Index: branches/2017Q2/dns/bind9-devel/files/named.conf.in
===================================================================
--- branches/2017Q2/dns/bind9-devel/files/named.conf.in	(revision 443608)
+++ branches/2017Q2/dns/bind9-devel/files/named.conf.in	(revision 443609)
@@ -1,388 +1,380 @@
 // $FreeBSD$
 //
 // Refer to the named.conf(5) and named(8) man pages, and the documentation
 // in /usr/local/share/doc/bind for more details.
 //
 // If you are going to set up an authoritative server, make sure you
 // understand the hairy details of how DNS works.  Even with
 // simple mistakes, you can break connectivity for affected parties,
 // or cause huge amounts of useless Internet traffic.
 
 options {
 	// All file and path names are relative to the chroot directory,
 	// if any, and should be fully qualified.
 	directory	"%%ETCDIR%%/working";
 	pid-file	"/var/run/named/pid";
 	dump-file	"/var/dump/named_dump.db";
 	statistics-file	"/var/stats/named.stats";
 
 // If named is being used only as a local resolver, this is a safe default.
 // For named to be accessible to the network, comment this option, specify
 // the proper IP address, or delete this option.
 	listen-on	{ 127.0.0.1; };
 
 // If you have IPv6 enabled on this system, uncomment this option for
 // use as a local resolver.  To give access to the network, specify
 // an IPv6 address, or the keyword "any".
 //	listen-on-v6	{ ::1; };
 
 // These zones are already covered by the empty zones listed below.
 // If you remove the related empty zones below, comment these lines out.
 	disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
 	disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
 	disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
 
 // If you've got a DNS server around at your upstream provider, enter
 // its IP address here, and enable the line below.  This will make you
 // benefit from its cache, thus reduce overall DNS traffic in the Internet.
 /*
 	forwarders {
 		127.0.0.1;
 	};
 */
 
 // If the 'forwarders' clause is not empty the default is to 'forward first'
 // which will fall back to sending a query from your local server if the name
 // servers in 'forwarders' do not have the answer.  Alternatively you can
 // force your name server to never initiate queries of its own by enabling the
 // following line:
 //	forward only;
 
 // If you wish to have forwarding configured automatically based on
 // the entries in /etc/resolv.conf, uncomment the following line and
 // set named_auto_forward=yes in /etc/rc.conf.  You can also enable
 // named_auto_forward_only (the effect of which is described above).
 //	include "%%ETCDIR%%/auto_forward.conf";
 
 	/*
 	   Modern versions of BIND use a random UDP port for each outgoing
 	   query by default in order to dramatically reduce the possibility
 	   of cache poisoning.  All users are strongly encouraged to utilize
 	   this feature, and to configure their firewalls to accommodate it.
 
 	   AS A LAST RESORT in order to get around a restrictive firewall
 	   policy you can try enabling the option below.  Use of this option
 	   will significantly reduce your ability to withstand cache poisoning
 	   attacks, and should be avoided if at all possible.
 
 	   Replace NNNNN in the example with a number between 49160 and 65530.
 	*/
 	// query-source address * port NNNNN;
 };
 
 // If you enable a local name server, don't forget to enter 127.0.0.1
 // first in your /etc/resolv.conf so this server will be queried.
 // Also, make sure to enable it in /etc/rc.conf.
 
 // The traditional root hints mechanism. Use this, OR the slave zones below.
 zone "." { type hint; file "%%ETCDIR%%/named.root"; };
 
 /*	Slaving the following zones from the root name servers has some
 	significant advantages:
 	1. Faster local resolution for your users
 	2. No spurious traffic will be sent from your network to the roots
 	3. Greater resilience to any potential root server failure/DDoS
 
 	On the other hand, this method requires more monitoring than the
 	hints file to be sure that an unexpected failure mode has not
 	incapacitated your server.  Name servers that are serving a lot
 	of clients will benefit more from this approach than individual
 	hosts.  Use with caution.
 
 	To use this mechanism, uncomment the entries below, and comment
 	the hint zone above.
 
 	As documented at http://dns.icann.org/services/axfr/ these zones:
 	"." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and a few others
 	are available for AXFR from these servers on IPv4 and IPv6:
 	xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org
 */
 /*
 zone "." {
 	type slave;
 	file "%%ETCDIR%%/slave/root.slave";
 	masters {
 		192.0.32.132;           // lax.xfr.dns.icann.org
 		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
 		192.0.47.132;           // iad.xfr.dns.icann.org
 		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
 };
 zone "arpa" {
 	type slave;
 	file "%%ETCDIR%%/slave/arpa.slave";
 	masters {
 		192.0.32.132;           // lax.xfr.dns.icann.org
 		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
 		192.0.47.132;           // iad.xfr.dns.icann.org
 		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
 };
 zone "in-addr.arpa" {
 	type slave;
 	file "%%ETCDIR%%/slave/in-addr.arpa.slave";
 	masters {
 		192.0.32.132;           // lax.xfr.dns.icann.org
 		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
 		192.0.47.132;           // iad.xfr.dns.icann.org
 		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
-}
+};
 zone "ip6.arpa" {
 	type slave;
 	file "%%ETCDIR%%/slave/ip6.arpa.slave";
 	masters {
 		192.0.32.132;           // lax.xfr.dns.icann.org
 		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
 		192.0.47.132;           // iad.xfr.dns.icann.org
 		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
-}
+};
 */
 
 /*	Serving the following zones locally will prevent any queries
 	for these zones leaving your network and going to the root
 	name servers.  This has two significant advantages:
 	1. Faster local resolution for your users
 	2. No spurious traffic will be sent from your network to the roots
 */
 // RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)
 zone "localhost"	{ type master; file "%%ETCDIR%%/master/localhost-forward.db"; };
 zone "127.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/localhost-reverse.db"; };
 zone "255.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // RFC 1912-style zone for IPv6 localhost address (RFC 6303)
 zone "0.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/localhost-reverse.db"; };
 
 // "This" Network (RFCs 1912, 5735 and 6303)
 zone "0.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // Private Use Networks (RFCs 1918, 5735 and 6303)
 zone "10.in-addr.arpa"	   { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "16.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "17.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "18.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "19.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "20.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "21.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "22.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "23.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "24.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "25.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "26.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "27.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "28.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "29.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "30.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "31.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "168.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // Shared Address Space (RFC 6598)
 zone "64.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "65.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "66.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "67.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "68.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "69.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "70.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "71.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "72.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "73.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "74.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "75.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "76.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "77.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "78.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "79.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "80.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "81.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "82.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "83.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "84.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "85.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "86.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "87.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "88.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "89.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "90.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "91.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "92.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "93.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "94.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "95.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "96.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "97.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "98.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "99.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "100.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "101.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "102.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "103.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "104.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "105.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "106.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "107.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "108.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "109.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "110.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "111.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "112.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "113.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "114.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "115.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "116.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "117.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "118.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "119.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "120.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "121.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "122.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "123.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "124.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "125.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "126.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "127.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // Link-local/APIPA (RFCs 3927, 5735 and 6303)
 zone "254.169.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IETF protocol assignments (RFCs 5735 and 5736)
 zone "0.0.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303)
 zone "2.0.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "100.51.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "113.0.203.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IPv6 Example Range for Documentation (RFCs 3849 and 6303)
 zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
-
-// Domain Names for Documentation and Testing (BCP 32)
-zone "test" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "invalid" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example.com" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example.net" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example.org" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // Router Benchmark Testing (RFCs 2544 and 5735)
 zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "19.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IANA Reserved - Old Class E Space (RFC 5735)
 zone "240.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "241.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "242.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "243.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "244.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "245.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "246.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "247.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "248.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "249.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "250.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "251.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "252.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "253.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "254.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IPv6 Unassigned Addresses (RFC 4291)
 zone "1.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "3.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "4.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "5.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "6.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "7.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "8.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "9.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "a.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "b.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "c.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "d.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "e.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "0.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "1.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "2.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "3.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "4.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "5.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "6.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "7.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "8.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "9.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "a.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "b.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "0.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "1.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "2.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "3.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "4.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "5.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "6.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "7.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IPv6 ULA (RFCs 4193 and 6303)
 zone "c.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "d.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IPv6 Link Local (RFCs 4291 and 6303)
 zone "8.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "9.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "a.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "b.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303)
 zone "c.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "d.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "e.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "f.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IP6.INT is Deprecated (RFC 4159)
 zone "ip6.int"		{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // NB: Do not use the IP addresses below, they are faked, and only
 // serve demonstration/documentation purposes!
 //
 // Example slave zone config entries.  It can be convenient to become
 // a slave at least for the zone your own domain is in.  Ask
 // your network administrator for the IP address of the responsible
 // master name server.
 //
 // Do not forget to include the reverse lookup zone!
 // This is named after the first bytes of the IP address, in reverse
 // order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6.
 //
 // Before starting to set up a master zone, make sure you fully
 // understand how DNS and BIND work.  There are sometimes
 // non-obvious pitfalls.  Setting up a slave zone is usually simpler.
 //
 // NB: Don't blindly enable the examples below. :-)  Use actual names
 // and addresses instead.
 
 /* An example dynamic zone
 key "exampleorgkey" {
 	algorithm hmac-md5;
 	secret "sf87HJqjkqh8ac87a02lla==";
 };
 zone "example.org" {
 	type master;
 	allow-update {
 		key "exampleorgkey";
 	};
 	file "%%ETCDIR%%/dynamic/example.org";
 };
 */
 
 /* Example of a slave reverse zone
 zone "1.168.192.in-addr.arpa" {
 	type slave;
 	file "%%ETCDIR%%/slave/1.168.192.in-addr.arpa";
 	masters {
 		192.168.1.1;
 	};
 };
 */
Index: branches/2017Q2/dns/bind9-devel/files/pkg-message.in
===================================================================
--- branches/2017Q2/dns/bind9-devel/files/pkg-message.in	(revision 443608)
+++ branches/2017Q2/dns/bind9-devel/files/pkg-message.in	(revision 443609)
@@ -1,21 +1,28 @@
 **********************************************************************
 *            _  _____ _____ _____ _   _ _____ ___ ___  _   _         *
 *           / \|_   _|_   _| ____| \ | |_   _|_ _/ _ \| \ | |        *
 *          / _ \ | |   | | |  _| |  \| | | |  | | | | |  \| |        *
 *         / ___ \| |   | | | |___| |\  | | |  | | |_| | |\  |        *
 *        /_/   \_\_|   |_| |_____|_| \_| |_| |___\___/|_| \_|        *
 *                                                                    *
 *   BIND requires configuration of rndc, including a "secret" key.   *
 *    The easiest, and most secure way to configure rndc is to run    *
 *   'rndc-confgen -a' to generate the proper conf file, with a new   *
 *            random key, and appropriate file permissions.           *
 *                                                                    *
 *     The %%PREFIX%%/etc/rc.d/named script will do that for you.     *
 *                                                                    *
+*      If using syslog to log the BIND9 activity, and using a        *
+*     chroot'ed installation, you will need to tell syslog to        *
+*       install a log socket in the BIND9 chroot by running:         *
+*                                                                    *
+*            # sysrc altlog_proglist+=named                          *
+*                                                                    *
+*    And then restarting syslogd with: service syslogd restart       *
 *                                                                    *
 *                                                                    *
 *   THIS IS A DEVELOPMENT VERSION IF BIND, IT WILL EAT YOUR DATA     *
 *                                                                    *
 *                                                                    *
 *                                                                    *
 **********************************************************************
Index: branches/2017Q2/dns/bind910/Makefile
===================================================================
--- branches/2017Q2/dns/bind910/Makefile	(revision 443608)
+++ branches/2017Q2/dns/bind910/Makefile	(revision 443609)
@@ -1,238 +1,238 @@
 # $FreeBSD$
 # pkg-help formatted with fmt 59 63
 
