Index: branches/2019Q1/dns/bind911/Makefile =================================================================== --- branches/2019Q1/dns/bind911/Makefile (revision 493564) +++ branches/2019Q1/dns/bind911/Makefile (revision 493565) @@ -1,251 +1,251 @@ # $FreeBSD$ # pkg-help formatted with fmt 59 63 PORTNAME= bind PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/} PORTREVISION= 0 CATEGORIES= dns net ipv6 MASTER_SITES= ISC/bind9/${ISCVERSION} PKGNAMESUFFIX= 911 DISTNAME= ${PORTNAME}-${ISCVERSION} MAINTAINER= mat@FreeBSD.org COMMENT= BIND DNS suite with updated DNSSEC and DNS64 LICENSE= MPL20 LICENSE_FILE= ${WRKSRC}/COPYRIGHT LIB_DEPENDS= libxml2.so:textproc/libxml2 USES= cpe libedit # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.11.5-P1 +ISCVERSION= 9.11.5-P4 CPE_VENDOR= isc CPE_VERSION= ${ISCVERSION:C/-.*//} .if ${ISCVERSION:M*-*} CPE_UPDATE= ${ISCVERSION:C/.*-//:tl} .endif GNU_CONFIGURE= yes CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \ --with-randomdev=/dev/random \ --with-libxml2=${LOCALBASE} \ --with-readline="-L${LOCALBASE}/lib -ledit" \ --with-dlopen=yes \ --with-gost=no \ --sysconfdir=${ETCDIR} ETCDIR= ${PREFIX}/etc/namedb CONFLICTS= bind-tools bind99 bind910 bind912 bind913 bind9-devel SUB_FILES= pkg-message named.conf USE_RC_SUBR= named MAKE_JOBS_UNSAFE= yes PORTDOCS= * OPTIONS_DEFAULT= SSL THREADS SIGCHASE IDN GSSAPI_NONE JSON PYTHON \ DLZ_FILESYSTEM LMDB RPZ_NSDNAME RPZ_NSIP TCP_FASTOPEN \ FILTER_AAAA OPTIONS_DEFINE= IDN LARGE_FILE PYTHON JSON \ FIXED_RRSET SIGCHASE IPV6 THREADS FILTER_AAAA \ RPZ_NSIP RPZ_NSDNAME DOCS GEOIP \ MINCACHE PORTREVISION QUERYTRACE LMDB DNSTAP \ START_LATE TUNING_LARGE TCP_FASTOPEN OPTIONS_RADIO= CRYPTO OPTIONS_RADIO_CRYPTO= SSL NATIVE_PKCS11 OPTIONS_GROUP= DLZ OPTIONS_GROUP_DLZ= DLZ_POSTGRESQL DLZ_MYSQL DLZ_BDB \ DLZ_LDAP DLZ_FILESYSTEM DLZ_STUB OPTIONS_SINGLE= GSSAPI OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE OPTIONS_SUB= yes CRYPTO_DESC= Choose which crypto engine to use DLZ_BDB_DESC= DLZ BDB driver DLZ_DESC= Dynamically Loadable Zones DLZ_FILESYSTEM_DESC= DLZ filesystem driver DLZ_LDAP_DESC= DLZ LDAP driver DLZ_MYSQL_DESC= DLZ MySQL driver (no threading) DLZ_POSTGRESQL_DESC= DLZ Postgres driver DLZ_STUB_DESC= DLZ stub driver DNSTAP_DESC= Provides fast passive logging of DNS messages FILTER_AAAA_DESC= Enable filtering of AAAA records FIXED_RRSET_DESC= Enable fixed rrset ordering GEOIP_DESC= Allow geographically based ACL. GSSAPI_BASE_DESC= Using Heimdal in base GSSAPI_HEIMDAL_DESC= Using security/heimdal GSSAPI_MIT_DESC= Using security/krb5 GSSAPI_NONE_DESC= Disable LARGE_FILE_DESC= 64-bit file support LMDB_DESC= Use LMDB for zone management MINCACHE_DESC= Use the mincachettl patch NATIVE_PKCS11_DESC= Use PKCS\#11 native API (**READ HELP**) PORTREVISION_DESC= Show PORTREVISION in the version string PYTHON_DESC= Build with Python utilities QUERYTRACE_DESC= Enable the very verbose query tracelogging RPZ_NSDNAME_DESC= Enable RPZ NSDNAME policy records RPZ_NSIP_DESC= Enable RPZ NSIP trigger rules SIGCHASE_DESC= dig/host/nslookup will do DNSSEC validation SSL_DESC= Build with OpenSSL (Required for DNSSEC) START_LATE_DESC= Start BIND late in the boot process (see help) TCP_FASTOPEN_DESC= RFC 7413 support TUNING_LARGE_DESC= Tune