diff options
author | mat <mat@FreeBSD.org> | 2014-04-11 00:01:27 +0800 |
---|---|---|
committer | mat <mat@FreeBSD.org> | 2014-04-11 00:01:27 +0800 |
commit | 045171b2804079b6c1d470e630cdb8fa72291eb8 (patch) | |
tree | 8507ec62b20f903edfbb7c44eba68c060da297b6 /dns/bind910 | |
parent | 1cc32d8c727f302f6ca83ad28fdcf95138ac8d2d (diff) | |
download | freebsd-ports-gnome-045171b2804079b6c1d470e630cdb8fa72291eb8.tar.gz freebsd-ports-gnome-045171b2804079b6c1d470e630cdb8fa72291eb8.tar.zst freebsd-ports-gnome-045171b2804079b6c1d470e630cdb8fa72291eb8.zip |
Introduce BIND 9.10.0rc1
BIND 9.10 includes a number of changes from earlier releases, including:
- DNS Response-rate limiting (DNS RRL)
- A new "prefetch" option can improve recursive resolver performance
- ACLs can now be specified based on geographic location using the
MaxMind GeoIP databases.
- A new compile-time option, NATIVE_PKCS11 allows the BIND 9
cryptography functions to use the PKCS#11 API natively.
*NOTE*
This is a release candidate, it may contain bugs.
*NOTE*
Changes: https://lists.isc.org/pipermail/bind-announce/2014-April/000906.html
Sponsored by: Absolight
Diffstat (limited to 'dns/bind910')
-rw-r--r-- | dns/bind910/Makefile | 230 | ||||
-rw-r--r-- | dns/bind910/distinfo | 2 | ||||
-rw-r--r-- | dns/bind910/files/empty.db | 11 | ||||
-rw-r--r-- | dns/bind910/files/localhost-forward.db | 11 | ||||
-rw-r--r-- | dns/bind910/files/localhost-reverse.db | 13 | ||||
-rw-r--r-- | dns/bind910/files/named.conf.in | 360 | ||||
-rw-r--r-- | dns/bind910/files/named.in | 206 | ||||
-rw-r--r-- | dns/bind910/files/named.root | 92 | ||||
-rw-r--r-- | dns/bind910/files/patch-bin__dnssec__Makefile.in | 17 | ||||
-rw-r--r-- | dns/bind910/files/patch-bin__tests__system__dlzexternal__Makefile.in | 11 | ||||
-rw-r--r-- | dns/bind910/files/patch-lib__dns__include__dns__Makefile.in | 11 | ||||
-rw-r--r-- | dns/bind910/files/patch-lib__isc__include__isc__Makefile.in | 11 | ||||
-rw-r--r-- | dns/bind910/files/patch-lib__isc__unix__include__isc__Makefile.in | 13 | ||||
-rw-r--r-- | dns/bind910/pkg-descr | 24 | ||||
-rw-r--r-- | dns/bind910/pkg-help | 13 | ||||
-rw-r--r-- | dns/bind910/pkg-install | 26 | ||||
-rw-r--r-- | dns/bind910/pkg-message | 18 | ||||
-rw-r--r-- | dns/bind910/pkg-plist | 438 |
18 files changed, 1507 insertions, 0 deletions
diff --git a/dns/bind910/Makefile b/dns/bind910/Makefile new file mode 100644 index 000000000000..d1f455bed983 --- /dev/null +++ b/dns/bind910/Makefile @@ -0,0 +1,230 @@ +# $FreeBSD$ + +PORTNAME= bind +PORTVERSION= 9.10.0rc1 +CATEGORIES= dns net ipv6 +MASTER_SITES= ${MASTER_SITE_ISC} +MASTER_SITE_SUBDIR= bind9/${ISCVERSION} +PKGNAMESUFFIX= 910 +DISTNAME= ${PORTNAME}-${ISCVERSION} + +MAINTAINER= mat@FreeBSD.org +COMMENT= BIND DNS suite with updated DNSSEC and DNS64 + +LICENSE= ISCL + +# ISC releases things like 9.8.0-P1, which our versioning doesn't like +ISCVERSION= 9.10.0rc1 + +MAKE_JOBS_UNSAFE= yes + +LIB_DEPENDS= libxml2.so:${PORTSDIR}/textproc/libxml2 + +GNU_CONFIGURE= yes +CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \ + --disable-symtable \ + --with-randomdev=/dev/random \ + --with-libxml2=${LOCALBASE} \ + --without-python +ETCDIR= ${PREFIX}/etc/namedb + +CONFLICTS= bind9*-9.[456789].* bind9*-sdb-9.[456789].* bind-tools-9.* + +OPTIONS_SUB= yes +OPTIONS_DEFAULT= IPV6 SSL THREADS SIGCHASE IDN +OPTIONS_DEFINE= IDN REPLACE_BASE LARGE_FILE \ + FIXED_RRSET SIGCHASE IPV6 THREADS GSSAPI FILTER_AAAA +OPTIONS_RADIO= CRYPTO +OPTIONS_RADIO_CRYPTO= SSL NATIVE_PKCS11 + +.if !defined(BIND_TOOLS_SLAVE) +OPTIONS_DEFAULT+= RRL +OPTIONS_DEFINE+= LINKS RPZ_NSIP RPZ_NSDNAME RRL DOCS NEWSTATS GEOIP +OPTIONS_GROUP= DLZ +OPTIONS_GROUP_DLZ= DLZ_POSTGRESQL DLZ_MYSQL DLZ_BDB \ + DLZ_LDAP DLZ_FILESYSTEM DLZ_STUB +.endif # BIND_TOOLS_SLAVE + +SSL_DESC= Build with OpenSSL (Required for DNSSEC) +REPLACE_BASE_DESC= Replace base BIND (FreeBSD 9.x and earlier) +LARGE_FILE_DESC= 64-bit file support +FIXED_RRSET_DESC= Enable fixed rrset ordering +SIGCHASE_DESC= dig/host/nslookup will do DNSSEC validation +FILTER_AAAA_DESC= Enable filtering of AAAA records +CRYPTO_DESC= Choose which crypto engine to use +NATIVE_PKCS11_DESC= Use PKCS\#11 native API (**READ HELP**) +GEOIP_DESC= Allow geographically based ACL. + +LINKS_DESC= Create conf file symlinks in ${PREFIX} +NEWSTATS_DESC= Enable alternate xml statistics channel format +RPZ_NSIP_DESC= Enable RPZ NSIP trigger rules +RPZ_NSDNAME_DESC= Enable RPZ NSDNAME policy records +RRL_DESC= Response Rate Limiting +DLZ_DESC= Dynamically Loadable Zones +DLZ_POSTGRESQL_DESC= DLZ Postgres driver +DLZ_MYSQL_DESC= DLZ MySQL driver (no threading) +DLZ_BDB_DESC= DLZ BDB driver +DLZ_LDAP_DESC= DLZ LDAP driver +DLZ_FILESYSTEM_DESC= DLZ filesystem driver +DLZ_STUB_DESC= DLZ stub driver + +.if !defined(BIND_TOOLS_SLAVE) +CONFLICTS+= bind-tools-9.* +.endif # BIND_TOOLS_SLAVE + +SSL_CONFIGURE_ON= --with-openssl=${OPENSSLBASE} +SSL_USE= openssl=yes +SSL_CONFIGURE_OFF= --disable-openssl-version-check --without-openssl + +NEWSTATS_CONFIGURE_ENABLE= newstats + +IDN_USES= iconv +IDN_CONFIGURE_ON= --with-idn=${LOCALBASE} ${ICONV_CONFIGURE_BASE} +IDN_LIB_DEPENDS= libidnkit.so:${PORTSDIR}/dns/idnkit +IDN_CONFIGURE_OFF= --without-idn + +LARGE_FILE_CONFIGURE_ENABLE= largefile + +SIGCHASE_CONFIGURE_ON= STD_CDEFINES="-DDIG_SIGCHASE=1" + +IPV6_CONFIGURE_ENABLE= ipv6 + +FILTER_AAAA_CONFIGURE_ENABLE= filter-aaaa + +NATIVE_PKCS11_CONFIGURE_ENABLE= native-pkcs11 + +GEOIP_CONFIGURE_WITH= geoip +GEOIP_LIB_DEPENDS= libGeoIP.so:${PORTSDIR}/net/GeoIP + +DLZ_POSTGRESQL_CONFIGURE_ON= --with-dlz-postgres=yes +DLZ_POSTGRESQL_USE= pgsql=yes + +FIXED_RRSET_CONFIGURE_ENABLE= fixed-rrset + +RPZ_NSIP_CONFIGURE_ENABLE= rpz-nsip + +RPZ_NSDNAME_CONFIGURE_ENABLE= rpz-nsdname + +RRL_CONFIGURE_ENABLE= rrl + +DLZ_MYSQL_CONFIGURE_ON= --with-dlz-mysql=yes +DLZ_MYSQL_USE= mysql=yes + +DLZ_BDB_CONFIGURE_ON= --with-dlz-bdb=yes +DLZ_BDB_USE= bdb=yes + +DLZ_LDAP_CONFIGURE_ON= --with-dlz-ldap=yes +DLZ_LDAP_USE= openldap=yes + +DLZ_FILESYSTEM_CONFIGURE_ON= --with-dlz-filesystem=yes + +DLZ_STUB_CONFIGURE_ON= --with-dlz-stub=yes + +.if defined(HEIMDAL_HOME) +GSSAPI_CONFIGURE_ON= --with-gssapi=${HEIMDAL_HOME} +GSSAPI_CONFIGURE_OFF= --without-gssapi +.else +GSSAPI_CONFIGURE_WITH= gssapi +.endif + +.include <bsd.port.options.mk> + +.if (${ARCH} == "amd64") +ARCH= x86_64 +.endif + +.if !${PORT_OPTIONS:MLINKS} || ${PORT_OPTIONS:MREPLACE_BASE} +PKGINSTALL=${NONEXISTENT} +.endif + +.if ${PORT_OPTIONS:MTHREADS} && !${PORT_OPTIONS:MDLZ_MYSQL} +CONFIGURE_ARGS+= --enable-threads +.else +CONFIGURE_ARGS+= --disable-threads +.endif + +.if ${PORT_OPTIONS:MREPLACE_BASE} +.if ${OPSYS} == FreeBSD && ${OSVERSION} >= 1000100 +IGNORE= REPLACE_BASE option is not supported on this release +.endif +PKGNAMESUFFIX= -base +PREFIX= /usr +PLIST_SUB+= SHARE_MAN="share/" +NO_MTREE= yes +BIND_DESTETC= /etc/namedb +.else +PLIST_SUB+= SHARE_MAN="" +.if ${OPSYS} == FreeBSD && ${OSVERSION} >= 1000100 +BIND_DESTETC= ${PREFIX}/etc/namedb +PKGINSTALL= ${NONEXISTENT} +.else +BIND_DESTETC= ${PREFIX}/etc +.endif +.endif + +PKGDEINSTALL= ${PKGINSTALL} + +CONFIGURE_ARGS+= --prefix=${PREFIX} \ + --sysconfdir=${BIND_DESTETC} +PLIST_SUB+= BIND_DESTETC="${BIND_DESTETC}" +SUB_LIST+= BIND_DESTETC="${BIND_DESTETC}" + +.if ${OPSYS} == FreeBSD && ${OSVERSION} >= 1000100 +PLIST_SUB+= NOBASE="" BASE="@comment " +USE_RC_SUBR+= named +SUB_FILES+= named.conf +.else +PLIST_SUB+= NOBASE="@comment " BASE="" +.if ${PORT_OPTIONS:MSSL} +WITH_OPENSSL_PORT= yes +.endif +.endif + +.if !defined(BIND_TOOLS_SLAVE) +post-patch: +.for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.1 \ + rndc/rndc.8 + @${MV} ${WRKSRC}/bin/${FILE} ${WRKSRC}/bin/${FILE}.Dist + @${SED} -e 's#/etc/named.conf#${BIND_DESTETC}/named.conf#g' \ + -e 's#/etc/rndc.conf#${BIND_DESTETC}/rndc.conf#g' \ + -e "s#/var\/run\/named\/named.pid#/var/run/named/pid#" \ + ${WRKSRC}/bin/${FILE}.Dist > ${WRKSRC}/bin/${FILE} +.endfor + @${MV} ${WRKSRC}/Makefile.in ${WRKSRC}/Makefile.in.Dist + @${SED} -e 's#.