 PORTNAME=	bind
 PORTVERSION=	${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/}
 PORTREVISION=	0
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	ISC/bind9/${ISCVERSION}
 PKGNAMESUFFIX=	910
 DISTNAME=	${PORTNAME}-${ISCVERSION}
 
 MAINTAINER=	mat@FreeBSD.org
 COMMENT=	BIND DNS suite with updated DNSSEC and DNS64
 
 LICENSE=	ISCL
 LICENSE_FILE=	${WRKSRC}/COPYRIGHT
 
 # ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION=	9.10.5
+ISCVERSION=	9.10.5-P1
 
 USES=	cpe libedit
 
 CPE_VENDOR=	isc
 CPE_VERSION=	${ISCVERSION:C/-.*//}
 .if ${ISCVERSION:M*-*}
 CPE_UPDATE=	${ISCVERSION:C/.*-//:tl}
 .endif
 
 LIB_DEPENDS=	libxml2.so:textproc/libxml2
 
 GNU_CONFIGURE=	yes
 CONFIGURE_ARGS=	--localstatedir=/var --disable-linux-caps \
 		--disable-symtable \
 		--with-randomdev=/dev/random \
 		--with-libxml2=${LOCALBASE} \
 		--with-readline="-L${LOCALBASE}/lib -ledit" \
 		--with-dlopen=yes \
 		--sysconfdir=${ETCDIR}
 ETCDIR=		${PREFIX}/etc/namedb
 
 CONFLICTS=	bind-tools bind99 bind911 bind9-devel
 
 SUB_FILES=	pkg-message named.conf
 USE_RC_SUBR=	named
 
 MAKE_JOBS_UNSAFE=	yes
 
 PORTDOCS=	*
 
 OPTIONS_DEFAULT=	SSL THREADS SIGCHASE IDN GSSAPI_NONE JSON \
 			DLZ_FILESYSTEM RPZ_NSIP RPZ_NSDNAME
 OPTIONS_DEFINE=		IDN LARGE_FILE PYTHON JSON \
 			FIXED_RRSET SIGCHASE IPV6 THREADS FILTER_AAAA \
 			RPZ_NSIP RPZ_NSDNAME DOCS GEOIP \
 			MINCACHE PORTREVISION FETCHLIMIT QUERYTRACE \
 			START_LATE
 
 OPTIONS_RADIO=	CRYPTO GOSTDEF
 OPTIONS_RADIO_CRYPTO=	SSL NATIVE_PKCS11
 OPTIONS_RADIO_GOSTDEF=	GOST GOST_ASN1
 
 OPTIONS_GROUP=		DLZ
 OPTIONS_GROUP_DLZ=	DLZ_POSTGRESQL DLZ_MYSQL DLZ_BDB \
 			DLZ_LDAP DLZ_FILESYSTEM DLZ_STUB
 OPTIONS_SINGLE=		GSSAPI
 OPTIONS_SINGLE_GSSAPI=	GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE
 
 OPTIONS_SUB=	yes
 
 CRYPTO_DESC=		Choose which crypto engine to use
 DLZ_BDB_DESC=		DLZ BDB driver
 DLZ_DESC=		Dynamically Loadable Zones
 DLZ_FILESYSTEM_DESC=	DLZ filesystem driver
 DLZ_LDAP_DESC=		DLZ LDAP driver
 DLZ_MYSQL_DESC=		DLZ MySQL driver (no threading)
 DLZ_POSTGRESQL_DESC=	DLZ Postgres driver
 DLZ_STUB_DESC=		DLZ stub driver
 FETCHLIMIT_DESC=	Enable the query quotas for resolvers
 FILTER_AAAA_DESC=	Enable filtering of AAAA records
 FIXED_RRSET_DESC=	Enable fixed rrset ordering
 GEOIP_DESC=		Allow geographically based ACL.
 GOSTDEF_DESC=		Enable GOST ciphers, needs SSL
 GOST_ASN1_DESC=		GOST using ASN.1
 GOST_DESC=		GOST raw keys (new default)
 GSSAPI_BASE_DESC=	Using Heimdal in base
 GSSAPI_HEIMDAL_DESC=	Using security/heimdal
 GSSAPI_MIT_DESC=	Using security/krb5
 GSSAPI_NONE_DESC=	Disable
 LARGE_FILE_DESC=	64-bit file support
 MINCACHE_DESC=		Use the mincachettl patch
 NATIVE_PKCS11_DESC=	Use PKCS\#11 native API (**READ HELP**)
 PORTREVISION_DESC=	Show PORTREVISION in the version string
 PYTHON_DESC=		Build with Python utilities
 QUERYTRACE_DESC=	Enable the very verbose query tracelogging
 RPZ_NSDNAME_DESC=	Enable RPZ NSDNAME policy records
 RPZ_NSIP_DESC=		Enable RPZ NSIP trigger rules
 SIGCHASE_DESC=		dig/host/nslookup will do DNSSEC validation
 SSL_DESC=		Build with OpenSSL (Required for DNSSEC)
 START_LATE_DESC=	Start BIND late in the boot process (see help)
 
 DLZ_BDB_CONFIGURE_ON=	--with-dlz-bdb=yes
 DLZ_BDB_USES=		bdb
 
 DLZ_FILESYSTEM_CONFIGURE_ON=	--with-dlz-filesystem=yes
 
 DLZ_LDAP_CONFIGURE_ON=	--with-dlz-ldap=yes
 DLZ_LDAP_USE=		openldap=yes
 
 DLZ_MYSQL_CONFIGURE_ON=	--with-dlz-mysql=yes
 DLZ_MYSQL_PREVENTS=	THREADS
 DLZ_MYSQL_USES=		mysql
 
 DLZ_POSTGRESQL_CONFIGURE_ON=	--with-dlz-postgres=yes
 DLZ_POSTGRESQL_USES=		pgsql
 
 DLZ_STUB_CONFIGURE_ON=	--with-dlz-stub=yes
 
 FETCHLIMIT_CONFIGURE_ENABLE=	fetchlimit
 
 FILTER_AAAA_CONFIGURE_ENABLE=	filter-aaaa
 
 FIXED_RRSET_CONFIGURE_ENABLE=	fixed-rrset
 
 GEOIP_CONFIGURE_WITH=	geoip
 GEOIP_LIB_DEPENDS=	libGeoIP.so:net/GeoIP
 
 GOST_ASN1_CONFIGURE_ON=	--with-gost=asn1
 
 GOST_CONFIGURE_ON=	--with-gost
 
 GSSAPI_BASE_CONFIGURE_ON= \
 	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
 GSSAPI_BASE_USES=	gssapi
 
 GSSAPI_HEIMDAL_CONFIGURE_ON= \
 	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
 GSSAPI_HEIMDAL_USES=	gssapi:heimdal
 
 GSSAPI_MIT_CONFIGURE_ON= \
 	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
 GSSAPI_MIT_USES=	gssapi:mit
 
 GSSAPI_NONE_CONFIGURE_ON=	--without-gssapi
 
 IDN_CONFIGURE_OFF=	--without-idn
 IDN_CONFIGURE_ON=	--with-idn=${LOCALBASE} ${ICONV_CONFIGURE_BASE}
 IDN_LIB_DEPENDS=	libidnkit.so:dns/idnkit
 IDN_USES=		iconv
 
 IPV6_CONFIGURE_ENABLE=	ipv6
 
 JSON_CONFIGURE_WITH=	libjson
 JSON_LIB_DEPENDS=	libjson-c.so:devel/json-c
 
 LARGE_FILE_CONFIGURE_ENABLE=	largefile
 
 MINCACHE_EXTRA_PATCHES=	${FILESDIR}/extrapatch-bind-min-override-ttl
 
 NATIVE_PKCS11_CONFIGURE_ENABLE=	native-pkcs11
 NATIVE_PKCS11_IMPLIES=	THREADS
 
 PYTHON_CONFIGURE_WITH=	python=${PYTHON_CMD}
 PYTHON_USES=	python
 
 QUERYTRACE_CONFIGURE_ENABLE=	querytrace
 
 RPZ_NSDNAME_CONFIGURE_ENABLE=	rpz-nsdname
 
 RPZ_NSIP_CONFIGURE_ENABLE=	rpz-nsip
 
 SIGCHASE_CONFIGURE_ON=	STD_CDEFINES="-DDIG_SIGCHASE=1"
 
 SSL_CONFIGURE_OFF=	--disable-openssl-version-check --without-openssl
 SSL_CONFIGURE_ON=	--with-openssl=${OPENSSLBASE}
 SSL_USES=		ssl
 
 START_LATE_SUB_LIST=	NAMED_REQUIRE="SERVERS cleanvar" \
 			NAMED_BEFORE="LOGIN"
 START_LATE_SUB_LIST_OFF=NAMED_REQUIRE="NETWORKING ldconfig syslogd" \
 			NAMED_BEFORE="SERVERS"
 
 THREADS_CONFIGURE_ENABLE=	threads
 
 .include <bsd.port.pre.mk>
 
 .if !${PORT_OPTIONS:MGOST} && !${PORT_OPTIONS:MGOST_ASN1}
 CONFIGURE_ARGS+=	--without-gost
 .endif
 
 .if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && ${SSL_DEFAULT} == base
 BROKEN=	OpenSSL from the base system does not support GOST, add \
 	DEFAULT_VERSIONS+=ssl=openssl to your /etc/make.conf and rebuild everything \
 	that needs SSL.
 .endif
 
 post-patch:
 .for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.1 \
 	rndc/rndc.8
 	@${REINPLACE_CMD} -e 's#/etc/named.conf#${ETCDIR}/named.conf#g' \
 		-e 's#/etc/rndc.conf#${ETCDIR}/rndc.conf#g' \
 		-e "s#/var\/run\/named\/named.pid#/var/run/named/pid#" \
 		${WRKSRC}/bin/${FILE}
 .endfor
 