named for large systems (**READ HELP**) DLZ_BDB_CONFIGURE_ON= --with-dlz-bdb=yes DLZ_BDB_USES= bdb DLZ_FILESYSTEM_CONFIGURE_ON= --with-dlz-filesystem=yes DLZ_LDAP_CONFIGURE_ON= --with-dlz-ldap=yes DLZ_LDAP_USE= openldap=yes DLZ_MYSQL_CONFIGURE_ON= --with-dlz-mysql=yes DLZ_MYSQL_PREVENTS= THREADS DLZ_MYSQL_USES= mysql DLZ_POSTGRESQL_CONFIGURE_ON= --with-dlz-postgres=yes DLZ_POSTGRESQL_USES= pgsql DLZ_STUB_CONFIGURE_ON= --with-dlz-stub=yes DNSTAP_CONFIGURE_ENABLE= dnstap DNSTAP_IMPLIES= THREADS DNSTAP_LIB_DEPENDS= libfstrm.so:devel/fstrm \ libprotobuf-c.so:devel/protobuf-c FILTER_AAAA_CONFIGURE_ENABLE= filter-aaaa FIXED_RRSET_CONFIGURE_ENABLE= fixed-rrset GEOIP_CONFIGURE_WITH= geoip GEOIP_LIB_DEPENDS= libGeoIP.so:net/GeoIP GSSAPI_BASE_CONFIGURE_ON=\ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" GSSAPI_BASE_USES= gssapi GSSAPI_HEIMDAL_CONFIGURE_ON=\ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" GSSAPI_HEIMDAL_USES= gssapi:heimdal GSSAPI_MIT_CONFIGURE_ON=\ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" GSSAPI_MIT_USES= gssapi:mit GSSAPI_NONE_CONFIGURE_ON= --without-gssapi IDN_CONFIGURE_OFF= --without-libidn2 IDN_CONFIGURE_ON= --with-libidn2=${LOCALBASE} ${ICONV_CONFIGURE_BASE} IDN_LIB_DEPENDS= libidn2.so:dns/libidn2 IDN_USES= iconv IPV6_CONFIGURE_ENABLE= ipv6 JSON_CONFIGURE_WITH= libjson=${LOCALBASE} JSON_LIB_DEPENDS= libjson-c.so:devel/json-c LARGE_FILE_CONFIGURE_ENABLE= largefile LMDB_CONFIGURE_WITH= lmdb=${LOCALBASE} LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb MINCACHE_EXTRA_PATCHES= ${FILESDIR}/extrapatch-bind-min-override-ttl NATIVE_PKCS11_CONFIGURE_ENABLE= native-pkcs11 NATIVE_PKCS11_IMPLIES= THREADS PYTHON_BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}ply>=0:devel/py-ply@${PY_FLAVOR} PYTHON_CONFIGURE_WITH= python=${PYTHON_CMD} PYTHON_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}ply>=0:devel/py-ply@${PY_FLAVOR} PYTHON_USES= python QUERYTRACE_CONFIGURE_ENABLE= querytrace RPZ_NSDNAME_CONFIGURE_ENABLE= rpz-nsdname RPZ_NSIP_CONFIGURE_ENABLE= rpz-nsip SIGCHASE_CONFIGURE_ON= STD_CDEFINES="-DDIG_SIGCHASE=1" SSL_CONFIGURE_OFF= --disable-openssl-version-check --without-openssl SSL_CONFIGURE_ON= --with-openssl=${OPENSSLBASE} SSL_USES= ssl START_LATE_SUB_LIST= NAMED_REQUIRE="SERVERS cleanvar" \ NAMED_BEFORE="LOGIN" START_LATE_SUB_LIST_OFF=NAMED_REQUIRE="NETWORKING ldconfig syslogd" \ NAMED_BEFORE="SERVERS" THREADS_CONFIGURE_ENABLE= threads TUNING_LARGE_IMPLIES= THREADS TUNING_LARGE_CONFIGURE_ON= --with-tuning=large TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default .include .if defined(WITH_DEBUG) CONFIGURE_ARGS+= --enable-symtable .else CONFIGURE_ARGS+= --disable-symtable .endif .if ${SSL_DEFAULT} == base SUB_LIST+= ENGINES=/usr/lib/engines .else SUB_LIST+= ENGINES=${LOCALBASE}/lib/engines .endif post-patch: .for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.1 \ rndc/rndc.8 @${REINPLACE_CMD} -e 's#/etc/named.conf#${ETCDIR}/named.conf#g' \ -e 's#/etc/rndc.conf#${ETCDIR}/rndc.conf#g' \ -e "s#/var\/run\/named\/named.pid#/var/run/named/pid#" \ ${WRKSRC}/bin/${FILE} .endfor .if ${PORTREVISION:N0} post-patch-PORTREVISION-on: @${REINPLACE_CMD} -e '/EXTENSIONS/s#=$$#=_${PORTREVISION}#' \ ${WRKSRC}/version .endif post-patch-TCP_FASTOPEN-off: @${REINPLACE_CMD} -e 's/#define ISC_PLATFORM_HAVETFO 1/#undef ISC_PLATFORM_HAVETFO/' ${WRKSRC}/configure post-install: ${MKDIR} ${STAGEDIR}${PREFIX}/etc/mtree ${MKDIR} ${STAGEDIR}${ETCDIR} .for i in dynamic master slave working @${MKDIR} ${STAGEDIR}${ETCDIR}/$i .endfor ${INSTALL_DATA} ${WRKDIR}/named.conf ${STAGEDIR}${ETCDIR}/named.conf.sample ${INSTALL_DATA} ${FILESDIR}/named.root ${STAGEDIR}${ETCDIR} ${INSTALL_DATA} ${FILESDIR}/empty.db ${STAGEDIR}${ETCDIR}/master ${INSTALL_DATA} ${FILESDIR}/localhost-forward.db ${STAGEDIR}${ETCDIR}/master ${INSTALL_DATA} ${FILESDIR}/localhost-reverse.db ${STAGEDIR}${ETCDIR}/master ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.dist ${STAGEDIR}${PREFIX}/etc/mtree/BIND.chroot.dist.sample ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.local.dist ${STAGEDIR}${PREFIX}/etc/mtree/BIND.chroot.local.dist.sample ${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \ ${STAGEDIR}${ETCDIR}/rndc.conf.sample post-install-DOCS-on: ${MKDIR} ${STAGEDIR}${DOCSDIR}/arm ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm ${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/CHANGES \ ${WRKSRC}/HISTORY* ${WRKSRC}/README* ${STAGEDIR}${DOCSDIR} # Can't use USE_PYTHON=autoplist post-install-PYTHON-on: @${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -type f | ${SED} -e 's|${STAGEDIR}||' >> ${TMPPLIST} .include Index: branches/2019Q1/dns/bind911/distinfo =================================================================== --- branches/2019Q1/dns/bind911/distinfo (revision 493564) +++ branches/2019Q1/dns/bind911/distinfo (revision 493565) @@ -1,3 +1,3 @@ -TIMESTAMP = 1544687911 -SHA256 (bind-9.11.5-P1.tar.gz) = 6cd6dbf016569f12d4a0ed629e44e895d9ed41c6908274ed2e617666c5491928 -SIZE (bind-9.11.5-P1.tar.gz) = 8814650 +TIMESTAMP = 1550649103 +SHA256 (bind-9.11.5-P4.tar.gz) = 7e8c08192bcbaeb6e9f2391a70e67583b027b90e8c4bc1605da6eb126edde434 +SIZE (bind-9.11.5-P4.tar.gz) = 8819038 Index: branches/2019Q1/dns/bind911/files/extrapatch-bind-min-override-ttl =================================================================== --- branches/2019Q1/dns/bind911/files/extrapatch-bind-min-override-ttl (revision 493564) +++ branches/2019Q1/dns/bind911/files/extrapatch-bind-min-override-ttl (revision 493565) @@ -1,73 +1,73 @@ ---- bin/named/config.c.orig 2018-10-06 01:36:17 UTC +--- bin/named/config.c.orig 2019-02-05 00:06:43 UTC +++ bin/named/config.c @@ -177,6 +177,8 @@ options {\n\ " max-acache-size 16M;\n\ max-cache-size 90%;\n\ max-cache-ttl 604800; /* 1 week */\n\ + min-cache-ttl 0; /* no minimal, zero is allowed */\n\ + override-cache-ttl 0; /* do not override */\n\ max-clients-per-query 100;\n\ max-ncache-ttl 10800; /* 3 hours */\n\ max-recursion-depth 7;\n\ ---- bin/named/server.c.orig 2018-10-06 01:36:17 UTC +--- bin/named/server.c.orig 2019-02-05 00:06:43 UTC +++ bin/named/server.c -@@ -3695,6 +3695,16 @@ configure_view(dns_view_t *view, dns_vie +@@ -3695,6 +3695,16 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewl } obj = NULL; + result = ns_config_get(maps, "override-cache-ttl", &obj); + INSIST(result == ISC_R_SUCCESS); + view->overridecachettl = cfg_obj_asuint32(obj); + + obj = NULL; + result = ns_config_get(maps, "min-cache-ttl", &obj); + INSIST(result == ISC_R_SUCCESS); + view->mincachettl = cfg_obj_asuint32(obj); + + obj = NULL; result = ns_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asuint32(obj); ---- lib/dns/include/dns/view.h.orig 2018-10-06 01:36:17 UTC +--- lib/dns/include/dns/view.h.orig 2019-02-05 00:06:43 UTC +++ lib/dns/include/dns/view.h @@ -152,6 +152,8 @@ struct dns_view { bool requestnsid; bool sendcookie; dns_ttl_t maxcachettl; + dns_ttl_t mincachettl; + dns_ttl_t overridecachettl; dns_ttl_t maxncachettl; uint32_t nta_lifetime; uint32_t nta_recheck; ---- lib/dns/resolver.c.orig 2018-10-06 01:36:17 UTC +--- lib/dns/resolver.c.orig 2019-02-05 00:06:43 UTC +++ lib/dns/resolver.c -@@ -5474,6 +5474,18 @@ cache_name(fetchctx_t *fctx, dns_name_t +@@ -5474,6 +5474,18 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adb } /* + * Enforce the configure cache TTL override. + */ + if (res->view->overridecachettl) + rdataset->ttl = res->view->overridecachettl; + + /* + * Enforce the configure minimum cache TTL. + */ + if (rdataset->ttl < res->view->mincachettl) + rdataset->ttl = res->view->mincachettl; + + /* * Enforce the configure maximum cache TTL. */ if (rdataset->ttl > res->view->maxcachettl) { ---- lib/isccfg/namedconf.c.orig 2018-10-06 01:36:17 UTC +--- lib/isccfg/namedconf.c.orig 2019-02-05 00:06:43 UTC +++ lib/isccfg/namedconf.c @@ -1773,6 +1773,8 @@ view_clauses[] = { #endif { "max-acache-size", &cfg_type_sizenodefault, 0 }, { "max-cache-size", &cfg_type_sizeorpercent, 0 }, + { "override-cache-ttl", &cfg_type_uint32, 0 }, + { "min-cache-ttl", &cfg_type_uint32, 0 }, { "max-cache-ttl", &cfg_type_uint32, 0 }, { "max-clients-per-query", &cfg_type_uint32, 0 }, { "max-ncache-ttl", &cfg_type_uint32, 0 }, Index: branches/2019Q1/dns/bind911/files/patch-bin_named_include_named_globals.h =================================================================== --- branches/2019Q1/dns/bind911/files/patch-bin_named_include_named_globals.h (revision 493564) +++ branches/2019Q1/dns/bind911/files/patch-bin_named_include_named_globals.h (revision 493565) @@ -1,13 +1,13 @@ We reference the pid file as being run/named/pid everywere else. ---- bin/named/include/named/globals.h.orig 2018-10-06 01:36:17 UTC +--- bin/named/include/named/globals.h.orig 2019-02-05 00:06:43 UTC +++ bin/named/include/named/globals.h -@@ -139,7 +139,7 @@ EXTERN bool ns_g_forcelock INIT(false) +@@ -139,7 +139,7 @@ EXTERN bool ns_g_forcelock INIT(false); #if NS_RUN_PID_DIR EXTERN const char * ns_g_defaultpidfile INIT(NS_LOCALSTATEDIR "/run/named/" - "named.pid"); + "pid"); EXTERN const char * lwresd_g_defaultpidfile INIT(NS_LOCALSTATEDIR "/run/lwresd/" "lwresd.pid"); Index: branches/2019Q1/dns/bind912/Makefile =================================================================== --- branches/2019Q1/dns/bind912/Makefile (revision 493564) +++ branches/2019Q1/dns/bind912/Makefile (revision 493565) @@ -1,279 +1,279 @@ # $FreeBSD$ # pkg-help formatted with fmt 59 63 PORTNAME= bind PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/} .if defined(BIND_TOOLS_SLAVE) # dns/bind-tools here PORTREVISION= 0 .else PORTREVISION= 0 .endif CATEGORIES= dns net ipv6 MASTER_SITES= ISC/bind9/${ISCVERSION} .if defined(BIND_TOOLS_SLAVE) PKGNAMESUFFIX= -tools .else