git: fcceccb7d405 - main - dns/bind911: restore port
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 01 Jan 2022 14:09:42 UTC
The branch main has been updated by rene:
URL: https://cgit.FreeBSD.org/ports/commit/?id=fcceccb7d405aae9c524a4f8e52b3f53c9e69cd0
commit fcceccb7d405aae9c524a4f8e52b3f53c9e69cd0
Author: Rene Ladan <rene@FreeBSD.org>
AuthorDate: 2022-01-01 13:36:09 +0000
Commit: Rene Ladan <rene@FreeBSD.org>
CommitDate: 2022-01-01 13:49:17 +0000
dns/bind911: restore port
It is still in extended security mode, see
https://www.isc.org/blogs/bind-update-summer2021/
Reported by: yasu
---
MOVED | 1 -
dns/Makefile | 1 +
dns/bind911/Makefile | 259 ++++++++++++
dns/bind911/distinfo | 3 +
dns/bind911/files/BIND.chroot.dist | 24 ++
dns/bind911/files/BIND.chroot.local.dist | 18 +
dns/bind911/files/empty.db | 8 +
dns/bind911/files/extrapatch-bind-min-override-ttl | 76 ++++
dns/bind911/files/extrapatch-interfacemgr.c | 14 +
dns/bind911/files/localhost-forward.db | 8 +
dns/bind911/files/localhost-reverse.db | 10 +
dns/bind911/files/named.conf.in | 378 +++++++++++++++++
dns/bind911/files/named.in | 448 +++++++++++++++++++++
dns/bind911/files/named.root | 92 +++++
.../files/patch-bin_named_include_named_globals.h | 13 +
.../patch-bin_tests_system_dlzexternal_Makefile.in | 13 +
dns/bind911/files/patch-configure | 135 +++++++
dns/bind911/files/patch-no-bind-tools | 55 +++
dns/bind911/files/pkg-message.in | 22 +
dns/bind911/pkg-descr | 15 +
dns/bind911/pkg-help | 28 ++
dns/bind911/pkg-plist | 402 ++++++++++++++++++
22 files changed, 2022 insertions(+), 1 deletion(-)
diff --git a/MOVED b/MOVED
index c2e6416a58ba..22cdab471915 100644
--- a/MOVED
+++ b/MOVED
@@ -16704,7 +16704,6 @@ java/intellij-rubymine|devel/rubymine|2021-12-31|Use better name and category
lang/python36||2021-12-31|Has expired: Upgrade to a newer Python version. 3.6 is in maintenance status and gets security fixes only. End-of-Life: 2021-12-23. See https://devguide.python.org/
devel/sdl_sge||2021-12-31|Has expired: Upstream no longer maintained
net/appkonference||2021-12-31|Has expired: Outdated, depends on unsupported version of net/asterisk
-dns/bind911|dns/bind916|2021-12-31|Has expired: End of life, please migrate to a newer version of BIND9
net/zebra||2021-12-31|Has expired: Abandoned upstream, last release in 2005. Consider migrating to net/frr7 or net/bird2
audio/osalp||2021-12-31|Has expired: Abandoned upstream, listed as beta and no new release since 2008
games/stransball2||2021-12-31|Has expired: Depends on expired devel/sdl_sge
diff --git a/dns/Makefile b/dns/Makefile
index 69875fe86ee9..4e25a4727b03 100644
--- a/dns/Makefile
+++ b/dns/Makefile
@@ -7,6 +7,7 @@
SUBDIR += axfr2acl
SUBDIR += bind-tools
SUBDIR += bind9-devel
+ SUBDIR += bind911
SUBDIR += bind916
SUBDIR += bindgraph
SUBDIR += blocky
diff --git a/dns/bind911/Makefile b/dns/bind911/Makefile
new file mode 100644
index 000000000000..52c3483588ba
--- /dev/null
+++ b/dns/bind911/Makefile
@@ -0,0 +1,259 @@
+# pkg-help formatted with fmt 59 63
+
+PORTNAME= bind
+PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/}
+PORTREVISION= 0
+CATEGORIES= dns net
+MASTER_SITES= ISC/bind9/${ISCVERSION}
+PKGNAMESUFFIX= 911
+DISTNAME= ${PORTNAME}-${ISCVERSION}
+
+MAINTAINER= mat@FreeBSD.org
+COMMENT= BIND DNS suite with updated DNSSEC and DNS64
+