 .if ${PORTREVISION:N0}
 post-patch-PORTREVISION-on:
 	@${REINPLACE_CMD} -e '/EXTENSIONS/s#=$$#=_${PORTREVISION}#' \
 		${WRKSRC}/version
 .endif
 
 post-install:
 	${MKDIR} ${STAGEDIR}${PREFIX}/etc/mtree
 	${MKDIR} ${STAGEDIR}${ETCDIR}
 .for i in dynamic master slave working
 	@${MKDIR} ${STAGEDIR}${ETCDIR}/$i
 .endfor
 	${INSTALL_DATA} ${WRKDIR}/named.conf ${STAGEDIR}${ETCDIR}/named.conf.sample
 	${INSTALL_DATA} ${FILESDIR}/named.root ${STAGEDIR}${ETCDIR}
 	${INSTALL_DATA} ${FILESDIR}/empty.db ${STAGEDIR}${ETCDIR}/master
 	${INSTALL_DATA} ${FILESDIR}/localhost-forward.db ${STAGEDIR}${ETCDIR}/master
 	${INSTALL_DATA} ${FILESDIR}/localhost-reverse.db ${STAGEDIR}${ETCDIR}/master
 	${INSTALL_DATA} ${FILESDIR}/BIND.chroot.dist ${STAGEDIR}${PREFIX}/etc/mtree
 	${INSTALL_DATA} ${FILESDIR}/BIND.chroot.local.dist ${STAGEDIR}${PREFIX}/etc/mtree
 	${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \
 		${STAGEDIR}${ETCDIR}/rndc.conf.sample
 
 post-install-DOCS-on:
 	${MKDIR} ${STAGEDIR}${DOCSDIR}/arm
 	${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm
 	${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR}
 	${INSTALL_DATA} ${WRKSRC}/CHANGES ${WRKSRC}/FAQ \
 		${WRKSRC}/HISTORY ${WRKSRC}/README ${STAGEDIR}${DOCSDIR}
 
 # Can't use USE_PYTHON=autoplist
 post-install-PYTHON-on:
 	@${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -type f | ${SED} -e 's|${STAGEDIR}||' >> ${TMPPLIST}
 
 .include <bsd.port.post.mk>
Index: branches/2017Q2/dns/bind910/distinfo
===================================================================
--- branches/2017Q2/dns/bind910/distinfo	(revision 443608)
+++ branches/2017Q2/dns/bind910/distinfo	(revision 443609)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1492690349
-SHA256 (bind-9.10.5.tar.gz) = 71688d2e134e42205075eef93cc1b78b42a140a2d61bf8263afc9c92fc872b0e
-SIZE (bind-9.10.5.tar.gz) = 9431916
+TIMESTAMP = 1497425849
+SHA256 (bind-9.10.5-P1.tar.gz) = 82fb885de927fdb4db0a0bb5e5efda839a857ff70adbcfcb0486a010924ae5cd
+SIZE (bind-9.10.5-P1.tar.gz) = 9406887
Index: branches/2017Q2/dns/bind910/files/named.conf.in
===================================================================
--- branches/2017Q2/dns/bind910/files/named.conf.in	(revision 443608)
+++ branches/2017Q2/dns/bind910/files/named.conf.in	(revision 443609)
@@ -1,388 +1,380 @@
 // $FreeBSD$
 //
 // Refer to the named.conf(5) and named(8) man pages, and the documentation
 // in /usr/local/share/doc/bind for more details.
 //
 // If you are going to set up an authoritative server, make sure you
 // understand the hairy details of how DNS works.  Even with
 // simple mistakes, you can break connectivity for affected parties,
 // or cause huge amounts of useless Internet traffic.
 
 options {
 	// All file and path names are relative to the chroot directory,
 	// if any, and should be fully qualified.
 	directory	"%%ETCDIR%%/working";
 	pid-file	"/var/run/named/pid";
 	dump-file	"/var/dump/named_dump.db";
 	statistics-file	"/var/stats/named.stats";
 
 // If named is being used only as a local resolver, this is a safe default.
 // For named to be accessible to the network, comment this option, specify
 // the proper IP address, or delete this option.
 	listen-on	{ 127.0.0.1; };
 
 // If you have IPv6 enabled on this system, uncomment this option for
 // use as a local resolver.  To give access to the network, specify
 // an IPv6 address, or the keyword "any".
 //	listen-on-v6	{ ::1; };
 
 // These zones are already covered by the empty zones listed below.
 // If you remove the related empty zones below, comment these lines out.
 	disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
 	disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
 	disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
 
 // If you've got a DNS server around at your upstream provider, enter
 // its IP address here, and enable the line below.  This will make you
 // benefit from its cache, thus reduce overall DNS traffic in the Internet.
 /*
 	forwarders {
 		127.0.0.1;
 	};
 */
 
 // If the 'forwarders' clause is not empty the default is to 'forward first'
 // which will fall back to sending a query from your local server if the name
 // servers in 'forwarders' do not have the answer.  Alternatively you can
 // force your name server to never initiate queries of its own by enabling the
 // following line:
 //	forward only;
 
 // If you wish to have forwarding configured automatically based on
 // the entries in /etc/resolv.conf, uncomment the following line and
 // set named_auto_forward=yes in /etc/rc.conf.  You can also enable
 // named_auto_forward_only (the effect of which is described above).
 //	include "%%ETCDIR%%/auto_forward.conf";
 
 	/*
 	   Modern versions of BIND use a random UDP port for each outgoing
 	   query by default in order to dramatically reduce the possibility
 	   of cache poisoning.  All users are strongly encouraged to utilize
 	   this feature, and to configure their firewalls to accommodate it.
 
 	   AS A LAST RESORT in order to get around a restrictive firewall
 	   policy you can try enabling the option below.  Use of this option
 	   will significantly reduce your ability to withstand cache poisoning
 	   attacks, and should be avoided if at all possible.
 
 	   Replace NNNNN in the example with a number between 49160 and 65530.
 	*/
 	// query-source address * port NNNNN;
 };
 
 // If you enable a local name server, don't forget to enter 127.0.0.1
 // first in your /etc/resolv.conf so this server will be queried.
 // Also, make sure to enable it in /etc/rc.conf.
 
 // The traditional root hints mechanism. Use this, OR the slave zones below.
 zone "." { type hint; file "%%ETCDIR%%/named.root"; };
 
 /*	Slaving the following zones from the root name servers has some
 	significant advantages:
 	1. Faster local resolution for your users
 	2. No spurious traffic will be sent from your network to the roots
 	3. Greater resilience to any potential root server failure/DDoS
 
 	On the other hand, this method requires more monitoring than the
 	hints file to be sure that an unexpected failure mode has not
 	incapacitated your server.  Name servers that are serving a lot
 	of clients will benefit more from this approach than individual
 	hosts.  Use with caution.
 
 	To use this mechanism, uncomment the entries below, and comment
 	the hint zone above.
 
 	As documented at http://dns.icann.org/services/axfr/ these zones:
 	"." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and a few others
 	are available for AXFR from these servers on IPv4 and IPv6:
 	xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org
 */
 /*
 zone "." {
 	type slave;
 	file "%%ETCDIR%%/slave/root.slave";
 	masters {
 		192.0.32.132;           // lax.xfr.dns.icann.org
 		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
 		192.0.47.132;           // iad.xfr.dns.icann.org
 		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
 };
 zone "arpa" {
 	type slave;
 	file "%%ETCDIR%%/slave/arpa.slave";
 	masters {
 		192.0.32.132;           // lax.xfr.dns.icann.org
 		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
 		192.0.47.132;           // iad.xfr.dns.icann.org
 		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
 };
 zone "in-addr.arpa" {
 	type slave;
 	file "%%ETCDIR%%/slave/in-addr.arpa.slave";
 	masters {
 		192.0.32.132;           // lax.xfr.dns.icann.org
 		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
 		192.0.47.132;           // iad.xfr.dns.icann.org
 		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
-}
+};
 zone "ip6.arpa" {
 	type slave;
 	file "%%ETCDIR%%/slave/ip6.arpa.slave";
 	masters {
 		192.0.32.132;           // lax.xfr.dns.icann.org
 		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
 		192.0.47.132;           // iad.xfr.dns.icann.org
 		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
-}
+};
 */
 
 /*	Serving the following zones locally will prevent any queries
 	for these zones leaving your network and going to the root
 	name servers.  This has two significant advantages:
 	1. Faster local resolution for your users
 	2. No spurious traffic will be sent from your network to the roots
 */
 // RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)
 zone "localhost"	{ type master; file "%%ETCDIR%%/master/localhost-forward.db"; };
 zone "127.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/localhost-reverse.db"; };
 zone "255.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // RFC 1912-style zone for IPv6 localhost address (RFC 6303)
 zone "0.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/localhost-reverse.db"; };
 
 // "This" Network (RFCs 1912, 5735 and 6303)
 zone "0.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // Private Use Networks (RFCs 1918, 5735 and 6303)
 zone "10.in-addr.arpa"	   { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "16.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "17.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "18.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "19.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "20.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "21.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "22.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "23.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "24.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "25.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "26.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "27.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "28.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "29.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "30.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "31.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "168.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // Shared Address Space (RFC 6598)
 zone "64.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "65.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "66.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "67.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "68.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "69.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "70.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "71.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "72.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "73.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "74.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "75.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "76.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "77.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "78.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "79.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "80.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "81.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "82.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "83.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "84.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "85.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "86.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "87.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "88.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "89.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "90.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "91.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "92.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "93.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "94.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "95.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "96.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "97.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "98.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "99.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "100.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "101.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "102.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "103.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "104.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "105.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "106.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "107.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "108.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "109.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "110.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "111.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "112.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "113.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "114.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "115.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "116.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "117.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "118.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "119.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "120.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "121.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "122.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "123.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "124.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "125.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "126.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "127.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // Link-local/APIPA (RFCs 3927, 5735 and 6303)
 zone "254.169.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IETF protocol assignments (RFCs 5735 and 5736)
 zone "0.0.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303)
 zone "2.0.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "100.51.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "113.0.203.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IPv6 Example Range for Documentation (RFCs 3849 and 6303)
 zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
-
-// Domain Names for Documentation and Testing (BCP 32)
-zone "test" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "invalid" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example.com" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example.net" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example.org" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // Router Benchmark Testing (RFCs 2544 and 5735)
 zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "19.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IANA Reserved - Old Class E Space (RFC 5735)
 zone "240.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "241.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "242.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "243.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "244.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "245.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "246.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "247.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "248.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "249.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "250.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "251.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "252.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "253.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "254.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IPv6 Unassigned Addresses (RFC 4291)
 zone "1.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "3.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "4.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "5.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "6.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "7.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "8.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "9.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "a.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "b.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "c.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "d.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "e.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "0.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "1.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "2.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "3.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "4.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "5.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "6.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "7.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "8.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "9.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "a.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "b.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "0.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "1.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "2.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "3.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "4.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "5.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "6.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "7.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IPv6 ULA (RFCs 4193 and 6303)
 zone "c.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "d.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IPv6 Link Local (RFCs 4291 and 6303)
 zone "8.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "9.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "a.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "b.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303)
 zone "c.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "d.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "e.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "f.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IP6.INT is Deprecated (RFC 4159)
 zone "ip6.int"		{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // NB: Do not use the IP addresses below, they are faked, and only
 // serve demonstration/documentation purposes!
 //
 // Example slave zone config entries.  It can be convenient to become
 // a slave at least for the zone your own domain is in.  Ask
 // your network administrator for the IP address of the responsible
 // master name server.
 //
 // Do not forget to include the reverse lookup zone!
 // This is named after the first bytes of the IP address, in reverse
 // order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6.
 //
 // Before starting to set up a master zone, make sure you fully
 // understand how DNS and BIND work.  There are sometimes
 // non-obvious pitfalls.  Setting up a slave zone is usually simpler.
 //
 // NB: Don't blindly enable the examples below. :-)  Use actual names
 // and addresses instead.
 
