Index: head/dns/Makefile
===================================================================
--- head/dns/Makefile
+++ head/dns/Makefile
@@ -172,6 +172,7 @@
     SUBDIR += pear-Net_DNS2
     SUBDIR += powerdns
     SUBDIR += powerdns-recursor
+    SUBDIR += powerdns-recursor40
     SUBDIR += public_suffix_list
     SUBDIR += py-dns
     SUBDIR += py-dns-lexicon
Index: head/dns/powerdns-recursor40/Makefile
===================================================================
--- head/dns/powerdns-recursor40/Makefile
+++ head/dns/powerdns-recursor40/Makefile
@@ -0,0 +1,61 @@
+# Created by: sten@blinkenlights.nl
+# $FreeBSD$
+
+PORTNAME=	recursor
+DISTVERSION=	4.0.8
+CATEGORIES=	dns ipv6
+MASTER_SITES=	http://downloads.powerdns.com/releases/
+PKGNAMEPREFIX=	powerdns-
+PKGNAMESUFFIX=	40
+DISTNAME=	pdns-${PORTNAME}-${DISTVERSION}
+
+MAINTAINER=	tremere@cainites.net
+COMMENT=	Advanced DNS recursor
+
+LICENSE=	GPLv2
+
+BROKEN_armv6=		fails to compile: use of overloaded operator << is ambiguous
+BROKEN_armv7=		fails to compile: use of overloaded operator << is ambiguous
+BROKEN_sparc64=		fails to compile: json11.cpp: undefined reference to std::__throw_out_of_range_fmt
+BROKEN_powerpc64=	fails to compile: dnslabeltext.cc: undefined reference to std::__cxx11::basic_string
+
+BUILD_DEPENDS=	${LOCALBASE}/include/boost/shared_ptr.hpp:devel/boost-libs
+LIB_DEPENDS=	libboost_context.so:devel/boost-libs \
+		libprotobuf.so:devel/protobuf
+
+USES=		compiler:c++11-lib cpe gmake localbase:ldflags pkgconfig ssl tar:bzip2
+GNU_CONFIGURE=	YES
+CXXFLAGS+=	-D_GLIBCXX_USE_C99
+CONFIGURE_ARGS=	--sysconfdir=${PREFIX}/etc/pdns \
+		--with-protobuf
+
+CPE_VENDOR=	powerdns
+
+USE_RC_SUBR=	pdns-recursor
+
+OPTIONS_DEFINE=	OPTALGO SETUID
+OPTIONS_DEFAULT=	LUA SETUID
+OPTIONS_RADIO=	LUA_RG
+OPTIONS_RADIO_LUA_RG=	LUA LUAJIT
+LUAJIT_DESC=		Enable LuaJIT
+LUA_RG_DESC=		Lua Engine
+OPTALGO_DESC=		Enable optional algorithms (12 & 15)
+SETUID_DESC=		Run as pdns_recursor user
+
+LUA_CONFIGURE_WITH=	lua
+LUA_USES=		lua
+
+LUAJIT_CONFIGURE_WITH=	luajit
+LUAJIT_LIB_DEPENDS=	libluajit-5.1.so.2:lang/luajit
+
+OPTALGO_CONFIGURE_ON=	--enable-botan \
+			--enable-libsodium
+OPTALGO_LIB_DEPENDS=	libbotan-2.so:security/botan2 \
+			libsodium.so:security/libsodium
+
+SETUID_VARS=	USERS=pdns_recursor GROUPS=pdns
+SETUID_EXTRA_PATCHES=	${PATCHDIR}/extrapatch-setuid
+
+SUB_FILES=	pkg-message
+
+.include <bsd.port.mk>
Index: head/dns/powerdns-recursor40/distinfo
===================================================================
--- head/dns/powerdns-recursor40/distinfo
+++ head/dns/powerdns-recursor40/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1513108912
+SHA256 (pdns-recursor-4.0.8.tar.bz2) = 9c6ff00f0e26044b0c81f1a8304743b4fc0f6699a356fce28cc8c2e6aaf16513
+SIZE (pdns-recursor-4.0.8.tar.bz2) = 1071831
Index: head/dns/powerdns-recursor40/files/extrapatch-setuid
===================================================================
--- head/dns/powerdns-recursor40/files/extrapatch-setuid
+++ head/dns/powerdns-recursor40/files/extrapatch-setuid
@@ -0,0 +1,13 @@
+--- pdns_recursor.cc.orig	2017-01-17 02:48:30 UTC
++++ pdns_recursor.cc
+@@ -2969,8 +2969,8 @@ int main(int argc, char **argv)
+     ::arg().set("disable-syslog","Disable logging to syslog, useful when running inside a supervisor that logs stdout")="no";
+     ::arg().set("log-common-errors","If we should log rather common errors")="no";
+     ::arg().set("chroot","switch to chroot jail")="";
+-    ::arg().set("setgid","If set, change group id to this gid for more security")="";
+-    ::arg().set("setuid","If set, change user id to this uid for more security")="";
++    ::arg().set("setgid","If set, change group id to this gid for more security")="pdns";
++    ::arg().set("setuid","If set, change user id to this uid for more security")="pdns_recursor";
+     ::arg().set("network-timeout", "Wait this nummer of milliseconds for network i/o")="1500";
+     ::arg().set("threads", "Launch this number of threads")="2";
+     ::arg().set("processes", "Launch this number of processes (EXPERIMENTAL, DO NOT CHANGE)")="1"; // if we un-experimental this, need to fix openssl rand seeding for multiple PIDs!