+LICENSE= MPL20
+LICENSE_FILE= ${WRKSRC}/COPYRIGHT
+
+DEPRECATED= End of life, please migrate to a newer version of BIND9
+EXPIRATION_DATE= 2021-12-31
+
+LIB_DEPENDS= libxml2.so:textproc/libxml2
+RUN_DEPENDS= bind-tools>0:dns/bind-tools
+
+USES= cpe libedit pkgconfig
+
+# ISC releases things like 9.8.0-P1, which our versioning doesn't like
+ISCVERSION= 9.11.36
+
+CPE_VENDOR= isc
+CPE_VERSION= ${ISCVERSION:C/-.*//}
+.if ${ISCVERSION:M*-*}
+CPE_UPDATE= ${ISCVERSION:C/.*-//:tl}
+.endif
+
+GNU_CONFIGURE= yes
+CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \
+ --with-randomdev=/dev/random \
+ --with-libxml2=${LOCALBASE} \
+ --with-readline="-L${LOCALBASE}/lib -ledit" \
+ --with-dlopen=yes \
+ --with-gost=no \
+ --without-python \
+ --sysconfdir=${ETCDIR}
+ETCDIR= ${PREFIX}/etc/namedb
+
+CONFLICTS= bind912 bind913 bind914 bind916 bind9-devel
+
+SUB_FILES= pkg-message named.conf
+USE_RC_SUBR= named
+
+MAKE_JOBS_UNSAFE= yes
+
+PORTDOCS= *
+
+OPTIONS_DEFAULT= SSL THREADS SIGCHASE IDN GSSAPI_NONE JSON \
+ DLZ_FILESYSTEM LMDB RPZ_NSDNAME RPZ_NSIP TCP_FASTOPEN \
+ FILTER_AAAA DNSTAP
+OPTIONS_DEFINE= ACCFDNS IDN LARGE_FILE JSON GEOIP \
+ FIXED_RRSET SIGCHASE IPV6 THREADS FILTER_AAAA \
+ RPZ_NSIP RPZ_NSDNAME DOCS \
+ MINCACHE PORTREVISION QUERYTRACE LMDB DNSTAP \
+ START_LATE TUNING_LARGE TCP_FASTOPEN
+
+OPTIONS_RADIO= CRYPTO
+OPTIONS_RADIO_CRYPTO= SSL NATIVE_PKCS11
+
+OPTIONS_GROUP= DLZ
+OPTIONS_GROUP_DLZ= DLZ_POSTGRESQL DLZ_MYSQL DLZ_BDB \
+ DLZ_LDAP DLZ_FILESYSTEM DLZ_STUB
+OPTIONS_SINGLE= GSSAPI
+OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE
+
+OPTIONS_SUB= yes
+
+ACCFDNS_DESC= Prefer DNS accept filter over generic one
+CRYPTO_DESC= Choose which crypto engine to use
+DLZ_BDB_DESC= DLZ BDB driver
+DLZ_DESC= Dynamically Loadable Zones
+DLZ_FILESYSTEM_DESC= DLZ filesystem driver
+DLZ_LDAP_DESC= DLZ LDAP driver
+DLZ_MYSQL_DESC= DLZ MySQL driver (no threading)
+DLZ_POSTGRESQL_DESC= DLZ Postgres driver
+DLZ_STUB_DESC= DLZ stub driver
+DNSTAP_DESC= Provides fast passive logging of DNS messages
+FILTER_AAAA_DESC= Enable filtering of AAAA records
+FIXED_RRSET_DESC= Enable fixed rrset ordering
+GSSAPI_BASE_DESC= Using Heimdal in base
+GSSAPI_HEIMDAL_DESC= Using security/heimdal
+GSSAPI_MIT_DESC= Using security/krb5
+GSSAPI_NONE_DESC= Disable
+LARGE_FILE_DESC= 64-bit file support
+LMDB_DESC= Use LMDB for zone management
+MINCACHE_DESC= Use the mincachettl patch
+NATIVE_PKCS11_DESC= Use PKCS\#11 native API (**READ HELP**)
+PORTREVISION_DESC= Show PORTREVISION in the version string
+QUERYTRACE_DESC= Enable the very verbose query tracelogging
+RPZ_NSDNAME_DESC= Enable RPZ NSDNAME policy records
+RPZ_NSIP_DESC= Enable RPZ NSIP trigger rules
+SIGCHASE_DESC= dig/host/nslookup will do DNSSEC validation
+SSL_DESC= Build with OpenSSL (Required for DNSSEC)
+START_LATE_DESC= Start BIND late in the boot process (see help)
+TCP_FASTOPEN_DESC= RFC 7413 support
+TUNING_LARGE_DESC= Tune named for large systems (**READ HELP**)
+
+ACCFDNS_EXTRA_PATCHES= ${PATCHDIR}/extrapatch-interfacemgr.c
+
+DLZ_BDB_CONFIGURE_ON= --with-dlz-bdb=yes
+DLZ_BDB_USES= bdb
+
+DLZ_FILESYSTEM_CONFIGURE_ON= --with-dlz-filesystem=yes
+
+DLZ_LDAP_CONFIGURE_ON= --with-dlz-ldap=yes
+DLZ_LDAP_USE= openldap=yes
+
+DLZ_MYSQL_CONFIGURE_ON= --with-dlz-mysql=yes
+DLZ_MYSQL_PREVENTS= THREADS
+DLZ_MYSQL_USES= mysql
+