 /* An example dynamic zone
 key "exampleorgkey" {
 	algorithm hmac-md5;
 	secret "sf87HJqjkqh8ac87a02lla==";
 };
 zone "example.org" {
 	type master;
 	allow-update {
 		key "exampleorgkey";
 	};
 	file "%%ETCDIR%%/dynamic/example.org";
 };
 */
 
 /* Example of a slave reverse zone
 zone "1.168.192.in-addr.arpa" {
 	type slave;
 	file "%%ETCDIR%%/slave/1.168.192.in-addr.arpa";
 	masters {
 		192.168.1.1;
 	};
 };
 */
Index: branches/2017Q2/dns/bind910/files/pkg-message.in
===================================================================
--- branches/2017Q2/dns/bind910/files/pkg-message.in	(revision 443608)
+++ branches/2017Q2/dns/bind910/files/pkg-message.in	(revision 443609)
@@ -1,15 +1,23 @@
 **********************************************************************
 *            _  _____ _____ _____ _   _ _____ ___ ___  _   _         *
 *           / \|_   _|_   _| ____| \ | |_   _|_ _/ _ \| \ | |        *
 *          / _ \ | |   | | |  _| |  \| | | |  | | | | |  \| |        *
 *         / ___ \| |   | | | |___| |\  | | |  | | |_| | |\  |        *
 *        /_/   \_\_|   |_| |_____|_| \_| |_| |___\___/|_| \_|        *
 *                                                                    *
 *   BIND requires configuration of rndc, including a "secret" key.   *
 *    The easiest, and most secure way to configure rndc is to run    *
 *   'rndc-confgen -a' to generate the proper conf file, with a new   *
 *            random key, and appropriate file permissions.           *
 *                                                                    *
 *     The %%PREFIX%%/etc/rc.d/named script will do that for you.     *
 *                                                                    *
+*      If using syslog to log the BIND9 activity, and using a        *
+*     chroot'ed installation, you will need to tell syslog to        *
+*       install a log socket in the BIND9 chroot by running:         *
+*                                                                    *
+*            # sysrc altlog_proglist+=named                          *
+*                                                                    *
+*    And then restarting syslogd with: service syslogd restart       *
+*                                                                    *
 **********************************************************************
Index: branches/2017Q2/dns/bind911/Makefile
===================================================================
--- branches/2017Q2/dns/bind911/Makefile	(revision 443608)
+++ branches/2017Q2/dns/bind911/Makefile	(revision 443609)
@@ -1,282 +1,282 @@
 # $FreeBSD$
 # pkg-help formatted with fmt 59 63
 
 PORTNAME=	bind
 PORTVERSION=	${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/}
 .if defined(BIND_TOOLS_SLAVE)
 # dns/bind-tools here
 PORTREVISION=	0
 .else
 # dns/bind9xx here
 PORTREVISION=	0
 .endif
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	ISC/bind9/${ISCVERSION}
 .if defined(BIND_TOOLS_SLAVE)
 PKGNAMESUFFIX=	-tools
 .else
 PKGNAMESUFFIX=	911
 .endif
 DISTNAME=	${PORTNAME}-${ISCVERSION}
 
 MAINTAINER=	mat@FreeBSD.org
 .if defined(BIND_TOOLS_SLAVE)
 COMMENT=	Command line tools from BIND: delv, dig, host, nslookup...
 .else
 COMMENT=	BIND DNS suite with updated DNSSEC and DNS64
 .endif
 
 LICENSE=	MPL
 LICENSE_FILE=	${WRKSRC}/COPYRIGHT
 
 # ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION=	9.11.1
+ISCVERSION=	9.11.1-P1
 
 USES=	cpe libedit
 
 CPE_VENDOR=	isc
 CPE_VERSION=	${ISCVERSION:C/-.*//}
 .if ${ISCVERSION:M*-*}
 CPE_UPDATE=	${ISCVERSION:C/.*-//:tl}
 .endif
 
 LIB_DEPENDS=	libxml2.so:textproc/libxml2
 
 GNU_CONFIGURE=	yes
 CONFIGURE_ARGS=	--localstatedir=/var --disable-linux-caps \
 		--disable-symtable \
 		--with-randomdev=/dev/random \
 		--with-libxml2=${LOCALBASE} \
 		--with-readline="-L${LOCALBASE}/lib -ledit" \
 		--with-dlopen=yes \
 		--sysconfdir=${ETCDIR}
 ETCDIR=		${PREFIX}/etc/namedb
 
 CONFLICTS=	bind99 bind910 bind9-devel
 
 .if defined(BIND_TOOLS_SLAVE)
 CONFIGURE_ARGS+=	--disable-shared
 CONFLICTS+=		bind911
 .else
 USE_RC_SUBR=	named
 SUB_FILES=	pkg-message named.conf
 CONFLICTS+=		bind-tools
 .endif	# BIND_TOOLS_SLAVE
 
 MAKE_JOBS_UNSAFE=	yes
 
 PORTDOCS=	*
 
 OPTIONS_DEFAULT=	SSL THREADS SIGCHASE IDN GSSAPI_NONE JSON
 OPTIONS_DEFINE=		IDN LARGE_FILE PYTHON JSON \
 			FIXED_RRSET SIGCHASE IPV6 THREADS FILTER_AAAA
 
 OPTIONS_RADIO=	CRYPTO GOSTDEF
 OPTIONS_RADIO_CRYPTO=	SSL NATIVE_PKCS11
 OPTIONS_RADIO_GOSTDEF=	GOST GOST_ASN1
 
 .if !defined(BIND_TOOLS_SLAVE)
 OPTIONS_DEFAULT+=	DLZ_FILESYSTEM LMDB RPZ_NSDNAME RPZ_NSIP
 OPTIONS_DEFINE+=	RPZ_NSIP RPZ_NSDNAME DOCS GEOIP \
 			MINCACHE PORTREVISION QUERYTRACE LMDB DNSTAP \
 			START_LATE
 OPTIONS_GROUP=		DLZ
 OPTIONS_GROUP_DLZ=	DLZ_POSTGRESQL DLZ_MYSQL DLZ_BDB \
 			DLZ_LDAP DLZ_FILESYSTEM DLZ_STUB
 .endif	# BIND_TOOLS_SLAVE
 OPTIONS_SINGLE=		GSSAPI
 OPTIONS_SINGLE_GSSAPI=	GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE
 
 OPTIONS_SUB=	yes
 
 CRYPTO_DESC=		Choose which crypto engine to use
 DLZ_BDB_DESC=		DLZ BDB driver
 DLZ_DESC=		Dynamically Loadable Zones
 DLZ_FILESYSTEM_DESC=	DLZ filesystem driver
 DLZ_LDAP_DESC=		DLZ LDAP driver
 DLZ_MYSQL_DESC=		DLZ MySQL driver (no threading)
 DLZ_POSTGRESQL_DESC=	DLZ Postgres driver
 DLZ_STUB_DESC=		DLZ stub driver
 DNSTAP_DESC=		Provides fast passive logging of DNS messages
 FILTER_AAAA_DESC=	Enable filtering of AAAA records
 FIXED_RRSET_DESC=	Enable fixed rrset ordering
 GEOIP_DESC=		Allow geographically based ACL.
 GOSTDEF_DESC=		Enable GOST ciphers, needs SSL
 GOST_ASN1_DESC=		GOST using ASN.1
 GOST_DESC=		GOST raw keys (new default)
 GSSAPI_BASE_DESC=	Using Heimdal in base
 GSSAPI_HEIMDAL_DESC=	Using security/heimdal
 GSSAPI_MIT_DESC=	Using security/krb5
 GSSAPI_NONE_DESC=	Disable
 LARGE_FILE_DESC=	64-bit file support
 LMDB_DESC=		Use LMDB for zone management
 MINCACHE_DESC=		Use the mincachettl patch
 NATIVE_PKCS11_DESC=	Use PKCS\#11 native API (**READ HELP**)
 PORTREVISION_DESC=	Show PORTREVISION in the version string
 PYTHON_DESC=		Build with Python utilities
 QUERYTRACE_DESC=	Enable the very verbose query tracelogging
 RPZ_NSDNAME_DESC=	Enable RPZ NSDNAME policy records
 RPZ_NSIP_DESC=		Enable RPZ NSIP trigger rules
 SIGCHASE_DESC=		dig/host/nslookup will do DNSSEC validation
 SSL_DESC=		Build with OpenSSL (Required for DNSSEC)
 START_LATE_DESC=	Start BIND late in the boot process (see help)
 
 DLZ_BDB_CONFIGURE_ON=	--with-dlz-bdb=yes
 DLZ_BDB_USES=		bdb
 
 DLZ_FILESYSTEM_CONFIGURE_ON=	--with-dlz-filesystem=yes
 
 DLZ_LDAP_CONFIGURE_ON=	--with-dlz-ldap=yes
 DLZ_LDAP_USE=		openldap=yes
 
 DLZ_MYSQL_CONFIGURE_ON=	--with-dlz-mysql=yes
 DLZ_MYSQL_PREVENTS=	THREADS
 DLZ_MYSQL_USES=		mysql
 
 DLZ_POSTGRESQL_CONFIGURE_ON=	--with-dlz-postgres=yes
 DLZ_POSTGRESQL_USES=		pgsql
 
 DLZ_STUB_CONFIGURE_ON=	--with-dlz-stub=yes
 
 DNSTAP_CONFIGURE_ENABLE=	dnstap
 DNSTAP_IMPLIES=		THREADS
 DNSTAP_LIB_DEPENDS=	libfstrm.so:devel/fstrm \
 			libprotobuf-c.so:devel/protobuf-c
 