*bind\.keys.*##' ${WRKSRC}/Makefile.in.Dist > \ + ${WRKSRC}/Makefile.in + @${MV} ${WRKSRC}/bin/named/Makefile.in ${WRKSRC}/bin/named/Makefile.in.Dist + @${SED} -e 's/$${PERL}/#/' -e 's/bind.keys.h/#/g' -e 's/bind9.xsl.h/#/g' \ + ${WRKSRC}/bin/named/Makefile.in.Dist > \ + ${WRKSRC}/bin/named/Makefile.in + +.if ${PORT_OPTIONS:MDOCS} +PORTDOCS= * +.endif +post-install: +.if ${PORT_OPTIONS:MDOCS} + ${MKDIR} ${STAGEDIR}${DOCSDIR}/arm ${STAGEDIR}${DOCSDIR}/misc + ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm + ${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/doc/misc/[a-z]* ${STAGEDIR}${DOCSDIR}/misc + ${INSTALL_DATA} ${WRKSRC}/CHANGES ${WRKSRC}/COPYRIGHT ${WRKSRC}/FAQ \ + ${WRKSRC}/HISTORY ${WRKSRC}/README ${STAGEDIR}${DOCSDIR} +.endif + +.if ${OPSYS} == FreeBSD && ${OSVERSION} >= 1000100 + ${MKDIR} ${STAGEDIR}${BIND_DESTETC} +.for i in dynamic master slave working + @${MKDIR} ${STAGEDIR}${BIND_DESTETC}/$i +.endfor + ${INSTALL_DATA} ${WRKDIR}/named.conf ${STAGEDIR}${BIND_DESTETC}/named.conf.sample + ${INSTALL_DATA} ${FILESDIR}/named.root ${STAGEDIR}${BIND_DESTETC} + ${INSTALL_DATA} ${FILESDIR}/empty.db ${STAGEDIR}${BIND_DESTETC}/master + ${INSTALL_DATA} ${FILESDIR}/localhost-forward.db ${STAGEDIR}${BIND_DESTETC}/master + ${INSTALL_DATA} ${FILESDIR}/localhost-reverse.db ${STAGEDIR}${BIND_DESTETC}/master +.endif + ${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \ + ${STAGEDIR}${BIND_DESTETC}/rndc.conf.sample + +.endif # BIND_TOOLS_SLAVE + +.include <bsd.port.mk> diff --git a/dns/bind910/distinfo b/dns/bind910/distinfo new file mode 100644 index 000000000000..690302701065 --- /dev/null +++ b/dns/bind910/distinfo @@ -0,0 +1,2 @@ +SHA256 (bind-9.10.0rc1.tar.gz) = a529d80d4ea474440f079a4f7407e37407387fcf06b81a534ebc9fb8d1c6019a +SIZE (bind-9.10.0rc1.tar.gz) = 8285665 diff --git a/dns/bind910/files/empty.db b/dns/bind910/files/empty.db new file mode 100644 index 000000000000..070f6634825a --- /dev/null +++ b/dns/bind910/files/empty.db @@ -0,0 +1,11 @@ + +; $FreeBSD$ + +$TTL 3h +@ SOA @ nobody.localhost. 42 1d 12h 1w 3h + ; Serial, Refresh, Retry, Expire, Neg. cache TTL + +@ NS @ + +; Silence a BIND warning +@ A 127.0.0.1 diff --git a/dns/bind910/files/localhost-forward.db b/dns/bind910/files/localhost-forward.db new file mode 100644 index 000000000000..9156d2f09978 --- /dev/null +++ b/dns/bind910/files/localhost-forward.db @@ -0,0 +1,11 @@ + +; $FreeBSD$ + +$TTL 3h +localhost. SOA localhost. nobody.localhost. 42 1d 12h 1w 3h + ; Serial, Refresh, Retry, Expire, Neg. cache TTL + + NS localhost. + + A 127.0.0.1 + AAAA ::1 diff --git a/dns/bind910/files/localhost-reverse.db b/dns/bind910/files/localhost-reverse.db new file mode 100644 index 000000000000..ceabe059ba77 --- /dev/null +++ b/dns/bind910/files/localhost-reverse.db @@ -0,0 +1,13 @@ + +; $FreeBSD$ + +$TTL 3h +@ SOA localhost. nobody.localhost. 42 1d 12h 1w 3h + ; Serial, Refresh, Retry, Expire, Neg. cache TTL + + NS localhost. + +1.0.0 PTR localhost. + +1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR localhost. + diff --git a/dns/bind910/files/named.conf.in b/dns/bind910/files/named.conf.in new file mode 100644 index 000000000000..6c3215883552 --- /dev/null +++ b/dns/bind910/files/named.conf.in @@ -0,0 +1,360 @@ +// $FreeBSD$ +// +// Refer to the named.conf(5) and named(8) man pages, and the documentation +// in /usr/share/doc/bind9 for more details. +// +// If you are going to set up an authoritative server, make sure you +// understand the hairy details of how DNS works. Even with +// simple mistakes, you can break connectivity for affected parties, +// or cause huge amounts of useless Internet traffic. + +options { + // All file and path names are relative to the chroot directory, + // if any, and should be fully qualified. + directory "%%BIND_DESTETC%%/working"; + pid-file "/var/run/named/pid"; + dump-file "/var/dump/named_dump.db"; + statistics-file "/var/stats/named.stats"; + +// If named is being used only as a local resolver, this is a safe default. +// For named to be accessible to the network, comment this option, specify +// the proper IP address, or delete this option. + listen-on { 127.0.0.1; }; + +// If you have IPv6 enabled on this system, uncomment this option for +// use as a local resolver. To give access to the network, specify +// an IPv6 address, or the keyword "any". +// listen-on-v6 { ::1; }; + +// These zones are already covered by the empty zones listed below. +// If you remove the related empty zones below, comment these lines out. + disable-empty-zone "255.255.255.255.IN-ADDR.ARPA"; + disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; + disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; + +// If you've got a DNS server around at your upstream provider, enter +// its IP address here, and enable the line below. This will make you +// benefit from its cache, thus reduce overall DNS traffic in the Internet. +/* + forwarders { + 127.0.0.1; + }; +*/ + +// If the 'forwarders' clause is not empty the default is to 'forward first' +// which will fall back to sending a query from your local server if the name +// servers in 'forwarders' do not have the answer. Alternatively you can +// force your name server to never initiate queries of its own by enabling the +// following line: +// forward only; + +// If you wish to have forwarding configured automatically based on +// the entries in /etc/resolv.conf, uncomment the following line and +// set named_auto_forward=yes in /etc/rc.conf. You can also enable +// named_auto_forward_only (the effect of which is described above). +// include "/etc/namedb/auto_forward.conf"; + + /* + Modern versions of BIND use a random UDP port for each outgoing + query by default in order to dramatically reduce the possibility + of cache poisoning. All users are strongly encouraged to utilize + this feature, and to configure their firewalls to accommodate it. + + AS A LAST RESORT in order to get around a restrictive firewall + policy you can try enabling the option below. Use of this option + will significantly reduce your ability to withstand cache poisoning + attacks, and should be avoided if at all possible. + + Replace NNNNN in the example with a number between 49160 and 65530. + */ + // query-source address * port NNNNN; +}; + +// If you enable a local name server, don't forget to enter 127.0.0.1 +// first in your /etc/resolv.conf so this server will be queried. +// Also, make sure to enable it in /etc/rc.conf. + +// The traditional root hints mechanism. Use this, OR the slave zones below. +zone "." { type hint; file "%%BIND_DESTETC%%/named.root"; }; + +/* Slaving the following zones from the root name servers has some + significant advantages: + 1. Faster local resolution for your users + 2. No spurious traffic will be sent from your network to the roots + 3. Greater resilience to any potential root server failure/DDoS + + On the other hand, this method requires more monitoring than the + hints file to be sure that an unexpected failure mode has not + incapacitated your server. Name servers that are serving a lot + of clients will benefit more from this approach than individual + hosts. Use with caution. + + To use this mechanism, uncomment the entries below, and comment + the hint zone above. + + As documented at http://dns.icann.org/services/axfr/ these zones: + "." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and ROOT-SERVERS.NET + are available for AXFR from these servers on IPv4 and IPv6: + xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org +*/ +/* +zone "." { + type slave; + file "/etc/namedb/slave/root.slave"; + masters { + 192.5.5.241; // F.ROOT-SERVERS.NET. + }; + notify no; +}; +zone "arpa" { + type slave; + file "/etc/namedb/slave/arpa.slave"; + masters { + 192.5.5.241; // F.ROOT-SERVERS.NET. + }; + notify no; +}; +*/ + +/* Serving the following zones locally will prevent any queries + for these zones leaving your network and going to the root + name servers. This has two significant advantages: + 1. Faster local resolution for your users + 2. No spurious traffic will be sent from your network to the roots +*/ +// RFCs 1912, 5735 and 6303 (and BCP 32 for localhost) +zone "localhost" { type master; file "%%BIND_DESTETC%%/master/localhost-forward.db"; }; +zone "127.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/localhost-reverse.db"; }; +zone "255.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; + +// RFC 1912-style zone for IPv6 localhost address (RFC 6303) +zone "0.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/localhost-reverse.db"; }; + +// "This" Network (RFCs 1912, 5735 and 6303) +zone "0.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; + +// Private Use Networks (RFCs 1918, 5735 and 6303) +zone "10.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "16.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "17.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "18.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "19.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "20.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "21.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "22.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "23.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "24.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "25.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "26.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "27.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "28.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "29.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "30.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "31.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "168.192.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; + +// Shared Address Space (RFC 6598) +zone "64.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "65.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "66.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "67.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "68.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "69.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "70.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "71.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "72.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "73.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "74.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "75.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "76.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "77.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "78.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "79.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "80.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "81.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "82.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "83.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "84.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "85.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "86.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "87.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "88.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "89.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "90.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "91.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "92.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "93.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "94.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "95.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "96.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "97.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "98.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "99.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "100.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "101.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "102.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "103.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "104.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "105.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "106.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "107.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "108.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "109.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "110.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "111.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "112.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "113.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "114.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "115.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "116.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "117.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "118.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "119.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "120.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "121.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "122.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "123.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "124.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "125.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "126.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "127.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; + +// Link-local/APIPA (RFCs 3927, 5735 and 6303) +zone "254.169.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; + +// IETF protocol assignments (RFCs 5735 and 5736) +zone "0.0.192.