+DLZ_POSTGRESQL_CONFIGURE_ON= --with-dlz-postgres=yes
+DLZ_POSTGRESQL_USES= pgsql
+
+DLZ_STUB_CONFIGURE_ON= --with-dlz-stub=yes
+
+DNSTAP_CONFIGURE_ENABLE= dnstap
+DNSTAP_IMPLIES= THREADS
+DNSTAP_LIB_DEPENDS= libfstrm.so:devel/fstrm \
+ libprotobuf-c.so:devel/protobuf-c
+
+FILTER_AAAA_CONFIGURE_ENABLE= filter-aaaa
+
+FIXED_RRSET_CONFIGURE_ENABLE= fixed-rrset
+
+GEOIP_CONFIGURE_WITH= geoip2
+GEOIP_LIB_DEPENDS= libmaxminddb.so:net/libmaxminddb
+GEOIP_IMPLIES= THREADS
+
+GSSAPI_BASE_CONFIGURE_ON=\
+ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
+GSSAPI_BASE_USES= gssapi
+
+GSSAPI_HEIMDAL_CONFIGURE_ON=\
+ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
+GSSAPI_HEIMDAL_USES= gssapi:heimdal
+
+GSSAPI_MIT_CONFIGURE_ON=\
+ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
+GSSAPI_MIT_USES= gssapi:mit
+
+GSSAPI_NONE_CONFIGURE_ON= --without-gssapi
+
+IDN_CONFIGURE_OFF= --without-libidn2
+IDN_CONFIGURE_ON= --with-libidn2=${LOCALBASE} ${ICONV_CONFIGURE_BASE}
+IDN_LIB_DEPENDS= libidn2.so:dns/libidn2
+IDN_USES= iconv
+
+IPV6_CONFIGURE_ENABLE= ipv6
+
+JSON_CONFIGURE_WITH= libjson=${LOCALBASE}
+JSON_LIB_DEPENDS= libjson-c.so:devel/json-c
+
+LARGE_FILE_CONFIGURE_ENABLE= largefile
+
+LMDB_CONFIGURE_WITH= lmdb=${LOCALBASE}
+LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb
+
+MINCACHE_EXTRA_PATCHES= ${FILESDIR}/extrapatch-bind-min-override-ttl
+
+NATIVE_PKCS11_CONFIGURE_ENABLE= native-pkcs11
+NATIVE_PKCS11_IMPLIES= THREADS
+
+QUERYTRACE_CONFIGURE_ENABLE= querytrace
+
+RPZ_NSDNAME_CONFIGURE_ENABLE= rpz-nsdname
+
+RPZ_NSIP_CONFIGURE_ENABLE= rpz-nsip
+
+SIGCHASE_CONFIGURE_ON= STD_CDEFINES="-DDIG_SIGCHASE=1"
+
+SSL_CONFIGURE_OFF= --disable-openssl-version-check --without-openssl
+SSL_CONFIGURE_ON= --with-openssl=${OPENSSLBASE}
+SSL_USES= ssl
+
+START_LATE_SUB_LIST= NAMED_REQUIRE="SERVERS cleanvar" \
+ NAMED_BEFORE="LOGIN"
+START_LATE_SUB_LIST_OFF=NAMED_REQUIRE="NETWORKING ldconfig syslogd" \
+ NAMED_BEFORE="SERVERS"
+
+THREADS_CONFIGURE_ENABLE= threads
+
+TUNING_LARGE_IMPLIES= THREADS
+TUNING_LARGE_CONFIGURE_ON= --with-tuning=large
+TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default
+
+.include <bsd.port.options.mk>
+
+.if defined(WITH_DEBUG)
+CONFIGURE_ARGS+= --enable-symtable \
+ --enable-developer
+USES+= perl5
+USE_PERL5= build
+BUILD_DEPENDS+= cmocka>0:sysutils/cmocka
+# Developer mode needs ssl, always
+.if !${PORT_OPTIONS:MSSL}
+CONFIGURE_ARGS+= --with-openssl=${OPENSSLBASE}
+USES+= ssl
+.endif
+.else
+CONFIGURE_ARGS+= --disable-symtable
+.endif
+
+.include <bsd.port.pre.mk>
+
+.if ${SSL_DEFAULT} == base
+SUB_LIST+= ENGINES=/usr/lib/engines
+.else
+SUB_LIST+= ENGINES=${LOCALBASE}/lib/engines
+.endif
+
+post-patch:
+.for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.1 \
+ rndc/rndc.8
+ @${REINPLACE_CMD} -e 's#/etc/named.conf#${ETCDIR}/named.conf#g' \
+ -e 's#/etc/rndc.conf#${ETCDIR}/rndc.conf#g' \
+ -e "s#/var\/run\/named\/named.pid#/var/run/named/pid#" \
+ ${WRKSRC}/bin/${FILE}
+.endfor
+
+.if ${PORTREVISION:N0}
+post-patch-PORTREVISION-on:
+ @${REINPLACE_CMD} -e '/EXTENSIONS/s#=$$#=_${PORTREVISION}#' \
+ ${WRKSRC}/version
+.endif
+
+post-patch-TCP_FASTOPEN-off:
+ @${REINPLACE_CMD} -e 's/#define ISC_PLATFORM_HAVETFO 1/#undef ISC_PLATFORM_HAVETFO/' ${WRKSRC}/configure
+
+post-install:
+ ${MKDIR} ${STAGEDIR}${PREFIX}/etc/mtree
+ ${MKDIR} ${STAGEDIR}${ETCDIR}
