OpenBSD BIND9 Config Help - dig times out

Hi,

I'm setting up my first DNS server. It's on the OpenBSD platform and the
server in question is on a DMZ behind a pf FW. It uses a private IP, but
will host real external domains. The firewall is currently closed to any
traffic to/from the DMZ until I can get the DNS configured.

I used DNS & BIND's examples for my zone data files. I put all the db.*
files in the /var/named/master directory and told named.conf to look in
that directory. When starting named with the "-g" switch, I get the
following output:

Sep 01 11:43:36.151 starting BIND 9.2.2 -g
Sep 01 11:43:36.152 using 1 CPU
Sep 01 11:43:36.159 loading configuration from '/etc/named.conf'
Sep 01 11:43:36.160 /etc/named.conf:3: option 'directory' contains
relative path 'master'
Sep 01 11:43:36.161 listening on IPv6 interfaces, port 53
Sep 01 11:43:36.163 listening on IPv4 interface lo0, 127.0.0.1#53
Sep 01 11:43:36.163 listening on IPv4 interface fxp0, 192.168.1.3#53
Sep 01 11:43:36.171 none:0: open: /etc/rndc.key: file not found
Sep 01 11:43:36.171 couldn't add command channel 127.0.0.1#953: file not
found
Sep 01 11:43:36.172 none:0: open: /etc/rndc.key: file not found
Sep 01 11:43:36.172 couldn't add command channel ::1#953: file not found
Sep 01 11:43:36.172 using pre-chroot entropy source /dev/arandom
Sep 01 11:43:36.173 ignoring config file logging statement due to -g option
Sep 01 11:43:36.175 zone 0.0.127.in-addr.arpa/IN: loaded serial 1
Sep 01 11:43:36.178 zone 1.168.192.in-addr.arpa/IN: loaded serial 1
Sep 01 11:43:36.181 zone mainlinecomputersupport.com/IN: loaded serial 1
Sep 01 11:43:36.181 running
Sep 01 11:43:36.182 zone mainlinecomputersupport.com/IN: sending
notifies (serial 1)
Sep 01 11:43:36.184 zone 1.168.192.in-addr.arpa/IN: sending notifies
(serial 1)
Sep 01 11:43:36.185 zone 0.0.127.in-addr.arpa/IN: sending notifies
(serial 1)

It looks to me that though there are some errors, the name server is
running. But if I do a "dig -x 127.0.0.1" it times out saying:
"connection timed out; no servers could be reached"

Now, the DMZ is not yet routing to the rest of the world (either in or
out), so I don't expect it to find anything yet, but I thought that I
was telling dig to look at localhost for its query.

Here is my named.conf:

// plagiarized from DNS&BIND 4th ed.
options {
directory "master";
};
zone "mainlinecomputersupport.com" in {
type master;
file "db.mainlinecomputersupport.com";
};

zone "1.168.192.in-addr.arpa" in {
type master;
file "db.192.168.1";
};

zone "0.0.127.in-addr.arpa" in {
type master;
file "db.127.0.0";
};

zone "." in {
type hint;
file "db.cache";
};


Any ideas what I'm missing in this config? Thanks in advance for any help.