diff options
| author | rene <rene@FreeBSD.org> | 2018-07-04 20:57:28 +0800 |
|---|---|---|
| committer | rene <rene@FreeBSD.org> | 2018-07-04 20:57:28 +0800 |
| commit | d33265daf3751d61f6884a69754445394730ab5c (patch) | |
| tree | 46be211820871b247afed57b16aac2930010ba22 /dns | |
| parent | baf19360982068e6722ed7dfba22ed965e1df9b3 (diff) | |
| download | freebsd-ports-gnome-d33265daf3751d61f6884a69754445394730ab5c.tar.gz freebsd-ports-gnome-d33265daf3751d61f6884a69754445394730ab5c.tar.zst freebsd-ports-gnome-d33265daf3751d61f6884a69754445394730ab5c.zip | |
Remove expired ports:
2018-06-30 dns/bind99: Going out of support, please migrate to dns/bind911
2018-06-30 dns/bind910: Going out of support, please migrate to dns/bind911
Diffstat (limited to 'dns')
38 files changed, 0 insertions, 3994 deletions
diff --git a/dns/Makefile b/dns/Makefile index c064bad002a2..e17816928054 100644 --- a/dns/Makefile +++ b/dns/Makefile @@ -10,11 +10,9 @@ SUBDIR += axfr2acl SUBDIR += bind-tools SUBDIR += bind9-devel - SUBDIR += bind910 SUBDIR += bind911 SUBDIR += bind912 SUBDIR += bind913 - SUBDIR += bind99 SUBDIR += bindgraph SUBDIR += bundy SUBDIR += c-ares diff --git a/dns/bind910/Makefile b/dns/bind910/Makefile deleted file mode 100644 index f5d9fb64cc36..000000000000 --- a/dns/bind910/Makefile +++ /dev/null @@ -1,246 +0,0 @@ -# $FreeBSD$ -# pkg-help formatted with fmt 59 63 - -PORTNAME= bind -PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/} -PORTREVISION= 2 -CATEGORIES= dns net ipv6 -MASTER_SITES= ISC/bind9/${ISCVERSION} -PKGNAMESUFFIX= 910 -DISTNAME= ${PORTNAME}-${ISCVERSION} - -MAINTAINER= mat@FreeBSD.org -COMMENT= BIND DNS suite with updated DNSSEC and DNS64 - -LICENSE= ISCL -LICENSE_FILE= ${WRKSRC}/COPYRIGHT - -DEPRECATED= Going out of support, please migrate to dns/bind911 -EXPIRATION_DATE= 2018-06-30 - -# ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.10.7 - -USES= cpe libedit - -CPE_VENDOR= isc -CPE_VERSION= ${ISCVERSION:C/-.*//} -.if ${ISCVERSION:M*-*} -CPE_UPDATE= ${ISCVERSION:C/.*-//:tl} -.endif - -LIB_DEPENDS= libxml2.so:textproc/libxml2 - -GNU_CONFIGURE= yes -CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \ - --disable-symtable \ - --with-randomdev=/dev/random \ - --with-libxml2=${LOCALBASE} \ - --with-readline="-L${LOCALBASE}/lib -ledit" \ - --with-dlopen=yes \ - --sysconfdir=${ETCDIR} -ETCDIR= ${PREFIX}/etc/namedb - -CONFLICTS= bind-tools bind99 bind911 bind912 bind913 bind9-devel - -SUB_FILES= pkg-message named.conf -USE_RC_SUBR= named - -MAKE_JOBS_UNSAFE= yes - -PORTDOCS= * - -OPTIONS_DEFAULT= SSL THREADS SIGCHASE IDN GSSAPI_NONE JSON \ - DLZ_FILESYSTEM RPZ_NSIP RPZ_NSDNAME PYTHON FILTER_AAAA -OPTIONS_DEFINE= IDN LARGE_FILE PYTHON JSON \ - FIXED_RRSET SIGCHASE IPV6 THREADS FILTER_AAAA \ - RPZ_NSIP RPZ_NSDNAME DOCS GEOIP \ - MINCACHE PORTREVISION FETCHLIMIT QUERYTRACE \ - START_LATE TUNING_LARGE - -OPTIONS_RADIO= CRYPTO GOSTDEF -OPTIONS_RADIO_CRYPTO= SSL NATIVE_PKCS11 -OPTIONS_RADIO_GOSTDEF= GOST GOST_ASN1 - -OPTIONS_GROUP= DLZ -OPTIONS_GROUP_DLZ= DLZ_POSTGRESQL DLZ_MYSQL DLZ_BDB \ - DLZ_LDAP DLZ_FILESYSTEM DLZ_STUB -OPTIONS_SINGLE= GSSAPI -OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE - -OPTIONS_SUB= yes - -CRYPTO_DESC= Choose which crypto engine to use -DLZ_BDB_DESC= DLZ BDB driver -DLZ_DESC= Dynamically Loadable Zones -DLZ_FILESYSTEM_DESC= DLZ filesystem driver -DLZ_LDAP_DESC= DLZ LDAP driver -DLZ_MYSQL_DESC= DLZ MySQL driver (no threading) -DLZ_POSTGRESQL_DESC= DLZ Postgres driver -DLZ_STUB_DESC= DLZ stub driver -FETCHLIMIT_DESC= Enable the query quotas for resolvers -FILTER_AAAA_DESC= Enable filtering of AAAA records -FIXED_RRSET_DESC= Enable fixed rrset ordering -GEOIP_DESC= Allow geographically based ACL. -GOSTDEF_DESC= Enable GOST ciphers, needs SSL -GOST_ASN1_DESC= GOST using ASN.1 -GOST_DESC= GOST raw keys (new default) -GSSAPI_BASE_DESC= Using Heimdal in base -GSSAPI_HEIMDAL_DESC= Using security/heimdal -GSSAPI_MIT_DESC= Using security/krb5 -GSSAPI_NONE_DESC= Disable -LARGE_FILE_DESC= 64-bit file support -MINCACHE_DESC= Use the mincachettl patch -NATIVE_PKCS11_DESC= Use PKCS\#11 native API (**READ HELP**) -PORTREVISION_DESC= Show PORTREVISION in the version string -PYTHON_DESC= Build with Python utilities -QUERYTRACE_DESC= Enable the very verbose query tracelogging -RPZ_NSDNAME_DESC= Enable RPZ NSDNAME policy records -RPZ_NSIP_DESC= Enable RPZ NSIP trigger rules -SIGCHASE_DESC= dig/host/nslookup will do DNSSEC validation -SSL_DESC= Build with OpenSSL (Required for DNSSEC) -START_LATE_DESC= Start BIND late in the boot process (see help) -TUNING_LARGE_DESC= Tune named for large systems (**READ HELP**) - -DLZ_BDB_CONFIGURE_ON= --with-dlz-bdb=yes -DLZ_BDB_USES= bdb - -DLZ_FILESYSTEM_CONFIGURE_ON= --with-dlz-filesystem=yes - -DLZ_LDAP_CONFIGURE_ON= --with-dlz-ldap=yes -DLZ_LDAP_USE= openldap=yes - -DLZ_MYSQL_CONFIGURE_ON= --with-dlz-mysql=yes -DLZ_MYSQL_PREVENTS= THREADS -DLZ_MYSQL_USES= mysql - -DLZ_POSTGRESQL_CONFIGURE_ON= --with-dlz-postgres=yes -DLZ_POSTGRESQL_USES= pgsql - -DLZ_STUB_CONFIGURE_ON= --with-dlz-stub=yes - -FETCHLIMIT_CONFIGURE_ENABLE= fetchlimit - -FILTER_AAAA_CONFIGURE_ENABLE= filter-aaaa - -FIXED_RRSET_CONFIGURE_ENABLE= fixed-rrset - -GEOIP_CONFIGURE_WITH= geoip -GEOIP_LIB_DEPENDS= libGeoIP.so:net/GeoIP - -GOST_ASN1_CONFIGURE_ON= --with-gost=asn1 - -GOST_CONFIGURE_ON= --with-gost - -GSSAPI_BASE_CONFIGURE_ON= \ - --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" -GSSAPI_BASE_USES= gssapi - -GSSAPI_HEIMDAL_CONFIGURE_ON= \ - --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" -GSSAPI_HEIMDAL_USES= gssapi:heimdal - -GSSAPI_MIT_CONFIGURE_ON= \ - --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" -GSSAPI_MIT_USES= gssapi:mit - -GSSAPI_NONE_CONFIGURE_ON= --without-gssapi - -IDN_CONFIGURE_OFF= --without-idn -IDN_CONFIGURE_ON= --with-idn=${LOCALBASE} ${ICONV_CONFIGURE_BASE} -IDN_LIB_DEPENDS= libidnkit.so:dns/idnkit -IDN_USES= iconv - -IPV6_CONFIGURE_ENABLE= ipv6 - -JSON_CONFIGURE_WITH= libjson=${LOCALBASE} -JSON_LIB_DEPENDS= libjson-c.so:devel/json-c - -LARGE_FILE_CONFIGURE_ENABLE= largefile - -MINCACHE_EXTRA_PATCHES= ${FILESDIR}/extrapatch-bind-min-override-ttl - -NATIVE_PKCS11_CONFIGURE_ENABLE= native-pkcs11 -NATIVE_PKCS11_IMPLIES= THREADS - -PYTHON_CONFIGURE_WITH= python=${PYTHON_CMD} -PYTHON_USES= python - -QUERYTRACE_CONFIGURE_ENABLE= querytrace - -RPZ_NSDNAME_CONFIGURE_ENABLE= rpz-nsdname - -RPZ_NSIP_CONFIGURE_ENABLE= rpz-nsip - -SIGCHASE_CONFIGURE_ON= STD_CDEFINES="-DDIG_SIGCHASE=1" - -SSL_CONFIGURE_OFF= --disable-openssl-version-check --without-openssl -SSL_CONFIGURE_ON= --with-openssl=${OPENSSLBASE} -SSL_USES= ssl - -START_LATE_SUB_LIST= NAMED_REQUIRE="SERVERS cleanvar" \ - NAMED_BEFORE="LOGIN" -START_LATE_SUB_LIST_OFF=NAMED_REQUIRE="NETWORKING ldconfig syslogd" \ - NAMED_BEFORE="SERVERS" - -THREADS_CONFIGURE_ENABLE= threads - -TUNING_LARGE_IMPLIES= THREADS -TUNING_LARGE_CONFIGURE_ON= --with-tuning=large -TUNING_LARGE_CONFIGURE_OFF= --with-tuning=default - -.include <bsd.port.pre.mk> - -.if !${PORT_OPTIONS:MGOST} && !${PORT_OPTIONS:MGOST_ASN1} -CONFIGURE_ARGS+= --without-gost -.endif - -.if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && ${SSL_DEFAULT} == base -BROKEN= OpenSSL from the base system does not support GOST, add \ - DEFAULT_VERSIONS+=ssl=openssl to your /etc/make.conf and rebuild everything \ - that needs SSL. -.endif - -post-patch: -.for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.1 \ - rndc/rndc.8 - @${REINPLACE_CMD} -e 's#/etc/named.conf#${ETCDIR}/named.conf#g' \ - -e 's#/etc/rndc.conf#${ETCDIR}/rndc.conf#g' \ - -e "s#/var\/run\/named\/named.pid#/var/run/named/pid#" \ - ${WRKSRC}/bin/${FILE} -.endfor - -.if ${PORTREVISION:N0} -post-patch-PORTREVISION-on: - @${REINPLACE_CMD} -e '/EXTENSIONS/s#=$$#=_${PORTREVISION}#' \ - ${WRKSRC}/version -.endif - -post-install: - ${MKDIR} ${STAGEDIR}${PREFIX}/etc/mtree - ${MKDIR} ${STAGEDIR}${ETCDIR} -.for i in dynamic master slave working - @${MKDIR} ${STAGEDIR}${ETCDIR}/$i -.endfor - ${INSTALL_DATA} ${WRKDIR}/named.conf ${STAGEDIR}${ETCDIR}/named.conf.sample - ${INSTALL_DATA} ${FILESDIR}/named.root ${STAGEDIR}${ETCDIR} - ${INSTALL_DATA} ${FILESDIR}/empty.db ${STAGEDIR}${ETCDIR}/master - ${INSTALL_DATA} ${FILESDIR}/localhost-forward.db ${STAGEDIR}${ETCDIR}/master - ${INSTALL_DATA} ${FILESDIR}/localhost-reverse.db ${STAGEDIR}${ETCDIR}/master - ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.dist ${STAGEDIR}${PREFIX}/etc/mtree/BIND.chroot.dist.sample - ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.local.dist ${STAGEDIR}${PREFIX}/etc/mtree/BIND.chroot.local.dist.sample - ${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \ - ${STAGEDIR}${ETCDIR}/rndc.conf.sample - -post-install-DOCS-on: - ${MKDIR} ${STAGEDIR}${DOCSDIR}/arm - ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm - ${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR} - ${INSTALL_DATA} ${WRKSRC}/CHANGES ${WRKSRC}/FAQ* \ - ${WRKSRC}/HISTORY* ${WRKSRC}/README* ${STAGEDIR}${DOCSDIR} - -# Can't use USE_PYTHON=autoplist -post-install-PYTHON-on: - @${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -type f | ${SED} -e 's|${STAGEDIR}||' >> ${TMPPLIST} - -.include <bsd.port.post.mk> diff --git a/dns/bind910/distinfo b/dns/bind910/distinfo deleted file mode 100644 index cfc87ba346f5..000000000000 --- a/dns/bind910/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -TIMESTAMP = 1521455507 -SHA256 (bind-9.10.7.tar.gz) = e15e70982d966cd4b194ff483f5cc636c0017b054ae2e332ca3f28fe53f11660 -SIZE (bind-9.10.7.tar.gz) = 9171441 diff --git a/dns/bind910/files/BIND.chroot.dist b/dns/bind910/files/BIND.chroot.dist deleted file mode 100644 index c3863a6a4e7b..000000000000 --- a/dns/bind910/files/BIND.chroot.dist +++ /dev/null @@ -1,24 +0,0 @@ -# $FreeBSD$ -# -# mtree -deU -f files/BIND.chroot.dist -p tmp -# mtree -cjnb -k uname,gname,mode -p tmp - -/set type=file uname=root gname=wheel mode=0755 -. type=dir - dev type=dir mode=0555 - .. - etc type=dir - .. -/set type=file uname=bind gname=bind mode=0755 - var type=dir uname=root gname=wheel - dump type=dir - .. - log type=dir - .. - run type=dir - named type=dir - .. - .. - stats type=dir - .. - .. diff --git a/dns/bind910/files/BIND.chroot.local.dist b/dns/bind910/files/BIND.chroot.local.dist deleted file mode 100644 index 53b36a87c082..000000000000 --- a/dns/bind910/files/BIND.chroot.local.dist +++ /dev/null @@ -1,20 +0,0 @@ -# $FreeBSD$ -# -# mtree -deU -f files/BIND.etc.dist -p tmp -# mtree -cjnb -k uname,gname,mode -p tmp - -/set type=file uname=root gname=wheel mode=0755 -. type=dir - etc type=dir -/set type=file uname=bind gname=wheel mode=0755 - namedb type=dir uname=root - dynamic type=dir - .. - master type=dir uname=root - .. - slave type=dir - .. - working type=dir - .. - .. - .. diff --git a/dns/bind910/files/empty.db b/dns/bind910/files/empty.db deleted file mode 100644 index 070f6634825a..000000000000 --- a/dns/bind910/files/empty.db +++ /dev/null @@ -1,11 +0,0 @@ - -; $FreeBSD$ - -$TTL 3h -@ SOA @ nobody.localhost. 42 1d 12h 1w 3h - ; Serial, Refresh, Retry, Expire, Neg. cache TTL - -@ NS @ - -; Silence a BIND warning -@ A 127.0.0.1 diff --git a/dns/bind910/files/extrapatch-bind-min-override-ttl b/dns/bind910/files/extrapatch-bind-min-override-ttl deleted file mode 100644 index 0023d09c2338..000000000000 --- a/dns/bind910/files/extrapatch-bind-min-override-ttl +++ /dev/null @@ -1,78 +0,0 @@ ---- bin/named/config.c.orig 2018-01-24 21:17:00 UTC -+++ bin/named/config.c -@@ -167,11 +167,13 @@ options {\n\ - max-ncache-ttl 10800; /* 3 hours */\n\ - max-recursion-depth 7;\n\ - max-recursion-queries 75;\n\ -+ min-cache-ttl 0; /* no minimal, zero is allowed */\n\ - min-roots 2;\n\ - minimal-responses false;\n\ - notify-source *;\n\ - notify-source-v6 *;\n\ - nsec3-test-zone no;\n\ -+ override-cache-ttl 0; /* do not override */\n\ - provide-ixfr true;\n\ - query-source address *;\n\ - query-source-v6 address *;\n\ ---- bin/named/server.c.orig 2018-01-24 21:17:00 UTC -+++ bin/named/server.c -@@ -2854,6 +2854,16 @@ configure_view(dns_view_t *view, dns_vie - } - - obj = NULL; -+ result = ns_config_get(maps, "override-cache-ttl", &obj); -+ INSIST(result == ISC_R_SUCCESS); -+ view->overridecachettl = cfg_obj_asuint32(obj); -+ -+ obj = NULL; -+ result = ns_config_get(maps, "min-cache-ttl", &obj); -+ INSIST(result == ISC_R_SUCCESS); -+ view->mincachettl = cfg_obj_asuint32(obj); -+ -+ obj = NULL; - result = ns_config_get(maps, "max-cache-ttl", &obj); - INSIST(result == ISC_R_SUCCESS); - view->maxcachettl = cfg_obj_asuint32(obj); ---- lib/dns/include/dns/view.h.orig 2018-01-24 21:17:00 UTC -+++ lib/dns/include/dns/view.h -@@ -151,6 +151,8 @@ struct dns_view { - isc_boolean_t requestnsid; - isc_boolean_t requestsit; - dns_ttl_t maxcachettl; -+ dns_ttl_t mincachettl; -+ dns_ttl_t overridecachettl; - dns_ttl_t maxncachettl; - dns_ttl_t prefetch_trigger; - dns_ttl_t prefetch_eligible; ---- lib/dns/resolver.c.orig 2018-01-24 21:17:00 UTC -+++ lib/dns/resolver.c -@@ -5416,6 +5416,18 @@ cache_name(fetchctx_t *fctx, dns_name_t - } - - /* -+ * Enforce the configure cache TTL override. -+ */ -+ if (res->view->overridecachettl) -+ rdataset->ttl = res->view->overridecachettl; -+ -+ /* -+ * Enforce the configure minimum cache TTL. -+ */ -+ if (rdataset->ttl < res->view->mincachettl) -+ rdataset->ttl = res->view->mincachettl; -+ -+ /* - * Enforce the configure maximum cache TTL. - */ - if (rdataset->ttl > res->view->maxcachettl) { ---- lib/isccfg/namedconf.c.orig 2018-01-24 21:17:00 UTC -+++ lib/isccfg/namedconf.c -@@ -1600,6 +1600,8 @@ view_clauses[] = { - { "lame-ttl", &cfg_type_uint32, 0 }, - { "max-acache-size", &cfg_type_sizenodefault, 0 }, - { "max-cache-size", &cfg_type_sizenodefault, 0 }, -+ { "override-cache-ttl", &cfg_type_uint32, 0 }, -+ { "min-cache-ttl", &cfg_type_uint32, 0 }, - { "max-cache-ttl", &cfg_type_uint32, 0 }, - { "max-clients-per-query", &cfg_type_uint32, 0 }, - { "max-ncache-ttl", &cfg_type_uint32, 0 }, diff --git a/dns/bind910/files/localhost-forward.db b/dns/bind910/files/localhost-forward.db deleted file mode 100644 index 9156d2f09978..000000000000 --- a/dns/bind910/files/localhost-forward.db +++ /dev/null @@ -1,11 +0,0 @@ - -; $FreeBSD$ - -$TTL 3h -localhost. SOA localhost. nobody.localhost. 42 1d 12h 1w 3h - ; Serial, Refresh, Retry, Expire, Neg. cache TTL - - NS localhost. - - A 127.0.0.1 - AAAA ::1 diff --git a/dns/bind910/files/localhost-reverse.db b/dns/bind910/files/localhost-reverse.db deleted file mode 100644 index ceabe059ba77..000000000000 --- a/dns/bind910/files/localhost-reverse.db +++ /dev/null @@ -1,13 +0,0 @@ - -; $FreeBSD$ - -$TTL 3h -@ SOA localhost. nobody.localhost. 