+.for i in dynamic master slave working
+ @${MKDIR} ${STAGEDIR}${ETCDIR}/$i
+.endfor
+ ${INSTALL_DATA} ${WRKDIR}/named.conf ${STAGEDIR}${ETCDIR}/named.conf.sample
+ ${INSTALL_DATA} ${FILESDIR}/named.root ${STAGEDIR}${ETCDIR}
+ ${INSTALL_DATA} ${FILESDIR}/empty.db ${STAGEDIR}${ETCDIR}/master
+ ${INSTALL_DATA} ${FILESDIR}/localhost-forward.db ${STAGEDIR}${ETCDIR}/master
+ ${INSTALL_DATA} ${FILESDIR}/localhost-reverse.db ${STAGEDIR}${ETCDIR}/master
+ ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.dist ${STAGEDIR}${PREFIX}/etc/mtree/BIND.chroot.dist.sample
+ ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.local.dist ${STAGEDIR}${PREFIX}/etc/mtree/BIND.chroot.local.dist.sample
+ ${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \
+ ${STAGEDIR}${ETCDIR}/rndc.conf.sample
+
+post-install-DOCS-on:
+ ${MKDIR} ${STAGEDIR}${DOCSDIR}/arm
+ ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm
+ ${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR}
+ ${INSTALL_DATA} ${WRKSRC}/CHANGES \
+ ${WRKSRC}/HISTORY* ${WRKSRC}/README* ${STAGEDIR}${DOCSDIR}
+
+.include <bsd.port.post.mk>
diff --git a/dns/bind911/distinfo b/dns/bind911/distinfo
new file mode 100644
index 000000000000..5af44adcefb6
--- /dev/null
+++ b/dns/bind911/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1635400901
+SHA256 (bind-9.11.36.tar.gz) = c953fcb6703b395aaa53e65ff8b2869b69a5303dd60507cba2201305e1811681
+SIZE (bind-9.11.36.tar.gz) = 8313276
diff --git a/dns/bind911/files/BIND.chroot.dist b/dns/bind911/files/BIND.chroot.dist
new file mode 100644
index 000000000000..5616dd712f6b
--- /dev/null
+++ b/dns/bind911/files/BIND.chroot.dist
@@ -0,0 +1,24 @@
+# mtree -deU -f files/BIND.chroot.dist -p tmp
+# mtree -cjnb -k uname,gname,mode -p tmp
+
+/set type=file uname=root gname=wheel mode=0755
+. type=dir
+ dev type=dir mode=0555
+ ..
+ etc type=dir
+ ..
+ tmp type=dir mode=01777
+ ..
+/set type=file uname=bind gname=bind mode=0755
+ var type=dir uname=root gname=wheel
+ dump type=dir
+ ..
+ log type=dir
+ ..
+ run type=dir
+ named type=dir
+ ..
+ ..
+ stats type=dir
+ ..
+ ..
diff --git a/dns/bind911/files/BIND.chroot.local.dist b/dns/bind911/files/BIND.chroot.local.dist
new file mode 100644
index 000000000000..81fca3df322c
--- /dev/null
+++ b/dns/bind911/files/BIND.chroot.local.dist
@@ -0,0 +1,18 @@
+# mtree -deU -f files/BIND.etc.dist -p tmp
+# mtree -cjnb -k uname,gname,mode -p tmp
+
+/set type=file uname=root gname=wheel mode=0755
+. type=dir
+ etc type=dir
+/set type=file uname=bind gname=wheel mode=0755
+ namedb type=dir uname=root
+ dynamic type=dir
+ ..
+ master type=dir uname=root
+ ..
+ slave type=dir
+ ..
+ working type=dir
+ ..
+ ..
+ ..
diff --git a/dns/bind911/files/empty.db b/dns/bind911/files/empty.db
new file mode 100644
index 000000000000..30870e74342f
--- /dev/null
+++ b/dns/bind911/files/empty.db
@@ -0,0 +1,8 @@
+$TTL 3h
+@ SOA @ nobody.localhost. 42 1d 12h 1w 3h
+ ; Serial, Refresh, Retry, Expire, Neg. cache TTL
+
+@ NS @
+
+; Silence a BIND warning
+@ A 127.0.0.1
diff --git a/dns/bind911/files/extrapatch-bind-min-override-ttl b/dns/bind911/files/extrapatch-bind-min-override-ttl
new file mode 100644
index 000000000000..1776bb0c6724
--- /dev/null
+++ b/dns/bind911/files/extrapatch-bind-min-override-ttl
@@ -0,0 +1,76 @@
+- Add the min-cache-ttl config knob.