PKGNAMESUFFIX= 912 .endif DISTNAME= ${PORTNAME}-${ISCVERSION} MAINTAINER= mat@FreeBSD.org .if defined(BIND_TOOLS_SLAVE) COMMENT= Command line tools from BIND: delv, dig, host, nslookup... .else COMMENT= BIND DNS suite with updated DNSSEC and DNS64 .endif LICENSE= MPL20 LICENSE_FILE= ${WRKSRC}/COPYRIGHT LIB_DEPENDS= libxml2.so:textproc/libxml2 USES= compiler:c11 cpe libedit # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.12.3-P1 +ISCVERSION= 9.12.3-P4 CPE_VENDOR= isc CPE_VERSION= ${ISCVERSION:C/-.*//} .if ${ISCVERSION:M*-*} CPE_UPDATE= ${ISCVERSION:C/.*-//:tl} .endif GNU_CONFIGURE= yes CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \ --with-randomdev=/dev/random \ --with-libxml2=${LOCALBASE} \ --with-readline="-L${LOCALBASE}/lib -ledit" \ --with-dlopen=yes \ --with-gost=no \ --sysconfdir=${ETCDIR} ETCDIR= ${PREFIX}/etc/namedb CONFLICTS= bind99 bind910 bind911 bind913 bind9-devel .if defined(BIND_TOOLS_SLAVE) CONFIGURE_ARGS+= --disable-shared CONFLICTS+= bind912 .else USE_RC_SUBR= named SUB_FILES= pkg-message named.conf CONFLICTS+= bind-tools PORTDOCS= * .endif # BIND_TOOLS_SLAVE MAKE_JOBS_UNSAFE= yes OPTIONS_DEFAULT= SSL THREADS SIGCHASE IDN GSSAPI_NONE JSON PYTHON OPTIONS_DEFINE= IDN LARGE_FILE PYTHON JSON \ FIXED_RRSET SIGCHASE IPV6 THREADS OPTIONS_RADIO= CRYPTO OPTIONS_RADIO_CRYPTO= SSL NATIVE_PKCS11 .if !defined(BIND_TOOLS_SLAVE) OPTIONS_DEFAULT+= DLZ_FILESYSTEM LMDB RPZ_NSDNAME RPZ_NSIP TCP_FASTOPEN OPTIONS_DEFINE+= RPZ_NSIP RPZ_NSDNAME DOCS GEOIP \ MINCACHE PORTREVISION QUERYTRACE LMDB DNSTAP \ START_LATE TUNING_LARGE TCP_FASTOPEN OPTIONS_GROUP= DLZ OPTIONS_GROUP_DLZ= DLZ_POSTGRESQL DLZ_MYSQL DLZ_BDB \ DLZ_LDAP DLZ_FILESYSTEM DLZ_STUB .endif # BIND_TOOLS_SLAVE OPTIONS_SINGLE= GSSAPI OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE OPTIONS_SUB= yes CRYPTO_DESC= Choose which crypto engine to use DLZ_BDB_DESC= DLZ BDB driver DLZ_DESC= Dynamically Loadable Zones DLZ_FILESYSTEM_DESC= DLZ filesystem driver DLZ_LDAP_DESC= DLZ LDAP driver DLZ_MYSQL_DESC= DLZ MySQL driver (no threading) DLZ_POSTGRESQL_DESC= DLZ Postgres driver DLZ_STUB_DESC= DLZ stub driver DNSTAP_DESC= Provides fast passive logging of DNS messages FIXED_RRSET_DESC= Enable fixed rrset ordering GEOIP_DESC= Allow geographically based ACL. GSSAPI_BASE_DESC= Using Heimdal in base GSSAPI_HEIMDAL_DESC= Using security/heimdal GSSAPI_MIT_DESC= Using security/krb5 GSSAPI_NONE_DESC= Disable LARGE_FILE_DESC= 64-bit file support LMDB_DESC= Use LMDB for zone management MINCACHE_DESC= Use the mincachettl patch NATIVE_PKCS11_DESC= Use PKCS\#11 native API (**READ HELP**) PORTREVISION_DESC= Show PORTREVISION in the version string PYTHON_DESC= Build with Python utilities QUERYTRACE_DESC= Enable the very verbose query tracelogging RPZ_NSDNAME_DESC= Enable RPZ NSDNAME policy records RPZ_NSIP_DESC= Enable RPZ NSIP trigger rules SIGCHASE_DESC= dig/host/nslookup will do DNSSEC validation SSL_DESC= Build with OpenSSL (Required for DNSSEC) START_LATE_DESC= Start BIND late in the boot process (see help) TCP_FASTOPEN_DESC= RFC 7413 support TUNING_LARGE_DESC= Tune named for large systems (**READ HELP**) DLZ_BDB_CONFIGURE_ON= --with-dlz-bdb=yes DLZ_BDB_USES= bdb DLZ_FILESYSTEM_CONFIGURE_ON= --with-dlz-filesystem=yes DLZ_LDAP_CONFIGURE_ON= --with-dlz-ldap=yes