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; + +// TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303) +zone "2.0.192.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "100.51.198.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "113.0.203.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; + +// IPv6 Example Range for Documentation (RFCs 3849 and 6303) +zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; + +// Domain Names for Documentation and Testing (BCP 32) +zone "test" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "example" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "invalid" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "example.com" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "example.net" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "example.org" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; + +// Router Benchmark Testing (RFCs 2544 and 5735) +zone "18.198.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "19.198.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; + +// IANA Reserved - Old Class E Space (RFC 5735) +zone "240.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "241.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "242.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "243.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "244.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "245.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "246.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "247.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "248.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "249.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "250.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "251.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "252.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "253.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "254.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; + +// IPv6 Unassigned Addresses (RFC 4291) +zone "1.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "3.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "4.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "5.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "6.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "7.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "8.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "9.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "a.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "b.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "c.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "d.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "e.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "0.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "1.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "2.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "3.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "4.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "5.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "6.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "7.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "8.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "9.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "a.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "b.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "0.e.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "1.e.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "2.e.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "3.e.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "4.e.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "5.e.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "6.e.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "7.e.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; + +// IPv6 ULA (RFCs 4193 and 6303) +zone "c.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "d.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; + +// IPv6 Link Local (RFCs 4291 and 6303) +zone "8.e.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "9.e.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "a.e.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "b.e.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; + +// IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303) +zone "c.e.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "d.e.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "e.e.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; +zone "f.e.f.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; + +// IP6.INT is Deprecated (RFC 4159) +zone "ip6.int" { type master; file "%%BIND_DESTETC%%/master/empty.db"; }; + +// NB: Do not use the IP addresses below, they are faked, and only +// serve demonstration/documentation purposes! +// +// Example slave zone config entries. It can be convenient to become +// a slave at least for the zone your own domain is in. Ask +// your network administrator for the IP address of the responsible +// master name server. +// +// Do not forget to include the reverse lookup zone! +// This is named after the first bytes of the IP address, in reverse +// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6. +// +// Before starting to set up a master zone, make sure you fully +// understand how DNS and BIND work. There are sometimes +// non-obvious pitfalls. Setting up a slave zone is usually simpler. +// +// NB: Don't blindly enable the examples below. :-) Use actual names +// and addresses instead. + +/* An example dynamic zone +key "exampleorgkey" { + algorithm hmac-md5; + secret "sf87HJqjkqh8ac87a02lla=="; +}; +zone "example.org" { + type master; + allow-update { + key "exampleorgkey"; + }; + file "/etc/namedb/dynamic/example.org"; +}; +*/ + +/* Example of a slave reverse zone +zone "1.168.192.in-addr.arpa" { + type slave; + file "/etc/namedb/slave/1.168.192.in-addr.arpa"; + masters { + 192.168.1.1; + }; +}; +*/ diff --git a/dns/bind910/files/named.in b/dns/bind910/files/named.in new file mode 100644 index 000000000000..45371c2b535a --- /dev/null +++ b/dns/bind910/files/named.in @@ -0,0 +1,206 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: named +# REQUIRE: FILESYSTEMS defaultroute +# BEFORE: NETWORKING +# KEYWORD: shutdown + +. /etc/rc.subr + +name=named +rcvar=named_enable + +load_rc_config $name + +extra_commands=reload + +start_precmd=named_prestart +start_postcmd=named_poststart +reload_cmd="${command%/named}/rndc reload" +stop_cmd=named_stop + +named_enable=${named_enable:-"NO"} # Run named, the DNS server (or NO). +named_program=${named_program:-"%%PREFIX%%/sbin/named"} # Path to named, if you want a different one. +named_conf=${named_conf:-"%%BIND_DESTETC%%/named.conf"} # Path to the configuration file +named_flags=${named_flags:-""} # Use this for flags OTHER than -u and -c +named_uid=${named_uid:-"bind"} # User to run named as +named_wait=${named_wait:-"NO"} # Wait for working name service before exiting +named_wait_host=${named_wait_host:-"localhost"} # Hostname to check if named_wait is enabled +named_auto_forward=${named_auto_forward:-"NO"} # Set