+- Add the override-cache-ttl config knob.
+
+--- bin/named/config.c.orig 2021-05-12 10:45:51 UTC
++++ bin/named/config.c
+@@ -182,6 +182,8 @@ options {\n\
+ " max-acache-size 16M;\n\
+ max-cache-size 90%;\n\
+ max-cache-ttl 604800; /* 1 week */\n\
++ min-cache-ttl 0; /* no minimal, zero is allowed */\n\
++ override-cache-ttl 0; /* do not override */\n\
+ max-clients-per-query 100;\n\
+ max-ncache-ttl 10800; /* 3 hours */\n\
+ max-recursion-depth 7;\n\
+--- bin/named/server.c.orig 2021-05-12 10:45:51 UTC
++++ bin/named/server.c
+@@ -3721,6 +3721,16 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewl
+ }
+
+ obj = NULL;
++ result = ns_config_get(maps, "override-cache-ttl", &obj);
++ INSIST(result == ISC_R_SUCCESS);
++ view->overridecachettl = cfg_obj_asuint32(obj);
++
++ obj = NULL;
++ result = ns_config_get(maps, "min-cache-ttl", &obj);
++ INSIST(result == ISC_R_SUCCESS);
++ view->mincachettl = cfg_obj_asuint32(obj);
++
++ obj = NULL;
+ result = ns_config_get(maps, "max-cache-ttl", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ view->maxcachettl = cfg_obj_asuint32(obj);
+--- lib/dns/include/dns/view.h.orig 2021-05-12 10:45:51 UTC
++++ lib/dns/include/dns/view.h
+@@ -152,6 +152,8 @@ struct dns_view {
+ bool requestnsid;
+ bool sendcookie;
+ dns_ttl_t maxcachettl;
++ dns_ttl_t mincachettl;
++ dns_ttl_t overridecachettl;
+ dns_ttl_t maxncachettl;
+ uint32_t nta_lifetime;
+ uint32_t nta_recheck;
+--- lib/dns/resolver.c.orig 2021-05-12 10:45:51 UTC
++++ lib/dns/resolver.c
+@@ -5579,6 +5579,18 @@ cache_name(fetchctx_t *fctx, dns_message_t *rmessage,
+ }
+
+ /*
++ * Enforce the configure cache TTL override.
++ */
++ if (res->view->overridecachettl)
++ rdataset->ttl = res->view->overridecachettl;
++
++ /*
++ * Enforce the configure minimum cache TTL.
++ */
++ if (rdataset->ttl < res->view->mincachettl)
++ rdataset->ttl = res->view->mincachettl;
++
++ /*
+ * Enforce the configure maximum cache TTL.
+ */
+ if (rdataset->ttl > res->view->maxcachettl) {
+--- lib/isccfg/namedconf.c.orig 2021-05-12 10:45:51 UTC
++++ lib/isccfg/namedconf.c
+@@ -1773,6 +1773,8 @@ view_clauses[] = {
+ #endif
+ { "max-acache-size", &cfg_type_sizenodefault, 0 },
+ { "max-cache-size", &cfg_type_sizeorpercent, 0 },
++ { "override-cache-ttl", &cfg_type_uint32, 0 },
++ { "min-cache-ttl", &cfg_type_uint32, 0 },
+ { "max-cache-ttl", &cfg_type_uint32, 0 },
+ { "max-clients-per-query", &cfg_type_uint32, 0 },
+ { "max-ncache-ttl", &cfg_type_uint32, 0 },
diff --git a/dns/bind911/files/extrapatch-interfacemgr.c b/dns/bind911/files/extrapatch-interfacemgr.c
new file mode 100644
index 000000000000..d579771f6828
--- /dev/null
+++ b/dns/bind911/files/extrapatch-interfacemgr.c
@@ -0,0 +1,14 @@
+Use accf_dns's kernel module if available.
+
+--- bin/named/interfacemgr.c.orig 2020-08-06 10:05:20 UTC
++++ bin/named/interfacemgr.c
+@@ -521,7 +521,8 @@ ns_interface_accepttcp(ns_interface_t *ifp) {
+ * If/when there a multiple filters listen to the
+ * result.