Index: head/dns/powerdns-recursor40/files/patch-dnsname.hh
===================================================================
--- head/dns/powerdns-recursor40/files/patch-dnsname.hh
+++ head/dns/powerdns-recursor40/files/patch-dnsname.hh
@@ -0,0 +1,20 @@
+--- dnsname.hh.orig	2017-01-17 03:18:41 UTC
++++ dnsname.hh
+@@ -30,7 +30,7 @@
+ #include <boost/version.hpp>
+ 
+ // it crashes on OSX and doesn't compile on OpenBSD
+-#if BOOST_VERSION >= 105300 && ! defined( __APPLE__ ) && ! defined(__OpenBSD__)
++#if BOOST_VERSION >= 105300 && ! defined(_LIBCPP_VERSION) && ! defined(__OpenBSD__)
+ #include <boost/container/string.hpp>
+ #endif
+ 
+@@ -133,7 +133,7 @@ public:
+   inline bool canonCompare(const DNSName& rhs) const;
+   bool slowCanonCompare(const DNSName& rhs) const;  
+ 
+-#if BOOST_VERSION >= 105300 && ! defined( __APPLE__ ) && ! defined(__OpenBSD__)
++#if BOOST_VERSION >= 105300 && ! defined(_LIBCPP_VERSION) && ! defined(__OpenBSD__)
+   typedef boost::container::string string_t;
+ #else
+   typedef std::string string_t;
Index: head/dns/powerdns-recursor40/files/pdns-recursor.in
===================================================================
--- head/dns/powerdns-recursor40/files/pdns-recursor.in
+++ head/dns/powerdns-recursor40/files/pdns-recursor.in
@@ -0,0 +1,37 @@
+#!/bin/sh
+#
+# $$
+#
+
+# PROVIDE: pdns_recursor
+# REQUIRE: SERVERS cleanvar
+# BEFORE:  DAEMON
+# KEYWORD: shutdown
+
+#
+# Add the following lines to /etc/rc.conf to enable pdns_recursor:
+#
+# pdns_recursor_enable="YES"
+# pdns_recursor_flags="<set as needed>"
+#
+# See pdns_recursor(8) for flags.
+#
+
+. /etc/rc.subr
+
+name=pdns_recursor
+rcvar=pdns_recursor_enable
+
+command=%%PREFIX%%/sbin/pdns_recursor
+command_args="--daemon=yes"
+
+# set defaults
+
+pdns_recursor_enable=${pdns_recursor_enable:-"NO"}
+pdns_recursor_conf=${pdns_recursor_conf:-"%%PREFIX%%/etc/pdns/recursor.conf"}
+
+load_rc_config ${name}
+
+required_files=${pdns_recursor_conf}
+
+run_rc_command "$1"
Index: head/dns/powerdns-recursor40/files/pkg-message.in
===================================================================
--- head/dns/powerdns-recursor40/files/pkg-message.in
+++ head/dns/powerdns-recursor40/files/pkg-message.in
@@ -0,0 +1,11 @@
+
+*******************************************************************
+ If you want to use the powerdns recursor,
+ you need the following line in /etc/rc.conf(.local)
+
+    pdns_recursor_enable="YES"
+
+ Configuration templates are available in %%PREFIX%%/etc/pdns
+ as recursor.conf-dist.
+*******************************************************************
+
Index: head/dns/powerdns-recursor40/pkg-descr
===================================================================
--- head/dns/powerdns-recursor40/pkg-descr
+++ head/dns/powerdns-recursor40/pkg-descr
@@ -0,0 +1,4 @@
+powerdns recursor is a high performance, simple and secure recursing
+nameserver. It currently powers over two million internet connections.
+
+WWW: http://www.powerdns.com
Index: head/dns/powerdns-recursor40/pkg-plist
===================================================================
--- head/dns/powerdns-recursor40/pkg-plist
+++ head/dns/powerdns-recursor40/pkg-plist
@@ -0,0 +1,5 @@
+@sample etc/pdns/recursor.conf-dist etc/pdns/recursor.conf
+bin/rec_control
+sbin/pdns_recursor
+man/man1/pdns_recursor.1.gz
+man/man1/rec_control.1.gz