up forwarders from /etc/resolv.conf +named_auto_forward_only=${named_auto_forward_only:-"NO"} # Do "forward only" instead of "forward first" +%%NATIVE_PKCS11%%named_pkcs11_engine=${named_pkcs11_engine:-""} # Path to the PKCS#11 library to use. +named_confdir="${named_conf%/*}" # Not a configuration directive but makes rclint happy. + +named_poststart() +{ + if checkyesno named_wait; then + until ${command%/sbin/named}/bin/host $named_wait_host >/dev/null 2>&1; do + echo " Waiting for nameserver to resolve $named_wait_host" + sleep 1 + done + fi +} + +find_pidfile() +{ + if get_pidfile_from_conf pid-file $named_conf; then + pidfile="$_pidfile_from_conf" + else + pidfile="/var/run/named/pid" + fi +} + +named_stop() +{ + find_pidfile + + # This duplicates an undesirably large amount of code from the stop + # routine in rc.subr in order to use rndc to shut down the process, + # and to give it a second chance in case rndc fails. + rc_pid=$(check_pidfile $pidfile $command) + if [ -z "$rc_pid" ]; then + [ -n "$rc_fast" ] && return 0 + _run_rc_notrunning + return 1 + fi + echo 'Stopping named.' + if ${command%/named}/rndc stop 2>/dev/null; then + wait_for_pids $rc_pid + else + echo -n 'rndc failed, trying kill: ' + kill -TERM $rc_pid + wait_for_pids $rc_pid + fi +} + +create_file() +{ + if [ -e "$1" ]; then + unlink $1 + fi + install -o root -g wheel -m 0644 /dev/null $1 +} + +named_prestart() +{ + find_pidfile + + if [ -n "$named_pidfile" ]; then + warn 'named_pidfile: now determined from the conf file' + fi + + echo ${pidfile%/pid} + if [ ! -d ${pidfile%/pid} ]; then + install -d -o ${named_uid} -g ${named_uid} ${pidfile%/pid} + fi + + command_args="-u ${named_uid:=root} -c $named_conf $command_args" + +%%NATIVE_PKCS11%% if [ -z "$named_pkcs11_engine"]; then +%%NATIVE_PKCS11%% err 3 "named_pkcs11_engine has to be set to the PKCS#11 engine's library you want to use" +%%NATIVE_PKCS11%% elif [ ! -f $named_pkcs11_engine ]; then +%%NATIVE_PKCS11%% err 3 "named_pkcs11_engine the PKCS#11 engine's library you want to use doesn't exist" +%%NATIVE_PKCS11%% else +%%NATIVE_PKCS11%% command_args="-E $named_pkcs11_engine $command_args" +%%NATIVE_PKCS11%% fi +%%NATIVE_PKCS11%% + local line nsip firstns + + # Create an rndc.key file for the user if none exists + # + confgen_command="${command%/named}/rndc-confgen -a -b256 -u $named_uid \ + -c ${named_confdir}/rndc.key" + if [ -s "${named_confdir}/rndc.conf" ]; then + unset confgen_command + fi + if [ -s "${named_confdir}/rndc.key" ]; then + case `stat -f%Su ${named_confdir}/rndc.key` in + root|$named_uid) ;; + *) $confgen_command ;; + esac + else + $confgen_command + fi + + local checkconf + + checkconf="${command%/named}/named-checkconf" + + # Create a forwarder configuration based on /etc/resolv.conf + if checkyesno named_auto_forward; then + if [ ! -s /etc/resolv.conf ]; then + warn "named_auto_forward enabled, but no /etc/resolv.conf" + + # Empty the file in case it is included in named.conf + [ -s "${named_confdir}/auto_forward.conf" ] && + create_file ${named_confdir}/auto_forward.conf + + $checkconf $named_conf || + err 3 'named-checkconf for $named_conf failed' + return + fi + + create_file /var/run/naf-resolv.conf + create_file /var/run/auto_forward.conf + + echo ' forwarders {' > /var/run/auto_forward.conf + + while read line; do + case "$line" in + 'nameserver '*|'nameserver '*) + nsip=${line##nameserver[ ]} + + if [ -z "$firstns" ]; then + if [ ! "$nsip" = '127.0.0.1' ]; then + echo 'nameserver 127.0.0.1' + echo " ${nsip};" >> /var/run/auto_forward.conf + fi + + firstns=1 + else + [ "$nsip" = '127.0.0.1' ] && continue + echo " ${nsip};" >> /var/run/auto_forward.conf + fi + ;; + esac + + echo $line + done < /etc/resolv.conf > /var/run/naf-resolv.conf + + echo ' };' >> /var/run/auto_forward.conf + echo '' >> /var/run/auto_forward.conf + if checkyesno named_auto_forward_only; then + echo " forward only;" >> /var/run/auto_forward.conf + else + echo " forward first;" >> /var/run/auto_forward.conf + fi + + if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then + unlink /var/run/naf-resolv.conf + else + [ -e /etc/resolv.conf ] && unlink /etc/resolv.conf + mv /var/run/naf-resolv.conf /etc/resolv.conf + fi + + if cmp -s ${named_confdir}/auto_forward.conf \ + /var/run/auto_forward.conf; then + unlink /var/run/auto_forward.conf + else + [ -e "${named_confdir}/auto_forward.conf" ] && + unlink ${named_confdir}/auto_forward.conf + mv /var/run/auto_forward.conf \ + ${named_confdir}/auto_forward.conf + fi + else + # Empty the file in case it is included in named.conf + [ -s "${named_confdir}/auto_forward.conf" ] && + create_file ${named_confdir}/auto_forward.conf + fi + + $checkconf $named_conf || err 3 'named-checkconf for $named_conf failed' +} + +run_rc_command "$1" diff --git a/dns/bind910/files/named.root b/dns/bind910/files/named.root new file mode 100644 index 000000000000..adf5e792138a --- /dev/null +++ b/dns/bind910/files/named.root @@ -0,0 +1,92 @@ +; +; $FreeBSD$ +; + +; This file holds the information on root name servers needed to +; initialize cache of Internet domain name servers +; (e.g. reference this file in the "cache . <file>" +; configuration file of BIND domain name servers). +; +; This file is made available by InterNIC +; under anonymous FTP as +; file /domain/named.cache +; on server FTP.INTERNIC.NET +; -OR- RS.INTERNIC.NET +; +; last update: Jan 3, 2013 +; related version of root zone: 2013010300 +; +; formerly NS.INTERNIC.NET +; +. 3600000 IN NS A.ROOT-SERVERS.NET. +A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 +A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30 +; +; FORMERLY NS1.ISI.EDU +; +. 3600000 NS B.ROOT-SERVERS.NET. +B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 +; +; FORMERLY C.PSI.NET +; +. 3600000 NS C.ROOT-SERVERS.NET. +C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 +; +; FORMERLY TERP.UMD.EDU +; +. 3600000 NS D.ROOT-SERVERS.NET. +D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 +D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D +; +; FORMERLY NS.NASA.GOV +; +. 3600000 NS E.ROOT-SERVERS.NET. +E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 +; +; FORMERLY NS.ISC.ORG +; +. 3600000 NS F.ROOT-SERVERS.NET. +F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 +F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F +; +; FORMERLY NS.NIC.DDN.MIL +; +. 3600000 NS G.ROOT-SERVERS.NET. +G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 +; +; FORMERLY AOS.ARL.ARMY.MIL +; +. 3600000 NS H.ROOT-SERVERS.NET. +H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 +H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235 +; +; FORMERLY NIC.NORDU.NET +; +. 3600000 NS I.ROOT-SERVERS.NET. +I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 +I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53 +; +; OPERATED BY VERISIGN, INC. +; +. 3600000 NS J.ROOT-SERVERS.NET. +J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 +J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30 +; +; OPERATED BY RIPE NCC +; +. 3600000 NS K.ROOT-SERVERS.NET. +K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 +K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1 +; +; OPERATED BY ICANN +; +. 