+ */
+- (void)isc_socket_filter(ifp->tcpsocket, "dataready");
++ if (isc_socket_filter(ifp->tcpsocket, "dnsready") != ISC_R_SUCCESS)
++ (void)isc_socket_filter(ifp->tcpsocket, "dataready");
+
+ result = ns_clientmgr_createclients(ifp->clientmgr, 1, ifp, true);
+ if (result != ISC_R_SUCCESS) {
diff --git a/dns/bind911/files/localhost-forward.db b/dns/bind911/files/localhost-forward.db
new file mode 100644
index 000000000000..fdd2e9ce4bee
--- /dev/null
+++ b/dns/bind911/files/localhost-forward.db
@@ -0,0 +1,8 @@
+$TTL 3h
+localhost. SOA localhost. nobody.localhost. 42 1d 12h 1w 3h
+ ; Serial, Refresh, Retry, Expire, Neg. cache TTL
+
+ NS localhost.
+
+ A 127.0.0.1
+ AAAA ::1
diff --git a/dns/bind911/files/localhost-reverse.db b/dns/bind911/files/localhost-reverse.db
new file mode 100644
index 000000000000..376e94fa94a8
--- /dev/null
+++ b/dns/bind911/files/localhost-reverse.db
@@ -0,0 +1,10 @@
+$TTL 3h
+@ SOA localhost. nobody.localhost. 42 1d 12h 1w 3h
+ ; Serial, Refresh, Retry, Expire, Neg. cache TTL
+
+ NS localhost.
+
+1.0.0 PTR localhost.
+
+1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR localhost.
+
diff --git a/dns/bind911/files/named.conf.in b/dns/bind911/files/named.conf.in
new file mode 100644
index 000000000000..c3a367fd23ee
--- /dev/null
+++ b/dns/bind911/files/named.conf.in
@@ -0,0 +1,378 @@
+// Refer to the named.conf(5) and named(8) man pages, and the documentation
+// in /usr/local/share/doc/bind for more details.
+//
+// If you are going to set up an authoritative server, make sure you
+// understand the hairy details of how DNS works. Even with
+// simple mistakes, you can break connectivity for affected parties,
+// or cause huge amounts of useless Internet traffic.
+
+options {
+ // All file and path names are relative to the chroot directory,
+ // if any, and should be fully qualified.
+ directory "%%ETCDIR%%/working";
+ pid-file "/var/run/named/pid";
+ dump-file "/var/dump/named_dump.db";
+ statistics-file "/var/stats/named.stats";
+
+// If named is being used only as a local resolver, this is a safe default.
+// For named to be accessible to the network, comment this option, specify
+// the proper IP address, or delete this option.
+ listen-on { 127.0.0.1; };
+
+// If you have IPv6 enabled on this system, uncomment this option for
+// use as a local resolver. To give access to the network, specify
+// an IPv6 address, or the keyword "any".
+// listen-on-v6 { ::1; };
+
+// These zones are already covered by the empty zones listed below.
+// If you remove the related empty zones below, comment these lines out.
+ disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
+ disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
+ disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
+
+// If you've got a DNS server around at your upstream provider, enter
+// its IP address here, and enable the line below. This will make you
+// benefit from its cache, thus reduce overall DNS traffic in the Internet.
+/*
+ forwarders {
+ 127.0.0.1;
+ };
+*/
+
+// If the 'forwarders' clause is not empty the default is to 'forward first'
+// which will fall back to sending a query from your local server if the name
+// servers in 'forwarders' do not have the answer. Alternatively you can
+// force your name server to never initiate queries of its own by enabling the
+// following line:
+// forward only;
+
+// If you wish to have forwarding configured automatically based on
+// the entries in /etc/resolv.conf, uncomment the following line and
+// set named_auto_forward=yes in /etc/rc.conf. You can also enable
+// named_auto_forward_only (the effect of which is described above).
+// include "%%ETCDIR%%/auto_forward.conf";
+
+ /*
+ Modern versions of BIND use a random UDP port for each outgoing
+ query by default in order to dramatically reduce the possibility
+ of cache poisoning. All users are strongly encouraged to utilize
+ this feature, and to configure their firewalls to accommodate it.
+
+ AS A LAST RESORT in order to get around a restrictive firewall
+ policy you can try enabling the option below. Use of this option
+ will significantly reduce your ability to withstand cache poisoning
+ attacks, and should be avoided if at all possible.
+
+ Replace NNNNN in the example with a number between 49160 and 65530.
+ */
+ // query-source address * port NNNNN;
+};
+
+// If you enable a local name server, don't forget to enter 127.0.0.1
+// first in your /etc/resolv.conf so this server will be queried.
+// Also, make sure to enable it in /etc/rc.conf.
+
+// The traditional root hints mechanism. Use this, OR the slave zones below.
+zone "." { type hint; file "%%ETCDIR%%/named.root"; };
+
+/* Slaving the following zones from the root name servers has some
+ significant advantages:
+ 1. Faster local resolution for your users
+ 2. No spurious traffic will be sent from your network to the roots
+ 3. Greater resilience to any potential root server failure/DDoS
+
+ On the other hand, this method requires more monitoring than the
+ hints file to be sure that an unexpected failure mode has not
+ incapacitated your server. Name servers that are serving a lot
+ of clients will benefit more from this approach than individual
+ hosts. Use with caution.