 FILTER_AAAA_CONFIGURE_ENABLE=	filter-aaaa
 
 FIXED_RRSET_CONFIGURE_ENABLE=	fixed-rrset
 
 GEOIP_CONFIGURE_WITH=	geoip
 GEOIP_LIB_DEPENDS=	libGeoIP.so:net/GeoIP
 
 GOST_ASN1_CONFIGURE_ON=	--with-gost=asn1
 
 GOST_CONFIGURE_ON=	--with-gost
 
 GSSAPI_BASE_CONFIGURE_ON= \
 	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
 GSSAPI_BASE_USES=	gssapi
 
 GSSAPI_HEIMDAL_CONFIGURE_ON= \
 	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
 GSSAPI_HEIMDAL_USES=	gssapi:heimdal
 
 GSSAPI_MIT_CONFIGURE_ON= \
 	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
 GSSAPI_MIT_USES=	gssapi:mit
 
 GSSAPI_NONE_CONFIGURE_ON=	--without-gssapi
 
 IDN_CONFIGURE_OFF=	--without-idn
 IDN_CONFIGURE_ON=	--with-idn=${LOCALBASE} ${ICONV_CONFIGURE_BASE}
 IDN_LIB_DEPENDS=	libidnkit.so:dns/idnkit
 IDN_USES=		iconv
 
 IPV6_CONFIGURE_ENABLE=	ipv6
 
 JSON_CONFIGURE_WITH=	libjson
 JSON_LIB_DEPENDS=	libjson-c.so:devel/json-c
 
 LARGE_FILE_CONFIGURE_ENABLE=	largefile
 
 LMDB_CONFIGURE_WITH=	lmdb
 LMDB_LIB_DEPENDS=	liblmdb.so:databases/lmdb
 
 MINCACHE_EXTRA_PATCHES=	${FILESDIR}/extrapatch-bind-min-override-ttl
 
 NATIVE_PKCS11_CONFIGURE_ENABLE=	native-pkcs11
 NATIVE_PKCS11_IMPLIES=	THREADS
 
 PYTHON_BUILD_DEPENDS=	${PYTHON_PKGNAMEPREFIX}ply>=0:devel/py-ply
 PYTHON_CONFIGURE_WITH=	python=${PYTHON_CMD}
 PYTHON_RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}ply>=0:devel/py-ply
 PYTHON_USES=	python
 
 QUERYTRACE_CONFIGURE_ENABLE=	querytrace
 
 RPZ_NSDNAME_CONFIGURE_ENABLE=	rpz-nsdname
 
 RPZ_NSIP_CONFIGURE_ENABLE=	rpz-nsip
 
 SIGCHASE_CONFIGURE_ON=	STD_CDEFINES="-DDIG_SIGCHASE=1"
 
 SSL_CONFIGURE_OFF=	--disable-openssl-version-check --without-openssl
 SSL_CONFIGURE_ON=	--with-openssl=${OPENSSLBASE}
 SSL_USES=		ssl
 
 START_LATE_SUB_LIST=	NAMED_REQUIRE="SERVERS cleanvar" \
 			NAMED_BEFORE="LOGIN"
 START_LATE_SUB_LIST_OFF=NAMED_REQUIRE="NETWORKING ldconfig syslogd" \
 			NAMED_BEFORE="SERVERS"
 
 THREADS_CONFIGURE_ENABLE=	threads
 
 .include <bsd.port.pre.mk>
 
 .if !${PORT_OPTIONS:MGOST} && !${PORT_OPTIONS:MGOST_ASN1}
 CONFIGURE_ARGS+=	--without-gost
 .endif
 
 .if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && ${SSL_DEFAULT} == base
 BROKEN=	OpenSSL from the base system does not support GOST, add \
 	DEFAULT_VERSIONS+=ssl=openssl to your /etc/make.conf and rebuild everything \
 	that needs SSL.
 .endif
 
 post-patch:
 .if defined(BIND_TOOLS_SLAVE)
 	@${REINPLACE_CMD} -e 's#^SUBDIRS.*#SUBDIRS = lib bin#' \
 		-e 's#isc-config.sh installdirs#installdirs#' \
 		-e 's#.*INSTALL.*isc-config.*##' \
 		-e 's#.*INSTALL.*bind.keys.*##' \
 		${WRKSRC}/Makefile.in
 	@${REINPLACE_CMD} -e 's#^SUBDIRS.*#SUBDIRS = delv dig dnssec tools nsupdate \\#' \
 		-e 's#^	.*check confgen ##' \
 		${WRKSRC}/bin/Makefile.in
 .else
 .  for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.1 \
 	rndc/rndc.8
 	@${REINPLACE_CMD} -e 's#/etc/named.conf#${ETCDIR}/named.conf#g' \
 		-e 's#/etc/rndc.conf#${ETCDIR}/rndc.conf#g' \
 		-e "s#/var\/run\/named\/named.pid#/var/run/named/pid#" \
 		${WRKSRC}/bin/${FILE}
 .  endfor
 .endif
 
 .if !defined(BIND_TOOLS_SLAVE)
 .  if ${PORTREVISION:N0}
 post-patch-PORTREVISION-on:
 	@${REINPLACE_CMD} -e '/EXTENSIONS/s#=$$#=_${PORTREVISION}#' \
 		${WRKSRC}/version
 .  endif
 
 post-install:
 	${MKDIR} ${STAGEDIR}${PREFIX}/etc/mtree
 	${MKDIR} ${STAGEDIR}${ETCDIR}
 .  for i in dynamic master slave working
 	@${MKDIR} ${STAGEDIR}${ETCDIR}/$i
 .  endfor
 	${INSTALL_DATA} ${WRKDIR}/named.conf ${STAGEDIR}${ETCDIR}/named.conf.sample
 	${INSTALL_DATA} ${FILESDIR}/named.root ${STAGEDIR}${ETCDIR}
 	${INSTALL_DATA} ${FILESDIR}/empty.db ${STAGEDIR}${ETCDIR}/master
 	${INSTALL_DATA} ${FILESDIR}/localhost-forward.db ${STAGEDIR}${ETCDIR}/master
 	${INSTALL_DATA} ${FILESDIR}/localhost-reverse.db ${STAGEDIR}${ETCDIR}/master
 	${INSTALL_DATA} ${FILESDIR}/BIND.chroot.dist ${STAGEDIR}${PREFIX}/etc/mtree
 	${INSTALL_DATA} ${FILESDIR}/BIND.chroot.local.dist ${STAGEDIR}${PREFIX}/etc/mtree
 	${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \
 		${STAGEDIR}${ETCDIR}/rndc.conf.sample
 
 post-install-DOCS-on:
 	${MKDIR} ${STAGEDIR}${DOCSDIR}/arm
 	${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm
 	${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR}
 	${INSTALL_DATA} ${WRKSRC}/CHANGES ${WRKSRC}/FAQ \
 		${WRKSRC}/HISTORY ${WRKSRC}/README ${STAGEDIR}${DOCSDIR}
 .endif	# BIND_TOOLS_SLAVE
 
 # Can't use USE_PYTHON=autoplist
 post-install-PYTHON-on:
 	@${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -type f | ${SED} -e 's|${STAGEDIR}||' >> ${TMPPLIST}
 
 .include <bsd.port.post.mk>
Index: branches/2017Q2/dns/bind911/distinfo
===================================================================
--- branches/2017Q2/dns/bind911/distinfo	(revision 443608)
+++ branches/2017Q2/dns/bind911/distinfo	(revision 443609)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1492691449
-SHA256 (bind-9.11.1.tar.gz) = 22050095f5c82a1385cc4174190ac60392670bbc5d63d592ecae52a214bc10b2
-SIZE (bind-9.11.1.tar.gz) = 9762743
+TIMESTAMP = 1497425959
+SHA256 (bind-9.11.1-P1.tar.gz) = 6b1b3e88d51b8471bd6aee24a8cea70817e850a5901315dc506f9dde275ca638
+SIZE (bind-9.11.1-P1.tar.gz) = 9745364
Index: branches/2017Q2/dns/bind911/files/named.conf.in
===================================================================
--- branches/2017Q2/dns/bind911/files/named.conf.in	(revision 443608)
+++ branches/2017Q2/dns/bind911/files/named.conf.in	(revision 443609)
@@ -1,388 +1,380 @@
 // $FreeBSD$
 //
 // Refer to the named.conf(5) and named(8) man pages, and the documentation
 // in /usr/local/share/doc/bind for more details.
 //
 // If you are going to set up an authoritative server, make sure you
 // understand the hairy details of how DNS works.  Even with
 // simple mistakes, you can break connectivity for affected parties,
 // or cause huge amounts of useless Internet traffic.
 
 options {
 	// All file and path names are relative to the chroot directory,
 	// if any, and should be fully qualified.
 	directory	"%%ETCDIR%%/working";
 	pid-file	"/var/run/named/pid";
 	dump-file	"/var/dump/named_dump.db";
 	statistics-file	"/var/stats/named.stats";
 
 // If named is being used only as a local resolver, this is a safe default.
 // For named to be accessible to the network, comment this option, specify
 // the proper IP address, or delete this option.
 	listen-on	{ 127.0.0.1; };
 
 // If you have IPv6 enabled on this system, uncomment this option for
 // use as a local resolver.  To give access to the network, specify
 // an IPv6 address, or the keyword "any".
 //	listen-on-v6	{ ::1; };
 
 // These zones are already covered by the empty zones listed below.
 // If you remove the related empty zones below, comment these lines out.
 	disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
 	disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
 	disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
 
 // If you've got a DNS server around at your upstream provider, enter
 // its IP address here, and enable the line below.  This will make you
 // benefit from its cache, thus reduce overall DNS traffic in the Internet.
 /*
 	forwarders {
 		127.0.0.1;
 	};
 */
 
 // If the 'forwarders' clause is not empty the default is to 'forward first'
 // which will fall back to sending a query from your local server if the name
 // servers in 'forwarders' do not have the answer.  Alternatively you can
 // force your name server to never initiate queries of its own by enabling the
 // following line:
 //	forward only;
 
 // If you wish to have forwarding configured automatically based on
 // the entries in /etc/resolv.conf, uncomment the following line and
 // set named_auto_forward=yes in /etc/rc.conf.  You can also enable
 // named_auto_forward_only (the effect of which is described above).
 //	include "%%ETCDIR%%/auto_forward.conf";
 
 	/*
 	   Modern versions of BIND use a random UDP port for each outgoing
 	   query by default in order to dramatically reduce the possibility
 	   of cache poisoning.  All users are strongly encouraged to utilize
 	   this feature, and to configure their firewalls to accommodate it.
 
 	   AS A LAST RESORT in order to get around a restrictive firewall
 	   policy you can try enabling the option below.  Use of this option
 	   will significantly reduce your ability to withstand cache poisoning
 	   attacks, and should be avoided if at all possible.
 
