Index: head/dns/Makefile =================================================================== --- head/dns/Makefile (revision 526547) +++ head/dns/Makefile (revision 526548) @@ -1,248 +1,249 @@ # $FreeBSD$ # COMMENT = Domain Name Service tools SUBDIR += adns SUBDIR += adsuck SUBDIR += amass SUBDIR += ares SUBDIR += autotrust SUBDIR += axfr2acl SUBDIR += bind-tools SUBDIR += bind9-devel SUBDIR += bind911 SUBDIR += bind914 + SUBDIR += bind916 SUBDIR += bindgraph SUBDIR += bundy SUBDIR += c-ares SUBDIR += checkdns SUBDIR += cli53 SUBDIR += coredns SUBDIR += credns SUBDIR += crossip SUBDIR += curvedns SUBDIR += ddclient SUBDIR += ddns SUBDIR += denominator SUBDIR += dhisd SUBDIR += djbdns SUBDIR += djbdns-tools SUBDIR += dlint SUBDIR += dnrd SUBDIR += dns2blackhole SUBDIR += dns2tcp SUBDIR += dns_balance SUBDIR += dnsblast SUBDIR += dnscap SUBDIR += dnscheckengine SUBDIR += dnscrypt-proxy2 SUBDIR += dnscrypt-wrapper SUBDIR += dnsdbck SUBDIR += dnsdbq SUBDIR += dnsdist SUBDIR += dnsenum SUBDIR += dnsflood SUBDIR += dnsforwarder SUBDIR += dnshistory SUBDIR += dnsjava SUBDIR += dnsmasq SUBDIR += dnsmasq-devel SUBDIR += dnsmax-perl SUBDIR += dnsperf SUBDIR += dnsproxy SUBDIR += dnsrecon SUBDIR += dnsreflector SUBDIR += dnstable SUBDIR += dnstable-convert SUBDIR += dnstop SUBDIR += dnstracer SUBDIR += dnsutl SUBDIR += dnsviz SUBDIR += dnswalk SUBDIR += dnswall SUBDIR += doc SUBDIR += doh-proxy SUBDIR += dq SUBDIR += drool SUBDIR += dsc SUBDIR += dsp SUBDIR += dynip SUBDIR += erlang-idna SUBDIR += fastresolve SUBDIR += firedns SUBDIR += flamethrower SUBDIR += fpdns SUBDIR += gdnsd SUBDIR += gdnsd2 SUBDIR += gdnsd3 SUBDIR += gen6dns SUBDIR += getdns SUBDIR += hesiod SUBDIR += hostdb SUBDIR += idnkit SUBDIR += idnkit2 SUBDIR += inadyn SUBDIR += inadyn-mt SUBDIR += ipcheck SUBDIR += ironsides SUBDIR += kadnode SUBDIR += kf5-kdnssd SUBDIR += knock SUBDIR += knot-resolver SUBDIR += knot2 SUBDIR += knot2-lib SUBDIR += ldapdns SUBDIR += ldns SUBDIR += libasr SUBDIR += libasr-devel SUBDIR += libbind SUBDIR += libdjbdns SUBDIR += libidn SUBDIR += libidn2 SUBDIR += libnspsl SUBDIR += libpsl SUBDIR += linux-c7-libasyncns SUBDIR += mDNSResponder_nss SUBDIR += maradns SUBDIR += mdnsd SUBDIR += mydns SUBDIR += mydns-ng SUBDIR += namesilo_ddns SUBDIR += nextdns SUBDIR += noip SUBDIR += nsd SUBDIR += nsec3walker SUBDIR += nslint SUBDIR += nsnotifyd SUBDIR += nsping SUBDIR += nss_mdns SUBDIR += nss_resinit SUBDIR += opendd SUBDIR += opendnssec SUBDIR += opendnssec2 SUBDIR += openresolv SUBDIR += p5-AnyEvent-CacheDNS SUBDIR += p5-AnyEvent-DNS-EtcHosts SUBDIR += p5-App-DSC-DataTool SUBDIR += p5-BIND-Conf_Parser SUBDIR += p5-BIND-Config-Parser SUBDIR += p5-DNS-Config SUBDIR += p5-DNS-EasyDNS SUBDIR += p5-DNS-Ldns SUBDIR += p5-DNS-Zone SUBDIR += p5-DNS-ZoneParse SUBDIR += p5-DSC SUBDIR += p5-Data-Validate-Domain SUBDIR += p5-IO-Async-Resolver-DNS SUBDIR += p5-Mozilla-PublicSuffix SUBDIR += p5-Net-Amazon-Route53 SUBDIR += p5-Net-Bonjour SUBDIR += p5-Net-DNS SUBDIR += p5-Net-DNS-Async SUBDIR += p5-Net-DNS-Check SUBDIR += p5-Net-DNS-Codes SUBDIR += p5-Net-DNS-Lite SUBDIR += p5-Net-DNS-Match SUBDIR += p5-Net-DNS-RR-SRV-Helper SUBDIR += p5-Net-DNS-Resolver-Mock SUBDIR += p5-Net-DNS-Resolver-Programmable SUBDIR += p5-Net-DNS-SEC SUBDIR += p5-Net-DNS-TestNS SUBDIR += p5-Net-DNS-ToolKit SUBDIR += p5-Net-DNS-Zone-Parser SUBDIR += p5-Net-DNS-ZoneFile-Fast SUBDIR += p5-Net-DNSBL-MultiDaemon SUBDIR += p5-Net-DNSBL-Statistics SUBDIR += p5-Net-DRI SUBDIR += p5-Net-Domain-ExpireDate SUBDIR += p5-Net-Domain-TLD SUBDIR += p5-Net-LibIDN SUBDIR += p5-Net-LibIDN2 SUBDIR += p5-Net-Nslookup SUBDIR += p5-Net-RBLClient SUBDIR += p5-Net-RNDC SUBDIR += p5-POE-Component-Client-DNS SUBDIR += p5-POE-Component-Client-DNS-Recursive SUBDIR += p5-POE-Component-Client-DNSBL SUBDIR += p5-POE-Component-Resolver SUBDIR += p5-POE-Component-Server-DNS SUBDIR += p5-POE-Filter-DNS-TCP SUBDIR += p5-Stanford-DNSserver SUBDIR += p5-Tie-DNS SUBDIR += p5-URBL-Prepare SUBDIR += packetq SUBDIR += pdnsd SUBDIR += pear-File_DNS SUBDIR += pear-Horde_Idna SUBDIR += pear-Net_DNS2 SUBDIR += powerdns SUBDIR += powerdns-recursor SUBDIR += public_suffix_list SUBDIR += py-adns SUBDIR += py-aiodns SUBDIR += py-cloudflare SUBDIR += py-dns SUBDIR += py-dns-lexicon SUBDIR += py-dnschain SUBDIR += py-dnspython SUBDIR += py-easyzone SUBDIR += py-idna SUBDIR += py-idna_ssl SUBDIR += py-idnkit2 SUBDIR += py-ldns SUBDIR += py-localzone SUBDIR += py-namebench SUBDIR += py-ns1-python SUBDIR += py-publicsuffix SUBDIR += py-publicsuffix2 SUBDIR += py-publicsuffixlist SUBDIR += py-py3dns SUBDIR += py-pybonjour SUBDIR += py-pycares SUBDIR += py-pydnstable SUBDIR += py-pywdns SUBDIR += py-tld SUBDIR += py-tldextract SUBDIR += qmdnsengine SUBDIR += radns SUBDIR += rbldnsd SUBDIR += rbllookup SUBDIR += rbllookup-ng SUBDIR += rdap SUBDIR += renewck SUBDIR += rpsl2acl SUBDIR += rubygem-dnsruby SUBDIR += rubygem-gitlab-net-dns SUBDIR += rubygem-idn-ruby SUBDIR += rubygem-net-dns SUBDIR += rubygem-public_suffix SUBDIR += rubygem-public_suffix_service SUBDIR += rubygem-simpleidn SUBDIR += rubygem-validates_hostname SUBDIR += samba-nsupdate SUBDIR += scavenge SUBDIR += sheerdns SUBDIR += sleuth SUBDIR += sshfp SUBDIR += subfinder SUBDIR += tinystats SUBDIR += totd SUBDIR += udns SUBDIR += unbound SUBDIR += updatedd SUBDIR += utdns SUBDIR += validns SUBDIR += vhostcname SUBDIR += vizone SUBDIR += void-zones-tools SUBDIR += walker SUBDIR += wdns SUBDIR += whoseip SUBDIR += wrapsrv SUBDIR += yadifa SUBDIR += zkt SUBDIR += zonecheck SUBDIR += zonenotify .include Index: head/dns/bind916/Makefile =================================================================== --- head/dns/bind916/Makefile (nonexistent) +++ head/dns/bind916/Makefile (revision 526548) @@ -0,0 +1,272 @@ +# $FreeBSD$ +# pkg-help formatted with fmt 59 63 + +PORTNAME= bind +PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/} +.if defined(BIND_TOOLS_SLAVE) +# dns/bind-tools here +PORTREVISION= 0 +.else +# dns/bind916 here +PORTREVISION= 0 +.endif +CATEGORIES= dns net +MASTER_SITES= ISC/bind9/${ISCVERSION} +.if defined(BIND_TOOLS_SLAVE) +PKGNAMESUFFIX= -tools +.else +PKGNAMESUFFIX= 916 +.endif +DISTNAME= ${PORTNAME}-${ISCVERSION} + +MAINTAINER= mat@FreeBSD.org +.if defined(BIND_TOOLS_SLAVE) +COMMENT= Command line tools from BIND: delv, dig, host, nslookup... +.else +COMMENT= BIND DNS suite with updated DNSSEC and DNS64 +.endif + +# Uncomment when bind920 comes of age. +# DEPRECATED= End of life, please migrate to a newer version of BIND9 +# EXPIRATION_DATE= 2023-12-31 + +LICENSE= MPL20 +LICENSE_FILE= ${WRKSRC}/COPYRIGHT + +LIB_DEPENDS= libuv.so:devel/libuv \ + libxml2.so:textproc/libxml2 +.if !defined(BIND_TOOLS_SLAVE) +RUN_DEPENDS= bind-tools>0:dns/bind-tools +.endif + +USES= compiler:c11 cpe libedit pkgconfig ssl tar:xz +# ISC releases things like 9.8.0-P1, which our versioning doesn't like +ISCVERSION= 9.16.0 + +CPE_VENDOR= isc +CPE_VERSION= ${ISCVERSION:C/-.*//} +.if ${ISCVERSION:M*-*} +CPE_UPDATE= ${ISCVERSION:C/.*-//:tl} +.endif + +GNU_CONFIGURE= yes +CONFIGURE_ARGS= --disable-linux-caps \ + --localstatedir=/var \ + --sysconfdir=${ETCDIR} \ + --with-dlopen=yes \ + --with-libxml2 \ + --with-openssl=${OPENSSLBASE} \ + --with-readline="-L${LOCALBASE}/lib -ledit" +ETCDIR= ${PREFIX}/etc/namedb + +.if defined(BIND_TOOLS_SLAVE) +CONFIGURE_ARGS+= --disable-shared +EXTRA_PATCHES= ${PATCHDIR}/extrapatch-bind-tools +.else +USE_RC_SUBR= named +SUB_FILES= named.conf pkg-message +EXTRA_PATCHES= ${PATCHDIR}/extrapatch-no-bind-tools + +PORTDOCS= * + +CONFLICTS= bind911 bind912 bind913 bind914 bind9-devel +.endif # BIND_TOOLS_SLAVE + +MAKE_JOBS_UNSAFE= yes + +OPTIONS_DEFAULT= DLZ_FILESYSTEM GSSAPI_NONE IDN JSON LMDB PYTHON \ + SIGCHASE TCP_FASTOPEN +OPTIONS_DEFINE= DNSTAP DOCS FIXED_RRSET GEOIP IDN JSON LARGE_FILE LMDB \ + OVERRIDECACHE PORTREVISION PYTHON QUERYTRACE SIGCHASE \ + START_LATE TCP_FASTOPEN TUNING_LARGE + +OPTIONS_RADIO= CRYPTO +OPTIONS_RADIO_CRYPTO= NATIVE_PKCS11 + +OPTIONS_GROUP= DLZ +OPTIONS_GROUP_DLZ= DLZ_BDB DLZ_FILESYSTEM DLZ_LDAP DLZ_MYSQL \ + DLZ_POSTGRESQL DLZ_STUB + +OPTIONS_SINGLE= GSSAPI +OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE + +.if defined(BIND_TOOLS_SLAVE) +OPTIONS_EXCLUDE= ${OPTIONS_GROUP_DLZ} DNSTAP DOCS GEOIP LMDB \ + OVERRIDECACHE PORTREVISION QUERYTRACE START_LATE \ + TCP_FASTOPEN TUNING_LARGE +.else +OPTIONS_EXCLUDE= PYTHON +.endif # BIND_TOOLS_SLAVE + +OPTIONS_SUB= yes + +CRYPTO_DESC= Choose which crypto engine to use +DLZ_BDB_DESC= DLZ BDB driver +DLZ_DESC= Dynamically Loadable Zones +DLZ_FILESYSTEM_DESC= DLZ filesystem driver +DLZ_LDAP_DESC= DLZ LDAP driver +DLZ_MYSQL_DESC= DLZ MySQL driver (no threading) +DLZ_POSTGRESQL_DESC= DLZ Postgres driver +DLZ_STUB_DESC= DLZ stub driver +DNSTAP_DESC= Provides fast passive logging of DNS messages +FIXED_RRSET_DESC= Enable fixed rrset ordering +GSSAPI_BASE_DESC= Using Heimdal in base +GSSAPI_HEIMDAL_DESC= Using security/heimdal +GSSAPI_MIT_DESC= Using security/krb5 +GSSAPI_NONE_DESC= Disable +LARGE_FILE_DESC= 64-bit file support +LMDB_DESC= Use LMDB for zone management +OVERRIDECACHE_DESC= Use the override-cache patch +NATIVE_PKCS11_DESC= Use PKCS\#11 native API (**READ HELP**) +PORTREVISION_DESC= Show PORTREVISION in the version string +PYTHON_DESC= Build with Python utilities +QUERYTRACE_DESC= Enable the very verbose query tracelogging +SIGCHASE_DESC= dig/host/nslookup will do DNSSEC validation +START_LATE_DESC= Start BIND late in the boot process (see help) +TCP_FASTOPEN_DESC= RFC 7413 support +TUNING_LARGE_DESC= Tune named for large systems (**READ HELP**) + +DLZ_BDB_CONFIGURE_ON= --with-dlz-bdb=yes +DLZ_BDB_USES= bdb + +DLZ_FILESYSTEM_CONFIGURE_ON= --with-dlz-filesystem=yes + +DLZ_LDAP_CONFIGURE_ON= --with-dlz-ldap=yes +DLZ_LDAP_USE= OPENLDAP=yes + +DLZ_MYSQL_CONFIGURE_ON= --with-dlz-mysql=yes +DLZ_MYSQL_USES= mysql + +DLZ_POSTGRESQL_CONFIGURE_ON= --with-dlz-postgres=yes +DLZ_POSTGRESQL_USES= pgsql + +DLZ_STUB_CONFIGURE_ON= --with-dlz-stub=yes + +DNSTAP_CONFIGURE_ENABLE= dnstap +DNSTAP_LIB_DEPENDS= libfstrm.so:devel/fstrm \ + libprotobuf-c.so:devel/protobuf-c + +FIXED_RRSET_CONFIGURE_ENABLE= fixed-rrset + +GEOIP_CONFIGURE_ENABLE= geoip +GEOIP_CONFIGURE_WITH= maxminddb +GEOIP_LIB_DEPENDS= libmaxminddb.so:net/libmaxminddb + +GSSAPI_BASE_CONFIGURE_ON= --with-gssapi=${GSSAPIBASEDIR} \ + KRB5CONFIG="${KRB5CONFIG}" +GSSAPI_BASE_USES= gssapi + +GSSAPI_HEIMDAL_CONFIGURE_ON= --with-gssapi=${GSSAPIBASEDIR} \ + KRB5CONFIG="${KRB5CONFIG}" +GSSAPI_HEIMDAL_USES= gssapi:heimdal + +GSSAPI_MIT_CONFIGURE_ON= --with-gssapi=${GSSAPIBASEDIR} \ + KRB5CONFIG="${KRB5CONFIG}" +GSSAPI_MIT_USES= gssapi:mit + +GSSAPI_NONE_CONFIGURE_ON= --without-gssapi + +IDN_CONFIGURE_OFF= --without-libidn2 +IDN_CONFIGURE_ON= ${ICONV_CONFIGURE_BASE} \ + --with-libidn2=${LOCALBASE} +IDN_LIB_DEPENDS= libidn2.so:dns/libidn2 +IDN_USES= iconv + +JSON_CONFIGURE_WITH= json-c +JSON_LIB_DEPENDS= libjson-c.so:devel/json-c +JSON_LDFLAGS= -L${LOCALBASE}/lib -ljson-c + +LARGE_FILE_CONFIGURE_ENABLE= largefile + +LMDB_CONFIGURE_WITH= lmdb=${LOCALBASE} +LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb + +OVERRIDECACHE_EXTRA_PATCHES= ${FILESDIR}/extrapatch-bind-min-override-ttl + +NATIVE_PKCS11_CONFIGURE_ENABLE= native-pkcs11 + +PYTHON_BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}ply>=0:devel/py-ply@${PY_FLAVOR} +PYTHON_CONFIGURE_WITH= python=${PYTHON_CMD} +PYTHON_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}ply>=0:devel/py-ply@${PY_FLAVOR} +PYTHON_USES= python + +QUERYTRACE_CONFIGURE_ENABLE= querytrace + +SIGCHASE_CONFIGURE_ON= STD_CDEFINES="-DDIG_SIGCHASE=1" + +START_LATE_SUB_LIST= NAMED_BEFORE="LOGIN" \ + NAMED_REQUIRE="SERVERS cleanvar" +START_LATE_SUB_LIST_OFF= NAMED_BEFORE="SERVERS" \ + NAMED_REQUIRE="NETWORKING ldconfig syslogd" + +TCP_FASTOPEN_CONFIGURE_ENABLE= tcp-fastopen + +TUNING_LARGE_CONFIGURE_ON= --with-tuning=large +TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default + +.include + +.if defined(WITH_DEBUG) +CONFIGURE_ARGS+= --enable-developer \ + --enable-symtable +USES+= perl5 +USE_PERL5= build +BUILD_DEPENDS+= cmocka>0:sysutils/cmocka +.else +CONFIGURE_ARGS+= --disable-symtable +.endif + +.include + +.if ${SSL_DEFAULT} == base +SUB_LIST+= ENGINES=/usr/lib/engines +.else +SUB_LIST+= ENGINES=${LOCALBASE}/lib/engines +.endif + +post-patch: +.for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.1 \ + rndc/rndc.8 + @${REINPLACE_CMD} -e 's#/etc/named.conf#${ETCDIR}/named.conf#g' \ + -e 's#/etc/rndc.conf#${ETCDIR}/rndc.conf#g' \ + -e "s#/var\/run\/named\/named.pid#/var/run/named/pid#" \ + ${WRKSRC}/bin/${FILE} +.endfor + +.if !defined(BIND_TOOLS_SLAVE) +. if ${PORTREVISION:N0} +post-patch-PORTREVISION-on: + @${REINPLACE_CMD} -e '/EXTENSIONS/s#=$$#=_${PORTREVISION}#' \ + ${WRKSRC}/version +. endif + +post-install: + ${MKDIR} ${STAGEDIR}${PREFIX}/etc/mtree + ${MKDIR} ${STAGEDIR}${ETCDIR} +. for i in dynamic master slave working + @${MKDIR} ${STAGEDIR}${ETCDIR}/$i +. endfor + ${INSTALL_DATA} ${WRKDIR}/named.conf ${STAGEDIR}${ETCDIR}/named.conf.sample + ${INSTALL_DATA} ${FILESDIR}/named.root ${STAGEDIR}${ETCDIR} + ${INSTALL_DATA} ${FILESDIR}/empty.db ${STAGEDIR}${ETCDIR}/master + ${INSTALL_DATA} ${FILESDIR}/localhost-forward.db ${STAGEDIR}${ETCDIR}/master + ${INSTALL_DATA} ${FILESDIR}/localhost-reverse.db ${STAGEDIR}${ETCDIR}/master + ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.dist ${STAGEDIR}${PREFIX}/etc/mtree/BIND.chroot.dist.sample + ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.local.dist ${STAGEDIR}${PREFIX}/etc/mtree/BIND.chroot.local.dist.sample + ${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \ + ${STAGEDIR}${ETCDIR}/rndc.conf.sample + +post-install-DOCS-on: + ${MKDIR} ${STAGEDIR}${DOCSDIR}/arm + ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm + ${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/CHANGES* ${WRKSRC}/HISTORY.md \ + ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR} +.else + +# Can't use USE_PYTHON=autoplist +post-install-PYTHON-on: + @${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -type f | ${SED} -e 's|${STAGEDIR}||' >> ${TMPPLIST} +.endif # BIND_TOOLS_SLAVE + +.include Property changes on: head/dns/bind916/Makefile ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/dns/bind916/distinfo =================================================================== --- head/dns/bind916/distinfo (nonexistent) +++ head/dns/bind916/distinfo (revision 526548) @@ -0,0 +1,3 @@ +TIMESTAMP = 1582188168 +SHA256 (bind-9.16.0.tar.xz) = af4bd9bdaeb1aa7399429972f3a8aa01dd6886b7ae046d703ab8da45330f2e28 +SIZE (bind-9.16.0.tar.xz) = 4533976 Property changes on: head/dns/bind916/distinfo ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/dns/bind916/files/extrapatch-bind-min-override-ttl =================================================================== --- head/dns/bind916/files/extrapatch-bind-min-override-ttl (nonexistent) +++ head/dns/bind916/files/extrapatch-bind-min-override-ttl (revision 526548) @@ -0,0 +1,61 @@ +Add the override-cache-ttl feature. + +--- bin/named/config.c.orig 2020-02-12 20:03:44 UTC ++++ bin/named/config.c +@@ -177,6 +177,7 @@ options {\n\ + notify-source *;\n\ + notify-source-v6 *;\n\ + nsec3-test-zone no;\n\ ++ override-cache-ttl 0; /* do not override */\n\ + provide-ixfr true;\n\ + qname-minimization relaxed;\n\ + query-source address *;\n\ +--- bin/named/server.c.orig 2020-02-12 20:03:44 UTC ++++ bin/named/server.c +@@ -4178,6 +4178,11 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewl + } + + obj = NULL; ++ result = named_config_get(maps, "override-cache-ttl", &obj); ++ INSIST(result == ISC_R_SUCCESS); ++ view->overridecachettl = cfg_obj_asuint32(obj); ++ ++ obj = NULL; + result = named_config_get(maps, "max-cache-ttl", &obj); + INSIST(result == ISC_R_SUCCESS); + view->maxcachettl = cfg_obj_asduration(obj); +--- lib/dns/include/dns/view.h.orig 2020-02-12 20:03:44 UTC ++++ lib/dns/include/dns/view.h +@@ -152,6 +152,7 @@ struct dns_view { + bool requestnsid; + bool sendcookie; + dns_ttl_t maxcachettl; ++ dns_ttl_t overridecachettl; + dns_ttl_t maxncachettl; + dns_ttl_t mincachettl; + dns_ttl_t minncachettl; +--- lib/dns/resolver.c.orig 2020-02-12 20:03:44 UTC ++++ lib/dns/resolver.c +@@ -5975,6 +5975,12 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adb + } + + /* ++ * Enforce the configure cache TTL override. ++ */ ++ if (res->view->overridecachettl) ++ rdataset->ttl = res->view->overridecachettl; ++ ++ /* + * Enforce the configure maximum cache TTL. + */ + if (rdataset->ttl > res->view->maxcachettl) { +--- lib/isccfg/namedconf.c.orig 2020-02-12 20:03:44 UTC ++++ lib/isccfg/namedconf.c +@@ -1993,6 +1993,7 @@ static cfg_clausedef_t view_clauses[] = { + #endif + { "max-acache-size", &cfg_type_sizenodefault, CFG_CLAUSEFLAG_OBSOLETE }, + { "max-cache-size", &cfg_type_sizeorpercent, 0 }, ++ { "override-cache-ttl", &cfg_type_duration, 0 }, + { "max-cache-ttl", &cfg_type_duration, 0 }, + { "max-clients-per-query", &cfg_type_uint32, 0 }, + { "max-ncache-ttl", &cfg_type_duration, 0 }, Property changes on: head/dns/bind916/files/extrapatch-bind-min-override-ttl ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/dns/bind916/files/patch-bin_named_include_named_globals.h =================================================================== --- head/dns/bind916/files/patch-bin_named_include_named_globals.h (nonexistent) +++ head/dns/bind916/files/patch-bin_named_include_named_globals.h (revision 526548) @@ -0,0 +1,13 @@ +We reference the pid file as being run/named/pid everywere else. + +--- bin/named/include/named/globals.h.orig 2020-02-12 20:03:44 UTC ++++ bin/named/include/named/globals.h +@@ -127,7 +127,7 @@ EXTERN bool named_g_forcelock INIT(false); + + #if NAMED_RUN_PID_DIR + EXTERN const char *named_g_defaultpidfile INIT(NAMED_LOCALSTATEDIR "/run/named/" +- "named.pid"); ++ "pid"); + #else + EXTERN const char *named_g_defaultpidfile INIT(NAMED_LOCALSTATEDIR "/run/" + "named.pid"); Property changes on: head/dns/bind916/files/patch-bin_named_include_named_globals.h ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/dns/bind916/files/patch-configure =================================================================== --- head/dns/bind916/files/patch-configure (nonexistent) +++ head/dns/bind916/files/patch-configure (revision 526548) @@ -0,0 +1,92 @@ +Fixup gssapi and db detection. + +--- configure.orig 2020-02-12 20:03:44 UTC ++++ configure +@@ -17436,27 +17436,9 @@ done + # problems start to show up. + saved_libs="$LIBS" + for TRY_LIBS in \ +- "-lgssapi_krb5" \ +- "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" \ +- "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lresolv" \ +- "-lgssapi" \ +- "-lgssapi -lkrb5 -ldes -lcrypt -lasn1 -lroken -lcom_err" \ +- "-lgssapi -lkrb5 -lcrypt -lasn1 -lroken -lcom_err" \ +- "-lgssapi -lkrb5 -lgssapi_krb5 -lcrypt -lasn1 -lroken -lcom_err" \ +- "-lgssapi -lkrb5 -lhx509 -lcrypt -lasn1 -lroken -lcom_err" \ +- "-lgss -lkrb5" ++ "$($KRB5CONFIG gssapi --libs)"; \ + do +- # Note that this does not include $saved_libs, because +- # on FreeBSD machines this configure script has added +- # -L/usr/local/lib to LIBS, which can make the +- # -lgssapi_krb5 test succeed with shared libraries even +- # when you are trying to build with KTH in /usr/lib. +- if test "/usr" = "$use_gssapi" +- then +- LIBS="$TRY_LIBS $ISC_OPENSSL_LIBS" +- else +- LIBS="-L$use_gssapi/lib $TRY_LIBS $ISC_OPENSSL_LIBS" +- fi ++ LIBS="$TRY_LIBS" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5 + $as_echo_n "checking linking as $TRY_LIBS... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +@@ -17499,47 +17481,7 @@ $as_echo "no" >&6; } ;; + no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;; + esac + +- # +- # XXXDCL Major kludge. Tries to cope with KTH in /usr/lib +- # but MIT in /usr/local/lib and trying to build with KTH. +- # /usr/local/lib can end up earlier on the link lines. +- # Like most kludges, this one is not only inelegant it +- # is also likely to be the wrong thing to do at least as +- # many times as it is the right thing. Something better +- # needs to be done. +- # +- if test "/usr" = "$use_gssapi" -a \ +- -f /usr/local/lib/libkrb5.a; then +- FIX_KTH_VS_MIT=yes +- fi +- +- case "$FIX_KTH_VS_MIT" in +- yes) +- case "$enable_static_linking" in +- yes) gssapi_lib_suffix=".a" ;; +- *) gssapi_lib_suffix=".so" ;; +- esac +- +- for lib in $LIBS; do +- case $lib in +- -L*) +- ;; +- -l*) +- new_lib=`echo $lib | +- sed -e s%^-l%$use_gssapi/lib/lib% \ +- -e s%$%$gssapi_lib_suffix%` +- NEW_LIBS="$NEW_LIBS $new_lib" +- ;; +- *) +- as_fn_error $? "KTH vs MIT Kerberos confusion!" "$LINENO" 5 +- ;; +- esac +- done +- LIBS="$NEW_LIBS" +- ;; +- esac +- +- DST_GSSAPI_INC="-I$use_gssapi/include" ++ DST_GSSAPI_INC="$($KRB5CONFIG gssapi --cflags)" + DNS_GSSAPI_LIBS="$LIBS" + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5 +@@ -23046,7 +22988,7 @@ $as_echo "" >&6; } + # Check other locations for includes. + # Order is important (sigh). + +- bdb_incdirs="/db53 /db51 /db48 /db47 /db46 /db45 /db44 /db43 /db42 /db41 /db4 /db" ++ bdb_incdirs="/db6 /db5 /db48" + # include a blank element first + for d in "" $bdb_incdirs + do Property changes on: head/dns/bind916/files/patch-configure ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/dns/bind916/files/extrapatch-bind-tools =================================================================== --- head/dns/bind916/files/extrapatch-bind-tools (nonexistent) +++ head/dns/bind916/files/extrapatch-bind-tools (revision 526548) @@ -0,0 +1,34 @@ +Only select the "tools" part of bind for building. + +--- Makefile.in.orig 2019-08-12 14:08:48 UTC ++++ Makefile.in +@@ -14,7 +14,7 @@ top_builddir = @top_builddir@ + + VERSION=@BIND9_VERSION@ + +-SUBDIRS = make lib fuzz bin doc ++SUBDIRS = lib bin + TARGETS = + PREREQS = bind.keys.h + +@@ -51,7 +51,6 @@ installdirs: + $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1 + + install:: installdirs +- ${INSTALL_DATA} ${top_srcdir}/bind.keys ${DESTDIR}${sysconfdir} + + uninstall:: + rm -f ${DESTDIR}${sysconfdir}/bind.keys +--- bin/Makefile.in.orig 2019-08-12 14:08:48 UTC ++++ bin/Makefile.in +@@ -11,8 +11,8 @@ srcdir = @srcdir@ + VPATH = @srcdir@ + top_srcdir = @top_srcdir@ + +-SUBDIRS = named rndc dig delv dnssec tools nsupdate check confgen \ +- @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ plugins tests ++SUBDIRS = dig delv dnssec tools nsupdate \ ++ @NZD_TOOLS@ @PYTHON_TOOLS@ + TARGETS = + + @BIND9_MAKE_RULES@ Property changes on: head/dns/bind916/files/extrapatch-bind-tools ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/dns/bind916/files/patch-bin_tests_system_dlzexternal_Makefile.in =================================================================== --- head/dns/bind916/files/patch-bin_tests_system_dlzexternal_Makefile.in (nonexistent) +++ head/dns/bind916/files/patch-bin_tests_system_dlzexternal_Makefile.in (revision 526548) @@ -0,0 +1,13 @@ +BIND9 seems to be abusing LDFLAGS here, and it breaks our linker. + +--- bin/tests/system/dlzexternal/Makefile.in.orig 2019-06-28 12:33:29 UTC ++++ bin/tests/system/dlzexternal/Makefile.in +@@ -35,7 +35,7 @@ OBJS = + @BIND9_MAKE_RULES@ + + CFLAGS = @CFLAGS@ @SO_CFLAGS@ +-SO_LDFLAGS = @LDFLAGS@ @SO_LDFLAGS@ ++SO_LDFLAGS = @SO_LDFLAGS@ + + driver.@SO@: ${SO_OBJS} + ${LIBTOOL_MODE_LINK} @SO_LD@ ${SO_LDFLAGS} -o $@ driver.@O@ Property changes on: head/dns/bind916/files/patch-bin_tests_system_dlzexternal_Makefile.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/dns/bind916/files/extrapatch-no-bind-tools =================================================================== --- head/dns/bind916/files/extrapatch-no-bind-tools (nonexistent) +++ head/dns/bind916/files/extrapatch-no-bind-tools (revision 526548) @@ -0,0 +1,51 @@ +Exclude the "tools" from building and installing. + +--- bin/Makefile.in.orig 2019-06-28 12:33:29 UTC ++++ bin/Makefile.in +@@ -11,8 +11,8 @@ srcdir = @srcdir@ + VPATH = @srcdir@ + top_srcdir = @top_srcdir@ + +-SUBDIRS = named rndc dig delv dnssec tools nsupdate check confgen \ +- @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ plugins tests ++SUBDIRS = named rndc tools check confgen \ ++ @NZD_TOOLS@ @PKCS11_TOOLS@ plugins tests + TARGETS = + + @BIND9_MAKE_RULES@ +--- bin/tools/Makefile.in.orig 2019-06-28 12:33:29 UTC ++++ bin/tools/Makefile.in +@@ -41,10 +41,7 @@ SUBDIRS = + + DNSTAPTARGETS = dnstap-read@EXEEXT@ + NZDTARGETS = named-nzd2nzf@EXEEXT@ +-TARGETS = arpaname@EXEEXT@ named-journalprint@EXEEXT@ \ +- named-rrchecker@EXEEXT@ nsec3hash@EXEEXT@ \ +- mdig@EXEEXT@ \ +- @DNSTAPTARGETS@ @NZDTARGETS@ ++TARGETS = @DNSTAPTARGETS@ @NZDTARGETS@ + + DNSTAPSRCS = dnstap-read.c + NZDSRCS = named-nzd2nzf.c +@@ -120,21 +117,6 @@ dnstap: + ${INSTALL_DATA} ${srcdir}/dnstap-read.1 ${DESTDIR}${mandir}/man1 + + install:: ${TARGETS} installdirs @DNSTAP@ @NZD_TOOLS@ +- ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} arpaname@EXEEXT@ \ +- ${DESTDIR}${bindir} +- ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-journalprint@EXEEXT@ \ +- ${DESTDIR}${sbindir} +- ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-rrchecker@EXEEXT@ \ +- ${DESTDIR}${bindir} +- ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} nsec3hash@EXEEXT@ \ +- ${DESTDIR}${sbindir} +- ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} mdig@EXEEXT@ \ +- ${DESTDIR}${bindir} +- ${INSTALL_DATA} ${srcdir}/arpaname.1 ${DESTDIR}${mandir}/man1 +- ${INSTALL_DATA} ${srcdir}/named-journalprint.8 ${DESTDIR}${mandir}/man8 +- ${INSTALL_DATA} ${srcdir}/named-rrchecker.1 ${DESTDIR}${mandir}/man1 +- ${INSTALL_DATA} ${srcdir}/nsec3hash.8 ${DESTDIR}${mandir}/man8 +- ${INSTALL_DATA} ${srcdir}/mdig.1 ${DESTDIR}${mandir}/man1 + + uninstall:: + rm -f ${DESTDIR}${mandir}/man1/mdig.1 Property changes on: head/dns/bind916/files/extrapatch-no-bind-tools ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/dns/bind916/files/pkg-message.in =================================================================== --- head/dns/bind916/files/pkg-message.in (nonexistent) +++ head/dns/bind916/files/pkg-message.in (revision 526548) @@ -0,0 +1,29 @@ +[ +{ +# %!fmt 59 63 + message: </dev/null + devfs_domount ${named_chrootdir}/dev devfsrules_hide_all + devfs -m ${named_chrootdir}/dev rule apply path null unhide + devfs -m ${named_chrootdir}/dev rule apply path random unhide + else + if [ -c ${named_chrootdir}/dev/null -a \ + -c ${named_chrootdir}/dev/random ]; then + info "named chroot: using pre-mounted devfs." + else + err 1 "named chroot: devfs cannot be mounted from " \ + "within a jail. Thus a chrooted named cannot " \ + "be run from within a jail. Either mount the " \ + "devfs with null and random from the host, or " \ + "run named without chrooting it, set " \ + "named_chrootdir=\"\" in /etc/rc.conf." + fi + fi + + # The OpenSSL engines and BIND9 plugins should be present in the + # chroot, named loads them after chrooting. + null_mount_or_copy ${_openssl_engines} + null_mount_or_copy %%PREFIX%%/lib/named + + # Copy and/or update key files to the chroot /etc + # + for file in localtime protocols services; do + if [ -r /etc/${file} ] && \ + ! cmp -s /etc/${file} "${named_chrootdir}/etc/${file}"; then + cp -p /etc/${file} "${named_chrootdir}/etc/${file}" + fi + done +} + +# Make symlinks to the correct pid file +# +make_symlinks() +{ + checkyesno named_symlink_enable && + ln -fs "${named_chrootdir}${pidfile}" ${pidfile} && + ln -fs "${named_chrootdir}${sessionkeyfile}" ${sessionkeyfile} +} + +named_poststart() +{ + make_symlinks + + if checkyesno named_wait; then + until ${_named_program_root}/bin/host ${named_wait_host} >/dev/null 2>&1; do + echo " Waiting for nameserver to resolve ${named_wait_host}" + sleep 1 + done + fi +} + +named_reload() +{ + # This is a one line function, but ${named_program} is not defined early + # enough to be there when the reload_cmd variable is defined up there. + rndc reload +} + +find_pidfile() +{ + if get_pidfile_from_conf pid-file ${named_conf}; then + pidfile="${_pidfile_from_conf}" + else + pidfile="/var/run/named/pid" + fi +} + +find_sessionkeyfile() +{ + if get_pidfile_from_conf session-keyfile ${named_conf}; then + sessionkeyfile="${_pidfile_from_conf}" + else + sessionkeyfile="/var/run/named/session.key" + fi +} + +named_stop() +{ + find_pidfile + + # This duplicates an undesirably large amount of code from the stop + # routine in rc.subr in order to use rndc to shut down the process, + # and to give it a second chance in case rndc fails. + rc_pid=$(check_pidfile ${pidfile} ${command}) + if [ -z "${rc_pid}" ]; then + [ -n "${rc_fast}" ] && return 0 + _run_rc_notrunning + return 1 + fi + echo 'Stopping named.' + if rndc stop; then + wait_for_pids ${rc_pid} + else + echo -n 'rndc failed, trying kill: ' + kill -TERM ${rc_pid} + wait_for_pids ${rc_pid} + fi +} + +named_poststop() +{ + if [ -n "${named_chrootdir}" ]; then + null_umount %%PREFIX%%/lib/named + null_umount ${_openssl_engines} + if [ -c ${named_chrootdir}/dev/null ]; then + # unmount /dev + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then + umount ${named_chrootdir}/dev 2>/dev/null || true + else + warn "named chroot:" \ + "cannot unmount devfs from inside jail!" + fi + fi + fi +} + +can_mount() +{ + local kld + kld=$1 + if ! load_kld $kld; then + return 1 + fi + if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] || + [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] || + [ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then + return 0 + fi + return 1 +} + +null_mount_or_copy() +{ + local dir + dir=$1 + + if [ -d ${dir} ]; then + mkdir -p ${named_chrootdir}${dir} + if can_mount nullfs ; then + mount -t nullfs ${dir} ${named_chrootdir}${dir} + else + warn "named chroot: cannot nullfs mount OpenSSL" \ + "engines into the chroot, will copy the shared" \ + "libraries instead." + cp -f ${dir}/*.so ${named_chrootdir}${dir} + fi + fi +} + +null_umount() +{ + local dir + dir=$1 + + if [ -d ${dir} ]; then + if can_mount nullfs; then + umount ${named_chrootdir}${dir} + fi + fi +} + +create_file() +{ + if [ -e "$1" ]; then + unlink $1 + fi + install -o root -g wheel -m 0644 /dev/null $1 +} + +rndc() +{ + if [ -z "${rndc_flags}" ]; then + if [ -s "${rndc_conf}" ] ; then + rndc_flags="-c ${rndc_conf}" + elif [ -s "${rndc_key}" ] ; then + rndc_flags="-k ${rndc_key}" + else + rndc_flags="" + fi + fi + + ${_named_program_root}/sbin/rndc ${rndc_flags} "$@" +} + +named_prestart() +{ + find_pidfile + find_sessionkeyfile + + if [ -n "${named_pidfile}" ]; then + warn 'named_pidfile: now determined from the conf file' + fi + + if [ -n "${named_sessionkeyfile}" ]; then + warn 'named_sessionkeyfile: now determined from the conf file' + fi + + piddir=`/usr/bin/dirname ${pidfile}` + if [ ! -d ${piddir} ]; then + install -d -o ${named_uid} -g ${named_uid} ${piddir} + fi + + sessionkeydir=`/usr/bin/dirname ${sessionkeyfile}` + if [ ! -d ${sessionkeydir} ]; then + install -d -o ${named_uid} -g ${named_uid} ${sessionkeydir} + fi + + command_args="-u ${named_uid:=root} -c ${named_conf} ${command_args}" + +%%NATIVE_PKCS11%% if [ -z "${named_pkcs11_engine}"]; then +%%NATIVE_PKCS11%% err 3 "named_pkcs11_engine has to be set to the PKCS#11 engine's library you want to use" +%%NATIVE_PKCS11%% elif [ ! -f ${named_pkcs11_engine} ]; then +%%NATIVE_PKCS11%% err 3 "named_pkcs11_engine the PKCS#11 engine's library you want to use doesn't exist" +%%NATIVE_PKCS11%% else +%%NATIVE_PKCS11%% mkdir -p ${named_chrootdir}${named_pkcs11_engine%/*} +%%NATIVE_PKCS11%% cp -p ${named_pkcs11_engine} ${named_chrootdir}${named_pkcs11_engine} +%%NATIVE_PKCS11%% command_args="-E ${named_pkcs11_engine} ${command_args}" +%%NATIVE_PKCS11%% fi + + local line nsip firstns + + # Is the user using a sandbox? + # + if [ -n "${named_chrootdir}" ]; then + rc_flags="${rc_flags} -t ${named_chrootdir}" + checkyesno named_chroot_autoupdate && chroot_autoupdate + + case "${altlog_proglist}" in + *named*) + ;; + *) + warn 'Using chroot without setting altlog_proglist, logging may not' + warn 'work correctly. Run sysrc altlog_proglist+=named' + ;; + esac + else + named_symlink_enable=NO + fi + + # Create an rndc.key file for the user if none exists + # + confgen_command="${_named_program_root}/sbin/rndc-confgen -a -b256 -u ${named_uid} \ + -c ${_named_confdir}/rndc.key" + if [ -s "${_named_confdir}/rndc.conf" ]; then + unset confgen_command + fi + if [ -s "${_named_confdir}/rndc.key" ]; then + case `stat -f%Su ${_named_confdir}/rndc.key` in + root|${named_uid}) ;; + *) ${confgen_command} ;; + esac + else + ${confgen_command} + fi + + local checkconf + + checkconf="${_named_program_root}/sbin/named-checkconf" + if ! checkyesno named_chroot_autoupdate && [ -n "${named_chrootdir}" ]; then + checkconf="${checkconf} -t ${named_chrootdir}" + fi + + # Create a forwarder configuration based on /etc/resolv.conf + if checkyesno named_auto_forward; then + if [ ! -s /etc/resolv.conf ]; then + warn "named_auto_forward enabled, but no /etc/resolv.conf" + + # Empty the file in case it is included in named.conf + [ -s "${_named_confdir}/auto_forward.conf" ] && + create_file ${_named_confdir}/auto_forward.conf + + ${checkconf} ${named_conf} || + err 3 'named-checkconf for ${named_conf} failed' + return + fi + + create_file /var/run/naf-resolv.conf + create_file /var/run/auto_forward.conf + + echo ' forwarders {' > /var/run/auto_forward.conf + + while read line; do + case "${line}" in + 'nameserver '*|'nameserver '*) + nsip=${line##nameserver[ ]} + + if [ -z "${firstns}" ]; then + if [ ! "${nsip}" = '127.0.0.1' ]; then + echo 'nameserver 127.0.0.1' + echo " ${nsip};" >> /var/run/auto_forward.conf + fi + + firstns=1 + else + [ "${nsip}" = '127.0.0.1' ] && continue + echo " ${nsip};" >> /var/run/auto_forward.conf + fi + ;; + esac + + echo ${line} + done < /etc/resolv.conf > /var/run/naf-resolv.conf + + echo ' };' >> /var/run/auto_forward.conf + echo '' >> /var/run/auto_forward.conf + if checkyesno named_auto_forward_only; then + echo " forward only;" >> /var/run/auto_forward.conf + else + echo " forward first;" >> /var/run/auto_forward.conf + fi + + if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then + unlink /var/run/naf-resolv.conf + else + [ -e /etc/resolv.conf ] && unlink /etc/resolv.conf + mv /var/run/naf-resolv.conf /etc/resolv.conf + fi + + if cmp -s ${_named_confdir}/auto_forward.conf \ + /var/run/auto_forward.conf; then + unlink /var/run/auto_forward.conf + else + [ -e "${_named_confdir}/auto_forward.conf" ] && + unlink ${_named_confdir}/auto_forward.conf + mv /var/run/auto_forward.conf \ + ${_named_confdir}/auto_forward.conf + fi + else + # Empty the file in case it is included in named.conf + [ -s "${_named_confdir}/auto_forward.conf" ] && + create_file ${_named_confdir}/auto_forward.conf + fi + + ${checkconf} ${named_conf} || err 3 "named-checkconf for ${named_conf} failed" +} + +run_rc_command "$1" Property changes on: head/dns/bind916/files/named.