+
+ To use this mechanism, uncomment the entries below, and comment
+ the hint zone above.
+
+ As documented at http://dns.icann.org/services/axfr/ these zones:
+ "." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and a few others
+ are available for AXFR from these servers on IPv4 and IPv6:
+ xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org
+*/
+/*
+zone "." {
+ type slave;
+ file "%%ETCDIR%%/slave/root.slave";
+ masters {
+ 192.0.32.132; // lax.xfr.dns.icann.org
+ 2620:0:2d0:202::132; // lax.xfr.dns.icann.org
+ 192.0.47.132; // iad.xfr.dns.icann.org
+ 2620:0:2830:202::132; // iad.xfr.dns.icann.org
+ };
+ notify no;
+};
+zone "arpa" {
+ type slave;
+ file "%%ETCDIR%%/slave/arpa.slave";
+ masters {
+ 192.0.32.132; // lax.xfr.dns.icann.org
+ 2620:0:2d0:202::132; // lax.xfr.dns.icann.org
+ 192.0.47.132; // iad.xfr.dns.icann.org
+ 2620:0:2830:202::132; // iad.xfr.dns.icann.org
+ };
+ notify no;
+};
+zone "in-addr.arpa" {
+ type slave;
+ file "%%ETCDIR%%/slave/in-addr.arpa.slave";
+ masters {
+ 192.0.32.132; // lax.xfr.dns.icann.org
+ 2620:0:2d0:202::132; // lax.xfr.dns.icann.org
+ 192.0.47.132; // iad.xfr.dns.icann.org
+ 2620:0:2830:202::132; // iad.xfr.dns.icann.org
+ };
+ notify no;
+};
+zone "ip6.arpa" {
+ type slave;
+ file "%%ETCDIR%%/slave/ip6.arpa.slave";
+ masters {
+ 192.0.32.132; // lax.xfr.dns.icann.org
+ 2620:0:2d0:202::132; // lax.xfr.dns.icann.org
+ 192.0.47.132; // iad.xfr.dns.icann.org
+ 2620:0:2830:202::132; // iad.xfr.dns.icann.org
+ };
+ notify no;
+};
+*/
+
+/* Serving the following zones locally will prevent any queries
+ for these zones leaving your network and going to the root
+ name servers. This has two significant advantages:
+ 1. Faster local resolution for your users
+ 2. No spurious traffic will be sent from your network to the roots
+*/
+// RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)
+zone "localhost" { type master; file "%%ETCDIR%%/master/localhost-forward.db"; };
+zone "127.in-addr.arpa" { type master; file "%%ETCDIR%%/master/localhost-reverse.db"; };
+zone "255.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+
+// RFC 1912-style zone for IPv6 localhost address (RFC 6303)
+zone "0.ip6.arpa" { type master; file "%%ETCDIR%%/master/localhost-reverse.db"; };
+
+// "This" Network (RFCs 1912, 5735 and 6303)
+zone "0.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+
+// Private Use Networks (RFCs 1918, 5735 and 6303)
+zone "10.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "16.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "17.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "18.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "19.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "20.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "21.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "22.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "23.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "24.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "25.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "26.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "27.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "28.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "29.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "30.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "31.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "168.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+
+// Shared Address Space (RFC 6598)
+zone "64.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "65.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "66.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "67.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "68.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "69.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "70.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "71.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "72.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "73.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "74.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "75.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "76.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "77.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "78.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "79.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "80.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "81.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "82.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "83.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "84.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "85.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "86.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "87.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "88.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "89.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "90.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "91.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "92.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "93.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "94.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "95.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "96.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "97.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "98.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "99.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "100.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "101.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "102.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "103.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "104.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "105.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "106.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "107.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "108.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "109.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "110.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "111.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "112.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "113.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "114.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "115.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "116.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "117.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "118.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "119.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "120.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "121.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "122.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "123.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "124.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "125.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "126.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "127.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+
+// Link-local/APIPA (RFCs 3927, 5735 and 6303)
+zone "254.169.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+
+// IETF protocol assignments (RFCs 5735 and 5736)
+zone "0.0.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+
+// TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303)
+zone "2.0.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "100.51.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "113.0.203.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+
+// IPv6 Example Range for Documentation (RFCs 3849 and 6303)
+zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+
+// Router Benchmark Testing (RFCs 2544 and 5735)
+zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "19.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+
+// IANA Reserved - Old Class E Space (RFC 5735)
+zone "240.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "241.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "242.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "243.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "244.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "245.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "246.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "247.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "248.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "249.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "250.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "251.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "252.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "253.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "254.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+
+// IPv6 Unassigned Addresses (RFC 4291)
+zone "1.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "3.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "4.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "5.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "6.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "7.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "8.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "9.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "a.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "b.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "c.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "d.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "e.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "0.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "1.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "2.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "3.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "4.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "5.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "6.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "7.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "8.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "9.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "a.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "b.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "0.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "1.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "2.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "3.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "4.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "5.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "6.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "7.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+
+// IPv6 ULA (RFCs 4193 and 6303)
+zone "c.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "d.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+
+// IPv6 Link Local (RFCs 4291 and 6303)
+zone "8.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "9.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "a.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "b.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+
+// IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303)
+zone "c.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "d.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "e.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+zone "f.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
+
+// IP6.INT is Deprecated (RFC 4159)
+zone "ip6.int" { type master; file "%%ETCDIR%%/master/empty.db"; };
+
+// NB: Do not use the IP addresses below, they are faked, and only
+// serve demonstration/documentation purposes!