 	   Replace NNNNN in the example with a number between 49160 and 65530.
 	*/
 	// query-source address * port NNNNN;
 };
 
 // If you enable a local name server, don't forget to enter 127.0.0.1
 // first in your /etc/resolv.conf so this server will be queried.
 // Also, make sure to enable it in /etc/rc.conf.
 
 // The traditional root hints mechanism. Use this, OR the slave zones below.
 zone "." { type hint; file "%%ETCDIR%%/named.root"; };
 
 /*	Slaving the following zones from the root name servers has some
 	significant advantages:
 	1. Faster local resolution for your users
 	2. No spurious traffic will be sent from your network to the roots
 	3. Greater resilience to any potential root server failure/DDoS
 
 	On the other hand, this method requires more monitoring than the
 	hints file to be sure that an unexpected failure mode has not
 	incapacitated your server.  Name servers that are serving a lot
 	of clients will benefit more from this approach than individual
 	hosts.  Use with caution.
 
 	To use this mechanism, uncomment the entries below, and comment
 	the hint zone above.
 
 	As documented at http://dns.icann.org/services/axfr/ these zones:
 	"." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and a few others
 	are available for AXFR from these servers on IPv4 and IPv6:
 	xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org
 */
 /*
 zone "." {
 	type slave;
 	file "%%ETCDIR%%/slave/root.slave";
 	masters {
 		192.0.32.132;           // lax.xfr.dns.icann.org
 		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
 		192.0.47.132;           // iad.xfr.dns.icann.org
 		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
 };
 zone "arpa" {
 	type slave;
 	file "%%ETCDIR%%/slave/arpa.slave";
 	masters {
 		192.0.32.132;           // lax.xfr.dns.icann.org
 		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
 		192.0.47.132;           // iad.xfr.dns.icann.org
 		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
 };
 zone "in-addr.arpa" {
 	type slave;
 	file "%%ETCDIR%%/slave/in-addr.arpa.slave";
 	masters {
 		192.0.32.132;           // lax.xfr.dns.icann.org
 		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
 		192.0.47.132;           // iad.xfr.dns.icann.org
 		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
-}
+};
 zone "ip6.arpa" {
 	type slave;
 	file "%%ETCDIR%%/slave/ip6.arpa.slave";
 	masters {
 		192.0.32.132;           // lax.xfr.dns.icann.org
 		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
 		192.0.47.132;           // iad.xfr.dns.icann.org
 		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
-}
+};
 */
 
 /*	Serving the following zones locally will prevent any queries
 	for these zones leaving your network and going to the root
 	name servers.  This has two significant advantages:
 	1. Faster local resolution for your users
 	2. No spurious traffic will be sent from your network to the roots
 */
 // RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)
 zone "localhost"	{ type master; file "%%ETCDIR%%/master/localhost-forward.db"; };
 zone "127.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/localhost-reverse.db"; };
 zone "255.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // RFC 1912-style zone for IPv6 localhost address (RFC 6303)
 zone "0.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/localhost-reverse.db"; };
 
 // "This" Network (RFCs 1912, 5735 and 6303)
 zone "0.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // Private Use Networks (RFCs 1918, 5735 and 6303)
 zone "10.in-addr.arpa"	   { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "16.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "17.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "18.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "19.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "20.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "21.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "22.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "23.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "24.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "25.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "26.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "27.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "28.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "29.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "30.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "31.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "168.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // Shared Address Space (RFC 6598)
 zone "64.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "65.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "66.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "67.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "68.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "69.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "70.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "71.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "72.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "73.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "74.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "75.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "76.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "77.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "78.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "79.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "80.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "81.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "82.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "83.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "84.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "85.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "86.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "87.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "88.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "89.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "90.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "91.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "92.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "93.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "94.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "95.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "96.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "97.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "98.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "99.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "100.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "101.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "102.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "103.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "104.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "105.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "106.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "107.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "108.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "109.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "110.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "111.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "112.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "113.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "114.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "115.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "116.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "117.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "118.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "119.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "120.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "121.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "122.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "123.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "124.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "125.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "126.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "127.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // Link-local/APIPA (RFCs 3927, 5735 and 6303)
 zone "254.169.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IETF protocol assignments (RFCs 5735 and 5736)
 zone "0.0.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303)
 zone "2.0.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "100.51.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "113.0.203.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IPv6 Example Range for Documentation (RFCs 3849 and 6303)
 zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
-
-// Domain Names for Documentation and Testing (BCP 32)
-zone "test" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "invalid" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example.com" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example.net" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example.org" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // Router Benchmark Testing (RFCs 2544 and 5735)
 zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "19.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IANA Reserved - Old Class E Space (RFC 5735)
 zone "240.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "241.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "242.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "243.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "244.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "245.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "246.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "247.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "248.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "249.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "250.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "251.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "252.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "253.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "254.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IPv6 Unassigned Addresses (RFC 4291)
 zone "1.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "3.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "4.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "5.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "6.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "7.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "8.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "9.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "a.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "b.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "c.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "d.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "e.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "0.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "1.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "2.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "3.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "4.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "5.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "6.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "7.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "8.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "9.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "a.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "b.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "0.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "1.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "2.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "3.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "4.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "5.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "6.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "7.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IPv6 ULA (RFCs 4193 and 6303)
 zone "c.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "d.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IPv6 Link Local (RFCs 4291 and 6303)
 zone "8.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "9.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "a.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "b.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303)
 zone "c.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "d.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "e.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "f.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IP6.INT is Deprecated (RFC 4159)
 zone "ip6.int"		{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // NB: Do not use the IP addresses below, they are faked, and only
 // serve demonstration/documentation purposes!
 //
 // Example slave zone config entries.  It can be convenient to become
 // a slave at least for the zone your own domain is in.  Ask
 // your network administrator for the IP address of the responsible
 // master name server.
 //
 // Do not forget to include the reverse lookup zone!
 // This is named after the first bytes of the IP address, in reverse
 // order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6.
 //
 // Before starting to set up a master zone, make sure you fully
 // understand how DNS and BIND work.  There are sometimes
 // non-obvious pitfalls.  Setting up a slave zone is usually simpler.
 //
 // NB: Don't blindly enable the examples below. :-)  Use actual names
 // and addresses instead.
 
 /* An example dynamic zone
 key "exampleorgkey" {
 	algorithm hmac-md5;
 	secret "sf87HJqjkqh8ac87a02lla==";
 };
 zone "example.org" {
 	type master;
 	allow-update {
 		key "exampleorgkey";
 	};
 	file "%%ETCDIR%%/dynamic/example.org";
 };
 */
 
 /* Example of a slave reverse zone
 zone "1.168.192.in-addr.arpa" {
 	type slave;
 	file "%%ETCDIR%%/slave/1.168.192.in-addr.arpa";
 	masters {
 		192.168.1.1;
 	};
 };
 */
Index: branches/2017Q2/dns/bind911/files/pkg-message.in
===================================================================
--- branches/2017Q2/dns/bind911/files/pkg-message.in	(revision 443608)
+++ branches/2017Q2/dns/bind911/files/pkg-message.in	(revision 443609)
@@ -1,15 +1,23 @@
 **********************************************************************
 *            _  _____ _____ _____ _   _ _____ ___ ___  _   _         *
 *           / \|_   _|_   _| ____| \ | |_   _|_ _/ _ \| \ | |        *
 *          / _ \ | |   | | |  _| |  \| | | |  | | | | |  \| |        *
 *         / ___ \| |   | | | |___| |\  | | |  | | |_| | |\  |        *
 *        /_/   \_\_|   |_| |_____|_| \_| |_| |___\___/|_| \_|        *
 *                                                                    *
 *   BIND requires configuration of rndc, including a "secret" key.   *
 *    The easiest, and most secure way to configure rndc is to run    *
 *   'rndc-confgen -a' to generate the proper conf file, with a new   *
 *            random key, and appropriate file permissions.           *
 *                                                                    *
 *     The %%PREFIX%%/etc/rc.d/named script will do that for you.     *
 *                                                                    *
+*      If using syslog to log the BIND9 activity, and using a        *
+*     chroot'ed installation, you will need to tell syslog to        *
+*       install a log socket in the BIND9 chroot by running:         *
+*                                                                    *
+*            # sysrc altlog_proglist+=named                          *
+*                                                                    *
+*    And then restarting syslogd with: service syslogd restart       *
+*                                                                    *
 **********************************************************************
Index: branches/2017Q2/dns/bind99/Makefile
===================================================================
--- branches/2017Q2/dns/bind99/Makefile	(revision 443608)
+++ branches/2017Q2/dns/bind99/Makefile	(revision 443609)
@@ -1,221 +1,221 @@
 # $FreeBSD$
 # pkg-help formatted with fmt 59 63
 
 PORTNAME=	bind
 PORTVERSION=	${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/}
 PORTREVISION=	0
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	ISC/bind9/${ISCVERSION}
 PKGNAMESUFFIX=	99
 DISTNAME=	${PORTNAME}-${ISCVERSION}
 
 MAINTAINER=	mat@FreeBSD.org
 COMMENT=	BIND DNS suite with updated DNSSEC and DNS64
 
 LICENSE=	ISCL
 LICENSE_FILE=	${WRKSRC}/COPYRIGHT
 
 # ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION=	9.9.10
+ISCVERSION=	9.9.10-P1
 
 USES=	cpe libedit
 
 CPE_VENDOR=	isc
 CPE_VERSION=	${ISCVERSION:C/-.*//}
 .if ${ISCVERSION:M*-*}
 CPE_UPDATE=	${ISCVERSION:C/.*-//:tl}
 .endif
 
 LIB_DEPENDS=	libxml2.so:textproc/libxml2
 
 GNU_CONFIGURE=	yes
 CONFIGURE_ARGS=	--localstatedir=/var --disable-linux-caps \
 		--disable-symtable \
 		--with-randomdev=/dev/random \
 		--with-libxml2=${LOCALBASE} \
 		--with-readline="-L${LOCALBASE}/lib -ledit" \
 		--with-dlopen=yes \
 		--sysconfdir=${ETCDIR}
 ETCDIR=		${PREFIX}/etc/namedb
 
 CONFLICTS=	bind-tools bind9-devel bind910 bind911
 
 SUB_FILES=	pkg-message named.conf
 USE_RC_SUBR=	named
 
 MAKE_JOBS_UNSAFE=	yes
 
 PORTDOCS=	*
 
 OPTIONS_DEFAULT=	SSL THREADS SIGCHASE IDN GSSAPI_NONE RRL DLZ_FILESYSTEM \
 			RPZ_NSIP RPZ_NSDNAME
 OPTIONS_DEFINE=		SSL IDN LARGE_FILE FIXED_RRSET SIGCHASE \
 			IPV6 THREADS FILTER_AAAA GOST PYTHON START_LATE MINCACHE \
 			RPZ_NSIP RPZ_NSDNAME RRL DOCS NEWSTATS \
 			PORTREVISION FETCHLIMIT QUERYTRACE
 OPTIONS_GROUP=		DLZ
 OPTIONS_GROUP_DLZ=	DLZ_POSTGRESQL DLZ_MYSQL DLZ_BDB \
 			DLZ_LDAP DLZ_FILESYSTEM DLZ_STUB
 OPTIONS_SINGLE=		GSSAPI
 OPTIONS_SINGLE_GSSAPI=	GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE
 
