg labels
+        259200  ; TTL
+        19950506200636  ; Signature expiration
+        19950406200659  ; time signed 
+        47437   ; Key foot print
+        foo.bar.        ; Signers name
+                EV0cJqF3pUOgktggTrFf55YGwQFbUqPJAMTnAkHK3+Z/Ya6GgwwNOGRzq/FYm5P4E+yIj6WUYFh9Ex5eX5TwiIsjM/hy173lSa3qm/ljDk8=
+        ) ; END Signature
+snore.foo.bar.  259200  NXT     xxx.foo.bar.
+snore.foo.bar.  259200  SIG     NXT (
+                 1 3; alg labels
+        259200  ; TTL
+        19950506200636  ; Signature expiration
+        19950406200659  ; time signed 
+        47437   ; Key foot print
+        foo.bar.        ; Signers name
+                eJUHVm5Q5qYQYFVOW0L5Of67HQvQ9+7T7sQqHv7ayTT2sMnXudxviYv43vALMMwBcJFXFEhLhwYwN7pUDssD/w5si/6JJQTi1o30S8si3zE=
+        ) ; END Signature
+
+;; Total query time: 195 msec
+;; FROM: dnssrv to SERVER: dnssrv  10.17.3.1
+;; WHEN: Thu Apr  6 16:20:32 1995
+;; MSG SIZE  sent: 31  rcvd: 662