42 1d 12h 1w 3h - ; Serial, Refresh, Retry, Expire, Neg. cache TTL - - NS localhost. - -1.0.0 PTR localhost. - -1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR localhost. - diff --git a/dns/bind910/files/named.conf.in b/dns/bind910/files/named.conf.in deleted file mode 100644 index 2d23a6592fae..000000000000 --- a/dns/bind910/files/named.conf.in +++ /dev/null @@ -1,380 +0,0 @@ -// $FreeBSD$ -// -// Refer to the named.conf(5) and named(8) man pages, and the documentation -// in /usr/local/share/doc/bind for more details. -// -// If you are going to set up an authoritative server, make sure you -// understand the hairy details of how DNS works. Even with -// simple mistakes, you can break connectivity for affected parties, -// or cause huge amounts of useless Internet traffic. - -options { - // All file and path names are relative to the chroot directory, - // if any, and should be fully qualified. - directory "%%ETCDIR%%/working"; - pid-file "/var/run/named/pid"; - dump-file "/var/dump/named_dump.db"; - statistics-file "/var/stats/named.stats"; - -// If named is being used only as a local resolver, this is a safe default. -// For named to be accessible to the network, comment this option, specify -// the proper IP address, or delete this option. - listen-on { 127.0.0.1; }; - -// If you have IPv6 enabled on this system, uncomment this option for -// use as a local resolver. To give access to the network, specify -// an IPv6 address, or the keyword "any". -// listen-on-v6 { ::1; }; - -// These zones are already covered by the empty zones listed below. -// If you remove the related empty zones below, comment these lines out. - disable-empty-zone "255.255.255.255.IN-ADDR.ARPA"; - disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; - disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; - -// If you've got a DNS server around at your upstream provider, enter -// its IP address here, and enable the line below. This will make you -// benefit from its cache, thus reduce overall DNS traffic in the Internet. -/* - forwarders { - 127.0.0.1; - }; -*/ - -// If the 'forwarders' clause is not empty the default is to 'forward first' -// which will fall back to sending a query from your local server if the name -// servers in 'forwarders' do not have the answer. Alternatively you can -// force your name server to never initiate queries of its own by enabling the -// following line: -// forward only; - -// If you wish to have forwarding configured automatically based on -// the entries in /etc/resolv.conf, uncomment the following line and -// set named_auto_forward=yes in /etc/rc.conf. You can also enable -// named_auto_forward_only (the effect of which is described above). -// include "%%ETCDIR%%/auto_forward.conf"; - - /* - Modern versions of BIND use a random UDP port for each outgoing - query by default in order to dramatically reduce the possibility - of cache poisoning. All users are strongly encouraged to utilize - this feature, and to configure their firewalls to accommodate it. - - AS A LAST RESORT in order to get around a restrictive firewall - policy you can try enabling the option below. Use of this option - will significantly reduce your ability to withstand cache poisoning - attacks, and should be avoided if at all possible. - - Replace NNNNN in the example with a number between 49160 and 65530. - */ - // query-source address * port NNNNN; -}; - -// If you enable a local name server, don't forget to enter 127.0.0.1 -// first in your /etc/resolv.conf so this server will be queried. -// Also, make sure to enable it in /etc/rc.conf. - -// The traditional root hints mechanism. Use this, OR the slave zones below. -zone "." { type hint; file "%%ETCDIR%%/named.root"; }; - -/* Slaving the following zones from the root name servers has some - significant advantages: - 1. Faster local resolution for your users - 2. No spurious traffic will be sent from your network to the roots - 3. Greater resilience to any potential root server failure/DDoS - - On the other hand, this method requires more monitoring than the - hints file to be sure that an unexpected failure mode has not - incapacitated your server. Name servers that are serving a lot - of clients will benefit more from this approach than individual - hosts. Use with caution. - - To use this mechanism, uncomment the entries below, and comment - the hint zone above. - - As documented at http://dns.icann.org/services/axfr/ these zones: - "." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and a few others - are available for AXFR from these servers on IPv4 and IPv6: - xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org -*/ -/* -zone "." { - type slave; - file "%%ETCDIR%%/slave/root.slave"; - masters { - 192.0.32.132; // lax.xfr.dns.icann.org - 2620:0:2d0:202::132; // lax.xfr.dns.icann.org - 192.0.47.132; // iad.xfr.dns.icann.org - 2620:0:2830:202::132; // iad.xfr.dns.icann.org - }; - notify no; -}; -zone "arpa" { - type slave; - file "%%ETCDIR%%/slave/arpa.slave"; - masters { - 192.0.32.132; // lax.xfr.dns.icann.org - 2620:0:2d0:202::132; // lax.xfr.dns.icann.org - 192.0.47.132; // iad.xfr.dns.icann.org - 2620:0:2830:202::132; // iad.xfr.dns.icann.org - }; - notify no; -}; -zone "in-addr.arpa" { - type slave; - file "%%ETCDIR%%/slave/in-addr.arpa.slave"; - masters { - 192.0.32.132; // lax.xfr.dns.icann.org - 2620:0:2d0:202::132; // lax.xfr.dns.icann.org - 192.0.47.132; // iad.xfr.dns.icann.org - 2620:0:2830:202::132; // iad.xfr.dns.icann.org - }; - notify no; -}; -zone "ip6.arpa" { - type slave; - file "%%ETCDIR%%/slave/ip6.arpa.slave"; - masters { - 192.0.32.132; // lax.xfr.dns.icann.org - 2620:0:2d0:202::132; // lax.xfr.dns.icann.org - 192.0.47.132; // iad.xfr.dns.icann.org - 2620:0:2830:202::132; // iad.xfr.dns.icann.org - }; - notify no; -}; -*/ - -/* Serving the following zones locally will prevent any queries - for these zones leaving your network and going to the root - name servers. This has two significant advantages: - 1. Faster local resolution for your users - 2. No spurious traffic will be sent from your network to the roots -*/ -// RFCs 1912, 5735 and 6303 (and BCP 32 for localhost) -zone "localhost" { type master; file "%%ETCDIR%%/master/localhost-forward.db"; }; -zone "127.in-addr.arpa" { type master; file "%%ETCDIR%%/master/localhost-reverse.db"; }; -zone "255.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// RFC 1912-style zone for IPv6 localhost address (RFC 6303) -zone "0.ip6.arpa" { type master; file "%%ETCDIR%%/master/localhost-reverse.db"; }; - -// "This" Network (RFCs 1912, 5735 and 6303) -zone "0.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// Private Use Networks (RFCs 1918, 5735 and 6303) -zone "10.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "16.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "17.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "18.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "19.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "20.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "21.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "22.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "23.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "24.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "25.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "26.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "27.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "28.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "29.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "30.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "31.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "168.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// Shared Address Space (RFC 6598) -zone "64.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "65.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "66.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "67.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "68.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "69.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "70.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "71.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "72.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "73.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "74.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "75.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "76.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "77.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "78.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "79.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "80.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "81.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "82.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "83.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "84.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "85.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "86.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "87.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "88.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "89.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "90.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "91.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "92.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "93.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "94.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "95.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "96.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "97.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "98.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "99.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "100.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "101.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "102.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "103.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "104.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "105.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "106.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "107.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "108.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "109.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "110.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "111.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "112.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "113.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "114.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "115.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "116.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "117.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "118.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "119.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "120.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "121.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "122.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "123.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "124.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "125.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "126.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "127.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// Link-local/APIPA (RFCs 3927, 5735 and 6303) -zone "254.169.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// IETF protocol assignments (RFCs 5735 and 5736) -zone "0.0.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303) -zone "2.0.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "100.51.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "113.0.203.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// IPv6 Example Range for Documentation (RFCs 3849 and 6303) -zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// Router Benchmark Testing (RFCs 2544 and 5735) -zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "19.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// IANA Reserved - Old Class E Space (RFC 5735) -zone "240.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "241.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "242.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "243.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "244.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "245.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "246.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "247.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "248.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "249.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "250.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "251.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "252.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "253.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "254.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// IPv6 Unassigned Addresses (RFC 4291) -zone "1.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "3.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "4.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "5.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "6.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "7.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "8.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "9.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "a.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "b.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "c.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "d.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "e.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "0.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "1.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "2.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "3.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "4.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "5.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "6.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "7.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "8.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "9.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "a.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "b.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "0.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "1.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "2.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "3.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "4.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "5.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "6.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "7.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// IPv6 ULA (RFCs 4193 and 6303) -zone "c.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "d.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// IPv6 Link Local (RFCs 4291 and 6303) -zone "8.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "9.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "a.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "b.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303) -zone "c.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "d.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "e.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "f.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// IP6.INT is Deprecated (RFC 4159) -zone "ip6.int" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// NB: Do not use the IP addresses below, they are faked, and only -// serve demonstration/documentation purposes! -// -// Example slave zone config entries. It can be convenient to become -// a slave at least for the zone your own domain is in. Ask -// your network administrator for the IP address of the responsible -// master name server. -// -// Do not forget to include the reverse lookup zone! -// This is named after the first bytes of the IP address, in reverse -// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6. -// -// Before starting to set up a master zone, make sure you fully -// understand how DNS and BIND work. There are sometimes -// non-obvious pitfalls. Setting up a slave zone is usually simpler. -// -// NB: Don't blindly enable the examples below. :-) Use actual names -// and addresses instead. - -/* An example dynamic zone -key "exampleorgkey" { - algorithm hmac-md5; - secret "sf87HJqjkqh8ac87a02lla=="; -}; -zone "example.org" { - type master; - allow-update { - key "exampleorgkey"; - }; - file "%%ETCDIR%%/dynamic/example.org"; -}; -*/ - -/* Example of a slave reverse zone -zone "1.168.192.in-addr.arpa" { - type slave; - file "%%ETCDIR%%/slave/1.168.192.in-addr.arpa"; - masters { - 192.168.1.1; - }; -}; -*/ diff --git a/dns/bind910/files/named.in b/dns/bind910/files/named.in deleted file mode 100644 index d2815f1f905b..000000000000 --- a/dns/bind910/files/named.in +++ /dev/null @@ -1,435 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -# PROVIDE: named -# REQUIRE: %%NAMED_REQUIRE%% -# BEFORE: %%NAMED_BEFORE%% -# KEYWORD: shutdown - -# -# Add the following lines to /etc/rc.conf to enable BIND: -# named_enable (bool): Run named, the DNS server (or NO). -# named_program (str): Path to named, if you want a different one. -# named_conf (str): Path to the configuration file -# named_flags (str): Use this for flags OTHER than -u and -c -# named_uid (str): User to run named as -# named_chrootdir (str): Chroot directory (or "" not to auto-chroot it) -# Historically, was /var/named -# named_chroot_autoupdate (bool): Automatically install/update chrooted -# components of named. -# named_symlink_enable (bool): Symlink the chrooted pid file -# named_wait (bool): Wait for working name service before exiting -# named_wait_host (str): Hostname to check if named_wait is enabled -# named_auto_forward (str): Set up forwarders from /etc/resolv.conf -# named_auto_forward_only (str): Do "forward only" instead of "forward first" -%%NATIVE_PKCS11%%# named_pkcs11_engine (str): Path to the PKCS#11 library to use. -# - -. /etc/rc.subr - -name=named -desc="named BIND startup script" -rcvar=named_enable - -load_rc_config ${name} - -extra_commands=reload - -start_precmd=named_prestart -start_postcmd=named_poststart -reload_cmd=named_reload -stop_cmd=named_stop -stop_postcmd=named_poststop - -named_enable=${named_enable:-"NO"} -named_program=${named_program:-"%%PREFIX%%/sbin/named"} -named_conf=${named_conf:-"%%ETCDIR%%/named.conf"} -named_flags=${named_flags:-""} -named_uid=${named_uid:-"bind"} -named_chrootdir=${named_chrootdir:-""} -named_chroot_autoupdate=${named_chroot_autoupdate:-"YES"} -named_symlink_enable=${named_symlink_enable:-"YES"} -named_wait=${named_wait:-"NO"} -named_wait_host=${named_wait_host:-"localhost"} -named_auto_forward=${named_auto_forward:-"NO"} -named_auto_forward_only=${named_auto_forward_only:-"NO"} -%%NATIVE_PKCS11%%named_pkcs11_engine=${named_pkcs11_engine:-""} - -# Not configuration variables but having them here keeps rclint happy -required_dirs="${named_chrootdir}" -_named_confdirroot="${named_conf%/*}" -_named_confdir="${named_chrootdir}${_named_confdirroot}" -_named_program_root="${named_program%/sbin/named}" -_openssl_engines="%%LOCALBASE%%/lib/engines" - -# Needed if named.conf and rndc.conf are moved or if rndc.conf is used -rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"} -rndc_key=${rndc_key:-"$_named_confdir/rndc.key"} - -# If running in a chroot cage, ensure that the appropriate files -# exist inside the cage, as well as helper symlinks into the cage -# from outside. -# -# As this is called after the is_running and required_dir checks -# are made in run_rc_command(), we can safely assume ${named_chrootdir} -# exists and named isn't running at this point (unless forcestart -# is used). -# -chroot_autoupdate() -{ - local file - - # If it's the first time around, fiddle with things and move the - # current configuration to the chroot. - if [ -d ${_named_confdirroot} -a ! -d ${_named_confdir} ]; then - warn "named chroot: Moving current configuration in the chroot!" - install -d ${_named_confdir%/*} - mv ${_named_confdirroot} ${_named_confdir} - fi - - # Create (or update) the chroot directory structure - # - if [ -r %%PREFIX%%/etc/mtree/BIND.chroot.dist ]; then - mtree -deU -f %%PREFIX%%/etc/mtree/BIND.chroot.dist \ - -p ${named_chrootdir} - else - warn "%%PREFIX%%/etc/mtree/BIND.chroot.dist missing," - warn "${named_chrootdir} directory structure not updated" - fi - if [ -r %%PREFIX%%/etc/mtree/BIND.chroot.local.dist ]; then - mkdir -p ${named_chrootdir}%%PREFIX%% - mtree -deU -f %%PREFIX%%/etc/mtree/BIND.chroot.local.dist \ - -p ${named_chrootdir}%%PREFIX%% - else - warn "%%PREFIX%%/etc/mtree/BIND.chroot.local.dist missing," - warn "${named_chrootdir}%%PREFIX%% directory structure not updated" - fi - - # Create (or update) the configuration directory symlink - # - if [ ! -L "${_named_confdirroot}" ]; then - if [ -d "${_named_confdirroot}" ]; then - warn "named chroot: ${_named_confdirroot} is a directory!" - elif [ -e "${_named_confdirroot}" ]; then - warn "named chroot: ${_named_confdirroot} exists!" - else - ln -s ${_named_confdir} ${_named_confdirroot} - fi - else - # Make sure it points to the right place. - ln -shf ${_named_confdir} ${_named_confdirroot} - fi - - # Mount a devfs in the chroot directory if needed - # - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then - umount ${named_chrootdir}/dev 2>/dev/null - devfs_domount ${named_chrootdir}/dev devfsrules_hide_all - devfs -m ${named_chrootdir}/dev rule apply path null unhide - devfs -m ${named_chrootdir}/dev rule apply path random unhide - else - if [ -c ${named_chrootdir}/dev/null -a \ - -c ${named_chrootdir}/dev/random ]; then - info "named chroot: using pre-mounted devfs." - else - err 1 "named chroot: devfs cannot be mounted from " \ - "within a jail. Thus a chrooted named cannot " \ - "be run from within a jail. Either mount the " \ - "devfs with null and random from the host, or " \ - "run named without chrooting it, set " \ - "named_chrootdir=\"\" in /etc/rc.conf." - fi - fi - - # If OpenSSL from ports, then the engines should be present in the - # chroot, named loads them after chrooting. - if [ -d ${_openssl_engines} ]; then - # FIXME when 8.4 is gone see if - # security.jail.param.allow.mount.nullfs can be used. - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ]; then - mkdir -p ${named_chrootdir}${_openssl_engines} - mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines} - else - warn "named chroot: cannot nullfs mount OpenSSL" \ - "engines into the chroot, will copy the shared" \ - "libraries instead." - mkdir -p ${named_chrootdir}${_openssl_engines} - cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines} - fi - fi - - # Copy and/or update key files to the chroot /etc - # - for file in localtime protocols services; do - if [ -r /etc/${file} ] && \ - ! cmp -s /etc/${file} "${named_chrootdir}/etc/${file}"; then - cp -p /etc/${file} "${named_chrootdir}/etc/${file}" - fi - done -} - -# Make symlinks to the correct pid file -# -make_symlinks() -{ - checkyesno named_symlink_enable && - ln -fs "${named_chrootdir}${pidfile}" ${pidfile} && - ln -fs "${named_chrootdir}${sessionkeyfile}" ${sessionkeyfile} -} - -named_poststart() -{ - make_symlinks - - if checkyesno named_wait; then - until ${_named_program_root}/bin/host ${named_wait_host} >/dev/null 2>&1; do - echo " Waiting for nameserver to resolve ${named_wait_host}" - sleep 1 - done - fi -} - -named_reload() -{ - # This is a one line function, but ${named_program} is not defined early - # enough to be there when the reload_cmd variable is defined up there. - rndc reload -} - -find_pidfile() -{ - if get_pidfile_from_conf pid-file ${named_conf}; then - pidfile="${_pidfile_from_conf}" - else - pidfile="/var/run/named/pid" - fi -} - -find_sessionkeyfile() -{ - if get_pidfile_from_conf session-keyfile ${named_conf}; then - sessionkeyfile="${_pidfile_from_conf}" - else - sessionkeyfile="/var/run/named/session.key" - fi -} - -named_stop() -{ - find_pidfile - - # This duplicates an undesirably large amount of code from the stop - # routine in rc.subr in order to use rndc to shut down the process, - # and to give it a second chance in case rndc fails. - rc_pid=$(check_pidfile ${pidfile} ${command}) - if [ -z "${rc_pid}" ]; then - [ -n "${rc_fast}" ] && return 0 - _run_rc_notrunning - return 1 - fi - echo 'Stopping named.' - if rndc stop; then - wait_for_pids ${rc_pid} - else - echo -n 'rndc failed, trying kill: ' - kill -TERM ${rc_pid} - wait_for_pids ${rc_pid} - fi -} - -named_poststop() -{ - if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then - # if using OpenSSL from ports, unmount OpenSSL engines, if they - # were not mounted but only copied, do nothing. - if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then - umount ${named_chrootdir}${_openssl_engines} - fi - # unmount /dev - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then - umount ${named_chrootdir}/dev 2>/dev/null || true - else - warn "named chroot:" \ - "cannot unmount devfs from inside jail!" - fi - fi -} - -create_file() -{ - if [ -e "$1" ]; then - unlink $1 - fi - install -o root -g wheel -m 0644 /dev/null $1 -} - -rndc() -{ - if [ -z "${rndc_flags}" ]; then - if [ -s "${rndc_conf}" ] ; then - rndc_flags="-c ${rndc_conf}" - elif [ -s "${rndc_key}" ] ; then - rndc_flags="-k ${rndc_key}" - else - rndc_flags="" - fi - fi - - ${_named_program_root}/sbin/rndc ${rndc_flags} "$@" -} - -named_prestart() -{ - find_pidfile - find_sessionkeyfile - - if [ -n "${named_pidfile}" ]; then - warn 'named_pidfile: now determined from the conf file' - fi - - if [ -n "${named_sessionkeyfile}" ]; then - warn 'named_sessionkeyfile: now determined from the conf file' - fi - - piddir=`/usr/bin/dirname ${pidfile}` - if [ ! -d ${piddir} ]; then - install -d -o ${named_uid} -g ${named_uid} ${piddir} - fi - - sessionkeydir=`/usr/bin/dirname ${sessionkeyfile}` - if [ ! -d ${sessionkeydir} ]; then - install -d -o ${named_uid} -g ${named_uid} ${sessionkeydir} - fi - - command_args="-u ${named_uid:=root} -c ${named_conf} ${command_args}" - -%%NATIVE_PKCS11%% if [ -z "${named_pkcs11_engine}"]; then -%%NATIVE_PKCS11%% err 3 "named_pkcs11_engine has to be set to the PKCS#11 engine's library you want to use" -%%NATIVE_PKCS11%% elif [ ! -f ${named_pkcs11_engine} ]; then -%%NATIVE_PKCS11%% err 3 "named_pkcs11_engine the PKCS#11 engine's library you want to use doesn't exist" -%%NATIVE_PKCS11%% else -%%NATIVE_PKCS11%% mkdir -p ${named_chrootdir}${named_pkcs11_engine%/*} -%%NATIVE_PKCS11%% cp -p ${named_pkcs11_engine} ${named_chrootdir}${named_pkcs11_engine} -%%NATIVE_PKCS11%% command_args="-E ${named_pkcs11_engine} ${command_args}" -%%NATIVE_PKCS11%% fi - - local line nsip firstns - - # Is the user using a sandbox? - # - if [ -n "${named_chrootdir}" ]; then - rc_flags="${rc_flags} -t ${named_chrootdir}" - checkyesno named_chroot_autoupdate && chroot_autoupdate - - case "${altlog_proglist}" in - *named*) - ;; - *) - warn 'Using chroot without setting altlog_proglist, logging may not' - warn 'work correctly. Run sysrc altlog_proglist+=named' - ;; - esac - else - named_symlink_enable=NO - fi - - # Create an rndc.key file for the user if none exists - # - confgen_command="${_named_program_root}/sbin/rndc-confgen -a -b256 -u ${named_uid} \ - -c ${_named_confdir}/rndc.key" - if [ -s "${_named_confdir}/rndc.conf" ]; then - unset confgen_command - fi - if [ -s "${_named_confdir}/rndc.key" ]; then - case `stat -f%Su ${_named_confdir}/rndc.key` in - root|${named_uid}) ;; - *) ${confgen_command} ;; - esac - else - ${confgen_command} - fi - - local checkconf - - checkconf="${_named_program_root}/sbin/named-checkconf" - if ! checkyesno named_chroot_autoupdate && [ -n "${named_chrootdir}" ]; then - checkconf="${checkconf} -t ${named_chrootdir}" - fi - - # Create a forwarder configuration based on /etc/resolv.conf - if checkyesno named_auto_forward; then - if [ ! -s /etc/resolv.conf ]; then - warn "named_auto_forward enabled, but no /etc/resolv.conf" - - # Empty the file in case it is included in named.conf - [ -s "${_named_confdir}/auto_forward.conf" ] && - create_file ${_named_confdir}/auto_forward.conf - - ${checkconf} ${named_conf} || - err 3 'named-checkconf for ${named_conf} failed' - return - fi - - create_file /var/run/naf-resolv.conf - create_file /var/run/auto_forward.conf - - echo ' forwarders {' > /var/run/auto_forward.conf - - while read line; do - case "${line}" in - 'nameserver '*|'nameserver '*) - nsip=${line##nameserver[ ]} - - if [ -z "${firstns}" ]; then - if [ ! "${nsip}" = '127.0.0.1' ]; then - echo 'nameserver 127.0.0.1' - echo " ${nsip};" >> /var/run/auto_forward.conf - fi - - firstns=1 - else - [ "${nsip}" = '127.0.0.1' ] && continue - echo " ${nsip};" >> /var/run/auto_forward.conf - fi - ;; - esac - - echo ${line} - done < /etc/resolv.conf > /var/run/naf-resolv.conf - - echo ' };' >> /var/run/auto_forward.conf - echo '' >> /var/run/auto_forward.conf - if checkyesno named_auto_forward_only; then - echo " forward only;" >> /var/run/auto_forward.conf - else - echo " forward first;" >> /var/run/auto_forward.conf - fi - - if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then - unlink /var/run/naf-resolv.conf - else - [ -e /etc/resolv.conf ] && unlink /etc/resolv.conf - mv /var/run/naf-resolv.conf /etc/resolv.conf - fi - - if cmp -s ${_named_confdir}/auto_forward.conf \ - /var/run/auto_forward.conf; then - unlink /var/run/auto_forward.conf - else - [ -e "${_named_confdir}/auto_forward.conf" ] && - unlink ${_named_confdir}/auto_forward.conf - mv /var/run/auto_forward.conf \ - ${_named_confdir}/auto_forward.conf - fi - else - # Empty the file in case it is included in named.conf - [ -s "${_named_confdir}/auto_forward.conf" ] && - create_file ${_named_confdir}/auto_forward.conf - fi - - ${checkconf} ${named_conf} || err 3 "named-checkconf for ${named_conf} failed" -} - -run_rc_command "$1" diff --git a/dns/bind910/files/named.root b/dns/bind910/files/named.root deleted file mode 100644 index 8e3bac373eb8..000000000000 --- a/dns/bind910/files/named.root +++ /dev/null @@ -1,96 +0,0 @@ -; -; $FreeBSD$ -; - -; This file holds the information on root name servers needed to -; initialize cache of Internet domain name servers -; (e.g. reference this file in the "cache . <file>" -; configuration file of BIND domain name servers). -; -; This file is made available by InterNIC -; under anonymous FTP as -; file /domain/named.cache -; on server FTP.INTERNIC.NET -; -OR- RS.INTERNIC.NET -; -; last update: November 16, 2017 -; related version of root zone: 2017111601 -; -; FORMERLY NS.INTERNIC.NET -; -. 3600000 NS A.ROOT-SERVERS.NET. -A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 -A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30 -; -; FORMERLY NS1.ISI.EDU -; -. 3600000 NS B.ROOT-SERVERS.NET. -B.ROOT-SERVERS.NET. 3600000 A 199.9.14.201 -B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b -; -; FORMERLY C.PSI.NET -; -. 3600000 NS C.ROOT-SERVERS.NET. -C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 -C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c -; -; FORMERLY TERP.UMD.EDU -; -. 3600000 NS D.ROOT-SERVERS.NET. -D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 -D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d -; -; FORMERLY NS.NASA.GOV -; -. 3600000 NS E.ROOT-SERVERS.NET. -E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 -E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e -; -; FORMERLY NS.ISC.ORG -; -. 3600000 NS F.ROOT-SERVERS.NET. -F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 -F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f -; -; FORMERLY NS.NIC.DDN.MIL -; -. 3600000 NS G.ROOT-SERVERS.NET. -G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 -G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d -; -; FORMERLY AOS.ARL.ARMY.MIL -; -. 3600000 NS H.ROOT-SERVERS.NET. -H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53 -H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53 -; -; FORMERLY NIC.NORDU.NET -; -. 3600000 NS I.ROOT-SERVERS.NET. -I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 -I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53 -; -; OPERATED BY VERISIGN, INC. -; -. 3600000 NS J.ROOT-SERVERS.NET. -J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 -J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30 -; -; OPERATED BY RIPE NCC -; -. 3600000 NS K.ROOT-SERVERS.NET. -K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 -K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1 -; -; OPERATED BY ICANN -; -. 3600000 NS L.ROOT-SERVERS.NET. -L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 -L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42 -; -; OPERATED BY WIDE -; -. 