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/dns/bind916/files/BIND.chroot.dist =================================================================== --- head/dns/bind916/files/BIND.chroot.dist (nonexistent) +++ head/dns/bind916/files/BIND.chroot.dist (revision 526548) @@ -0,0 +1,26 @@ +# $FreeBSD$ +# +# mtree -deU -f files/BIND.chroot.dist -p tmp +# mtree -cjnb -k uname,gname,mode -p tmp + +/set type=file uname=root gname=wheel mode=0755 +. type=dir + dev type=dir mode=0555 + .. + etc type=dir + .. + tmp type=dir mode=01777 + .. +/set type=file uname=bind gname=bind mode=0755 + var type=dir uname=root gname=wheel + dump type=dir + .. + log type=dir + .. + run type=dir + named type=dir + .. + .. + stats type=dir + .. + .. Property changes on: head/dns/bind916/files/BIND.chroot.dist ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/dns/bind916/files/named.root =================================================================== --- head/dns/bind916/files/named.root (nonexistent) +++ head/dns/bind916/files/named.root (revision 526548) @@ -0,0 +1,96 @@ +; +; $FreeBSD$ +; + +; This file holds the information on root name servers needed to +; initialize cache of Internet domain name servers +; (e.g. reference this file in the "cache . " +; configuration file of BIND domain name servers). +; +; This file is made available by InterNIC +; under anonymous FTP as +; file /domain/named.cache +; on server FTP.INTERNIC.NET +; -OR- RS.INTERNIC.NET +; +; last update: November 16, 2017 +; related version of root zone: 2017111601 +; +; FORMERLY NS.INTERNIC.NET +; +. 3600000 NS A.ROOT-SERVERS.NET. +A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 +A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30 +; +; FORMERLY NS1.ISI.EDU +; +. 3600000 NS B.ROOT-SERVERS.NET. +B.ROOT-SERVERS.NET. 3600000 A 199.9.14.201 +B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b +; +; FORMERLY C.PSI.NET +; +. 3600000 NS C.ROOT-SERVERS.NET. +C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 +C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c +; +; FORMERLY TERP.UMD.EDU +; +. 3600000 NS D.ROOT-SERVERS.NET. +D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 +D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d +; +; FORMERLY NS.NASA.GOV +; +. 3600000 NS E.ROOT-SERVERS.NET. +E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 +E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e +; +; FORMERLY NS.ISC.ORG +; +. 3600000 NS F.ROOT-SERVERS.NET. +F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 +F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f +; +; FORMERLY NS.NIC.DDN.MIL +; +. 3600000 NS G.ROOT-SERVERS.NET. +G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 +G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d +; +; FORMERLY AOS.ARL.ARMY.MIL +; +. 3600000 NS H.ROOT-SERVERS.NET. +H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53 +H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53 +; +; FORMERLY NIC.NORDU.NET +; +. 3600000 NS I.ROOT-SERVERS.NET. +I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 +I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53 +; +; OPERATED BY VERISIGN, INC. +; +. 3600000 NS J.ROOT-SERVERS.NET. +J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 +J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30 +; +; OPERATED BY RIPE NCC +; +. 3600000 NS K.ROOT-SERVERS.NET. +K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 +K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1 +; +; OPERATED BY ICANN +; +. 3600000 NS L.ROOT-SERVERS.NET. +L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 +L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42 +; +; OPERATED BY WIDE +; +. 3600000 NS M.ROOT-SERVERS.NET. +M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 +M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35 +; End of file Property changes on: head/dns/bind916/files/named.root ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/dns/bind916/files/named.conf.in =================================================================== --- head/dns/bind916/files/named.conf.in (nonexistent) +++ head/dns/bind916/files/named.conf.in (revision 526548) @@ -0,0 +1,380 @@ +// $FreeBSD$ +// +// Refer to the named.conf(5) and named(8) man pages, and the documentation +// in /usr/local/share/doc/bind for more details. +// +// If you are going to set up an authoritative server, make sure you +// understand the hairy details of how DNS works. Even with +// simple mistakes, you can break connectivity for affected parties, +// or cause huge amounts of useless Internet traffic. + +options { + // All file and path names are relative to the chroot directory, + // if any, and should be fully qualified. + directory "%%ETCDIR%%/working"; + pid-file "/var/run/named/pid"; + dump-file "/var/dump/named_dump.db"; + statistics-file "/var/stats/named.stats"; + +// If named is being used only as a local resolver, this is a safe default. +// For named to be accessible to the network, comment this option, specify +// the proper IP address, or delete this option. + listen-on { 127.0.0.1; }; + +// If you have IPv6 enabled on this system, uncomment this option for +// use as a local resolver. To give access to the network, specify +// an IPv6 address, or the keyword "any". +// listen-on-v6 { ::1; }; + +// These zones are already covered by the empty zones listed below. +// If you remove the related empty zones below, comment these lines out. + disable-empty-zone "255.255.255.255.IN-ADDR.ARPA"; + disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; + disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; + +// If you've got a DNS server around at your upstream provider, enter +// its IP address here, and enable the line below. This will make you +// benefit from its cache, thus reduce overall DNS traffic in the Internet. +/* + forwarders { + 127.0.0.1; + }; +*/ + +// If the 'forwarders' clause is not empty the default is to 'forward first' +// which will fall back to sending a query from your local server if the name +// servers in 'forwarders' do not have the answer. Alternatively you can +// force your name server to never initiate queries of its own by enabling the +// following line: +// forward only; + +// If you wish to have forwarding configured automatically based on +// the entries in /etc/resolv.conf, uncomment the following line and +// set named_auto_forward=yes in /etc/rc.conf. You can also enable +// named_auto_forward_only (the effect of which is described above). +// include "%%ETCDIR%%/auto_forward.conf"; + + /* + Modern versions of BIND use a random UDP port for each outgoing + query by default in order to dramatically reduce the possibility + of cache poisoning. All users are strongly encouraged to utilize + this feature, and to configure their firewalls to accommodate it. + + AS A LAST RESORT in order to get around a restrictive firewall + policy you can try enabling the option below. Use of this option + will significantly reduce your ability to withstand cache poisoning + attacks, and should be avoided if at all possible. + + Replace NNNNN in the example with a number between 49160 and 65530. + */ + // query-source address * port NNNNN; +}; + +// If you enable a local name server, don't forget to enter 127.0.0.1 +// first in your /etc/resolv.conf so this server will be queried. +// Also, make sure to enable it in /etc/rc.conf. + +// The traditional root hints mechanism. Use this, OR the slave zones below. +zone "." { type hint; file "%%ETCDIR%%/named.root"; }; + +/* Slaving the following zones from the root name servers has some + significant advantages: + 1. Faster local resolution for your users + 2. No spurious traffic will be sent from your network to the roots + 3. Greater resilience to any potential root server failure/DDoS + + On the other hand, this method requires more monitoring than the + hints file to be sure that an unexpected failure mode has not + incapacitated your server. Name servers that are serving a lot + of clients will benefit more from this approach than individual + hosts. Use with caution. + + To use this mechanism, uncomment the entries below, and comment + the hint zone above. + + As documented at http://dns.icann.org/services/axfr/ these zones: + "." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and a few others + are available for AXFR from these servers on IPv4 and IPv6: + xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org +*/ +/* +zone "." { + type slave; + file "%%ETCDIR%%/slave/root.slave"; + masters { + 192.0.32.132; // lax.xfr.dns.icann.org + 2620:0:2d0:202::132; // lax.xfr.dns.icann.org + 192.0.47.132; // iad.xfr.dns.icann.org + 2620:0:2830:202::132; // iad.xfr.dns.icann.org + }; + notify no; +}; +zone "arpa" { + type slave; + file "%%ETCDIR%%/slave/arpa.slave"; + masters { + 192.0.32.132; // lax.xfr.dns.icann.org + 2620:0:2d0:202::132; // lax.xfr.dns.icann.org + 192.0.47.132; // iad.xfr.dns.icann.org + 2620:0:2830:202::132; // iad.xfr.dns.icann.org + }; + notify no; +}; +zone "in-addr.arpa" { + type slave; + file "%%ETCDIR%%/slave/in-addr.arpa.slave"; + masters { + 192.0.32.132; // lax.xfr.dns.icann.org + 2620:0:2d0:202::132; // lax.xfr.dns.icann.org + 192.0.47.132; // iad.xfr.dns.icann.org + 2620:0:2830:202::132; // iad.xfr.dns.icann.org + }; + notify no; +}; +zone "ip6.arpa" { + type slave; + file "%%ETCDIR%%/slave/ip6.arpa.slave"; + masters { + 192.0.32.132; // lax.xfr.dns.icann.org + 2620:0:2d0:202::132; // lax.xfr.dns.icann.org + 192.0.47.132; // iad.xfr.dns.icann.org + 2620:0:2830:202::132; // iad.xfr.dns.icann.org + }; + notify no; +}; +*/ + +/* Serving the following zones locally will prevent any queries + for these zones leaving your network and going to the root + name servers. This has two significant advantages: + 1. Faster local resolution for your users + 2. No spurious traffic will be sent from your network to the roots +*/ +// RFCs 1912, 5735 and 6303 (and BCP 32 for localhost) +zone "localhost" { type master; file "%%ETCDIR%%/master/localhost-forward.db"; }; +zone "127.in-addr.arpa" { type master; file "%%ETCDIR%%/master/localhost-reverse.db"; }; +zone "255.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; + +// RFC 1912-style zone for IPv6 localhost address (RFC 6303) +zone "0.ip6.arpa" { type master; file "%%ETCDIR%%/master/localhost-reverse.db"; }; + +// "This" Network (RFCs 1912, 5735 and 6303) +zone "0.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; + +// Private Use Networks (RFCs 1918, 5735 and 6303) +zone "10.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "16.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "17.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "18.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "19.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "20.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "21.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "22.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "23.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "24.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "25.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "26.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "27.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "28.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "29.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "30.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "31.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "168.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; + +// Shared Address Space (RFC 6598) +zone "64.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "65.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "66.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "67.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "68.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "69.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "70.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "71.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "72.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "73.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "74.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "75.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "76.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "77.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "78.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "79.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "80.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "81.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "82.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "83.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "84.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "85.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "86.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "87.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "88.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "89.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "90.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "91.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "92.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "93.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "94.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "95.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "96.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "97.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "98.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "99.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "100.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "101.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "102.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "103.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "104.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "105.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "106.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "107.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "108.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "109.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "110.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "111.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "112.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "113.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "114.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "115.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "116.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "117.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "118.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "119.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "120.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "121.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "122.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "123.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "124.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "125.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "126.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "127.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; + +// Link-local/APIPA (RFCs 3927, 5735 and 6303) +zone "254.169.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; + +// IETF protocol assignments (RFCs 5735 and 5736) +zone "0.0.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; + +// TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303) +zone "2.0.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "100.51.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "113.0.203.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; + +// IPv6 Example Range for Documentation (RFCs 3849 and 6303) +zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; + +// Router Benchmark Testing (RFCs 2544 and 5735) +zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "19.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; + +// IANA Reserved - Old Class E Space (RFC 5735) +zone "240.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "241.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "242.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "243.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "244.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "245.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "246.