+//
+// Example slave zone config entries. It can be convenient to become
+// a slave at least for the zone your own domain is in. Ask
+// your network administrator for the IP address of the responsible
+// master name server.
+//
+// Do not forget to include the reverse lookup zone!
+// This is named after the first bytes of the IP address, in reverse
+// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6.
+//
+// Before starting to set up a master zone, make sure you fully
+// understand how DNS and BIND work. There are sometimes
+// non-obvious pitfalls. Setting up a slave zone is usually simpler.
+//
+// NB: Don't blindly enable the examples below. :-) Use actual names
+// and addresses instead.
+
+/* An example dynamic zone
+key "exampleorgkey" {
+ algorithm hmac-md5;
+ secret "sf87HJqjkqh8ac87a02lla==";
+};
+zone "example.org" {
+ type master;
+ allow-update {
+ key "exampleorgkey";
+ };
+ file "%%ETCDIR%%/dynamic/example.org";
+};
+*/
+
+/* Example of a slave reverse zone
+zone "1.168.192.in-addr.arpa" {
+ type slave;
+ file "%%ETCDIR%%/slave/1.168.192.in-addr.arpa";
+ masters {
+ 192.168.1.1;
+ };
+};
+*/
diff --git a/dns/bind911/files/named.in b/dns/bind911/files/named.in
new file mode 100644
index 000000000000..95f11da12d74
--- /dev/null
+++ b/dns/bind911/files/named.in
@@ -0,0 +1,448 @@
+#!/bin/sh
+
+# PROVIDE: named
+# REQUIRE: %%NAMED_REQUIRE%%
+# BEFORE: %%NAMED_BEFORE%%
+# KEYWORD: shutdown
+
+#
+# Add the following lines to /etc/rc.conf to enable BIND:
+# named_enable (bool): Run named, the DNS server (or NO).
+# named_program (str): Path to named, if you want a different one.
+# named_conf (str): Path to the configuration file
+# named_flags (str): Use this for flags OTHER than -u and -c
+# named_uid (str): User to run named as
+# named_chrootdir (str): Chroot directory (or "" not to auto-chroot it)
+# Historically, was /var/named
+# named_chroot_autoupdate (bool): Automatically install/update chrooted
+# components of named.
+# named_symlink_enable (bool): Symlink the chrooted pid file
+# named_wait (bool): Wait for working name service before exiting
+# named_wait_host (str): Hostname to check if named_wait is enabled
+# named_auto_forward (str): Set up forwarders from /etc/resolv.conf
+# named_auto_forward_only (str): Do "forward only" instead of "forward first"
+%%NATIVE_PKCS11%%# named_pkcs11_engine (str): Path to the PKCS#11 library to use.
+#
+
+. /etc/rc.subr
+
+name=named
+desc="named BIND startup script"
+rcvar=named_enable
+
+load_rc_config ${name}
+
+extra_commands=reload
+
+start_precmd=named_prestart
+start_postcmd=named_poststart
+reload_cmd=named_reload
+stop_cmd=named_stop
+stop_postcmd=named_poststop
+
+named_enable=${named_enable:-"NO"}
+named_program=${named_program:-"%%PREFIX%%/sbin/named"}
+named_conf=${named_conf:-"%%ETCDIR%%/named.conf"}
+named_flags=${named_flags:-""}
+named_uid=${named_uid:-"bind"}
+named_chrootdir=${named_chrootdir:-""}
+named_chroot_autoupdate=${named_chroot_autoupdate:-"YES"}
+named_symlink_enable=${named_symlink_enable:-"YES"}
+named_wait=${named_wait:-"NO"}
+named_wait_host=${named_wait_host:-"localhost"}
+named_auto_forward=${named_auto_forward:-"NO"}
+named_auto_forward_only=${named_auto_forward_only:-"NO"}
+%%NATIVE_PKCS11%%named_pkcs11_engine=${named_pkcs11_engine:-""}
+
+# Not configuration variables but having them here keeps rclint happy
+required_dirs="${named_chrootdir}"
*** 1219 LINES SKIPPED ***