3600000 NS M.ROOT-SERVERS.NET. -M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 -M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35 -; End of file diff --git a/dns/bind910/files/patch-CVE-2018-5738 b/dns/bind910/files/patch-CVE-2018-5738 deleted file mode 100644 index c040f6b51679..000000000000 --- a/dns/bind910/files/patch-CVE-2018-5738 +++ /dev/null @@ -1,127 +0,0 @@ -commit 97600626c711585e7bb26cbc67711d072e87a62a -Author: Evan Hunt <each@isc.org> -Date: 2018-06-04 21:57:49 -0700 - - allow-recursion could incorrectly inherit from the default allow-query - ---- CHANGES.orig 2018-03-08 20:55:52 UTC -+++ CHANGES -@@ -1,3 +1,10 @@ -+4960. [security] When recursion is enabled, but the "allow-recursion" -+ and "allow-query-cache" ACLs are not specified, -+ they should be limited to local networks, -+ but were inadvertently set to match the default -+ "allow-query", thus allowing remote queries. -+ (CVE-2018-5738) [GL #309] -+ - --- 9.10.7 released --- - --- 9.10.7rc2 released --- - ---- bin/named/server.c.orig 2018-03-08 20:55:52 UTC -+++ bin/named/server.c -@@ -2565,10 +2565,6 @@ configure_view(dns_view_t *view, dns_vie - dns_acache_setcachesize(view->acache, max_acache_size); - } - -- CHECK(configure_view_acl(vconfig, config, ns_g_config, -- "allow-query", NULL, actx, -- ns_g_mctx, &view->queryacl)); -- - /* - * Make the list of response policy zone names for a view that - * is used for real lookups and so cares about hints. -@@ -3399,9 +3395,6 @@ configure_view(dns_view_t *view, dns_vie - INSIST(result == ISC_R_SUCCESS); - view->trust_anchor_telemetry = cfg_obj_asboolean(obj); - -- CHECK(configure_view_acl(vconfig, config, ns_g_config, -- "allow-query-cache-on", NULL, actx, -- ns_g_mctx, &view->cacheonacl)); - /* - * Set sources where additional data and CNAME/DNAME - * targets for authoritative answers may be found. -@@ -3428,22 +3421,40 @@ configure_view(dns_view_t *view, dns_vie - view->additionalfromcache = ISC_TRUE; - } - -+ CHECK(configure_view_acl(vconfig, config, ns_g_config, -+ "allow-query-cache-on", NULL, actx, -+ ns_g_mctx, &view->cacheonacl)); -+ - /* -- * Set "allow-query-cache", "allow-recursion", and -- * "allow-recursion-on" acls if configured in named.conf. -- * (Ignore the global defaults for now, because these ACLs -- * can inherit from each other when only some of them set at -- * the options/view level.) -+ * Set the "allow-query", "allow-query-cache", "allow-recursion", -+ * and "allow-recursion-on" ACLs if configured in named.conf, but -+ * NOT from the global defaults. This is done by leaving the third -+ * argument to configure_view_acl() NULL. -+ * -+ * We ignore the global defaults here because these ACLs -+ * can inherit from each other. If any are still unset after -+ * applying the inheritance rules, we'll look up the defaults at -+ * that time. - */ -- CHECK(configure_view_acl(vconfig, config, NULL, "allow-query-cache", -- NULL, actx, ns_g_mctx, &view->cacheacl)); -+ -+ /* named.conf only */ -+ CHECK(configure_view_acl(vconfig, config, NULL, -+ "allow-query", NULL, actx, -+ ns_g_mctx, &view->queryacl)); -+ -+ /* named.conf only */ -+ CHECK(configure_view_acl(vconfig, config, NULL, -+ "allow-query-cache", NULL, actx, -+ ns_g_mctx, &view->cacheacl)); - - if (strcmp(view->name, "_bind") != 0 && - view->rdclass != dns_rdataclass_chaos) - { -+ /* named.conf only */ - CHECK(configure_view_acl(vconfig, config, NULL, - "allow-recursion", NULL, actx, - ns_g_mctx, &view->recursionacl)); -+ /* named.conf only */ - CHECK(configure_view_acl(vconfig, config, NULL, - "allow-recursion-on", NULL, actx, - ns_g_mctx, &view->recursiononacl)); -@@ -3481,18 +3492,21 @@ configure_view(dns_view_t *view, dns_vie - * the global config. - */ - if (view->recursionacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, ns_g_config, - "allow-recursion", NULL, - actx, ns_g_mctx, - &view->recursionacl)); - } - if (view->recursiononacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, ns_g_config, - "allow-recursion-on", NULL, - actx, ns_g_mctx, - &view->recursiononacl)); - } - if (view->cacheacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, ns_g_config, - "allow-query-cache", NULL, - actx, ns_g_mctx, -@@ -3506,6 +3520,14 @@ configure_view(dns_view_t *view, dns_vie - CHECK(dns_acl_none(mctx, &view->cacheacl)); - } - -+ if (view->queryacl == NULL) { -+ /* global default only */ -+ CHECK(configure_view_acl(NULL, NULL, ns_g_config, -+ "allow-query", NULL, -+ actx, ns_g_mctx, -+ &view->queryacl)); -+ } -+ - /* - * Ignore case when compressing responses to the specified - * clients. This causes case not always to be preserved, diff --git a/dns/bind910/files/patch-bin_named_include_named_globals.h b/dns/bind910/files/patch-bin_named_include_named_globals.h deleted file mode 100644 index b7e069c02bd3..000000000000 --- a/dns/bind910/files/patch-bin_named_include_named_globals.h +++ /dev/null @@ -1,13 +0,0 @@ -We reference the pid file as being run/named/pid everywere else. - ---- bin/named/include/named/globals.h.orig 2018-01-04 05:35:08 UTC -+++ bin/named/include/named/globals.h -@@ -136,7 +136,7 @@ EXTERN const char * ns_g_defaultsession - #if NS_RUN_PID_DIR - EXTERN const char * ns_g_defaultpidfile INIT(NS_LOCALSTATEDIR - "/run/named/" -- "named.pid"); -+ "pid"); - EXTERN const char * lwresd_g_defaultpidfile INIT(NS_LOCALSTATEDIR - "/run/lwresd/" - "lwresd.pid"); diff --git a/dns/bind910/files/patch-bin_tests_system_dlzexternal_Makefile.in b/dns/bind910/files/patch-bin_tests_system_dlzexternal_Makefile.in deleted file mode 100644 index 3e781c0c6298..000000000000 --- a/dns/bind910/files/patch-bin_tests_system_dlzexternal_Makefile.in +++ /dev/null @@ -1,11 +0,0 @@ ---- bin/tests/system/dlzexternal/Makefile.in.orig 2017-04-14 03:54:11 UTC -+++ bin/tests/system/dlzexternal/Makefile.in -@@ -39,7 +39,7 @@ OBJS = - @BIND9_MAKE_RULES@ - - CFLAGS = @CFLAGS@ @SO_CFLAGS@ --SO_LDFLAGS = @LDFLAGS@ @SO_LDFLAGS@ -+SO_LDFLAGS = @SO_LDFLAGS@ - - driver.@SO@: ${SO_OBJS} - ${LIBTOOL_MODE_LINK} @SO_LD@ ${SO_LDFLAGS} -o $@ driver.@O@ diff --git a/dns/bind910/files/patch-configure b/dns/bind910/files/patch-configure deleted file mode 100644 index efa3bafd97f8..000000000000 --- a/dns/bind910/files/patch-configure +++ /dev/null @@ -1,90 +0,0 @@ ---- configure.orig 2018-03-08 20:55:52 UTC -+++ configure -@@ -14387,27 +14387,9 @@ done - # problems start to show up. - saved_libs="$LIBS" - for TRY_LIBS in \ -- "-lgssapi_krb5" \ -- "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" \ -- "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lresolv" \ -- "-lgssapi" \ -- "-lgssapi -lkrb5 -ldes -lcrypt -lasn1 -lroken -lcom_err" \ -- "-lgssapi -lkrb5 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \ -- "-lgssapi -lkrb5 -lgssapi_krb5 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \ -- "-lgssapi -lkrb5 -lhx509 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \ -- "-lgss -lkrb5" -+ "$($KRB5CONFIG gssapi --libs)"; \ - do -- # Note that this does not include $saved_libs, because -- # on FreeBSD machines this configure script has added -- # -L/usr/local/lib to LIBS, which can make the -- # -lgssapi_krb5 test succeed with shared libraries even -- # when you are trying to build with KTH in /usr/lib. -- if test "/usr" = "$use_gssapi" -- then -- LIBS="$TRY_LIBS" -- else -- LIBS="-L$use_gssapi/lib $TRY_LIBS" -- fi -+ LIBS="$TRY_LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5 - $as_echo_n "checking linking as $TRY_LIBS... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -@@ -14450,47 +14432,7 @@ $as_echo "no" >&6; } ;; - no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;; - esac - -- # -- # XXXDCL Major kludge. Tries to cope with KTH in /usr/lib -- # but MIT in /usr/local/lib and trying to build with KTH. -- # /usr/local/lib can end up earlier on the link lines. -- # Like most kludges, this one is not only inelegant it -- # is also likely to be the wrong thing to do at least as -- # many times as it is the right thing. Something better -- # needs to be done. -- # -- if test "/usr" = "$use_gssapi" -a \ -- -f /usr/local/lib/libkrb5.a; then -- FIX_KTH_VS_MIT=yes -- fi -- -- case "$FIX_KTH_VS_MIT" in -- yes) -- case "$enable_static_linking" in -- yes) gssapi_lib_suffix=".a" ;; -- *) gssapi_lib_suffix=".so" ;; -- esac -- -- for lib in $LIBS; do -- case $lib in -- -L*) -- ;; -- -l*) -- new_lib=`echo $lib | -- sed -e s%^-l%$use_gssapi/lib/lib% \ -- -e s%$%$gssapi_lib_suffix%` -- NEW_LIBS="$NEW_LIBS $new_lib" -- ;; -- *) -- as_fn_error $? "KTH vs MIT Kerberos confusion!" "$LINENO" 5 -- ;; -- esac -- done -- LIBS="$NEW_LIBS" -- ;; -- esac -- -- DST_GSSAPI_INC="-I$use_gssapi/include" -+ DST_GSSAPI_INC="$($KRB5CONFIG gssapi --cflags)" - DNS_GSSAPI_LIBS="$LIBS" - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5 -@@ -22349,7 +22291,7 @@ $as_echo "" >&6; } - # Check other locations for includes. - # Order is important (sigh). - -- bdb_incdirs="/db53 /db51 /db48 /db47 /db46 /db45 /db44 /db43 /db42 /db41 /db4 /db" -+ bdb_incdirs="/db6 /db5 /db48" - # include a blank element first - for d in "" $bdb_incdirs - do diff --git a/dns/bind910/files/pkg-message.in b/dns/bind910/files/pkg-message.in deleted file mode 100644 index a1bfad91fb81..000000000000 --- a/dns/bind910/files/pkg-message.in +++ /dev/null @@ -1,23 +0,0 @@ -********************************************************************** -* _ _____ _____ _____ _ _ _____ ___ ___ _ _ * -* / \|_ _|_ _| ____| \ | |_ _|_ _/ _ \| \ | | * -* / _ \ | | | | | _| | \| | | | | | | | | \| | * -* / ___ \| | | | | |___| |\ | | | | | |_| | |\ | * -* /_/ \_\_| |_| |_____|_| \_| |_| |___\___/|_| \_| * -* * -* BIND requires configuration of rndc, including a "secret" key. * -* The easiest, and most secure way to configure rndc is to run * -* 'rndc-confgen -a' to generate the proper conf file, with a new * -* random key, and appropriate file permissions. * -* * -* The %%PREFIX%%/etc/rc.d/named script will do that for you. * -* * -* If using syslog to log the BIND9 activity, and using a * -* chroot'ed installation, you will need to tell syslog to * -* install a log socket in the BIND9 chroot by running: * -* * -* # sysrc altlog_proglist+=named * -* * -* And then restarting syslogd with: service syslogd restart * -* * -********************************************************************** diff --git a/dns/bind910/pkg-descr b/dns/bind910/pkg-descr deleted file mode 100644 index c1b342a73548..000000000000 --- a/dns/bind910/pkg-descr +++ /dev/null @@ -1,15 +0,0 @@ -BIND version 9 is a major rewrite of nearly all aspects of the underlying BIND -architecture. Some of the important features of BIND 9 are: - -DNS Security: DNSSEC (signed zones), TSIG (signed DNS requests) -IP version 6: Answers DNS queries on IPv6 sockets, IPv6 resource records (AAAA) - Experimental IPv6 Resolver Library -DNS Protocol Enhancements: IXFR, DDNS, Notify, EDNS0 - Improved standards conformance -Views: One server process can provide multiple "views" of the DNS namespace, - e.g. an "inside" view to certain clients, and an "outside" view to others. -Multiprocessor Support - -See the CHANGES file for more information on new features. - -WWW: https://www.isc.org/software/bind diff --git a/dns/bind910/pkg-help b/dns/bind910/pkg-help deleted file mode 100644 index 5539e5745c0e..000000000000 --- a/dns/bind910/pkg-help +++ /dev/null @@ -1,28 +0,0 @@ - NATIVE_PKCS11 -When using the NATIVE_PKCS11 option, BIND will use the PKCS#11 -engine specified by the named_pkcss11_engine variable in -/etc/rc.conf for *all* crypto operations. - -This is primarily intended to be used in an authoritative -case. - -If BIND is also operating as a validating resolver, -NATIVE_PKCS11 should not be used, because the HSM will be -used for all crypto, including DNSSEC validations, and the -HSM is likely to be slower than the CPU for this purpose. -Additionally, the HSM might not support all of the PKCS#11 -API functions needed for signature verification. - - - START_LATE -Most of the time, BIND needs to start early in the boot -process. Enable this if BIND starts too early for you and -you need it to start later. - - - TUNING_LARGE - https://kb.isc.org/article/AA-01314/0 -Tunes certain compiled-in constants and default settings to -values better suited to large servers with 12/16GB+ of memory. -This can improve performance on such servers, but will consume -more memory and may degrade performance on smaller systems. diff --git a/dns/bind910/pkg-plist b/dns/bind910/pkg-plist deleted file mode 100644 index 7186e8159f8c..000000000000 --- a/dns/bind910/pkg-plist +++ /dev/null @@ -1,427 +0,0 @@ -bin/arpaname -bin/bind9-config -bin/delv -bin/dig -bin/host -bin/isc-config.sh -bin/named-rrchecker -bin/nslookup -bin/nsupdate -@sample etc/mtree/BIND.chroot.dist.sample -@sample etc/mtree/BIND.chroot.local.dist.sample -%%ETCDIR%%/bind.keys -%%ETCDIR%%/master/empty.db -%%ETCDIR%%/master/localhost-forward.db -%%ETCDIR%%/master/localhost-reverse.db -@sample %%ETCDIR%%/named.conf.sample -%%ETCDIR%%/named.root -%%ETCDIR%%/rndc.conf.sample -include/bind9/check.h -include/bind9/getaddresses.h -include/bind9/version.h -include/dns/acache.h -include/dns/acl.h -include/dns/adb.h -include/dns/bit.h -include/dns/byaddr.h -include/dns/cache.h -include/dns/callbacks.h -include/dns/cert.h -include/dns/client.h -include/dns/clientinfo.h -include/dns/compress.h -include/dns/db.h -include/dns/dbiterator.h -include/dns/dbtable.h -include/dns/diff.h -include/dns/dispatch.h -include/dns/dlz.h -include/dns/dlz_dlopen.h -include/dns/dns64.h -include/dns/dnssec.h -include/dns/ds.h -include/dns/dsdigest.h -include/dns/ecdb.h -include/dns/enumclass.h -include/dns/enumtype.h -include/dns/events.h -include/dns/fixedname.h -include/dns/forward.h -include/dns/geoip.h -include/dns/iptable.h -include/dns/journal.h -include/dns/keydata.h -include/dns/keyflags.h -include/dns/keytable.h -include/dns/keyvalues.h -include/dns/lib.h -include/dns/log.h -include/dns/lookup.h -include/dns/master.h -include/dns/masterdump.h -include/dns/message.h -include/dns/name.h -include/dns/ncache.h -include/dns/nsec.h -include/dns/nsec3.h -include/dns/opcode.h -include/dns/order.h -include/dns/peer.h -include/dns/portlist.h -include/dns/private.h -include/dns/rbt.h -include/dns/rcode.h -include/dns/rdata.h -include/dns/rdataclass.h -include/dns/rdatalist.h -include/dns/rdataset.h -include/dns/rdatasetiter.h -include/dns/rdataslab.h -include/dns/rdatastruct.h -include/dns/rdatatype.h -include/dns/request.h -include/dns/resolver.h -include/dns/result.h -include/dns/rootns.h -include/dns/rpz.h -include/dns/rriterator.h -include/dns/rrl.h -include/dns/sdb.h -include/dns/sdlz.h -include/dns/secalg.h -include/dns/secproto.h -include/dns/soa.h -include/dns/ssu.h -include/dns/stats.h -include/dns/tcpmsg.h -include/dns/time.h -include/dns/timer.h -include/dns/tkey.h -include/dns/tsec.h -include/dns/tsig.h -include/dns/ttl.h -include/dns/types.h -include/dns/update.h -include/dns/validator.h -include/dns/version.h -include/dns/view.h -include/dns/xfrin.h -include/dns/zone.h -include/dns/zonekey.h -include/dns/zt.h -include/dst/dst.h -include/dst/gssapi.h -include/dst/lib.h -include/dst/result.h -include/irs/context.h -include/irs/dnsconf.h -include/irs/netdb.h -include/irs/platform.h -include/irs/resconf.h -include/irs/types.h -include/irs/version.h -include/isc/aes.h -include/isc/app.h -include/isc/assertions.h -include/isc/atomic.h -include/isc/backtrace.h -include/isc/base32.h -include/isc/base64.h -include/isc/bind9.h -include/isc/boolean.h -include/isc/buffer.h -include/isc/bufferlist.h -include/isc/commandline.h -include/isc/condition.h -include/isc/counter.h -include/isc/crc64.h -include/isc/dir.h -include/isc/entropy.h -include/isc/errno.h -include/isc/error.h -include/isc/event.h -include/isc/eventclass.h -include/isc/file.h -include/isc/formatcheck.h -include/isc/fsaccess.h -include/isc/hash.h -include/isc/heap.h -include/isc/hex.h -include/isc/hmacmd5.h -include/isc/hmacsha.h -include/isc/httpd.h -include/isc/int.h -include/isc/interfaceiter.h -include/isc/iterated_hash.h -include/isc/json.h -include/isc/keyboard.h -include/isc/lang.h -include/isc/lex.h -include/isc/lfsr.h -include/isc/lib.h -include/isc/likely.h -include/isc/list.h -include/isc/log.h -include/isc/magic.h -include/isc/md5.h -include/isc/mem.h -include/isc/msgcat.h -include/isc/msgs.h -include/isc/mutex.h -include/isc/mutexblock.h -include/isc/net.h -include/isc/netaddr.h -include/isc/netdb.h -include/isc/netscope.h -include/isc/offset.h -include/isc/once.h -include/isc/ondestroy.h -include/isc/os.h -include/isc/parseint.h -include/isc/platform.h -include/isc/pool.h -include/isc/portset.h -include/isc/print.h -include/isc/queue.h -include/isc/quota.h -include/isc/radix.h -include/isc/random.h -include/isc/ratelimiter.h -include/isc/refcount.h -include/isc/regex.h -include/isc/region.h -include/isc/resource.h -include/isc/result.h -include/isc/resultclass.h -include/isc/rwlock.h -include/isc/safe.h -include/isc/serial.h -include/isc/sha1.h -include/isc/sha2.h -include/isc/sockaddr.h -include/isc/socket.h -include/isc/stat.h -include/isc/stats.h -include/isc/stdio.h -include/isc/stdlib.h -include/isc/stdtime.h -include/isc/strerror.h -include/isc/string.h -include/isc/symtab.h -include/isc/syslog.h -include/isc/task.h -include/isc/taskpool.h -include/isc/thread.h -include/isc/time.h -include/isc/timer.h -include/isc/tm.h -include/isc/types.h -include/isc/util.h -include/isc/version.h -include/isc/xml.h -include/isccc/alist.h -include/isccc/base64.h -include/isccc/cc.h -include/isccc/ccmsg.h -include/isccc/events.h -include/isccc/lib.h -include/isccc/result.h -include/isccc/sexpr.h -include/isccc/symtab.h -include/isccc/symtype.h -include/isccc/types.h -include/isccc/util.h -include/isccc/version.h -include/isccfg/aclconf.h -include/isccfg/cfg.h -include/isccfg/dnsconf.h -include/isccfg/grammar.h -include/isccfg/log.h -include/isccfg/namedconf.h -include/isccfg/version.h -include/lwres/context.h -include/lwres/int.h -include/lwres/ipv6.h -include/lwres/lang.h -include/lwres/list.h -include/lwres/lwbuffer.h -include/lwres/lwpacket.h -include/lwres/lwres.h -include/lwres/net.h -include/lwres/netdb.h -include/lwres/platform.h -include/lwres/result.h -include/lwres/stdlib.h -include/lwres/string.h -include/lwres/version.h -include/pk11/constants.h -include/pk11/internal.h -include/pk11/pk11.h -include/pk11/result.h -include/pk11/site.h -include/pkcs11/cryptoki.h -include/pkcs11/eddsa.h -include/pkcs11/pkcs11.h -include/pkcs11/pkcs11f.h -include/pkcs11/pkcs11t.h -lib/libbind9.a -lib/libdns.a -lib/libirs.a -lib/libisc.a -lib/libisccc.a -lib/libisccfg.a -lib/liblwres.a -man/man1/arpaname.1.gz -man/man1/bind9-config.1.gz -man/man1/delv.1.gz -man/man1/dig.1.gz -man/man1/host.1.gz -man/man1/isc-config.sh.1.gz -man/man1/named-rrchecker.1.gz -man/man1/nslookup.1.gz -man/man1/nsupdate.1.gz -man/man3/lwres.3.gz -man/man3/lwres_addr_parse.3.gz -man/man3/lwres_buffer.3.gz -man/man3/lwres_buffer_add.3.gz -man/man3/lwres_buffer_back.3.gz -man/man3/lwres_buffer_clear.3.gz -man/man3/lwres_buffer_first.3.gz -man/man3/lwres_buffer_forward.3.gz -man/man3/lwres_buffer_getmem.3.gz -man/man3/lwres_buffer_getuint16.3.gz -man/man3/lwres_buffer_getuint32.3.gz -man/man3/lwres_buffer_getuint8.3.gz -man/man3/lwres_buffer_init.3.gz -man/man3/lwres_buffer_invalidate.3.gz -man/man3/lwres_buffer_putmem.3.gz -man/man3/lwres_buffer_putuint16.3.gz -man/man3/lwres_buffer_putuint32.3.gz -man/man3/lwres_buffer_putuint8.3.gz -man/man3/lwres_buffer_subtract.3.gz -man/man3/lwres_conf_clear.3.gz -man/man3/lwres_conf_get.3.gz -man/man3/lwres_conf_init.3.gz -man/man3/lwres_conf_parse.3.gz -man/man3/lwres_conf_print.3.gz -man/man3/lwres_config.3.gz -man/man3/lwres_context.3.gz -man/man3/lwres_context_allocmem.3.gz -man/man3/lwres_context_create.3.gz -man/man3/lwres_context_destroy.3.gz -man/man3/lwres_context_freemem.3.gz -man/man3/lwres_context_initserial.3.gz -man/man3/lwres_context_nextserial.3.gz -man/man3/lwres_context_sendrecv.3.gz -man/man3/lwres_endhostent.3.gz -man/man3/lwres_endhostent_r.3.gz -man/man3/lwres_freeaddrinfo.3.gz -man/man3/lwres_freehostent.3.gz -man/man3/lwres_gabn.3.gz -man/man3/lwres_gabnrequest_free.3.gz -man/man3/lwres_gabnrequest_parse.3.gz -man/man3/lwres_gabnrequest_render.3.gz -man/man3/lwres_gabnresponse_free.3.gz -man/man3/lwres_gabnresponse_parse.3.gz -man/man3/lwres_gabnresponse_render.3.gz -man/man3/lwres_gai_strerror.3.gz -man/man3/lwres_getaddrinfo.3.gz -man/man3/lwres_getaddrsbyname.3.gz -man/man3/lwres_gethostbyaddr.3.gz -man/man3/lwres_gethostbyaddr_r.3.gz -man/man3/lwres_gethostbyname.3.gz -man/man3/lwres_gethostbyname2.3.gz -man/man3/lwres_gethostbyname_r.3.gz -man/man3/lwres_gethostent.3.gz -man/man3/lwres_gethostent_r.3.gz -man/man3/lwres_getipnode.3.gz -man/man3/lwres_getipnodebyaddr.3.gz -man/man3/lwres_getipnodebyname.3.gz -man/man3/lwres_getnamebyaddr.3.gz -man/man3/lwres_getnameinfo.3.gz -man/man3/lwres_getrrsetbyname.3.gz -man/man3/lwres_gnba.3.gz -man/man3/lwres_gnbarequest_free.3.gz -man/man3/lwres_gnbarequest_parse.3.gz -man/man3/lwres_gnbarequest_render.3.gz -man/man3/lwres_gnbaresponse_free.3.gz -man/man3/lwres_gnbaresponse_parse.3.gz -man/man3/lwres_gnbaresponse_render.3.gz -man/man3/lwres_herror.3.gz -man/man3/lwres_hstrerror.3.gz -man/man3/lwres_inetntop.3.gz -man/man3/lwres_lwpacket_parseheader.3.gz -man/man3/lwres_lwpacket_renderheader.3.gz -man/man3/lwres_net_ntop.3.gz -man/man3/lwres_noop.3.gz -man/man3/lwres_nooprequest_free.3.gz -man/man3/lwres_nooprequest_parse.3.gz -man/man3/lwres_nooprequest_render.3.gz -man/man3/lwres_noopresponse_free.3.gz -man/man3/lwres_noopresponse_parse.3.gz -man/man3/lwres_noopresponse_render.3.gz -man/man3/lwres_packet.3.gz -man/man3/lwres_resutil.3.gz -man/man3/lwres_sethostent.3.gz -man/man3/lwres_sethostent_r.3.gz -man/man3/lwres_string_parse.3.gz -man/man5/named.conf.5.gz -man/man5/rndc.conf.5.gz -man/man8/ddns-confgen.8.gz -%%PYTHON%%man/man8/dnssec-checkds.8.gz -%%PYTHON%%man/man8/dnssec-coverage.8.gz -man/man8/dnssec-dsfromkey.8.gz -man/man8/dnssec-importkey.8.gz -man/man8/dnssec-keyfromlabel.8.gz -man/man8/dnssec-keygen.8.gz -man/man8/dnssec-revoke.8.gz -man/man8/dnssec-settime.8.gz -man/man8/dnssec-signzone.8.gz -man/man8/dnssec-verify.8.gz -man/man8/genrandom.8.gz -man/man8/isc-hmac-fixup.8.gz -man/man8/lwresd.8.gz -man/man8/named-checkconf.8.gz -man/man8/named-checkzone.8.gz -man/man8/named-compilezone.8.gz -man/man8/named-journalprint.8.gz -man/man8/named.8.gz -man/man8/nsec3hash.8.gz -%%NATIVE_PKCS11%%man/man8/pkcs11-destroy.8.gz -%%NATIVE_PKCS11%%man/man8/pkcs11-keygen.8.gz -%%NATIVE_PKCS11%%man/man8/pkcs11-list.8.gz -%%NATIVE_PKCS11%%man/man8/pkcs11-tokens.8.gz -man/man8/rndc-confgen.8.gz -man/man8/rndc.8.gz -man/man8/tsig-keygen.8.gz -sbin/ddns-confgen -%%PYTHON%%sbin/dnssec-checkds -%%PYTHON%%sbin/dnssec-coverage -sbin/dnssec-dsfromkey -sbin/dnssec-importkey -sbin/dnssec-keyfromlabel -sbin/dnssec-keygen -sbin/dnssec-revoke -sbin/dnssec-settime -sbin/dnssec-signzone -sbin/dnssec-verify -sbin/genrandom -sbin/isc-hmac-fixup -sbin/lwresd -sbin/named -sbin/named-checkconf -sbin/named-checkzone -sbin/named-compilezone -sbin/named-journalprint -sbin/nsec3hash -%%NATIVE_PKCS11%%sbin/pkcs11-destroy -%%NATIVE_PKCS11%%sbin/pkcs11-keygen -%%NATIVE_PKCS11%%sbin/pkcs11-list -%%NATIVE_PKCS11%%sbin/pkcs11-tokens -sbin/rndc -sbin/rndc-confgen -sbin/tsig-keygen -@dir(bind,bind,) %%ETCDIR%%/dynamic -@dir %%ETCDIR%%/master -@dir(bind,bind,) %%ETCDIR%%/slave -@dir(bind,bind,) %%ETCDIR%%/working diff --git a/dns/bind99/Makefile b/dns/bind99/Makefile deleted file mode 100644 index 61367c3f23e4..000000000000 --- a/dns/bind99/Makefile +++ /dev/null @@ -1,224 +0,0 @@ -# $FreeBSD$ -# pkg-help formatted with fmt 59 63 - -PORTNAME= bind -PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/} -PORTREVISION= 2 -CATEGORIES= dns net ipv6 -MASTER_SITES= ISC/bind9/${ISCVERSION} -PKGNAMESUFFIX= 99 -DISTNAME= ${PORTNAME}-${ISCVERSION} - -MAINTAINER= mat@FreeBSD.org -COMMENT= BIND DNS suite with updated DNSSEC and DNS64 - -LICENSE= ISCL -LICENSE_FILE= ${WRKSRC}/COPYRIGHT - -DEPRECATED= Going out of support, please migrate to dns/bind911 -EXPIRATION_DATE= 2018-06-30 - -# ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.9.12 - -USES= cpe libedit - -CPE_VENDOR= isc -CPE_VERSION= ${ISCVERSION:C/-.*//} -.if ${ISCVERSION:M*-*} -CPE_UPDATE= ${ISCVERSION:C/.*-//:tl} -.endif - -LIB_DEPENDS= libxml2.so:textproc/libxml2 - -GNU_CONFIGURE= yes -CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \ - --disable-symtable \ - --with-randomdev=/dev/random \ - --with-libxml2=${LOCALBASE} \ - --with-readline="-L${LOCALBASE}/lib -ledit" \ - --with-dlopen=yes \ - --sysconfdir=${ETCDIR} -ETCDIR= ${PREFIX}/etc/namedb - -CONFLICTS= bind-tools bind9-devel bind910 bind911 bind912 bind913 - -SUB_FILES= pkg-message named.conf -USE_RC_SUBR= named - -MAKE_JOBS_UNSAFE= yes - -PORTDOCS= * - -OPTIONS_DEFAULT= SSL THREADS SIGCHASE IDN GSSAPI_NONE RRL DLZ_FILESYSTEM \ - RPZ_NSIP RPZ_NSDNAME PYTHON FILTER_AAAA -OPTIONS_DEFINE= SSL IDN LARGE_FILE FIXED_RRSET SIGCHASE \ - IPV6 THREADS FILTER_AAAA GOST PYTHON START_LATE MINCACHE \ - RPZ_NSIP RPZ_NSDNAME RRL DOCS NEWSTATS \ - PORTREVISION FETCHLIMIT QUERYTRACE -OPTIONS_GROUP= DLZ -OPTIONS_GROUP_DLZ= DLZ_POSTGRESQL DLZ_MYSQL DLZ_BDB \ - DLZ_LDAP DLZ_FILESYSTEM DLZ_STUB -OPTIONS_SINGLE= GSSAPI -OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE - -OPTIONS_SUB= yes - -DLZ_BDB_DESC= DLZ BDB driver -DLZ_DESC= Dynamically Loadable Zones -DLZ_FILESYSTEM_DESC= DLZ filesystem driver -DLZ_LDAP_DESC= DLZ LDAP driver -DLZ_MYSQL_DESC= DLZ MySQL driver (no threading) -DLZ_POSTGRESQL_DESC= DLZ Postgres driver -DLZ_STUB_DESC= DLZ stub driver -FETCHLIMIT_DESC= Enable the query quotas for resolvers -FILTER_AAAA_DESC= Enable filtering of AAAA records -FIXED_RRSET_DESC= Enable fixed rrset ordering -GOST_DESC= Enable GOST ciphers, needs SSL -GSSAPI_BASE_DESC= ${GSSAPI_DESC} (Heimdal in base) -GSSAPI_HEIMDAL_DESC= ${GSSAPI_DESC} (security/heimdal) -GSSAPI_MIT_DESC= ${GSSAPI_DESC} (security/krb5) -GSSAPI_NONE_DESC= No ${GSSAPI_DESC} -LARGE_FILE_DESC= 64-bit file support -MINCACHE_DESC= Use the mincachettl patch -NEWSTATS_DESC= Enable alternate xml statistics channel format -PORTREVISION_DESC= Show PORTREVISION in the version string -PYTHON_DESC= Build with Python utilities -QUERYTRACE_DESC= Enable the very verbose query tracelogging -RPZ_NSDNAME_DESC= Enable RPZ NSDNAME policy records -RPZ_NSIP_DESC= Enable RPZ NSIP trigger rules -RRL_DESC= Response Rate Limiting -SIGCHASE_DESC= dig/host/nslookup will do DNSSEC validation -SSL_DESC= Build with OpenSSL (Required for DNSSEC) -START_LATE_DESC= Start BIND late in the boot process (see help) - -DLZ_BDB_CONFIGURE_ON= --with-dlz-bdb=yes -DLZ_BDB_USES= bdb - -DLZ_FILESYSTEM_CONFIGURE_ON= --with-dlz-filesystem=yes - -DLZ_LDAP_CONFIGURE_ON= --with-dlz-ldap=yes -DLZ_LDAP_USE= openldap=yes - -DLZ_MYSQL_CONFIGURE_ON= --with-dlz-mysql=yes -DLZ_MYSQL_PREVENTS= THREADS -DLZ_MYSQL_USES= mysql - -DLZ_POSTGRESQL_CONFIGURE_ON= --with-dlz-postgres=yes -DLZ_POSTGRESQL_USES= pgsql - -DLZ_STUB_CONFIGURE_ON= --with-dlz-stub=yes - -FETCHLIMIT_CONFIGURE_ENABLE= fetchlimit - -FILTER_AAAA_CONFIGURE_ENABLE= filter-aaaa - -FIXED_RRSET_CONFIGURE_ENABLE= fixed-rrset - -GOST_CONFIGURE_WITH= gost - -GSSAPI_BASE_CONFIGURE_ON= \ - --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" -GSSAPI_BASE_USES= gssapi - -GSSAPI_HEIMDAL_CONFIGURE_ON= \ - --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" -GSSAPI_HEIMDAL_USES= gssapi:heimdal - -GSSAPI_MIT_CONFIGURE_ON= \ - --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" -GSSAPI_MIT_USES= gssapi:mit - -GSSAPI_NONE_CONFIGURE_ON= --without-gssapi - -IDN_CONFIGURE_OFF= --without-idn -IDN_CONFIGURE_ON= --with-idn=${LOCALBASE} ${ICONV_CONFIGURE_BASE} -IDN_LIB_DEPENDS= libidnkit.so:dns/idnkit -IDN_USES= iconv - -IPV6_CONFIGURE_ENABLE= ipv6 - -LARGE_FILE_CONFIGURE_ENABLE= largefile - -MINCACHE_EXTRA_PATCHES= ${FILESDIR}/extrapatch-bind-min-override-ttl - -NEWSTATS_CONFIGURE_ENABLE= newstats - -PYTHON_CONFIGURE_WITH= python=${PYTHON_CMD} -PYTHON_USES= python - -QUERYTRACE_CONFIGURE_ENABLE= querytrace - -RPZ_NSDNAME_CONFIGURE_ENABLE= rpz-nsdname - -RPZ_NSIP_CONFIGURE_ENABLE= rpz-nsip - -RRL_CONFIGURE_ENABLE= rrl - -SIGCHASE_CONFIGURE_ON= STD_CDEFINES="-DDIG_SIGCHASE=1" - -SSL_CONFIGURE_OFF= --disable-openssl-version-check --without-openssl -SSL_CONFIGURE_ON= --with-openssl=${OPENSSLBASE} -SSL_USES= ssl - -START_LATE_SUB_LIST= NAMED_REQUIRE="SERVERS cleanvar" \ - NAMED_BEFORE="LOGIN" -START_LATE_SUB_LIST_OFF=NAMED_REQUIRE="NETWORKING ldconfig syslogd" \ - NAMED_BEFORE="SERVERS" - -THREADS_CONFIGURE_ENABLE= threads - -.include <bsd.port.pre.mk> - -.if ( ${PORT_OPTIONS:MGOST} ) && ${SSL_DEFAULT} == base -BROKEN= OpenSSL from the base system does not support GOST, add \ - DEFAULT_VERSIONS+=ssl=openssl to your /etc/make.conf and rebuild everything \ - that needs SSL. -.endif - -post-patch: -.for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.1 \ - rndc/rndc.8 - @${REINPLACE_CMD} -e 's#/etc/named.conf#${ETCDIR}/named.conf#g' \ - -e 's#/etc/rndc.conf#${ETCDIR}/rndc.conf#g' \ - -e "s#/var\/run\/named\/named.pid#/var/run/named/pid#" \ - ${WRKSRC}/bin/${FILE} -.endfor - -.if ${PORTREVISION:N0} -post-patch-PORTREVISION-on: - @${REINPLACE_CMD} -e '/EXTENSIONS/s#=$$#=_${PORTREVISION}#' \ - ${WRKSRC}/version -.endif - -post-configure: - @${REINPLACE_CMD} -e '/^SO_LDFLAGS/s/-Wl,-rpath,/-rpath /' ${WRKSRC}/bin/tests/system/dlzexternal/Makefile - -post-install: - ${MKDIR} ${STAGEDIR}${PREFIX}/etc/mtree - ${MKDIR} ${STAGEDIR}${ETCDIR} -.for i in dynamic master slave working - @${MKDIR} ${STAGEDIR}${ETCDIR}/$i -.endfor - ${INSTALL_DATA} ${WRKDIR}/named.conf ${STAGEDIR}${ETCDIR}/named.conf.sample - ${INSTALL_DATA} ${FILESDIR}/named.root ${STAGEDIR}${ETCDIR} - ${INSTALL_DATA} ${FILESDIR}/empty.db ${STAGEDIR}${ETCDIR}/master - ${INSTALL_DATA} ${FILESDIR}/localhost-forward.db ${STAGEDIR}${ETCDIR}/master - ${INSTALL_DATA} ${FILESDIR}/localhost-reverse.db ${STAGEDIR}${ETCDIR}/master - ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.dist ${STAGEDIR}${PREFIX}/etc/mtree/BIND.chroot.dist.sample - ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.local.dist ${STAGEDIR}${PREFIX}/etc/mtree/BIND.chroot.local.dist.sample - ${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \ - ${STAGEDIR}${ETCDIR}/rndc.conf.sample - -post-install-DOCS-on: - ${MKDIR} ${STAGEDIR}${DOCSDIR}/arm - ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm - ${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR} - ${INSTALL_DATA} ${WRKSRC}/CHANGES ${WRKSRC}/FAQ* \ - ${WRKSRC}/HISTORY* ${WRKSRC}/README* ${STAGEDIR}${DOCSDIR} - -# Can't use USE_PYTHON=autoplist -post-install-PYTHON-on: - @${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -type f | ${SED} -e 's|${STAGEDIR}||' >> ${TMPPLIST} - -.include <bsd.port.post.mk> diff --git a/dns/bind99/distinfo b/dns/bind99/distinfo deleted file mode 100644 index 8efc02e730cb..000000000000 --- a/dns/bind99/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -TIMESTAMP = 1521455029 -SHA256 (bind-9.9.12.tar.gz) = 9e39dcd35320c2aeb260a45037ac57c97c964e717d10e3c9f74ff4472f939761 -SIZE (bind-9.9.12.tar.gz) = 8694636 diff --git a/dns/bind99/files/BIND.chroot.dist b/dns/bind99/files/BIND.chroot.dist deleted file mode 100644 index c3863a6a4e7b..000000000000 --- a/dns/bind99/files/BIND.chroot.dist +++ /dev/null @@ -1,24 +0,0 @@ -# $FreeBSD$ -# -# mtree -deU -f files/BIND.chroot.dist -p tmp -# mtree -cjnb -k uname,gname,mode -p tmp - -/set type=file uname=root gname=wheel mode=0755 -. type=dir - dev type=dir mode=0555 - .. - etc type=dir - .. -/set type=file uname=bind gname=bind mode=0755 - var type=dir uname=root gname=wheel - dump type=dir - .. - log type=dir - .. - run type=dir - named type=dir - .. - .. - stats type=dir - .. - .. diff --git a/dns/bind99/files/BIND.chroot.local.dist b/dns/bind99/files/BIND.chroot.local.dist deleted file mode 100644 index 53b36a87c082..000000000000 --- a/dns/bind99/files/BIND.chroot.local.dist +++ /dev/null @@ -1,20 +0,0 @@ -# $FreeBSD$ -# -# mtree -deU -f files/BIND.etc.dist -p tmp -# mtree -cjnb -k uname,gname,mode -p tmp - -/set type=file uname=root gname=wheel mode=0755 -. type=dir - etc type=dir -/set type=file uname=bind gname=wheel mode=0755 - namedb type=dir uname=root - dynamic type=dir - .. - master type=dir uname=root - .. - slave type=dir - .. - working type=dir - .. - .. - .. diff --git a/dns/bind99/files/empty.db b/dns/bind99/files/empty.db deleted file mode 100644 index 070f6634825a..000000000000 --- a/dns/bind99/files/empty.db +++ /dev/null @@ -1,11 +0,0 @@ - -; $FreeBSD$ - -$TTL 3h -@ SOA @ nobody.localhost. 42 1d 12h 1w 3h - ; Serial, Refresh, Retry, Expire, Neg. cache TTL - -@ NS @ - -; Silence a BIND warning -@ A 127.0.0.1 diff --git a/dns/bind99/files/extrapatch-bind-min-override-ttl b/dns/bind99/files/extrapatch-bind-min-override-ttl deleted file mode 100644 index 5f31b9b89d9e..000000000000 --- a/dns/bind99/files/extrapatch-bind-min-override-ttl +++ /dev/null @@ -1,78 +0,0 @@ ---- bin/named/config.c.orig 2018-01-24 21:11:07 UTC -+++ bin/named/config.c -@@ -154,11 +154,13 @@ options {\n\ - max-ncache-ttl 10800; /* 3 hours */\n\ - max-recursion-depth 7;\n\ - max-recursion-queries 50;\n\ -+ min-cache-ttl 0; /* no minimal, zero is allowed */\n\ - min-roots 2;\n\ - minimal-responses false;\n\ - notify-source *;\n\ - notify-source-v6 *;\n\ - nsec3-test-zone no;\n\ -+ override-cache-ttl 0; /* do not override */\n\ - provide-ixfr true;\n\ - query-source address *;\n\ - query-source-v6 address *;\n\ ---- bin/named/server.c.orig 2018-01-24 21:11:07 UTC -+++ bin/named/server.c -@@ -2611,6 +2611,16 @@ configure_view(dns_view_t *view, cfg_obj - } - - obj = NULL; -+ result = ns_config_get(maps, "override-cache-ttl", &obj); -+ INSIST(result == ISC_R_SUCCESS); -+ view->overridecachettl = cfg_obj_asuint32(obj); -+ -+ obj = NULL; -+ result = ns_config_get(maps, "min-cache-ttl", &obj); -+ INSIST(result == ISC_R_SUCCESS); -+ view->mincachettl = cfg_obj_asuint32(obj); -+ -+ obj = NULL; - result = ns_config_get(maps, "max-cache-ttl", &obj); - INSIST(result == ISC_R_SUCCESS); - view->maxcachettl = cfg_obj_asuint32(obj); ---- lib/dns/include/dns/view.h.orig 2018-01-24 21:11:07 UTC -+++ lib/dns/include/dns/view.h -@@ -148,6 +148,8 @@ struct dns_view { - isc_boolean_t provideixfr; - isc_boolean_t requestnsid; - dns_ttl_t maxcachettl; -+ dns_ttl_t mincachettl; -+ dns_ttl_t overridecachettl; - dns_ttl_t maxncachettl; - in_port_t dstport; - dns_aclenv_t aclenv; ---- lib/dns/resolver.c.orig 2018-01-24 21:11:07 UTC -+++ lib/dns/resolver.c -@@ -5153,6 +5153,18 @@ cache_name(fetchctx_t *fctx, dns_name_t - } - - /* -+ * Enforce the configure cache TTL override. -+ */ -+ if (res->view->overridecachettl) -+ rdataset->ttl = res->view->overridecachettl; -+ -+ /* -+ * Enforce the configure minimum cache TTL. -+ */ -+ if (rdataset->ttl < res->view->mincachettl) -+ rdataset->ttl = res->view->mincachettl; -+ -+ /* - * Enforce the configure maximum cache TTL. - */ - if (rdataset->ttl > res->view->maxcachettl) { ---- lib/isccfg/namedconf.c.orig 2018-01-24 21:11:07 UTC -+++ lib/isccfg/namedconf.c -@@ -1487,6 +1487,8 @@ view_clauses[] = { - { "lame-ttl", &cfg_type_uint32, 0 }, - { "max-acache-size", &cfg_type_sizenodefault, 0 }, - { "max-cache-size", &cfg_type_sizenodefault, 0 }, -+ { "override-cache-ttl", &cfg_type_uint32, 0 }, -+ { "min-cache-ttl", &cfg_type_uint32, 0 }, - { "max-cache-ttl", &cfg_type_uint32, 0 }, - { "max-clients-per-query", &cfg_type_uint32, 0 }, - { "max-ncache-ttl", &cfg_type_uint32, 0 }, diff --git a/dns/bind99/files/localhost-forward.db b/dns/bind99/files/localhost-forward.db deleted file mode 100644 index 9156d2f09978..000000000000 --- a/dns/bind99/files/localhost-forward.db +++ /dev/null @@ -1,11 +0,0 @@ - -; $FreeBSD$ - -$TTL 3h -localhost. SOA localhost. nobody.localhost. 