Below is a example how to setup a secure DNS server based
on bind 9.2.1 from www.isc.org. 

John Nimda has two domains (my-domain.net and my-domain.org). Its a DSL 
network with a inside part and a outside part. 

The inside part contains 10.0.18.0/24 and 192.168.1.0/24 as networks. 
The outside part is just 1 ip-number being 61.9.252.148 .  

The ISP (isp.net) has two DNS servers on 195.133.252.4 and 195.133.252.5.

The hmac-md5 keys are generated as follows : 

dnssec-keygen -a HMAC-MD5 -b 128 -n HOST lnx-srv.my-domain.net.

( See chapter11 from DNS and BIND 4th ed. by Paul Albitz & Cricket Liu,
O'Reilly )

Disclaimer: The used names and ip-numbers are completely fictious. I do not
take any responsibilty for just unthoughtfull applying of these examples .

total 24
-rw-r--r--    1 crashrec klant        2496 Nov  8 01:52 named.cache
-rw-r--r--    1 crashrec klant        2547 Nov 22 06:24 named.conf
-rw-r--r--    1 crashrec klant         365 Nov 12  2001 named.local
drwxr-xr-x    2 crashrec klant        4096 Nov 22 06:19 primary/
drwxr-xr-x    2 crashrec klant        4096 Nov 22 06:19 secondary/
-rw-r--r--    1 crashrec klant        1703 Nov 22 06:24 slaves.conf

./primary:
total 24
-rw-r--r--    1 crashrec klant        1713 Nov 22 06:15 10.0.18.rev
-rw-r--r--    1 crashrec klant        2057 Nov 22 06:16 192.168.1.rev
-rw-r--r--    1 crashrec klant        6167 Nov 22 06:16 my-domain.net.hosts.inside
-rw-r--r--    1 crashrec klant         940 Nov 22 06:18 my-domain.net.hosts.outside
-rw-r--r--    1 crashrec klant         961 Nov 22 06:19 my-domain.org.hosts.outside

./secondary:
total 0