 OPTIONS_SUB=	yes
 
 DLZ_BDB_DESC=		DLZ BDB driver
 DLZ_DESC=		Dynamically Loadable Zones
 DLZ_FILESYSTEM_DESC=	DLZ filesystem driver
 DLZ_LDAP_DESC=		DLZ LDAP driver
 DLZ_MYSQL_DESC=		DLZ MySQL driver (no threading)
 DLZ_POSTGRESQL_DESC=	DLZ Postgres driver
 DLZ_STUB_DESC=		DLZ stub driver
 FETCHLIMIT_DESC=	Enable the query quotas for resolvers
 FILTER_AAAA_DESC=	Enable filtering of AAAA records
 FIXED_RRSET_DESC=	Enable fixed rrset ordering
 GOST_DESC=		Enable GOST ciphers, needs SSL
 GSSAPI_BASE_DESC=	${GSSAPI_DESC} (Heimdal in base)
 GSSAPI_HEIMDAL_DESC=	${GSSAPI_DESC} (security/heimdal)
 GSSAPI_MIT_DESC=	${GSSAPI_DESC} (security/krb5)
 GSSAPI_NONE_DESC=	No ${GSSAPI_DESC}
 LARGE_FILE_DESC=	64-bit file support
 MINCACHE_DESC=		Use the mincachettl patch
 NEWSTATS_DESC=		Enable alternate xml statistics channel format
 PORTREVISION_DESC=	Show PORTREVISION in the version string
 PYTHON_DESC=		Build with Python utilities
 QUERYTRACE_DESC=	Enable the very verbose query tracelogging
 RPZ_NSDNAME_DESC=	Enable RPZ NSDNAME policy records
 RPZ_NSIP_DESC=		Enable RPZ NSIP trigger rules
 RRL_DESC=		Response Rate Limiting
 SIGCHASE_DESC=		dig/host/nslookup will do DNSSEC validation
 SSL_DESC=		Build with OpenSSL (Required for DNSSEC)
 START_LATE_DESC=	Start BIND late in the boot process (see help)
 
 DLZ_BDB_CONFIGURE_ON=	--with-dlz-bdb=yes
 DLZ_BDB_USES=		bdb
 
 DLZ_FILESYSTEM_CONFIGURE_ON=	--with-dlz-filesystem=yes
 
 DLZ_LDAP_CONFIGURE_ON=	--with-dlz-ldap=yes
 DLZ_LDAP_USE=		openldap=yes
 
 DLZ_MYSQL_CONFIGURE_ON=	--with-dlz-mysql=yes
 DLZ_MYSQL_PREVENTS=	THREADS
 DLZ_MYSQL_USES=		mysql
 
 DLZ_POSTGRESQL_CONFIGURE_ON=	--with-dlz-postgres=yes
 DLZ_POSTGRESQL_USES=		pgsql
 
 DLZ_STUB_CONFIGURE_ON=	--with-dlz-stub=yes
 
 FETCHLIMIT_CONFIGURE_ENABLE=	fetchlimit
 
 FILTER_AAAA_CONFIGURE_ENABLE=	filter-aaaa
 
 FIXED_RRSET_CONFIGURE_ENABLE=	fixed-rrset
 
 GOST_CONFIGURE_WITH=	gost
 
 GSSAPI_BASE_CONFIGURE_ON= \
 	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
 GSSAPI_BASE_USES=	gssapi
 
 GSSAPI_HEIMDAL_CONFIGURE_ON= \
 	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
 GSSAPI_HEIMDAL_USES=	gssapi:heimdal
 
 GSSAPI_MIT_CONFIGURE_ON= \
 	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
 GSSAPI_MIT_USES=	gssapi:mit
 
 GSSAPI_NONE_CONFIGURE_ON=	--without-gssapi
 
 IDN_CONFIGURE_OFF=	--without-idn
 IDN_CONFIGURE_ON=	--with-idn=${LOCALBASE} ${ICONV_CONFIGURE_BASE}
 IDN_LIB_DEPENDS=	libidnkit.so:dns/idnkit
 IDN_USES=		iconv
 
 IPV6_CONFIGURE_ENABLE=	ipv6
 
 LARGE_FILE_CONFIGURE_ENABLE=	largefile
 
 MINCACHE_EXTRA_PATCHES=	${FILESDIR}/extrapatch-bind-min-override-ttl
 
 NEWSTATS_CONFIGURE_ENABLE=	newstats
 
 PYTHON_CONFIGURE_WITH=	python=${PYTHON_CMD}
 PYTHON_USES=	python
 
 QUERYTRACE_CONFIGURE_ENABLE=	querytrace
 
 RPZ_NSDNAME_CONFIGURE_ENABLE=	rpz-nsdname
 
 RPZ_NSIP_CONFIGURE_ENABLE=	rpz-nsip
 
 RRL_CONFIGURE_ENABLE=	rrl
 
 SIGCHASE_CONFIGURE_ON=	STD_CDEFINES="-DDIG_SIGCHASE=1"
 
 SSL_CONFIGURE_OFF=	--disable-openssl-version-check --without-openssl
 SSL_CONFIGURE_ON=	--with-openssl=${OPENSSLBASE}
 SSL_USES=		ssl
 
 START_LATE_SUB_LIST=	NAMED_REQUIRE="SERVERS cleanvar" \
 			NAMED_BEFORE="LOGIN"
 START_LATE_SUB_LIST_OFF=NAMED_REQUIRE="NETWORKING ldconfig syslogd" \
 			NAMED_BEFORE="SERVERS"
 
 THREADS_CONFIGURE_ENABLE=	threads
 
 .include <bsd.port.pre.mk>
 
 .if ( ${PORT_OPTIONS:MGOST} ) && ${SSL_DEFAULT} == base
 BROKEN=	OpenSSL from the base system does not support GOST, add \
 	DEFAULT_VERSIONS+=ssl=openssl to your /etc/make.conf and rebuild everything \
 	that needs SSL.
 .endif
 
 post-patch:
 .for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.1 \
 	rndc/rndc.8
 	@${REINPLACE_CMD} -e 's#/etc/named.conf#${ETCDIR}/named.conf#g' \
 		-e 's#/etc/rndc.conf#${ETCDIR}/rndc.conf#g' \
 		-e "s#/var\/run\/named\/named.pid#/var/run/named/pid#" \
 		${WRKSRC}/bin/${FILE}
 .endfor
 
 .if ${PORTREVISION:N0}
 post-patch-PORTREVISION-on:
 	@${REINPLACE_CMD} -e '/EXTENSIONS/s#=$$#=_${PORTREVISION}#' \
 		${WRKSRC}/version
 .endif
 
 post-configure:
 	@${REINPLACE_CMD} -e '/^SO_LDFLAGS/s/-Wl,-rpath,/-rpath /' ${WRKSRC}/bin/tests/system/dlzexternal/Makefile
 
 post-install:
 	${MKDIR} ${STAGEDIR}${PREFIX}/etc/mtree
 	${MKDIR} ${STAGEDIR}${ETCDIR}
 .for i in dynamic master slave working
 	@${MKDIR} ${STAGEDIR}${ETCDIR}/$i
 .endfor
 	${INSTALL_DATA} ${WRKDIR}/named.conf ${STAGEDIR}${ETCDIR}/named.conf.sample
 	${INSTALL_DATA} ${FILESDIR}/named.root ${STAGEDIR}${ETCDIR}
 	${INSTALL_DATA} ${FILESDIR}/empty.db ${STAGEDIR}${ETCDIR}/master
 	${INSTALL_DATA} ${FILESDIR}/localhost-forward.db ${STAGEDIR}${ETCDIR}/master
 	${INSTALL_DATA} ${FILESDIR}/localhost-reverse.db ${STAGEDIR}${ETCDIR}/master
 	${INSTALL_DATA} ${FILESDIR}/BIND.chroot.dist ${STAGEDIR}${PREFIX}/etc/mtree
 	${INSTALL_DATA} ${FILESDIR}/BIND.chroot.local.dist ${STAGEDIR}${PREFIX}/etc/mtree
 	${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \
 		${STAGEDIR}${ETCDIR}/rndc.conf.sample
 
 post-install-DOCS-on:
 	${MKDIR} ${STAGEDIR}${DOCSDIR}/arm
 	${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm
 	${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR}
 	${INSTALL_DATA} ${WRKSRC}/CHANGES ${WRKSRC}/FAQ \
 		${WRKSRC}/HISTORY ${WRKSRC}/README ${STAGEDIR}${DOCSDIR}
 
 # Can't use USE_PYTHON=autoplist
 post-install-PYTHON-on:
 	@${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -type f | ${SED} -e 's|${STAGEDIR}||' >> ${TMPPLIST}
 
 .include <bsd.port.post.mk>
Index: branches/2017Q2/dns/bind99/distinfo
===================================================================
--- branches/2017Q2/dns/bind99/distinfo	(revision 443608)
+++ branches/2017Q2/dns/bind99/distinfo	(revision 443609)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1492688489
-SHA256 (bind-9.9.10.tar.gz) = 7deabe932b11149ebce7bf96abe114479c3c52e0081a29d00877125f55ae562a
-SIZE (bind-9.9.10.tar.gz) = 8857543
+TIMESTAMP = 1497425667
+SHA256 (bind-9.9.10-P1.tar.gz) = 2c09f361a5936b31dcfd9dfaa324351dc2cd25ca0a380cf4caa2cc94b3ba6bc5
+SIZE (bind-9.9.10-P1.tar.gz) = 8836915
Index: branches/2017Q2/dns/bind99/files/named.conf.in
===================================================================
--- branches/2017Q2/dns/bind99/files/named.conf.in	(revision 443608)
+++ branches/2017Q2/dns/bind99/files/named.conf.in	(revision 443609)
@@ -1,388 +1,380 @@
 // $FreeBSD$
 //
 // Refer to the named.conf(5) and named(8) man pages, and the documentation
 // in /usr/local/share/doc/bind for more details.
 //
 // If you are going to set up an authoritative server, make sure you
 // understand the hairy details of how DNS works.  Even with
 // simple mistakes, you can break connectivity for affected parties,
 // or cause huge amounts of useless Internet traffic.
 
 options {
 	// All file and path names are relative to the chroot directory,
 	// if any, and should be fully qualified.
 	directory	"%%ETCDIR%%/working";
 	pid-file	"/var/run/named/pid";
 	dump-file	"/var/dump/named_dump.db";
 	statistics-file	"/var/stats/named.stats";
 