42 1d 12h 1w 3h - ; Serial, Refresh, Retry, Expire, Neg. cache TTL - - NS localhost. - - A 127.0.0.1 - AAAA ::1 diff --git a/dns/bind99/files/localhost-reverse.db b/dns/bind99/files/localhost-reverse.db deleted file mode 100644 index ceabe059ba77..000000000000 --- a/dns/bind99/files/localhost-reverse.db +++ /dev/null @@ -1,13 +0,0 @@ - -; $FreeBSD$ - -$TTL 3h -@ SOA localhost. nobody.localhost. 42 1d 12h 1w 3h - ; Serial, Refresh, Retry, Expire, Neg. cache TTL - - NS localhost. - -1.0.0 PTR localhost. - -1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR localhost. - diff --git a/dns/bind99/files/named.conf.in b/dns/bind99/files/named.conf.in deleted file mode 100644 index 2d23a6592fae..000000000000 --- a/dns/bind99/files/named.conf.in +++ /dev/null @@ -1,380 +0,0 @@ -// $FreeBSD$ -// -// Refer to the named.conf(5) and named(8) man pages, and the documentation -// in /usr/local/share/doc/bind for more details. -// -// If you are going to set up an authoritative server, make sure you -// understand the hairy details of how DNS works. Even with -// simple mistakes, you can break connectivity for affected parties, -// or cause huge amounts of useless Internet traffic. - -options { - // All file and path names are relative to the chroot directory, - // if any, and should be fully qualified. - directory "%%ETCDIR%%/working"; - pid-file "/var/run/named/pid"; - dump-file "/var/dump/named_dump.db"; - statistics-file "/var/stats/named.stats"; - -// If named is being used only as a local resolver, this is a safe default. -// For named to be accessible to the network, comment this option, specify -// the proper IP address, or delete this option. - listen-on { 127.0.0.1; }; - -// If you have IPv6 enabled on this system, uncomment this option for -// use as a local resolver. To give access to the network, specify -// an IPv6 address, or the keyword "any". -// listen-on-v6 { ::1; }; - -// These zones are already covered by the empty zones listed below. -// If you remove the related empty zones below, comment these lines out. - disable-empty-zone "255.255.255.255.IN-ADDR.ARPA"; - disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; - disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; - -// If you've got a DNS server around at your upstream provider, enter -// its IP address here, and enable the line below. This will make you -// benefit from its cache, thus reduce overall DNS traffic in the Internet. -/* - forwarders { - 127.0.0.1; - }; -*/ - -// If the 'forwarders' clause is not empty the default is to 'forward first' -// which will fall back to sending a query from your local server if the name -// servers in 'forwarders' do not have the answer. Alternatively you can -// force your name server to never initiate queries of its own by enabling the -// following line: -// forward only; - -// If you wish to have forwarding configured automatically based on -// the entries in /etc/resolv.conf, uncomment the following line and -// set named_auto_forward=yes in /etc/rc.conf. You can also enable -// named_auto_forward_only (the effect of which is described above). -// include "%%ETCDIR%%/auto_forward.conf"; - - /* - Modern versions of BIND use a random UDP port for each outgoing - query by default in order to dramatically reduce the possibility - of cache poisoning. All users are strongly encouraged to utilize - this feature, and to configure their firewalls to accommodate it. - - AS A LAST RESORT in order to get around a restrictive firewall - policy you can try enabling the option below. Use of this option - will significantly reduce your ability to withstand cache poisoning - attacks, and should be avoided if at all possible. - - Replace NNNNN in the example with a number between 49160 and 65530. - */ - // query-source address * port NNNNN; -}; - -// If you enable a local name server, don't forget to enter 127.0.0.1 -// first in your /etc/resolv.conf so this server will be queried. -// Also, make sure to enable it in /etc/rc.conf. - -// The traditional root hints mechanism. Use this, OR the slave zones below. -zone "." { type hint; file "%%ETCDIR%%/named.root"; }; - -/* Slaving the following zones from the root name servers has some - significant advantages: - 1. Faster local resolution for your users - 2. No spurious traffic will be sent from your network to the roots - 3. Greater resilience to any potential root server failure/DDoS - - On the other hand, this method requires more monitoring than the - hints file to be sure that an unexpected failure mode has not - incapacitated your server. Name servers that are serving a lot - of clients will benefit more from this approach than individual - hosts. Use with caution. - - To use this mechanism, uncomment the entries below, and comment - the hint zone above. - - As documented at http://dns.icann.org/services/axfr/ these zones: - "." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and a few others - are available for AXFR from these servers on IPv4 and IPv6: - xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org -*/ -/* -zone "." { - type slave; - file "%%ETCDIR%%/slave/root.slave"; - masters { - 192.0.32.132; // lax.xfr.dns.icann.org - 2620:0:2d0:202::132; // lax.xfr.dns.icann.org - 192.0.47.132; // iad.xfr.dns.icann.org - 2620:0:2830:202::132; // iad.xfr.dns.icann.org - }; - notify no; -}; -zone "arpa" { - type slave; - file "%%ETCDIR%%/slave/arpa.slave"; - masters { - 192.0.32.132; // lax.xfr.dns.icann.org - 2620:0:2d0:202::132; // lax.xfr.dns.icann.org - 192.0.47.132; // iad.xfr.dns.icann.org - 2620:0:2830:202::132; // iad.xfr.dns.icann.org - }; - notify no; -}; -zone "in-addr.arpa" { - type slave; - file "%%ETCDIR%%/slave/in-addr.arpa.slave"; - masters { - 192.0.32.132; // lax.xfr.dns.icann.org - 2620:0:2d0:202::132; // lax.xfr.dns.icann.org - 192.0.47.132; // iad.xfr.dns.icann.org - 2620:0:2830:202::132; // iad.xfr.dns.icann.org - }; - notify no; -}; -zone "ip6.arpa" { - type slave; - file "%%ETCDIR%%/slave/ip6.arpa.slave"; - masters { - 192.0.32.132; // lax.xfr.dns.icann.org - 2620:0:2d0:202::132; // lax.xfr.dns.icann.org - 192.0.47.132; // iad.xfr.dns.icann.org - 2620:0:2830:202::132; // iad.xfr.dns.icann.org - }; - notify no; -}; -*/ - -/* Serving the following zones locally will prevent any queries - for these zones leaving your network and going to the root - name servers. This has two significant advantages: - 1. Faster local resolution for your users - 2. No spurious traffic will be sent from your network to the roots -*/ -// RFCs 1912, 5735 and 6303 (and BCP 32 for localhost) -zone "localhost" { type master; file "%%ETCDIR%%/master/localhost-forward.db"; }; -zone "127.in-addr.arpa" { type master; file "%%ETCDIR%%/master/localhost-reverse.db"; }; -zone "255.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// RFC 1912-style zone for IPv6 localhost address (RFC 6303) -zone "0.ip6.arpa" { type master; file "%%ETCDIR%%/master/localhost-reverse.db"; }; - -// "This" Network (RFCs 1912, 5735 and 6303) -zone "0.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// Private Use Networks (RFCs 1918, 5735 and 6303) -zone "10.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "16.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "17.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "18.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "19.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "20.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "21.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "22.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "23.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "24.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "25.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "26.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "27.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "28.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "29.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "30.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "31.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "168.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// Shared Address Space (RFC 6598) -zone "64.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "65.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "66.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "67.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "68.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "69.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "70.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "71.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "72.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "73.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "74.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "75.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "76.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "77.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "78.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "79.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "80.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "81.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "82.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "83.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "84.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "85.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "86.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "87.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "88.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "89.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "90.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "91.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "92.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "93.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "94.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "95.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "96.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "97.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "98.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "99.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "100.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "101.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "102.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "103.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "104.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "105.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "106.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "107.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "108.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "109.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "110.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "111.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "112.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "113.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "114.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "115.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "116.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "117.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "118.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "119.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "120.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "121.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "122.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "123.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "124.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "125.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "126.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "127.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// Link-local/APIPA (RFCs 3927, 5735 and 6303) -zone "254.169.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// IETF protocol assignments (RFCs 5735 and 5736) -zone "0.0.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303) -zone "2.0.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "100.51.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "113.0.203.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// IPv6 Example Range for Documentation (RFCs 3849 and 6303) -zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// Router Benchmark Testing (RFCs 2544 and 5735) -zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "19.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// IANA Reserved - Old Class E Space (RFC 5735) -zone "240.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "241.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "242.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "243.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "244.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "245.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "246.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "247.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "248.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "249.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "250.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "251.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "252.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "253.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "254.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// IPv6 Unassigned Addresses (RFC 4291) -zone "1.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "3.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "4.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "5.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "6.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "7.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "8.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "9.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "a.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "b.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "c.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "d.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "e.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "0.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "1.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "2.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "3.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "4.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "5.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "6.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "7.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "8.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "9.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "a.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "b.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "0.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "1.