DLZ_LDAP_USE= openldap=yes DLZ_MYSQL_CONFIGURE_ON= --with-dlz-mysql=yes DLZ_MYSQL_PREVENTS= THREADS DLZ_MYSQL_USES= mysql DLZ_POSTGRESQL_CONFIGURE_ON= --with-dlz-postgres=yes DLZ_POSTGRESQL_USES= pgsql DLZ_STUB_CONFIGURE_ON= --with-dlz-stub=yes DNSTAP_CONFIGURE_ENABLE= dnstap DNSTAP_IMPLIES= THREADS DNSTAP_LIB_DEPENDS= libfstrm.so:devel/fstrm \ libprotobuf-c.so:devel/protobuf-c FIXED_RRSET_CONFIGURE_ENABLE= fixed-rrset GEOIP_CONFIGURE_WITH= geoip GEOIP_LIB_DEPENDS= libGeoIP.so:net/GeoIP GSSAPI_BASE_CONFIGURE_ON=\ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" GSSAPI_BASE_USES= gssapi GSSAPI_HEIMDAL_CONFIGURE_ON=\ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" GSSAPI_HEIMDAL_USES= gssapi:heimdal GSSAPI_MIT_CONFIGURE_ON=\ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" GSSAPI_MIT_USES= gssapi:mit GSSAPI_NONE_CONFIGURE_ON= --without-gssapi IDN_CONFIGURE_OFF= --without-libidn2 IDN_CONFIGURE_ON= --with-libidn2=${LOCALBASE} ${ICONV_CONFIGURE_BASE} IDN_LIB_DEPENDS= libidn2.so:dns/libidn2 IDN_USES= iconv IPV6_CONFIGURE_ENABLE= ipv6 JSON_CONFIGURE_WITH= libjson=${LOCALBASE} JSON_LIB_DEPENDS= libjson-c.so:devel/json-c LARGE_FILE_CONFIGURE_ENABLE= largefile LMDB_CONFIGURE_WITH= lmdb=${LOCALBASE} LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb MINCACHE_EXTRA_PATCHES= ${FILESDIR}/extrapatch-bind-min-override-ttl NATIVE_PKCS11_CONFIGURE_ENABLE= native-pkcs11 NATIVE_PKCS11_IMPLIES= THREADS PYTHON_BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}ply>=0:devel/py-ply@${PY_FLAVOR} PYTHON_CONFIGURE_WITH= python=${PYTHON_CMD} PYTHON_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}ply>=0:devel/py-ply@${PY_FLAVOR} PYTHON_USES= python QUERYTRACE_CONFIGURE_ENABLE= querytrace RPZ_NSDNAME_CONFIGURE_ENABLE= rpz-nsdname RPZ_NSIP_CONFIGURE_ENABLE= rpz-nsip SIGCHASE_CONFIGURE_ON= STD_CDEFINES="-DDIG_SIGCHASE=1" SSL_CONFIGURE_OFF= --disable-openssl-version-check --without-openssl SSL_CONFIGURE_ON= --with-openssl=${OPENSSLBASE} SSL_USES= ssl START_LATE_SUB_LIST= NAMED_REQUIRE="SERVERS cleanvar" \ NAMED_BEFORE="LOGIN" START_LATE_SUB_LIST_OFF=NAMED_REQUIRE="NETWORKING ldconfig syslogd" \ NAMED_BEFORE="SERVERS" TCP_FASTOPEN_CONFIGURE_ENABLE= tcp-fastopen THREADS_CONFIGURE_ENABLE= threads TUNING_LARGE_IMPLIES= THREADS TUNING_LARGE_CONFIGURE_ON= --with-tuning=large TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default .include .if defined(WITH_DEBUG) CONFIGURE_ARGS+= --enable-symtable .else CONFIGURE_ARGS+= --disable-symtable .endif .if ${SSL_DEFAULT} == base SUB_LIST+= ENGINES=/usr/lib/engines .else SUB_LIST+= ENGINES=${LOCALBASE}/lib/engines .endif post-patch: .if defined(BIND_TOOLS_SLAVE) @${REINPLACE_CMD} -e 's#^SUBDIRS.*#SUBDIRS = lib bin#' \ -e 's#isc-config.sh installdirs#installdirs#' \ -e 's#.*INSTALL.*isc-config.*##' \ -e 's#.*INSTALL.*bind.keys.*##' \ ${WRKSRC}/Makefile.in @${REINPLACE_CMD} -e 's#^SUBDIRS.*#SUBDIRS = delv dig dnssec tools nsupdate \\#' \ -e 's#^ .