3600000 NS L.ROOT-SERVERS.NET. +L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 +L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 +; +; OPERATED BY WIDE +; +. 3600000 NS M.ROOT-SERVERS.NET. +M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 +M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35 +; End of File diff --git a/dns/bind910/files/patch-bin__dnssec__Makefile.in b/dns/bind910/files/patch-bin__dnssec__Makefile.in new file mode 100644 index 000000000000..c7fc9367ad67 --- /dev/null +++ b/dns/bind910/files/patch-bin__dnssec__Makefile.in @@ -0,0 +1,17 @@ +--- ./bin/dnssec/Makefile.in.orig 2014-04-08 00:02:19.000000000 +0200 ++++ ./bin/dnssec/Makefile.in 2014-04-10 15:49:49.000000000 +0200 +@@ -56,12 +56,12 @@ + + MANPAGES = dnssec-dsfromkey.8 dnssec-keyfromlabel.8 dnssec-keygen.8 \ + dnssec-revoke.8 dnssec-settime.8 dnssec-signzone.8 \ +- dnssec-verify.8 ++ dnssec-verify.8 dnssec-importkey.8 + + HTMLPAGES = dnssec-dsfromkey.html dnssec-keyfromlabel.html \ + dnssec-keygen.html dnssec-revoke.html \ + dnssec-settime.html dnssec-signzone.html \ +- dnssec-verify.html ++ dnssec-verify.html dnssec-importkey.html + + MANOBJS = ${MANPAGES} ${HTMLPAGES} + diff --git a/dns/bind910/files/patch-bin__tests__system__dlzexternal__Makefile.in b/dns/bind910/files/patch-bin__tests__system__dlzexternal__Makefile.in new file mode 100644 index 000000000000..a86155aeaf74 --- /dev/null +++ b/dns/bind910/files/patch-bin__tests__system__dlzexternal__Makefile.in @@ -0,0 +1,11 @@ +--- ./bin/tests/system/dlzexternal/Makefile.in.orig 2014-04-08 00:02:19.000000000 +0200 ++++ ./bin/tests/system/dlzexternal/Makefile.in 2014-04-10 15:49:49.000000000 +0200 +@@ -43,7 +43,7 @@ + @BIND9_MAKE_RULES@ + + CFLAGS = @CFLAGS@ @SO_CFLAGS@ +-SO_LDFLAGS = @LDFLAGS@ @SO_LDFLAGS@ ++SO_LDFLAGS = @SO_LDFLAGS@ + + dlopen@EXEEXT@: ${DLOPENOBJS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} \ diff --git a/dns/bind910/files/patch-lib__dns__include__dns__Makefile.in b/dns/bind910/files/patch-lib__dns__include__dns__Makefile.in new file mode 100644 index 000000000000..5c4f545d14f4 --- /dev/null +++ b/dns/bind910/files/patch-lib__dns__include__dns__Makefile.in @@ -0,0 +1,11 @@ +--- ./lib/dns/include/dns/Makefile.in.orig 2014-04-08 00:02:19.000000000 +0200 ++++ ./lib/dns/include/dns/Makefile.in 2014-04-10 15:49:49.000000000 +0200 +@@ -28,7 +28,7 @@ + ecdb.h events.h fixedname.h forward.h geoip.h iptable.h \ + journal.h keydata.h keyflags.h keytable.h keyvalues.h \ + lib.h lookup.h log.h master.h masterdump.h message.h \ +- name.h nsec3.h ncache.h nsec.h opcode.h \ ++ name.h ncache.h nsec.h nsec3.h opcode.h order.h \ + peer.h portlist.h private.h \ + rbt.h rcode.h rdata.h rdataclass.h rdatalist.h \ + rdataset.h rdatasetiter.h rdataslab.h rdatatype.h request.h \ diff --git a/dns/bind910/files/patch-lib__isc__include__isc__Makefile.in b/dns/bind910/files/patch-lib__isc__include__isc__Makefile.in new file mode 100644 index 000000000000..27f7e0a9af56 --- /dev/null +++ b/dns/bind910/files/patch-lib__isc__include__isc__Makefile.in @@ -0,0 +1,11 @@ +--- ./lib/isc/include/isc/Makefile.in.orig 2014-04-08 00:02:19.000000000 +0200 ++++ ./lib/isc/include/isc/Makefile.in 2014-04-10 15:49:49.000000000 +0200 +@@ -32,7 +32,7 @@ + eventclass.h file.h formatcheck.h fsaccess.h \ + hash.h heap.h hex.h hmacmd5.h hmacsha.h httpd.h \ + interfaceiter.h @ISC_IPV6_H@ iterated_hash.h json.h \ +- keyboard.h lang.h lex.h lfsr.h lib.h list.h log.h \ ++ lang.h lex.h lfsr.h lib.h list.h log.h \ + magic.h md5.h mem.h msgcat.h msgs.h mutexblock.h \ + netaddr.h netscope.h ondestroy.h os.h parseint.h \ + pool.h portset.h print.h queue.h quota.h \ diff --git a/dns/bind910/files/patch-lib__isc__unix__include__isc__Makefile.in b/dns/bind910/files/patch-lib__isc__unix__include__isc__Makefile.in new file mode 100644 index 000000000000..31ae1a8aeb84 --- /dev/null +++ b/dns/bind910/files/patch-lib__isc__unix__include__isc__Makefile.in @@ -0,0 +1,13 @@ +--- ./lib/isc/unix/include/isc/Makefile.in.orig 2014-04-08 00:02:19.000000000 +0200 ++++ ./lib/isc/unix/include/isc/Makefile.in 2014-04-10 15:49:49.000000000 +0200 +@@ -21,8 +21,8 @@ + + @BIND9_VERSION@ + +-HEADERS = dir.h int.h net.h netdb.h offset.h stat.h stdtime.h \ +- strerror.h syslog.h time.h ++HEADERS = dir.h int.h keyboard.h net.h netdb.h offset.h stat.h \ ++ stdtime.h strerror.h syslog.h time.h + + SUBDIRS = + TARGETS = diff --git a/dns/bind910/pkg-descr b/dns/bind910/pkg-descr new file mode 100644 index 000000000000..6770ab894d3a --- /dev/null +++ b/dns/bind910/pkg-descr @@ -0,0 +1,24 @@ +BIND version 9 is a major rewrite of nearly all aspects of the underlying BIND +architecture. Some of the important features of BIND 9 are: + +DNS Security: DNSSEC (signed zones), TSIG (signed DNS requests) +IP version 6: Answers DNS queries on IPv6 sockets, IPv6 resource records (AAAA) + Experimental IPv6 Resolver Library +DNS Protocol Enhancements: IXFR, DDNS, Notify, EDNS0 + Improved standards conformance +Views: One server process can provide multiple "views" of the DNS namespace, + e.g. an "inside" view to certain clients, and an "outside" view to others. +Multiprocessor Support + +BIND 9.9 includes a number of changes from BIND 9.8 and earlier releases, +including: + NXDOMAIN redirection + Improved startup and reconfiguration time, especially with large + numbers of authoritative zones + New "inline-signing" option, allows named to sign zones completely + transparently, including static zones + Many other new features, especially for DNSSEC + +See the CHANGES file for more information on features. + +WWW: https://www.isc.org/software/bind diff --git a/dns/bind910/pkg-help b/dns/bind910/pkg-help new file mode 100644 index 000000000000..7d1aac91087a --- /dev/null +++ b/dns/bind910/pkg-help @@ -0,0 +1,13 @@ +When using the NATIVE_PKCS11 option, BIND will use the PKCS#11 +engine specified by the named_pkcss11_engine variable in +/etc/rc.conf for *all* crypto operations. + +This is primarily intended to be used in an authoritative +case. + +If BIND will also be operating as a validating resolver, +NATIVE_PKCS11 should not be used, because the HSM will be +used for DNSSEC validations, and the HSM is likely to be +slower than the CPU for this purpose. Additionally, the HSM +might not support all of the PKCS#11 API functions needed +for signature verification. diff --git a/dns/bind910/pkg-install b/dns/bind910/pkg-install new file mode 100644 index 000000000000..df1fc8ad7639 --- /dev/null +++ b/dns/bind910/pkg-install @@ -0,0 +1,26 @@ +#!