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "2.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "3.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "4.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "5.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "6.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "7.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// IPv6 ULA (RFCs 4193 and 6303) -zone "c.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "d.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// IPv6 Link Local (RFCs 4291 and 6303) -zone "8.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "9.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "a.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "b.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303) -zone "c.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "d.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "e.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; -zone "f.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// IP6.INT is Deprecated (RFC 4159) -zone "ip6.int" { type master; file "%%ETCDIR%%/master/empty.db"; }; - -// NB: Do not use the IP addresses below, they are faked, and only -// serve demonstration/documentation purposes! -// -// Example slave zone config entries. It can be convenient to become -// a slave at least for the zone your own domain is in. Ask -// your network administrator for the IP address of the responsible -// master name server. -// -// Do not forget to include the reverse lookup zone! -// This is named after the first bytes of the IP address, in reverse -// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6. -// -// Before starting to set up a master zone, make sure you fully -// understand how DNS and BIND work. There are sometimes -// non-obvious pitfalls. Setting up a slave zone is usually simpler. -// -// NB: Don't blindly enable the examples below. :-) Use actual names -// and addresses instead. - -/* An example dynamic zone -key "exampleorgkey" { - algorithm hmac-md5; - secret "sf87HJqjkqh8ac87a02lla=="; -}; -zone "example.org" { - type master; - allow-update { - key "exampleorgkey"; - }; - file "%%ETCDIR%%/dynamic/example.org"; -}; -*/ - -/* Example of a slave reverse zone -zone "1.168.192.in-addr.arpa" { - type slave; - file "%%ETCDIR%%/slave/1.168.192.in-addr.arpa"; - masters { - 192.168.1.1; - }; -}; -*/ diff --git a/dns/bind99/files/named.in b/dns/bind99/files/named.in deleted file mode 100644 index 42493c86f388..000000000000 --- a/dns/bind99/files/named.in +++ /dev/null @@ -1,423 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -# PROVIDE: named -# REQUIRE: %%NAMED_REQUIRE%% -# BEFORE: %%NAMED_BEFORE%% -# KEYWORD: shutdown - -# -# Add the following lines to /etc/rc.conf to enable BIND: -# named_enable (bool): Run named, the DNS server (or NO). -# named_program (str): Path to named, if you want a different one. -# named_conf (str): Path to the configuration file -# named_flags (str): Use this for flags OTHER than -u and -c -# named_uid (str): User to run named as -# named_chrootdir (str): Chroot directory (or "" not to auto-chroot it) -# Historically, was /var/named -# named_chroot_autoupdate (bool): Automatically install/update chrooted -# components of named. -# named_symlink_enable (bool): Symlink the chrooted pid file -# named_wait (bool): Wait for working name service before exiting -# named_wait_host (str): Hostname to check if named_wait is enabled -# named_auto_forward (str): Set up forwarders from /etc/resolv.conf -# named_auto_forward_only (str): Do "forward only" instead of "forward first" -# - -. /etc/rc.subr - -name=named -desc="named BIND startup script" -rcvar=named_enable - -load_rc_config ${name} - -extra_commands=reload - -start_precmd=named_prestart -start_postcmd=named_poststart -reload_cmd=named_reload -stop_cmd=named_stop -stop_postcmd=named_poststop - -named_enable=${named_enable:-"NO"} -named_program=${named_program:-"%%PREFIX%%/sbin/named"} -named_conf=${named_conf:-"%%ETCDIR%%/named.conf"} -named_flags=${named_flags:-""} -named_uid=${named_uid:-"bind"} -named_chrootdir=${named_chrootdir:-""} -named_chroot_autoupdate=${named_chroot_autoupdate:-"YES"} -named_symlink_enable=${named_symlink_enable:-"YES"} -named_wait=${named_wait:-"NO"} -named_wait_host=${named_wait_host:-"localhost"} -named_auto_forward=${named_auto_forward:-"NO"} -named_auto_forward_only=${named_auto_forward_only:-"NO"} - -# Not configuration variables but having them here keeps rclint happy -required_dirs="${named_chrootdir}" -_named_confdirroot="${named_conf%/*}" -_named_confdir="${named_chrootdir}${_named_confdirroot}" -_named_program_root="${named_program%/sbin/named}" -_openssl_engines="%%LOCALBASE%%/lib/engines" - -# Needed if named.conf and rndc.conf are moved or if rndc.conf is used -rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"} -rndc_key=${rndc_key:-"$_named_confdir/rndc.key"} - -# If running in a chroot cage, ensure that the appropriate files -# exist inside the cage, as well as helper symlinks into the cage -# from outside. -# -# As this is called after the is_running and required_dir checks -# are made in run_rc_command(), we can safely assume ${named_chrootdir} -# exists and named isn't running at this point (unless forcestart -# is used). -# -chroot_autoupdate() -{ - local file - - # If it's the first time around, fiddle with things and move the - # current configuration to the chroot. - if [ -d ${_named_confdirroot} -a ! -d ${_named_confdir} ]; then - warn "named chroot: Moving current configuration in the chroot!" - install -d ${_named_confdir%/*} - mv ${_named_confdirroot} ${_named_confdir} - fi - - # Create (or update) the chroot directory structure - # - if [ -r %%PREFIX%%/etc/mtree/BIND.chroot.dist ]; then - mtree -deU -f %%PREFIX%%/etc/mtree/BIND.chroot.dist \ - -p ${named_chrootdir} - else - warn "%%PREFIX%%/etc/mtree/BIND.chroot.dist missing," - warn "${named_chrootdir} directory structure not updated" - fi - if [ -r %%PREFIX%%/etc/mtree/BIND.chroot.local.dist ]; then - mkdir -p ${named_chrootdir}%%PREFIX%% - mtree -deU -f %%PREFIX%%/etc/mtree/BIND.chroot.local.dist \ - -p ${named_chrootdir}%%PREFIX%% - else - warn "%%PREFIX%%/etc/mtree/BIND.chroot.local.dist missing," - warn "${named_chrootdir}%%PREFIX%% directory structure not updated" - fi - - # Create (or update) the configuration directory symlink - # - if [ ! -L "${_named_confdirroot}" ]; then - if [ -d "${_named_confdirroot}" ]; then - warn "named chroot: ${_named_confdirroot} is a directory!" - elif [ -e "${_named_confdirroot}" ]; then - warn "named chroot: ${_named_confdirroot} exists!" - else - ln -s ${_named_confdir} ${_named_confdirroot} - fi - else - # Make sure it points to the right place. - ln -shf ${_named_confdir} ${_named_confdirroot} - fi - - # Mount a devfs in the chroot directory if needed - # - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then - umount ${named_chrootdir}/dev 2>/dev/null - devfs_domount ${named_chrootdir}/dev devfsrules_hide_all - devfs -m ${named_chrootdir}/dev rule apply path null unhide - devfs -m ${named_chrootdir}/dev rule apply path random unhide - else - if [ -c ${named_chrootdir}/dev/null -a \ - -c ${named_chrootdir}/dev/random ]; then - info "named chroot: using pre-mounted devfs." - else - err 1 "named chroot: devfs cannot be mounted from " \ - "within a jail. Thus a chrooted named cannot " \ - "be run from within a jail. Either mount the " \ - "devfs with null and random from the host, or " \ - "run named without chrooting it, set " \ - "named_chrootdir=\"\" in /etc/rc.conf." - fi - fi - - # If OpenSSL from ports, then the engines should be present in the - # chroot, named loads them after chrooting. - if [ -d ${_openssl_engines} ]; then - # FIXME when 8.4 is gone see if - # security.jail.param.allow.mount.nullfs can be used. - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ]; then - mkdir -p ${named_chrootdir}${_openssl_engines} - mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines} - else - warn "named chroot: cannot nullfs mount OpenSSL" \ - "engines into the chroot, will copy the shared" \ - "libraries instead." - mkdir -p ${named_chrootdir}${_openssl_engines} - cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines} - fi - fi - - # Copy and/or update key files to the chroot /etc - # - for file in localtime protocols services; do - if [ -r /etc/${file} ] && \ - ! cmp -s /etc/${file} "${named_chrootdir}/etc/${file}"; then - cp -p /etc/${file} "${named_chrootdir}/etc/${file}" - fi - done -} - -# Make symlinks to the correct pid file -# -make_symlinks() -{ - checkyesno named_symlink_enable && - ln -fs "${named_chrootdir}${pidfile}" ${pidfile} && - ln -fs "${named_chrootdir}${sessionkeyfile}" ${sessionkeyfile} -} - -named_poststart() -{ - make_symlinks - - if checkyesno named_wait; then - until ${_named_program_root}/bin/host ${named_wait_host} >/dev/null 2>&1; do - echo " Waiting for nameserver to resolve ${named_wait_host}" - sleep 1 - done - fi -} - -named_reload() -{ - # This is a one line function, but ${named_program} is not defined early - # enough to be there when the reload_cmd variable is defined up there. - rndc reload -} - -find_pidfile() -{ - if get_pidfile_from_conf pid-file ${named_conf}; then - pidfile="${_pidfile_from_conf}" - else - pidfile="/var/run/named/pid" - fi -} - -find_sessionkeyfile() -{ - if get_pidfile_from_conf session-keyfile ${named_conf}; then - sessionkeyfile="${_pidfile_from_conf}" - else - sessionkeyfile="/var/run/named/session.key" - fi -} - -named_stop() -{ - find_pidfile - - # This duplicates an undesirably large amount of code from the stop - # routine in rc.subr in order to use rndc to shut down the process, - # and to give it a second chance in case rndc fails. - rc_pid=$(check_pidfile ${pidfile} ${command}) - if [ -z "${rc_pid}" ]; then - [ -n "${rc_fast}" ] && return 0 - _run_rc_notrunning - return 1 - fi - echo 'Stopping named.' - if rndc stop; then - wait_for_pids ${rc_pid} - else - echo -n 'rndc failed, trying kill: ' - kill -TERM ${rc_pid} - wait_for_pids ${rc_pid} - fi -} - -named_poststop() -{ - if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then - # if using OpenSSL from ports, unmount OpenSSL engines, if they - # were not mounted but only copied, do nothing. - if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then - umount ${named_chrootdir}${_openssl_engines} - fi - # unmount /dev - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then - umount ${named_chrootdir}/dev 2>/dev/null || true - else - warn "named chroot:" \ - "cannot unmount devfs from inside jail!" - fi - fi -} - -create_file() -{ - if [ -e "$1" ]; then - unlink $1 - fi - install -o root -g wheel -m 0644 /dev/null $1 -} - -rndc() -{ - if [ -z "${rndc_flags}" ]; then - if [ -s "${rndc_conf}" ] ; then - rndc_flags="-c ${rndc_conf}" - elif [ -s "${rndc_key}" ] ; then - rndc_flags="-k ${rndc_key}" - else - rndc_flags="" - fi - fi - - ${_named_program_root}/sbin/rndc ${rndc_flags} "$@" -} - -named_prestart() -{ - find_pidfile - find_sessionkeyfile - - if [ -n "${named_pidfile}" ]; then - warn 'named_pidfile: now determined from the conf file' - fi - - if [ -n "${named_sessionkeyfile}" ]; then - warn 'named_sessionkeyfile: now determined from the conf file' - fi - - piddir=`/usr/bin/dirname ${pidfile}` - if [ ! -d ${piddir} ]; then - install -d -o ${named_uid} -g ${named_uid} ${piddir} - fi - - sessionkeydir=`/usr/bin/dirname ${sessionkeyfile}` - if [ ! -d ${sessionkeydir} ]; then - install -d -o ${named_uid} -g ${named_uid} ${sessionkeydir} - fi - - command_args="-u ${named_uid:=root} -c ${named_conf} ${command_args}" - - local line nsip firstns - - # Is the user using a sandbox? - # - if [ -n "${named_chrootdir}" ]; then - rc_flags="${rc_flags} -t ${named_chrootdir}" - checkyesno named_chroot_autoupdate && chroot_autoupdate - - case "${altlog_proglist}" in - *named*) - ;; - *) - warn 'Using chroot without setting altlog_proglist, logging may not' - warn 'work correctly. Run sysrc altlog_proglist+=named' - ;; - esac - else - named_symlink_enable=NO - fi - - # Create an rndc.key file for the user if none exists - # - confgen_command="${_named_program_root}/sbin/rndc-confgen -a -b256 -u ${named_uid} \ - -c ${_named_confdir}/rndc.key" - if [ -s "${_named_confdir}/rndc.conf" ]; then - unset confgen_command - fi - if [ -s "${_named_confdir}/rndc.key" ]; then - case `stat -f%Su ${_named_confdir}/rndc.key` in - root|${named_uid}) ;; - *) ${confgen_command} ;; - esac - else - ${confgen_command} - fi - - local checkconf - - checkconf="${_named_program_root}/sbin/named-checkconf" - if ! checkyesno named_chroot_autoupdate && [ -n "${named_chrootdir}" ]; then - checkconf="${checkconf} -t ${named_chrootdir}" - fi - - # Create a forwarder configuration based on /etc/resolv.conf - if checkyesno named_auto_forward; then - if [ ! -s /etc/resolv.conf ]; then - warn "named_auto_forward enabled, but no /etc/resolv.conf" - - # Empty the file in case it is included in named.conf - [ -s "${_named_confdir}/auto_forward.conf" ] && - create_file ${_named_confdir}/auto_forward.conf - - ${checkconf} ${named_conf} || - err 3 'named-checkconf for ${named_conf} failed' - return - fi - - create_file /var/run/naf-resolv.conf - create_file /var/run/auto_forward.conf - - echo ' forwarders {' > /var/run/auto_forward.conf - - while read line; do - case "${line}" in - 'nameserver '*|'nameserver '*) - nsip=${line##nameserver[ ]} - - if [ -z "${firstns}" ]; then - if [ ! "${nsip}" = '127.0.0.1' ]; then - echo 'nameserver 127.0.0.1' - echo " ${nsip};" >> /var/run/auto_forward.conf - fi - - firstns=1 - else - [ "${nsip}" = '127.0.0.1' ] && continue - echo " ${nsip};" >> /var/run/auto_forward.conf - fi - ;; - esac - - echo ${line} - done < /etc/resolv.conf > /var/run/naf-resolv.conf - - echo ' };' >> /var/run/auto_forward.conf - echo '' >> /var/run/auto_forward.conf - if checkyesno named_auto_forward_only; then - echo " forward only;" >> /var/run/auto_forward.conf - else - echo " forward first;" >> /var/run/auto_forward.conf - fi - - if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then - unlink /var/run/naf-resolv.conf - else - [ -e /etc/resolv.conf ] && unlink /etc/resolv.conf - mv /var/run/naf-resolv.conf /etc/resolv.conf - fi - - if cmp -s ${_named_confdir}/auto_forward.conf \ - /var/run/auto_forward.conf; then - unlink /var/run/auto_forward.conf - else - [ -e "${_named_confdir}/auto_forward.conf" ] && - unlink ${_named_confdir}/auto_forward.conf - mv /var/run/auto_forward.conf \ - ${_named_confdir}/auto_forward.conf - fi - else - # Empty the file in case it is included in named.conf - [ -s "${_named_confdir}/auto_forward.conf" ] && - create_file ${_named_confdir}/auto_forward.conf - fi - - ${checkconf} ${named_conf} || err 3 "named-checkconf for ${named_conf} failed" -} - -run_rc_command "$1" diff --git a/dns/bind99/files/named.root b/dns/bind99/files/named.root deleted file mode 100644 index 8e3bac373eb8..000000000000 --- a/dns/bind99/files/named.root +++ /dev/null @@ -1,96 +0,0 @@ -; -; $FreeBSD$ -; - -; This file holds the information on root name servers needed to -; initialize cache of Internet domain name servers -; (e.g. reference this file in the "cache . <file>" -; configuration file of BIND domain name servers). -; -; This file is made available by InterNIC -; under anonymous FTP as -; file /domain/named.cache -; on server FTP.INTERNIC.NET -; -OR- RS.INTERNIC.NET -; -; last update: November 16, 2017 -; related version of root zone: 2017111601 -; -; FORMERLY NS.INTERNIC.NET -; -. 3600000 NS A.ROOT-SERVERS.NET. -A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 -A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30 -; -; FORMERLY NS1.ISI.EDU -; -. 3600000 NS B.ROOT-SERVERS.NET. -B.ROOT-SERVERS.NET. 3600000 A 199.9.14.201 -B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b -; -; FORMERLY C.PSI.NET -; -. 3600000 NS C.ROOT-SERVERS.NET. -C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 -C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c -; -; FORMERLY TERP.UMD.EDU -; -. 3600000 NS D.ROOT-SERVERS.NET. -D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 -D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d -; -; FORMERLY NS.NASA.GOV -; -. 3600000 NS E.ROOT-SERVERS.NET. -E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 -E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e -; -; FORMERLY NS.ISC.ORG -; -. 