*check confgen ##' \ ${WRKSRC}/bin/Makefile.in .else . for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.1 \ rndc/rndc.8 @${REINPLACE_CMD} -e 's#/etc/named.conf#${ETCDIR}/named.conf#g' \ -e 's#/etc/rndc.conf#${ETCDIR}/rndc.conf#g' \ -e "s#/var\/run\/named\/named.pid#/var/run/named/pid#" \ ${WRKSRC}/bin/${FILE} . endfor .endif .if !defined(BIND_TOOLS_SLAVE) . if ${PORTREVISION:N0} post-patch-PORTREVISION-on: @${REINPLACE_CMD} -e '/EXTENSIONS/s#=$$#=_${PORTREVISION}#' \ ${WRKSRC}/version . endif post-install: ${MKDIR} ${STAGEDIR}${PREFIX}/etc/mtree ${MKDIR} ${STAGEDIR}${ETCDIR} . for i in dynamic master slave working @${MKDIR} ${STAGEDIR}${ETCDIR}/$i . endfor ${INSTALL_DATA} ${WRKDIR}/named.conf ${STAGEDIR}${ETCDIR}/named.conf.sample ${INSTALL_DATA} ${FILESDIR}/named.root ${STAGEDIR}${ETCDIR} ${INSTALL_DATA} ${FILESDIR}/empty.db ${STAGEDIR}${ETCDIR}/master ${INSTALL_DATA} ${FILESDIR}/localhost-forward.db ${STAGEDIR}${ETCDIR}/master ${INSTALL_DATA} ${FILESDIR}/localhost-reverse.db ${STAGEDIR}${ETCDIR}/master ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.dist ${STAGEDIR}${PREFIX}/etc/mtree/BIND.chroot.dist.sample ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.local.dist ${STAGEDIR}${PREFIX}/etc/mtree/BIND.chroot.local.dist.sample ${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \ ${STAGEDIR}${ETCDIR}/rndc.conf.sample post-install-DOCS-on: ${MKDIR} ${STAGEDIR}${DOCSDIR}/arm ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm ${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/CHANGES* ${WRKSRC}/HISTORY.md \ ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR} .endif # BIND_TOOLS_SLAVE # Can't use USE_PYTHON=autoplist post-install-PYTHON-on: @${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -type f | ${SED} -e 's|${STAGEDIR}||' >> ${TMPPLIST} .include Index: branches/2019Q1/dns/bind912/distinfo =================================================================== --- branches/2019Q1/dns/bind912/distinfo (revision 493564) +++ branches/2019Q1/dns/bind912/distinfo (revision 493565) @@ -1,3 +1,3 @@ -TIMESTAMP = 1544687855 -SHA256 (bind-9.12.3-P1.tar.gz) = 6cb79389d787368af27f01c65a9fa09be1fd062eda37c94819a1a0178d5ded73 -SIZE (bind-9.12.3-P1.tar.gz) = 8625693 +TIMESTAMP = 1550649173 +SHA256 (bind-9.12.3-P4.tar.gz) = d1014453c62623e42323fd83fc89444c12ae6b707fd586466959a052fe21f206 +SIZE (bind-9.12.3-P4.tar.gz) = 8627833 Index: branches/2019Q1/dns/bind912/files/extrapatch-bind-min-override-ttl =================================================================== --- branches/2019Q1/dns/bind912/files/extrapatch-bind-min-override-ttl (revision 493564) +++ branches/2019Q1/dns/bind912/files/extrapatch-bind-min-override-ttl (revision 493565) @@ -1,79 +1,79 @@ ---- bin/named/config.c.orig 2018-10-06 05:51:22 UTC +--- bin/named/config.c.orig 2019-02-05 00:00:59 UTC +++ bin/named/config.c @@ -183,12 +183,14 @@ options {\n\ max-recursion-queries 75;\n\ max-stale-ttl 604800; /* 1 week */\n\ message-compression yes;\n\ + min-cache-ttl 0; /* no minimal, zero is allowed */\n\ # min-roots ;\n\ minimal-any false;\n\ minimal-responses no-auth-recursive;\n\ notify-source *;\n\ notify-source-v6 *;\n\ nsec3-test-zone no;\n\ + override-cache-ttl 0; /* do not override */\n\ provide-ixfr true;\n\ query-source address *;\n\ query-source-v6 address *;\n\ ---- bin/named/server.c.orig 2018-10-06 05:51:22 UTC +--- bin/named/server.c.orig 2019-02-05 00:00:59 UTC +++ bin/named/server.c -@@ -4075,6 +4075,16 @@ configure_view(dns_view_t *view, dns_vie +@@ -4075,6 +4075,16 