 // If named is being used only as a local resolver, this is a safe default.
 // For named to be accessible to the network, comment this option, specify
 // the proper IP address, or delete this option.
 	listen-on	{ 127.0.0.1; };
 
 // If you have IPv6 enabled on this system, uncomment this option for
 // use as a local resolver.  To give access to the network, specify
 // an IPv6 address, or the keyword "any".
 //	listen-on-v6	{ ::1; };
 
 // These zones are already covered by the empty zones listed below.
 // If you remove the related empty zones below, comment these lines out.
 	disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
 	disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
 	disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
 
 // If you've got a DNS server around at your upstream provider, enter
 // its IP address here, and enable the line below.  This will make you
 // benefit from its cache, thus reduce overall DNS traffic in the Internet.
 /*
 	forwarders {
 		127.0.0.1;
 	};
 */
 
 // If the 'forwarders' clause is not empty the default is to 'forward first'
 // which will fall back to sending a query from your local server if the name
 // servers in 'forwarders' do not have the answer.  Alternatively you can
 // force your name server to never initiate queries of its own by enabling the
 // following line:
 //	forward only;
 
 // If you wish to have forwarding configured automatically based on
 // the entries in /etc/resolv.conf, uncomment the following line and
 // set named_auto_forward=yes in /etc/rc.conf.  You can also enable
 // named_auto_forward_only (the effect of which is described above).
 //	include "%%ETCDIR%%/auto_forward.conf";
 
 	/*
 	   Modern versions of BIND use a random UDP port for each outgoing
 	   query by default in order to dramatically reduce the possibility
 	   of cache poisoning.  All users are strongly encouraged to utilize
 	   this feature, and to configure their firewalls to accommodate it.
 
 	   AS A LAST RESORT in order to get around a restrictive firewall
 	   policy you can try enabling the option below.  Use of this option
 	   will significantly reduce your ability to withstand cache poisoning
 	   attacks, and should be avoided if at all possible.
 
 	   Replace NNNNN in the example with a number between 49160 and 65530.
 	*/
 	// query-source address * port NNNNN;
 };
 
 // If you enable a local name server, don't forget to enter 127.0.0.1
 // first in your /etc/resolv.conf so this server will be queried.
 // Also, make sure to enable it in /etc/rc.conf.
 
 // The traditional root hints mechanism. Use this, OR the slave zones below.
 zone "." { type hint; file "%%ETCDIR%%/named.root"; };
 
 /*	Slaving the following zones from the root name servers has some
 	significant advantages:
 	1. Faster local resolution for your users
 	2. No spurious traffic will be sent from your network to the roots
 	3. Greater resilience to any potential root server failure/DDoS
 
 	On the other hand, this method requires more monitoring than the
 	hints file to be sure that an unexpected failure mode has not
 	incapacitated your server.  Name servers that are serving a lot
 	of clients will benefit more from this approach than individual
 	hosts.  Use with caution.
 
 	To use this mechanism, uncomment the entries below, and comment
 	the hint zone above.
 
 	As documented at http://dns.icann.org/services/axfr/ these zones:
 	"." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and a few others
 	are available for AXFR from these servers on IPv4 and IPv6:
 	xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org
 */
 /*
 zone "." {
 	type slave;
 	file "%%ETCDIR%%/slave/root.slave";
 	masters {
 		192.0.32.132;           // lax.xfr.dns.icann.org
 		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
 		192.0.47.132;           // iad.xfr.dns.icann.org
 		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
 };
 zone "arpa" {
 	type slave;
 	file "%%ETCDIR%%/slave/arpa.slave";
 	masters {
 		192.0.32.132;           // lax.xfr.dns.icann.org
 		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
 		192.0.47.132;           // iad.xfr.dns.icann.org
 		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
 };
 zone "in-addr.arpa" {
 	type slave;
 	file "%%ETCDIR%%/slave/in-addr.arpa.slave";
 	masters {
 		192.0.32.132;           // lax.xfr.dns.icann.org
 		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
 		192.0.47.132;           // iad.xfr.dns.icann.org
 		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
-}
+};
 zone "ip6.arpa" {
 	type slave;
 	file "%%ETCDIR%%/slave/ip6.arpa.slave";
 	masters {
 		192.0.32.132;           // lax.xfr.dns.icann.org
 		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
 		192.0.47.132;           // iad.xfr.dns.icann.org
 		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
-}
+};
 */
 
 /*	Serving the following zones locally will prevent any queries
 	for these zones leaving your network and going to the root
 	name servers.  This has two significant advantages:
 	1. Faster local resolution for your users
 	2. No spurious traffic will be sent from your network to the roots
 */
 // RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)
 zone "localhost"	{ type master; file "%%ETCDIR%%/master/localhost-forward.db"; };
 zone "127.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/localhost-reverse.db"; };
 zone "255.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // RFC 1912-style zone for IPv6 localhost address (RFC 6303)
 zone "0.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/localhost-reverse.db"; };
 
 // "This" Network (RFCs 1912, 5735 and 6303)
 zone "0.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // Private Use Networks (RFCs 1918, 5735 and 6303)
 zone "10.in-addr.arpa"	   { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "16.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "17.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "18.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "19.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "20.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "21.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "22.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "23.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "24.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "25.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "26.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "27.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "28.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "29.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "30.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "31.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "168.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // Shared Address Space (RFC 6598)
 zone "64.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "65.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "66.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "67.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "68.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "69.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "70.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "71.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "72.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "73.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "74.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "75.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "76.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "77.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "78.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "79.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "80.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "81.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "82.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "83.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "84.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "85.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "86.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "87.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "88.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "89.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "90.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "91.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "92.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "93.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "94.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "95.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "96.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "97.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "98.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "99.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "100.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "101.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "102.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "103.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "104.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "105.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "106.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "107.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "108.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "109.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "110.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "111.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "112.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "113.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "114.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "115.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "116.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "117.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "118.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "119.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "120.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "121.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "122.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "123.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "124.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "125.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "126.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "127.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // Link-local/APIPA (RFCs 3927, 5735 and 6303)
 zone "254.169.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IETF protocol assignments (RFCs 5735 and 5736)
 zone "0.0.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303)
 zone "2.0.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "100.51.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "113.0.203.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IPv6 Example Range for Documentation (RFCs 3849 and 6303)
 zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
-
-// Domain Names for Documentation and Testing (BCP 32)
-zone "test" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "invalid" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example.com" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example.net" { type master; file "%%ETCDIR%%/master/empty.db"; };
-zone "example.org" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // Router Benchmark Testing (RFCs 2544 and 5735)
 zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "19.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IANA Reserved - Old Class E Space (RFC 5735)
 zone "240.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "241.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "242.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "243.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "244.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "245.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "246.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "247.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "248.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "249.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "250.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "251.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "252.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "253.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "254.in-addr.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IPv6 Unassigned Addresses (RFC 4291)
 zone "1.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "3.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "4.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "5.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "6.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "7.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "8.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "9.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "a.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "b.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "c.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "d.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "e.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "0.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "1.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "2.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "3.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "4.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "5.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "6.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "7.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "8.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "9.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "a.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "b.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "0.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "1.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "2.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "3.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "4.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "5.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "6.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "7.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IPv6 ULA (RFCs 4193 and 6303)
 zone "c.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "d.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IPv6 Link Local (RFCs 4291 and 6303)
 zone "8.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "9.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "a.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "b.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303)
 zone "c.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "d.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "e.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 zone "f.e.f.ip6.arpa"	{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // IP6.INT is Deprecated (RFC 4159)
 zone "ip6.int"		{ type master; file "%%ETCDIR%%/master/empty.db"; };
 
 // NB: Do not use the IP addresses below, they are faked, and only
 // serve demonstration/documentation purposes!
 //
 // Example slave zone config entries.  It can be convenient to become
 // a slave at least for the zone your own domain is in.  Ask
 // your network administrator for the IP address of the responsible
 // master name server.
 //
 // Do not forget to include the reverse lookup zone!
 // This is named after the first bytes of the IP address, in reverse
 // order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6.
 //
 // Before starting to set up a master zone, make sure you fully
 // understand how DNS and BIND work.  There are sometimes
 // non-obvious pitfalls.  Setting up a slave zone is usually simpler.
 //
 // NB: Don't blindly enable the examples below. :-)  Use actual names
 // and addresses instead.
 
 /* An example dynamic zone
 key "exampleorgkey" {
 	algorithm hmac-md5;
 	secret "sf87HJqjkqh8ac87a02lla==";
 };
 zone "example.org" {
 	type master;
 	allow-update {
 		key "exampleorgkey";
 	};
 	file "%%ETCDIR%%/dynamic/example.org";
 };
 */
 
 /* Example of a slave reverse zone
 zone "1.168.192.in-addr.arpa" {
 	type slave;
 	file "%%ETCDIR%%/slave/1.168.192.in-addr.arpa";
 	masters {
 		192.168.1.1;
 	};
 };
 */
Index: branches/2017Q2/dns/bind99/files/pkg-message.in
===================================================================
--- branches/2017Q2/dns/bind99/files/pkg-message.in	(revision 443608)
+++ branches/2017Q2/dns/bind99/files/pkg-message.in	(revision 443609)
@@ -1,15 +1,23 @@
 **********************************************************************
 *            _  _____ _____ _____ _   _ _____ ___ ___  _   _         *
 *           / \|_   _|_   _| ____| \ | |_   _|_ _/ _ \| \ | |        *
 *          / _ \ | |   | | |  _| |  \| | | |  | | | | |  \| |        *
 *         / ___ \| |   | | | |___| |\  | | |  | | |_| | |\  |        *
 *        /_/   \_\_|   |_| |_____|_| \_| |_| |___\___/|_| \_|        *
 *                                                                    *
 *   BIND requires configuration of rndc, including a "secret" key.   *
 *    The easiest, and most secure way to configure rndc is to run    *
 *   'rndc-confgen -a' to generate the proper conf file, with a new   *
 *            random key, and appropriate file permissions.           *
 *                                                                    *
 *     The %%PREFIX%%/etc/rc.d/named script will do that for you.     *
 *                                                                    *
+*      If using syslog to log the BIND9 activity, and using a        *
+*     chroot'ed installation, you will need to tell syslog to        *
+*       install a log socket in the BIND9 chroot by running:         *
+*                                                                    *
+*            # sysrc altlog_proglist+=named                          *
+*                                                                    *
+*    And then restarting syslogd with: service syslogd restart       *
+*                                                                    *
 **********************************************************************
Index: branches/2017Q2
===================================================================
--- branches/2017Q2	(revision 443608)
+++ branches/2017Q2	(revision 443609)

Property changes on: branches/2017Q2
___________________________________________________________________
Modified: svn:mergeinfo
## -0,0 +0,1 ##
   Merged /head:r443607-443608