/bin/sh + +if [ "$2" = 'POST-INSTALL' ] +then + /bin/mkdir -p /var/named${PKG_PREFIX}/etc +fi + +for DIR in ${PKG_PREFIX}/etc /var/named${PKG_PREFIX}/etc; do + for FILE in named.conf rndc.key; do + if [ "$2" = 'POST-INSTALL' ] + then + /bin/ln -sf /etc/namedb/${FILE} ${DIR}/${FILE} + fi + if [ "$2" = 'POST-DEINSTALL' ] + then + [ -L ${DIR}/${FILE} ] && rm -f ${DIR}/${FILE} + fi + done +done + +if [ "$2" = 'POST-DEINSTALL' ] +then + cd /var/named && /bin/rmdir -p ./${PKG_PREFIX}/etc > /dev/null 2>&1 || : +fi + +exit 0 diff --git a/dns/bind910/pkg-message b/dns/bind910/pkg-message new file mode 100644 index 000000000000..bb713abdd1d3 --- /dev/null +++ b/dns/bind910/pkg-message @@ -0,0 +1,18 @@ +************************************************************************* +* _ _____ _____ _____ _ _ _____ ___ ___ _ _ * +* / \|_ _|_ _| ____| \ | |_ _|_ _/ _ \| \ | | * +* / _ \ | | | | | _| | \| | | | | | | | | \| | * +* / ___ \| | | | | |___| |\ | | | | | |_| | |\ | * +* /_/ \_\_| |_| |_____|_| \_| |_| |___\___/|_| \_| * +* * +* If you are running BIND 9 in a chroot environment, make * +* sure that there is a /dev/random device in the chroot. * +* * +* BIND 9 also requires configuration of rndc, including a * +* "secret" key. The easiest, and most secure way to configure * +* rndc is to run 'rndc-confgen -a' to generate the proper conf * +* file, with a new random key, and appropriate file permissions. * +* * +* The /etc/rc.d/named script in the base will do both for you. * +* * +************************************************************************* diff --git a/dns/bind910/pkg-plist b/dns/bind910/pkg-plist new file mode 100644 index 000000000000..ad6018aacff5 --- /dev/null +++ b/dns/bind910/pkg-plist @@ -0,0 +1,438 @@ +bin/bind9-config +bin/delve +bin/dig +bin/host +bin/isc-config.sh +bin/nslookup +bin/nsupdate +include/bind9/check.h +include/bind9/getaddresses.h +include/bind9/version.h +include/dns/acache.h +include/dns/acl.h +include/dns/adb.h +include/dns/bit.h +include/dns/byaddr.h +include/dns/cache.h +include/dns/callbacks.h +include/dns/cert.h +include/dns/client.h +include/dns/clientinfo.h +include/dns/compress.h +include/dns/db.h +include/dns/dbiterator.h +include/dns/dbtable.h +include/dns/diff.h +include/dns/dispatch.h +include/dns/dlz.h +include/dns/dlz_dlopen.h +include/dns/dns64.h +include/dns/dnssec.h +include/dns/ds.h +include/dns/dsdigest.h +include/dns/ecdb.h +include/dns/enumclass.h +include/dns/enumtype.h +include/dns/events.h +include/dns/fixedname.h +include/dns/forward.h +include/dns/geoip.h +include/dns/iptable.h +include/dns/journal.h +include/dns/keydata.h +include/dns/keyflags.h +include/dns/keytable.h +include/dns/keyvalues.h +include/dns/lib.h +include/dns/log.h +include/dns/lookup.h +include/dns/master.h +include/dns/masterdump.h +include/dns/message.h +include/dns/name.h +include/dns/ncache.h +include/dns/nsec.h +include/dns/nsec3.h +include/dns/opcode.h +include/dns/order.h +include/dns/peer.h +include/dns/portlist.h +include/dns/private.h +include/dns/rbt.h +include/dns/rcode.h +include/dns/rdata.h +include/dns/rdataclass.h +include/dns/rdatalist.h +include/dns/rdataset.h +include/dns/rdatasetiter.h +include/dns/rdataslab.h +include/dns/rdatastruct.h +include/dns/rdatatype.h +include/dns/request.h +include/dns/resolver.h +include/dns/result.h +include/dns/rootns.h +include/dns/rpz.h +include/dns/rriterator.h +include/dns/rrl.h +include/dns/sdb.h +include/dns/sdlz.h +include/dns/secalg.h +include/dns/secproto.h +include/dns/soa.h +include/dns/ssu.h +include/dns/stats.h +include/dns/tcpmsg.h +include/dns/time.h +include/dns/timer.h +include/dns/tkey.h +include/dns/tsec.h +include/dns/tsig.h +include/dns/ttl.h +include/dns/types.h +include/dns/update.h +include/dns/validator.h +include/dns/version.h +include/dns/view.h +include/dns/xfrin.h +include/dns/zone.h +include/dns/zonekey.h +include/dns/zt.h +include/dst/dst.h +include/dst/gssapi.h +include/dst/lib.h +include/dst/result.h +include/irs/context.h +include/irs/dnsconf.h +include/irs/netdb.h +include/irs/platform.h +include/irs/resconf.h +include/irs/types.h +include/irs/version.h +include/isc/aes.h +include/isc/app.h +include/isc/assertions.h +include/isc/atomic.h +include/isc/backtrace.h +include/isc/base32.h +include/isc/base64.h +include/isc/bind9.h +include/isc/boolean.h +include/isc/buffer.h +include/isc/bufferlist.h +include/isc/commandline.h +include/isc/condition.h +include/isc/crc64.h +include/isc/dir.h +include/isc/entropy.h +include/isc/error.h +include/isc/event.h +include/isc/eventclass.h +include/isc/file.h +include/isc/formatcheck.h +include/isc/fsaccess.h +include/isc/hash.h +include/isc/heap.h +include/isc/hex.h +include/isc/hmacmd5.h +include/isc/hmacsha.h +include/isc/httpd.h +include/isc/int.h +include/isc/interfaceiter.h +include/isc/iterated_hash.h +include/isc/json.h +include/isc/keyboard.h +include/isc/lang.h +include/isc/lex.h +include/isc/lfsr.h +include/isc/lib.h +include/isc/list.h +include/isc/log.h +include/isc/magic.h +include/isc/md5.h +include/isc/mem.h +include/isc/msgcat.h +include/isc/msgs.h +include/isc/mutex.h +include/isc/mutexblock.h +include/isc/net.h +include/isc/netaddr.h +include/isc/netdb.h +include/isc/netscope.h +include/isc/offset.h +include/isc/once.h +include/isc/ondestroy.h +include/isc/os.h +include/isc/parseint.h +include/isc/platform.h +include/isc/pool.h +include/isc/portset.h +include/isc/print.h +include/isc/queue.h +include/isc/quota.h +include/isc/radix.h +include/isc/random.h +include/isc/ratelimiter.h +include/isc/refcount.h +include/isc/regex.h +include/isc/region.h +include/isc/resource.h +include/isc/result.h +include/isc/resultclass.h +include/isc/rwlock.h +include/isc/safe.h +include/isc/serial.h +include/isc/sha1.h +include/isc/sha2.h +include/isc/sockaddr.h +include/isc/socket.h +include/isc/stat.h +include/isc/stats.h +include/isc/stdio.h +include/isc/stdlib.h +include/isc/stdtime.h +include/isc/strerror.h +include/isc/string.h +include/isc/symtab.h +include/isc/syslog.h +include/isc/task.h +include/isc/taskpool.h +include/isc/thread.h +include/isc/time.h +include/isc/timer.h +include/isc/tm.h +include/isc/types.h +include/isc/util.h +include/isc/version.h +include/isc/xml.h +include/isccc/alist.h +include/isccc/base64.h +include/isccc/cc.h +include/isccc/ccmsg.h +include/isccc/events.h +include/isccc/lib.h +include/isccc/result.h +include/isccc/sexpr.h +include/isccc/symtab.h +include/isccc/symtype.h +include/isccc/types.h +include/isccc/util.h +include/isccc/version.h +include/isccfg/aclconf.h +include/isccfg/cfg.h +include/isccfg/dnsconf.h +include/isccfg/grammar.h +include/isccfg/log.h +include/isccfg/namedconf.h +include/isccfg/version.h +include/lwres/context.h +include/lwres/int.h +include/lwres/ipv6.h +include/lwres/lang.h +include/lwres/list.h +include/lwres/lwbuffer.h +include/lwres/lwpacket.h +include/lwres/lwres.h +include/lwres/net.h +include/lwres/netdb.h +include/lwres/platform.h +include/lwres/result.h +include/lwres/stdlib.h +include/lwres/version.h +include/pk11/constants.h +include/pk11/internal.h +include/pk11/pk11.h +include/pk11/result.h +include/pkcs11/cryptoki.h +include/pkcs11/pkcs11.h +include/pkcs11/pkcs11f.h +include/pkcs11/pkcs11t.h +lib/libbind9.a +lib/libdns.a +lib/libirs.a +lib/libisc.a +lib/libisccc.a +lib/libisccfg.a +lib/liblwres.a +%%SHARE_MAN%%man/man1/arpaname.1.gz +%%SHARE_MAN%%man/man1/bind9-config.1.gz +%%SHARE_MAN%%man/man1/delve.1.gz +%%SHARE_MAN%%man/man1/dig.1.gz +%%SHARE_MAN%%man/man1/host.1.gz +%%SHARE_MAN%%man/man1/isc-config.sh.1.gz +%%SHARE_MAN%%man/man1/named-rrchecker.1.gz +%%SHARE_MAN%%man/man1/nslookup.1.gz +%%SHARE_MAN%%man/man1/nsupdate.1.gz +%%SHARE_MAN%%man/man3/lwres.3.gz +%%SHARE_MAN%%man/man3/lwres_addr_parse.3.gz +%%SHARE_MAN%%man/man3/lwres_buffer.3.gz +%%SHARE_MAN%%man/man3/lwres_buffer_add.3.gz +%%SHARE_MAN%%man/man3/lwres_buffer_back.3.gz +%%SHARE_MAN%%man/man3/lwres_buffer_clear.3.gz +%%SHARE_MAN%%man/man3/lwres_buffer_first.3.gz +%%SHARE_MAN%%man/man3/lwres_buffer_forward.3.gz +%%SHARE_MAN%%man/man3/lwres_buffer_getmem.3.gz +%%SHARE_MAN%%man/man3/lwres_buffer_getuint16.3.gz +%%SHARE_MAN%%man/man3/lwres_buffer_getuint32.3.gz +%%SHARE_MAN%%man/man3/lwres_buffer_getuint8.3.gz +%%SHARE_MAN%%man/man3/lwres_buffer_init.3.gz +%%SHARE_MAN%%man/man3/lwres_buffer_invalidate.3.gz +%%SHARE_MAN%%man/man3/lwres_buffer_putmem.3.gz +%%SHARE_MAN%%man/man3/lwres_buffer_putuint16.3.gz +%%SHARE_MAN%%man/man3/lwres_buffer_putuint32.3.gz +%%SHARE_MAN%%man/man3/lwres_buffer_putuint8.3.gz +%%SHARE_MAN%%man/man3/lwres_buffer_subtract.3.gz +%%SHARE_MAN%%man/man3/lwres_conf_clear.3.gz +%%SHARE_MAN%%man/man3/lwres_conf_get.3.gz +%%SHARE_MAN%%man/man3/lwres_conf_init.3.gz +%%SHARE_MAN%%man/man3/lwres_conf_parse.3.gz +%%SHARE_MAN%%man/man3/lwres_conf_print.3.gz +%%SHARE_MAN%%man/man3/lwres_config.3.gz +%%SHARE_MAN%%man/man3/lwres_context.3.gz +%%SHARE_MAN%%man/man3/lwres_context_allocmem.3.gz +%%SHARE_MAN%%man/man3/lwres_context_create.3.gz +%%SHARE_MAN%%man/man3/lwres_context_destroy.3.gz +%%SHARE_MAN%%man/man3/lwres_context_freemem.3.gz +%%SHARE_MAN%%man/man3/lwres_context_initserial.3.gz +%%SHARE_MAN%%man/man3/lwres_context_nextserial.3.gz +%%SHARE_MAN%%man/man3/lwres_context_sendrecv.3.gz +%%SHARE_MAN%%man/man3/lwres_endhostent.3.gz +%%SHARE_MAN%%man/man3/lwres_endhostent_r.3.gz +%%SHARE_MAN%%man/man3/lwres_freeaddrinfo.3.gz +%%SHARE_MAN%%man/man3/lwres_freehostent.3.gz +%%SHARE_MAN%%man/man3/lwres_gabn.3.gz +%%SHARE_MAN%%man/man3/lwres_gabnrequest_free.3.gz +%%SHARE_MAN%%man/man3/lwres_gabnrequest_parse.3.gz +%%SHARE_MAN%%man/man3/lwres_gabnrequest_render.3.gz +%%SHARE_MAN%%man/man3/lwres_gabnresponse_free.3.gz +%%SHARE_MAN%%man/man3/lwres_gabnresponse_parse.3.gz +%%SHARE_MAN%%man/man3/lwres_gabnresponse_render.3.gz +%%SHARE_MAN%%man/man3/lwres_gai_strerror.3.gz +%%SHARE_MAN%%man/man3/lwres_getaddrinfo.3.gz +%%SHARE_MAN%%man/man3/lwres_getaddrsbyname.3.gz +%%SHARE_MAN%%man/man3/lwres_gethostbyaddr.3.gz +%%SHARE_MAN%%man/man3/lwres_gethostbyaddr_r.3.gz +%%SHARE_MAN%%man/man3/lwres_gethostbyname.3.gz +%%SHARE_MAN%%man/man3/lwres_gethostbyname2.3.gz +%%SHARE_MAN%%man/man3/lwres_gethostbyname_r.3.gz +%%SHARE_MAN%%man/man3/lwres_gethostent.3.gz +%%SHARE_MAN%%man/man3/lwres_gethostent_r.3.gz +%%SHARE_MAN%%man/man3/lwres_getipnode.3.gz +%%SHARE_MAN%%man/man3/lwres_getipnodebyaddr.3.gz +%%SHARE_MAN%%man/man3/lwres_getipnodebyname.3.gz +%%SHARE_MAN%%man/man3/lwres_getnamebyaddr.3.gz +%%SHARE_MAN%%man/man3/lwres_getnameinfo.3.gz +%%SHARE_MAN%%man/man3/lwres_getrrsetbyname.3.gz +%%SHARE_MAN%%man/man3/lwres_gnba.3.gz +%%SHARE_MAN%%man/man3/lwres_gnbarequest_free.3.gz +%%SHARE_MAN%%man/man3/lwres_gnbarequest_parse.3.gz +%%SHARE_MAN%%man/man3/lwres_gnbarequest_render.3.gz +%%SHARE_MAN%%man/man3/lwres_gnbaresponse_free.3.gz +%%SHARE_MAN%%man/man3/lwres_gnbaresponse_parse.3.gz +%%SHARE_MAN%%man/man3/lwres_gnbaresponse_render.3.gz +%%SHARE_MAN%%man/man3/lwres_herror.3.gz +%%SHARE_MAN%%man/man3/lwres_hstrerror.3.gz +%%SHARE_MAN%%man/man3/lwres_inetntop.3.gz +%%SHARE_MAN%%man/man3/lwres_lwpacket_parseheader.3.gz +%%SHARE_MAN%%man/man3/lwres_lwpacket_renderheader.3.gz +%%SHARE_MAN%%man/man3/lwres_net_ntop.3.gz +%%SHARE_MAN%%man/man3/lwres_noop.3.gz +%%SHARE_MAN%%man/man3/lwres_nooprequest_free.3.gz +%%SHARE_MAN%%man/man3/lwres_nooprequest_parse.3.gz +%%SHARE_MAN%%man/man3/lwres_nooprequest_render.3.gz +%%SHARE_MAN%%man/man3/lwres_noopresponse_free.3.gz +%%SHARE_MAN%%man/man3/lwres_noopresponse_parse.3.gz +%%SHARE_MAN%%man/man3/lwres_noopresponse_render.3.gz +%%SHARE_MAN%%man/man3/lwres_packet.3.gz +%%SHARE_MAN%%man/man3/lwres_resutil.3.gz +%%SHARE_MAN%%man/man3/lwres_sethostent.3.gz +%%SHARE_MAN%%man/man3/lwres_sethostent_r.3.gz +%%SHARE_MAN%%man/man3/lwres_string_parse.3.gz +%%SHARE_MAN%%man/man5/named.conf.5.gz +%%SHARE_MAN%%man/man5/rndc.conf.5.gz +%%SHARE_MAN%%man/man8/ddns-confgen.8.gz +%%SHARE_MAN%%man/man8/dnssec-dsfromkey.8.gz +%%SHARE_MAN%%man/man8/dnssec-importkey.8.gz +%%SHARE_MAN%%man/man8/dnssec-keyfromlabel.8.gz +%%SHARE_MAN%%man/man8/dnssec-keygen.8.gz +%%SHARE_MAN%%man/man8/dnssec-revoke.8.gz +%%SHARE_MAN%%man/man8/dnssec-settime.8.gz +%%SHARE_MAN%%man/man8/dnssec-signzone.8.gz +%%SHARE_MAN%%man/man8/dnssec-verify.8.gz +%%SHARE_MAN%%man/man8/genrandom.8.gz +%%SHARE_MAN%%man/man8/isc-hmac-fixup.8.gz +%%SHARE_MAN%%man/man8/lwresd.8.gz +%%SHARE_MAN%%man/man8/named-checkconf.8.gz +%%SHARE_MAN%%man/man8/named-checkzone.8.gz +%%SHARE_MAN%%man/man8/named-compilezone.8.gz +%%SHARE_MAN%%man/man8/named-journalprint.8.gz +%%SHARE_MAN%%man/man8/named.8.gz +%%SHARE_MAN%%man/man8/nsec3hash.8.gz +%%SHARE_MAN%%man/man8/tsig-keygen.8.gz +%%NATIVE_PKCS11%%%%SHARE_MAN%%man/man8/pkcs11-destroy.8.gz +%%NATIVE_PKCS11%%%%SHARE_MAN%%man/man8/pkcs11-keygen.8.gz +%%NATIVE_PKCS11%%%%SHARE_MAN%%man/man8/pkcs11-list.8.gz +%%NATIVE_PKCS11%%%%SHARE_MAN%%man/man8/pkcs11-tokens.8.gz +%%SHARE_MAN%%man/man8/rndc-confgen.8.gz +%%SHARE_MAN%%man/man8/rndc.8.gz +sbin/arpaname +sbin/ddns-confgen +sbin/dnssec-dsfromkey +sbin/dnssec-importkey +sbin/dnssec-keyfromlabel +sbin/dnssec-keygen +sbin/dnssec-revoke +sbin/dnssec-settime +sbin/dnssec-signzone +sbin/dnssec-verify +sbin/genrandom +sbin/isc-hmac-fixup +sbin/lwresd +sbin/named +sbin/named-checkconf +sbin/named-checkzone +sbin/named-compilezone +sbin/named-journalprint +sbin/named-rrchecker +sbin/nsec3hash +%%NATIVE_PKCS11%%sbin/pkcs11-destroy +%%NATIVE_PKCS11%%sbin/pkcs11-keygen +%%NATIVE_PKCS11%%sbin/pkcs11-list +%%NATIVE_PKCS11%%sbin/pkcs11-tokens +sbin/rndc +sbin/rndc-confgen +sbin/tsig-keygen +%%BASE%%@unexec rm -f %%BIND_DESTETC%%/rndc.conf.sample +%%NOBASE%%@unexec if cmp -s %D/%%ETCDIR%%/rndc.conf.sample %D/%%ETCDIR%%/rndc.conf; then rm -f %D/%%ETCDIR%%/rndc.conf; fi +%%NOBASE%%%%ETCDIR%%/rndc.conf.sample +%%NOBASE%%@exec if [ ! -f %D/%%ETCDIR%%/rndc.conf ] ; then cp -p %D/%F %B/rndc.conf; fi +%%NOBASE%%@unexec if cmp -s %D/%%ETCDIR%%/named.conf.sample %D/%%ETCDIR%%/named.conf; then rm -f %D/%%ETCDIR%%/named.conf; fi +%%NOBASE%%%%ETCDIR%%/named.conf.sample +%%NOBASE%%@exec if [ ! -f %D/%%ETCDIR%%/named.conf ] ; then cp -p %D/%F %B/named.conf; fi +%%NOBASE%%%%ETCDIR%%/named.root +%%NOBASE%%%%ETCDIR%%/master/empty.db +%%NOBASE%%%%ETCDIR%%/master/localhost-forward.db +%%NOBASE%%%%ETCDIR%%/master/localhost-reverse.db +%%NOBASE%%@exec mkdir -p %D/%%ETCDIR%%/dynamic +%%NOBASE%%@exec chown bind:bind %D/%%ETCDIR%%/dynamic +%%NOBASE%%@dirrmtry %%ETCDIR%%/dynamic +%%NOBASE%%@exec mkdir -p %D/%%ETCDIR%%/master +%%NOBASE%%@exec chown bind:bind %D/%%ETCDIR%%/master +%%NOBASE%%@dirrmtry %%ETCDIR%%/master +%%NOBASE%%@exec mkdir -p %D/%%ETCDIR%%/slave +%%NOBASE%%@exec chown bind:bind %D/%%ETCDIR%%/slave +%%NOBASE%%@dirrmtry %%ETCDIR%%/slave +%%NOBASE%%@exec mkdir -p %D/%%ETCDIR%%/working +%%NOBASE%%@exec chown bind:bind %D/%%ETCDIR%%/working +%%NOBASE%%@dirrmtry %%ETCDIR%%/working +%%NOBASE%%@dirrmtry %%ETCDIR%% +@dirrm include/pkcs11 +@dirrm include/pk11 +@dirrm include/lwres +@dirrm include/isccfg +@dirrm include/isccc +@dirrmtry include/isc +@dirrm include/irs +@dirrm include/dst +@dirrm include/dns +@dirrm include/bind9 |