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewl } obj = NULL; + result = named_config_get(maps, "override-cache-ttl", &obj); + INSIST(result == ISC_R_SUCCESS); + view->overridecachettl = cfg_obj_asuint32(obj); + + obj = NULL; + result = named_config_get(maps, "min-cache-ttl", &obj); + INSIST(result == ISC_R_SUCCESS); + view->mincachettl = cfg_obj_asuint32(obj); + + obj = NULL; result = named_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asuint32(obj); ---- lib/dns/include/dns/view.h.orig 2018-10-06 05:51:22 UTC +--- lib/dns/include/dns/view.h.orig 2019-02-05 00:00:59 UTC +++ lib/dns/include/dns/view.h @@ -151,6 +151,8 @@ struct dns_view { bool requestnsid; bool sendcookie; dns_ttl_t maxcachettl; + dns_ttl_t mincachettl; + dns_ttl_t overridecachettl; dns_ttl_t maxncachettl; uint32_t nta_lifetime; uint32_t nta_recheck; ---- lib/dns/resolver.c.orig 2018-10-06 05:51:22 UTC +--- lib/dns/resolver.c.orig 2019-02-05 00:00:59 UTC +++ lib/dns/resolver.c -@@ -5757,6 +5757,18 @@ cache_name(fetchctx_t *fctx, dns_name_t +@@ -5757,6 +5757,18 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adb } /* + * Enforce the configure cache TTL override. + */ + if (res->view->overridecachettl) + rdataset->ttl = res->view->overridecachettl; + + /* + * Enforce the configure minimum cache TTL. + */ + if (rdataset->ttl < res->view->mincachettl) + rdataset->ttl = res->view->mincachettl; + + /* * Enforce the configure maximum cache TTL. */ if (rdataset->ttl > res->view->maxcachettl) { ---- lib/isccfg/namedconf.c.orig 2018-10-06 05:51:22 UTC +--- lib/isccfg/namedconf.c.orig 2019-02-05 00:00:59 UTC +++ lib/isccfg/namedconf.c @@ -1917,6 +1917,8 @@ view_clauses[] = { { "max-acache-size", &cfg_type_sizenodefault, CFG_CLAUSEFLAG_OBSOLETE }, { "max-cache-size", &cfg_type_sizeorpercent, 0 }, + { "override-cache-ttl", &cfg_type_uint32, 0 }, + { "min-cache-ttl", &cfg_type_uint32, 0 }, { "max-cache-ttl", &cfg_type_uint32, 0 }, { "max-clients-per-query", &cfg_type_uint32, 0 }, { "max-ncache-ttl", &cfg_type_uint32, 0 }, Index: branches/2019Q1/dns/bind912/files/patch-bin_named_include_named_globals.h =================================================================== --- branches/2019Q1/dns/bind912/files/patch-bin_named_include_named_globals.h (revision 493564) +++ branches/2019Q1/dns/bind912/files/patch-bin_named_include_named_globals.h (revision 493565) @@ -1,13 +1,13 @@ We reference the pid file as being run/named/pid everywere else. ---- bin/named/include/named/globals.h.orig 2018-10-06 05:51:22 UTC +--- bin/named/include/named/globals.h.orig 2019-02-05 00:00:59 UTC +++ bin/named/include/named/globals.h -@@ -129,7 +129,7 @@ EXTERN bool named_g_forcelock INIT(fals +@@ -129,7 +129,7 @@ EXTERN bool named_g_forcelock INIT(false); #if NAMED_RUN_PID_DIR EXTERN const char * named_g_defaultpidfile INIT(NAMED_LOCALSTATEDIR "/run/named/" - "named.pid"); + "pid"); #else EXTERN const char * named_g_defaultpidfile INIT(NAMED_LOCALSTATEDIR "/run/named.pid"); Index: branches/2019Q1 =================================================================== --- branches/2019Q1 (revision 493564) +++ branches/2019Q1 (revision 493565) Property changes on: branches/2019Q1 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /head:r493563-493564