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "247.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "248.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "249.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "250.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "251.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "252.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "253.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "254.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; + +// IPv6 Unassigned Addresses (RFC 4291) +zone "1.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "3.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "4.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "5.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "6.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "7.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "8.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "9.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "a.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "b.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "c.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "d.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "e.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "0.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "1.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "2.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "3.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "4.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "5.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "6.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "7.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "8.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "9.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "a.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "b.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "0.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "1.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "2.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "3.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "4.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "5.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "6.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "7.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; + +// IPv6 ULA (RFCs 4193 and 6303) +zone "c.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "d.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; + +// IPv6 Link Local (RFCs 4291 and 6303) +zone "8.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "9.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "a.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "b.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; + +// IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303) +zone "c.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "d.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "e.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; +zone "f.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; + +// IP6.INT is Deprecated (RFC 4159) +zone "ip6.int" { type master; file "%%ETCDIR%%/master/empty.db"; }; + +// NB: Do not use the IP addresses below, they are faked, and only +// serve demonstration/documentation purposes! +// +// Example slave zone config entries. It can be convenient to become +// a slave at least for the zone your own domain is in. Ask +// your network administrator for the IP address of the responsible +// master name server. +// +// Do not forget to include the reverse lookup zone! +// This is named after the first bytes of the IP address, in reverse +// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6. +// +// Before starting to set up a master zone, make sure you fully +// understand how DNS and BIND work. There are sometimes +// non-obvious pitfalls. Setting up a slave zone is usually simpler. +// +// NB: Don't blindly enable the examples below. :-) Use actual names +// and addresses instead. + +/* An example dynamic zone +key "exampleorgkey" { + algorithm hmac-md5; + secret "sf87HJqjkqh8ac87a02lla=="; +}; +zone "example.org" { + type master; + allow-update { + key "exampleorgkey"; + }; + file "%%ETCDIR%%/dynamic/example.org"; +}; +*/ + +/* Example of a slave reverse zone +zone "1.168.192.in-addr.arpa" { + type slave; + file "%%ETCDIR%%/slave/1.168.192.in-addr.arpa"; + masters { + 192.168.1.1; + }; +}; +*/ Property changes on: head/dns/bind916/files/named.conf.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/dns/bind916/files/BIND.chroot.local.dist =================================================================== --- head/dns/bind916/files/BIND.chroot.local.dist (nonexistent) +++ head/dns/bind916/files/BIND.chroot.local.dist (revision 526548) @@ -0,0 +1,20 @@ +# $FreeBSD$ +# +# mtree -deU -f files/BIND.etc.dist -p tmp +# mtree -cjnb -k uname,gname,mode -p tmp + +/set type=file uname=root gname=wheel mode=0755 +. type=dir + etc type=dir +/set type=file uname=bind gname=wheel mode=0755 + namedb type=dir uname=root + dynamic type=dir + .. + master type=dir uname=root + .. + slave type=dir + .. + working type=dir + .. + .. + .. Property changes on: head/dns/bind916/files/BIND.chroot.local.dist ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/dns/bind916/files/empty.db =================================================================== --- head/dns/bind916/files/empty.db (nonexistent) +++ head/dns/bind916/files/empty.db (revision 526548) @@ -0,0 +1,11 @@ + +; $FreeBSD$ + +$TTL 3h +@ SOA @ nobody.localhost. 42 1d 12h 1w 3h + ; Serial, Refresh, Retry, Expire, Neg. cache TTL + +@ NS @ + +; Silence a BIND warning +@ A 127.0.0.1 Property changes on: head/dns/bind916/files/empty.db ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/dns/bind916/files/localhost-forward.db =================================================================== --- head/dns/bind916/files/localhost-forward.db (nonexistent) +++ head/dns/bind916/files/localhost-forward.db (revision 526548) @@ -0,0 +1,11 @@ + +; $FreeBSD$ + +$TTL 3h +localhost. SOA localhost. nobody.localhost. 42 1d 12h 1w 3h + ; Serial, Refresh, Retry, Expire, Neg. cache TTL + + NS localhost. + + A 127.0.0.1 + AAAA ::1 Property changes on: head/dns/bind916/files/localhost-forward.db ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/dns/bind916/files/localhost-reverse.db =================================================================== --- head/dns/bind916/files/localhost-reverse.db (nonexistent) +++ head/dns/bind916/files/localhost-reverse.db (revision 526548) @@ -0,0 +1,13 @@ + +; $FreeBSD$ + +$TTL 3h +@ SOA localhost. nobody.localhost. 42 1d 12h 1w 3h + ; Serial, Refresh, Retry, Expire, Neg. cache TTL + + NS localhost. + +1.0.0 PTR localhost. + +1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR localhost. + Property changes on: head/dns/bind916/files/localhost-reverse.db ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/dns/bind916/pkg-plist =================================================================== --- head/dns/bind916/pkg-plist (nonexistent) +++ head/dns/bind916/pkg-plist (revision 526548) @@ -0,0 +1,301 @@ +%%DNSTAP%%bin/dnstap-read +@sample etc/mtree/BIND.chroot.dist.sample +@sample etc/mtree/BIND.chroot.local.dist.sample +%%ETCDIR%%/bind.keys +%%ETCDIR%%/master/empty.db +%%ETCDIR%%/master/localhost-forward.db +%%ETCDIR%%/master/localhost-reverse.db +@sample %%ETCDIR%%/named.conf.sample +%%ETCDIR%%/named.root +%%ETCDIR%%/rndc.conf.sample +include/bind9/check.h +include/bind9/getaddresses.h +include/bind9/version.h +include/dns/acl.h +include/dns/adb.h +include/dns/badcache.h +include/dns/bit.h +include/dns/byaddr.h +include/dns/cache.h +include/dns/callbacks.h +include/dns/catz.h +include/dns/cert.h +include/dns/client.h +include/dns/clientinfo.h +include/dns/compress.h +include/dns/db.h +include/dns/dbiterator.h +include/dns/dbtable.h +include/dns/diff.h +include/dns/dispatch.h +include/dns/dlz.h +include/dns/dlz_dlopen.h +include/dns/dns64.h +include/dns/dnsrps.h +include/dns/dnssec.h +include/dns/dnstap.h +include/dns/ds.h +include/dns/dsdigest.h +include/dns/dyndb.h +include/dns/ecdb.h +include/dns/ecs.h +include/dns/edns.h +include/dns/enumclass.h +include/dns/enumtype.h +include/dns/events.h +include/dns/fixedname.h +include/dns/forward.h +include/dns/geoip.h +include/dns/ipkeylist.h +include/dns/iptable.h +include/dns/journal.h +include/dns/keydata.h +include/dns/keyflags.h +include/dns/keytable.h +include/dns/keyvalues.h +include/dns/lib.h +include/dns/librpz.h +include/dns/log.h +include/dns/lookup.h +include/dns/master.h +include/dns/masterdump.h +include/dns/message.h +include/dns/name.h +include/dns/ncache.h +include/dns/nsec.h +include/dns/nsec3.h +include/dns/nta.h +include/dns/opcode.h +include/dns/order.h +include/dns/peer.h +include/dns/portlist.h +include/dns/private.h +include/dns/rbt.h +include/dns/rcode.h +include/dns/rdata.h +include/dns/rdataclass.h +include/dns/rdatalist.h +include/dns/rdataset.h +include/dns/rdatasetiter.h +include/dns/rdataslab.h +include/dns/rdatastruct.h +include/dns/rdatatype.h +include/dns/request.h +include/dns/resolver.h +include/dns/result.h +include/dns/rootns.h +include/dns/rpz.h +include/dns/rriterator.h +include/dns/rrl.h +include/dns/sdb.h +include/dns/sdlz.h +include/dns/secalg.h +include/dns/secproto.h +include/dns/soa.h +include/dns/ssu.h +include/dns/stats.h +include/dns/tcpmsg.h +include/dns/time.h +include/dns/timer.h +include/dns/tkey.h +include/dns/tsec.h +include/dns/tsig.h +include/dns/ttl.h +include/dns/types.h +include/dns/update.h +include/dns/validator.h +include/dns/version.h +include/dns/view.h +include/dns/xfrin.h +include/dns/zone.h +include/dns/zonekey.h +include/dns/zoneverify.h +include/dns/zt.h +include/dst/dst.h +include/dst/gssapi.h +include/dst/result.h +include/irs/context.h +include/irs/dnsconf.h +include/irs/netdb.h +include/irs/platform.h +include/irs/resconf.h +include/irs/types.h +include/irs/version.h +include/isc/aes.h +include/isc/app.h +include/isc/assertions.h +include/isc/astack.h +include/isc/atomic.h +include/isc/backtrace.h +include/isc/base32.h +include/isc/base64.h +include/isc/bind9.h +include/isc/buffer.h +include/isc/bufferlist.h +include/isc/commandline.h +include/isc/condition.h +include/isc/counter.h +include/isc/crc64.h +include/isc/deprecated.h +include/isc/dir.h +include/isc/endian.h +include/isc/errno.h +include/isc/error.h +include/isc/event.h +include/isc/eventclass.h +include/isc/file.h +include/isc/formatcheck.h +include/isc/fsaccess.h +include/isc/fuzz.h +include/isc/hash.h +include/isc/heap.h +include/isc/hex.h +include/isc/hmac.h +include/isc/hp.h +include/isc/ht.h +include/isc/httpd.h +include/isc/interfaceiter.h +include/isc/iterated_hash.h +include/isc/lang.h +include/isc/lex.h +include/isc/lfsr.h +include/isc/lib.h +include/isc/likely.h +include/isc/list.h +include/isc/log.h +include/isc/magic.h +include/isc/md.h +include/isc/mem.h +include/isc/meminfo.h +include/isc/mutex.h +include/isc/mutexblock.h +include/isc/net.h +include/isc/netaddr.h +include/isc/netdb.h +include/isc/netscope.h +include/isc/nonce.h +include/isc/offset.h +include/isc/once.h +include/isc/os.h +include/isc/parseint.h +include/isc/platform.h +include/isc/pool.h +include/isc/portset.h +include/isc/print.h +include/isc/queue.h +include/isc/quota.h +include/isc/radix.h +include/isc/random.h +include/isc/ratelimiter.h +include/isc/refcount.h +include/isc/regex.h +include/isc/region.h +include/isc/resource.h +include/isc/result.h +include/isc/resultclass.h +include/isc/rwlock.h +include/isc/safe.h +include/isc/serial.h +include/isc/siphash.h +include/isc/sockaddr.h +include/isc/socket.h +include/isc/stat.h +include/isc/stats.h +include/isc/stdatomic.h +include/isc/stdio.h +include/isc/stdtime.h +include/isc/strerr.h +include/isc/string.h +include/isc/symtab.h +include/isc/syslog.h +include/isc/task.h +include/isc/taskpool.h +include/isc/thread.h +include/isc/time.h +include/isc/timer.h +include/isc/tm.h +include/isc/types.h +include/isc/util.h +include/isc/version.h +include/isccc/alist.h +include/isccc/base64.h +include/isccc/cc.h +include/isccc/ccmsg.h +include/isccc/events.h +include/isccc/result.h +include/isccc/sexpr.h +include/isccc/symtab.h +include/isccc/symtype.h +include/isccc/types.h +include/isccc/util.h +include/isccc/version.h +include/isccfg/aclconf.h +include/isccfg/cfg.h +include/isccfg/dnsconf.h +include/isccfg/grammar.h +include/isccfg/log.h +include/isccfg/namedconf.h +include/isccfg/version.h +include/ns/client.h +include/ns/hooks.h +include/ns/interfacemgr.h +include/ns/lib.h +include/ns/listenlist.h +include/ns/log.h +include/ns/notify.h +include/ns/query.h +include/ns/server.h +include/ns/sortlist.h +include/ns/stats.h +include/ns/types.h +include/ns/update.h +include/ns/version.h +include/ns/xfrout.h +include/pk11/constants.h +include/pk11/internal.h +include/pk11/pk11.h +include/pk11/result.h +include/pk11/site.h +include/pkcs11/eddsa.h +include/pkcs11/pkcs11.h +lib/libbind9.a +lib/libdns.a +lib/libirs.a +lib/libisc.a +lib/libisccc.a +lib/libisccfg.a +lib/libns.a +lib/named/filter-aaaa.so +%%DNSTAP%%man/man1/dnstap-read.1.gz +man/man5/named.conf.5.gz +man/man5/rndc.conf.5.gz +man/man8/ddns-confgen.8.gz +man/man8/filter-aaaa.8.gz +man/man8/named-checkconf.8.gz +man/man8/named-checkzone.8.gz +man/man8/named-compilezone.8.gz +%%LMDB%%man/man8/named-nzd2nzf.8.gz +man/man8/named.8.gz +%%NATIVE_PKCS11%%man/man8/pkcs11-destroy.8.gz +%%NATIVE_PKCS11%%man/man8/pkcs11-keygen.8.gz +%%NATIVE_PKCS11%%man/man8/pkcs11-list.8.gz +%%NATIVE_PKCS11%%man/man8/pkcs11-tokens.8.gz +man/man8/rndc-confgen.8.gz +man/man8/rndc.8.gz +man/man8/tsig-keygen.8.gz +sbin/ddns-confgen +sbin/named +sbin/named-checkconf +sbin/named-checkzone +sbin/named-compilezone +%%LMDB%%sbin/named-nzd2nzf +%%NATIVE_PKCS11%%sbin/pkcs11-destroy +%%NATIVE_PKCS11%%sbin/pkcs11-keygen +%%NATIVE_PKCS11%%sbin/pkcs11-list +%%NATIVE_PKCS11%%sbin/pkcs11-tokens +sbin/rndc +sbin/rndc-confgen +sbin/tsig-keygen +@dir(bind,bind,) %%ETCDIR%%/dynamic +@dir(bind,bind,) %%ETCDIR%%/slave +@dir(bind,bind,) %%ETCDIR%%/working Property changes on: head/dns/bind916/pkg-plist ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/dns/bind916/pkg-descr =================================================================== --- head/dns/bind916/pkg-descr (nonexistent) +++ head/dns/bind916/pkg-descr (revision 526548) @@ -0,0 +1,15 @@ +BIND version 9 is a major rewrite of nearly all aspects of the underlying BIND +architecture. Some of the important features of BIND 9 are: + +DNS Security: DNSSEC (signed zones), TSIG (signed DNS requests) +IP version 6: Answers DNS queries on IPv6 sockets, IPv6 resource records (AAAA) + Experimental IPv6 Resolver Library +DNS Protocol Enhancements: IXFR, DDNS, Notify, EDNS0 + Improved standards conformance +Views: One server process can provide multiple "views" of the DNS namespace, + e.g. an "inside" view to certain clients, and an "outside" view to others. +Multiprocessor Support + +See the CHANGES file for more information on new features. + +WWW: https://www.isc.org/downloads/bind/ Property changes on: head/dns/bind916/pkg-descr ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/dns/bind916/pkg-help =================================================================== --- head/dns/bind916/pkg-help (nonexistent) +++ head/dns/bind916/pkg-help (revision 526548) @@ -0,0 +1,38 @@ + NATIVE_PKCS11 +When using the NATIVE_PKCS11 option, BIND will use the PKCS#11 +engine specified by the named_pkcss11_engine variable in +/etc/rc.conf for *all* crypto operations. + +This is primarily intended to be used in an authoritative +case. + +If BIND is also operating as a validating resolver, +NATIVE_PKCS11 should not be used, because the HSM will be +used for all crypto, including DNSSEC validations, and the +HSM is likely to be slower than the CPU for this purpose. +Additionally, the HSM might not support all of the PKCS#11 +API functions needed for signature verification. + + + GOST +If using a chrooted instance of BIND on FreeBSD 8.x and 9.x, +the OpenSSL engines MUST be accessible from within the chroot. +If BIND is chrooted in /var/named, this can be achieved by +either copying content of /usr/local/lib/engines into +/var/named/usr/local/lib/engines, or by creating that directory +and adding this line to /etc/fstab: +/usr/local/lib/engines /var/named/usr/local/lib/engines nullfs ro 0 0 + + + START_LATE +Most of the time, BIND needs to start early in the boot +process. Enable this if BIND starts too early for you and +you need it to start later. + + + TUNING_LARGE + https://kb.isc.org/article/AA-01314/0 +Tunes certain compiled-in constants and default settings to +values better suited to large servers with 12/16GB+ of memory. +This can improve performance on such servers, but will consume +more memory and may degrade performance on smaller systems. Property changes on: head/dns/bind916/pkg-help ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property