3600000 NS F.ROOT-SERVERS.NET. -F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 -F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f -; -; FORMERLY NS.NIC.DDN.MIL -; -. 3600000 NS G.ROOT-SERVERS.NET. -G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 -G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d -; -; FORMERLY AOS.ARL.ARMY.MIL -; -. 3600000 NS H.ROOT-SERVERS.NET. -H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53 -H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53 -; -; FORMERLY NIC.NORDU.NET -; -. 3600000 NS I.ROOT-SERVERS.NET. -I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 -I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53 -; -; OPERATED BY VERISIGN, INC. -; -. 3600000 NS J.ROOT-SERVERS.NET. -J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 -J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30 -; -; OPERATED BY RIPE NCC -; -. 3600000 NS K.ROOT-SERVERS.NET. -K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 -K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1 -; -; OPERATED BY ICANN -; -. 3600000 NS L.ROOT-SERVERS.NET. -L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 -L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42 -; -; OPERATED BY WIDE -; -. 3600000 NS M.ROOT-SERVERS.NET. -M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 -M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35 -; End of file diff --git a/dns/bind99/files/patch-CVE-2018-5738 b/dns/bind99/files/patch-CVE-2018-5738 deleted file mode 100644 index 67f705d6310a..000000000000 --- a/dns/bind99/files/patch-CVE-2018-5738 +++ /dev/null @@ -1,112 +0,0 @@ -commit fae03da5cb6370fd823d03818871ef70e4049543 -Author: Evan Hunt <each@isc.org> -Date: 2018-06-04 21:59:33 -0700 - - allow-recursion could incorrectly inherit from the default allow-query - ---- CHANGES.orig 2018-03-08 20:56:13 UTC -+++ CHANGES -@@ -1,3 +1,10 @@ -+4960. [security] When recursion is enabled, but the "allow-recursion" -+ and "allow-query-cache" ACLs are not specified, -+ they should be limited to local networks, -+ but were inadvertently set to match the default -+ "allow-query", thus allowing remote queries. -+ (CVE-2018-5738) [GL #309] -+ - --- 9.9.12 released --- - --- 9.9.12rc2 released --- - ---- bin/named/server.c.orig 2018-03-08 20:56:13 UTC -+++ bin/named/server.c -@@ -2306,10 +2306,6 @@ configure_view(dns_view_t *view, cfg_obj - dns_acache_setcachesize(view->acache, max_acache_size); - } - -- CHECK(configure_view_acl(vconfig, config, ns_g_config, -- "allow-query", NULL, actx, -- ns_g_mctx, &view->queryacl)); -- - /* - * Make the list of response policy zone names for a view that - * is used for real lookups and so cares about hints. -@@ -3140,21 +3136,35 @@ configure_view(dns_view_t *view, cfg_obj - } - - /* -- * Set "allow-query-cache", "allow-recursion", and -- * "allow-recursion-on" acls if configured in named.conf. -- * (Ignore the global defaults for now, because these ACLs -- * can inherit from each other when only some of them set at -- * the options/view level.) -+ * Set the "allow-query", "allow-query-cache", "allow-recursion", -+ * and "allow-recursion-on" ACLs if configured in named.conf, but -+ * NOT from the global defaults. This is done by leaving the third -+ * argument to configure_view_acl() NULL. -+ * -+ * We ignore the global defaults here because these ACLs -+ * can inherit from each other. If any are still unset after -+ * applying the inheritance rules, we'll look up the defaults at -+ * that time. - */ -- CHECK(configure_view_acl(vconfig, config, NULL, "allow-query-cache", -- NULL, actx, ns_g_mctx, &view->cacheacl)); -+ -+ /* named.conf only */ -+ CHECK(configure_view_acl(vconfig, config, NULL, -+ "allow-query", NULL, actx, -+ ns_g_mctx, &view->queryacl)); -+ -+ /* named.conf only */ -+ CHECK(configure_view_acl(vconfig, config, NULL, -+ "allow-query-cache", NULL, actx, -+ ns_g_mctx, &view->cacheacl)); - - if (strcmp(view->name, "_bind") != 0 && - view->rdclass != dns_rdataclass_chaos) - { -+ /* named.conf only */ - CHECK(configure_view_acl(vconfig, config, NULL, - "allow-recursion", NULL, actx, - ns_g_mctx, &view->recursionacl)); -+ /* named.conf only */ - CHECK(configure_view_acl(vconfig, config, NULL, - "allow-recursion-on", NULL, actx, - ns_g_mctx, &view->recursiononacl)); -@@ -3192,18 +3202,21 @@ configure_view(dns_view_t *view, cfg_obj - * the global config. - */ - if (view->recursionacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, ns_g_config, - "allow-recursion", NULL, - actx, ns_g_mctx, - &view->recursionacl)); - } - if (view->recursiononacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, ns_g_config, - "allow-recursion-on", NULL, - actx, ns_g_mctx, - &view->recursiononacl)); - } - if (view->cacheacl == NULL) { -+ /* global default only */ - CHECK(configure_view_acl(NULL, NULL, ns_g_config, - "allow-query-cache", NULL, - actx, ns_g_mctx, -@@ -3217,6 +3230,14 @@ configure_view(dns_view_t *view, cfg_obj - CHECK(dns_acl_none(mctx, &view->cacheacl)); - } - -+ if (view->queryacl == NULL) { -+ /* global default only */ -+ CHECK(configure_view_acl(NULL, NULL, ns_g_config, -+ "allow-query", NULL, -+ actx, ns_g_mctx, -+ &view->queryacl)); -+ } -+ - /* - * Ignore case when compressing responses to the specified - * clients. This causes case not always to be preserved, diff --git a/dns/bind99/files/patch-bin_named_include_named_globals.h b/dns/bind99/files/patch-bin_named_include_named_globals.h deleted file mode 100644 index d7b6517e3423..000000000000 --- a/dns/bind99/files/patch-bin_named_include_named_globals.h +++ /dev/null @@ -1,13 +0,0 @@ -We reference the pid file as being run/named/pid everywere else. - ---- bin/named/include/named/globals.h.orig 2018-01-04 05:41:15 UTC -+++ bin/named/include/named/globals.h -@@ -134,7 +134,7 @@ EXTERN const char * ns_g_defaultsession - #if NS_RUN_PID_DIR - EXTERN const char * ns_g_defaultpidfile INIT(NS_LOCALSTATEDIR - "/run/named/" -- "named.pid"); -+ "pid"); - EXTERN const char * lwresd_g_defaultpidfile INIT(NS_LOCALSTATEDIR - "/run/lwresd/" - "lwresd.pid"); diff --git a/dns/bind99/files/patch-configure b/dns/bind99/files/patch-configure deleted file mode 100644 index 2b5efeecd2b4..000000000000 --- a/dns/bind99/files/patch-configure +++ /dev/null @@ -1,90 +0,0 @@ ---- configure.orig 2018-03-08 20:56:13 UTC -+++ configure -@@ -14635,27 +14635,9 @@ done - # problems start to show up. - saved_libs="$LIBS" - for TRY_LIBS in \ -- "-lgssapi_krb5" \ -- "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" \ -- "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lresolv" \ -- "-lgssapi" \ -- "-lgssapi -lkrb5 -ldes -lcrypt -lasn1 -lroken -lcom_err" \ -- "-lgssapi -lkrb5 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \ -- "-lgssapi -lkrb5 -lgssapi_krb5 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \ -- "-lgssapi -lkrb5 -lhx509 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \ -- "-lgss -lkrb5" -+ "$($KRB5CONFIG gssapi --libs)"; \ - do -- # Note that this does not include $saved_libs, because -- # on FreeBSD machines this configure script has added -- # -L/usr/local/lib to LIBS, which can make the -- # -lgssapi_krb5 test succeed with shared libraries even -- # when you are trying to build with KTH in /usr/lib. -- if test "/usr" = "$use_gssapi" -- then -- LIBS="$TRY_LIBS" -- else -- LIBS="-L$use_gssapi/lib $TRY_LIBS" -- fi -+ LIBS="$TRY_LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5 - $as_echo_n "checking linking as $TRY_LIBS... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -@@ -14698,47 +14680,7 @@ $as_echo "no" >&6; } ;; - no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;; - esac - -- # -- # XXXDCL Major kludge. Tries to cope with KTH in /usr/lib -- # but MIT in /usr/local/lib and trying to build with KTH. -- # /usr/local/lib can end up earlier on the link lines. -- # Like most kludges, this one is not only inelegant it -- # is also likely to be the wrong thing to do at least as -- # many times as it is the right thing. Something better -- # needs to be done. -- # -- if test "/usr" = "$use_gssapi" -a \ -- -f /usr/local/lib/libkrb5.a; then -- FIX_KTH_VS_MIT=yes -- fi -- -- case "$FIX_KTH_VS_MIT" in -- yes) -- case "$enable_static_linking" in -- yes) gssapi_lib_suffix=".a" ;; -- *) gssapi_lib_suffix=".so" ;; -- esac -- -- for lib in $LIBS; do -- case $lib in -- -L*) -- ;; -- -l*) -- new_lib=`echo $lib | -- sed -e s%^-l%$use_gssapi/lib/lib% \ -- -e s%$%$gssapi_lib_suffix%` -- NEW_LIBS="$NEW_LIBS $new_lib" -- ;; -- *) -- as_fn_error $? "KTH vs MIT Kerberos confusion!" "$LINENO" 5 -- ;; -- esac -- done -- LIBS="$NEW_LIBS" -- ;; -- esac -- -- DST_GSSAPI_INC="-I$use_gssapi/include" -+ DST_GSSAPI_INC="$($KRB5CONFIG gssapi --cflags)" - DNS_GSSAPI_LIBS="$LIBS" - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5 -@@ -21001,7 +20943,7 @@ $as_echo "" >&6; } - # Check other locations for includes. - # Order is important (sigh). - -- bdb_incdirs="/db53 /db51 /db48 /db47 /db46 /db45 /db44 /db43 /db42 /db41 /db4 /db" -+ bdb_incdirs="/db6 /db5 /db48" - # include a blank element first - for d in "" $bdb_incdirs - do diff --git a/dns/bind99/files/pkg-message.in b/dns/bind99/files/pkg-message.in deleted file mode 100644 index a1bfad91fb81..000000000000 --- a/dns/bind99/files/pkg-message.in +++ /dev/null @@ -1,23 +0,0 @@ -********************************************************************** -* _ _____ _____ _____ _ _ _____ ___ ___ _ _ * -* / \|_ _|_ _| ____| \ | |_ _|_ _/ _ \| \ | | * -* / _ \ | | | | | _| | \| | | | | | | | | \| | * -* / ___ \| | | | | |___| |\ | | | | | |_| | |\ | * -* /_/ \_\_| |_| |_____|_| \_| |_| |___\___/|_| \_| * -* * -* BIND requires configuration of rndc, including a "secret" key. * -* The easiest, and most secure way to configure rndc is to run * -* 'rndc-confgen -a' to generate the proper conf file, with a new * -* random key, and appropriate file permissions. * -* * -* The %%PREFIX%%/etc/rc.d/named script will do that for you. * -* * -* If using syslog to log the BIND9 activity, and using a * -* chroot'ed installation, you will need to tell syslog to * -* install a log socket in the BIND9 chroot by running: * -* * -* # sysrc altlog_proglist+=named * -* * -* And then restarting syslogd with: service syslogd restart * -* * -********************************************************************** diff --git a/dns/bind99/pkg-descr b/dns/bind99/pkg-descr deleted file mode 100644 index 6770ab894d3a..000000000000 --- a/dns/bind99/pkg-descr +++ /dev/null @@ -1,24 +0,0 @@ -BIND version 9 is a major rewrite of nearly all aspects of the underlying BIND -architecture. Some of the important features of BIND 9 are: - -DNS Security: DNSSEC (signed zones), TSIG (signed DNS requests) -IP version 6: Answers DNS queries on IPv6 sockets, IPv6 resource records (AAAA) - Experimental IPv6 Resolver Library -DNS Protocol Enhancements: IXFR, DDNS, Notify, EDNS0 - Improved standards conformance -Views: One server process can provide multiple "views" of the DNS namespace, - e.g. an "inside" view to certain clients, and an "outside" view to others. -Multiprocessor Support - -BIND 9.9 includes a number of changes from BIND 9.8 and earlier releases, -including: - NXDOMAIN redirection - Improved startup and reconfiguration time, especially with large - numbers of authoritative zones - New "inline-signing" option, allows named to sign zones completely - transparently, including static zones - Many other new features, especially for DNSSEC - -See the CHANGES file for more information on features. - -WWW: https://www.isc.org/software/bind diff --git a/dns/bind99/pkg-help b/dns/bind99/pkg-help deleted file mode 100644 index 99441f99e87d..000000000000 --- a/dns/bind99/pkg-help +++ /dev/null @@ -1,4 +0,0 @@ - START_LATE -Most of the time, BIND needs to start early in the boot -process. Enable this if BIND starts too early for you and -you need it to start later. diff --git a/dns/bind99/pkg-plist b/dns/bind99/pkg-plist deleted file mode 100644 index e7ecf14b6d3f..000000000000 --- a/dns/bind99/pkg-plist +++ /dev/null @@ -1,392 +0,0 @@ -bin/arpaname -bin/bind9-config -bin/dig -bin/host -bin/isc-config.sh -bin/nslookup -bin/nsupdate -@sample etc/mtree/BIND.chroot.dist.sample -@sample etc/mtree/BIND.chroot.local.dist.sample -%%ETCDIR%%/bind.keys -%%ETCDIR%%/master/empty.db -%%ETCDIR%%/master/localhost-forward.db -%%ETCDIR%%/master/localhost-reverse.db -@sample %%ETCDIR%%/named.conf.sample -%%ETCDIR%%/named.root -%%ETCDIR%%/rndc.conf.sample -include/bind9/check.h -include/bind9/getaddresses.h -include/bind9/version.h -include/dns/acache.h -include/dns/acl.h -include/dns/adb.h -include/dns/bit.h -include/dns/byaddr.h -include/dns/cache.h -include/dns/callbacks.h -include/dns/cert.h -include/dns/client.h -include/dns/clientinfo.h -include/dns/compress.h -include/dns/db.h -include/dns/dbiterator.h -include/dns/dbtable.h -include/dns/diff.h -include/dns/dispatch.h -include/dns/dlz.h -include/dns/dlz_dlopen.h -include/dns/dns64.h -include/dns/dnssec.h -include/dns/ds.h -include/dns/ecdb.h -include/dns/enumclass.h -include/dns/enumtype.h -include/dns/events.h -include/dns/fixedname.h -include/dns/forward.h -include/dns/iptable.h -include/dns/journal.h -include/dns/keydata.h -include/dns/keyflags.h -include/dns/keytable.h -include/dns/keyvalues.h -include/dns/lib.h -include/dns/log.h -include/dns/lookup.h -include/dns/master.h -include/dns/masterdump.h -include/dns/message.h -include/dns/name.h -include/dns/ncache.h -include/dns/nsec.h -include/dns/nsec3.h -include/dns/opcode.h -include/dns/order.h -include/dns/peer.h -include/dns/portlist.h -include/dns/private.h -include/dns/rbt.h -include/dns/rcode.h -include/dns/rdata.h -include/dns/rdataclass.h -include/dns/rdatalist.h -include/dns/rdataset.h -include/dns/rdatasetiter.h -include/dns/rdataslab.h -include/dns/rdatastruct.h -include/dns/rdatatype.h -include/dns/request.h -include/dns/resolver.h -include/dns/result.h -include/dns/rootns.h -include/dns/rpz.h -include/dns/rriterator.h -include/dns/rrl.h -include/dns/sdb.h -include/dns/sdlz.h -include/dns/secalg.h -include/dns/secproto.h -include/dns/soa.h -include/dns/ssu.h -include/dns/stats.h -include/dns/tcpmsg.h -include/dns/time.h -include/dns/timer.h -include/dns/tkey.h -include/dns/tsec.h -include/dns/tsig.h -include/dns/ttl.h -include/dns/types.h -include/dns/update.h -include/dns/validator.h -include/dns/version.h -include/dns/view.h -include/dns/xfrin.h -include/dns/zone.h -include/dns/zonekey.h -include/dns/zt.h -include/dst/dst.h -include/dst/gssapi.h -include/dst/lib.h -include/dst/result.h -include/isc/app.h -include/isc/assertions.h -include/isc/atomic.h -include/isc/backtrace.h -include/isc/base32.h -include/isc/base64.h -include/isc/bind9.h -include/isc/bitstring.h -include/isc/boolean.h -include/isc/buffer.h -include/isc/bufferlist.h -include/isc/commandline.h -include/isc/condition.h -include/isc/counter.h -include/isc/dir.h -include/isc/entropy.h -include/isc/errno.h -include/isc/error.h -include/isc/event.h -include/isc/eventclass.h -include/isc/file.h -include/isc/formatcheck.h -include/isc/fsaccess.h -include/isc/hash.h -include/isc/heap.h -include/isc/hex.h -include/isc/hmacmd5.h -include/isc/hmacsha.h -include/isc/httpd.h -include/isc/int.h -include/isc/interfaceiter.h -include/isc/iterated_hash.h -include/isc/keyboard.h -include/isc/lang.h -include/isc/lex.h -include/isc/lfsr.h -include/isc/lib.h -include/isc/likely.h -include/isc/list.h -include/isc/log.h -include/isc/magic.h -include/isc/md5.h -include/isc/mem.h -include/isc/msgcat.h -include/isc/msgs.h -include/isc/mutex.h -include/isc/mutexblock.h -include/isc/namespace.h -include/isc/net.h -include/isc/netaddr.h -include/isc/netdb.h -include/isc/netscope.h -include/isc/offset.h -include/isc/once.h -include/isc/ondestroy.h -include/isc/os.h -include/isc/parseint.h -include/isc/platform.h -include/isc/pool.h -include/isc/portset.h -include/isc/print.h -include/isc/queue.h -include/isc/quota.h -include/isc/radix.h -include/isc/random.h -include/isc/ratelimiter.h -include/isc/refcount.h -include/isc/regex.h -include/isc/region.h -include/isc/resource.h -include/isc/result.h -include/isc/resultclass.h -include/isc/rwlock.h -include/isc/safe.h -include/isc/serial.h -include/isc/sha1.h -include/isc/sha2.h -include/isc/sockaddr.h -include/isc/socket.h -include/isc/stat.h -include/isc/stats.h -include/isc/stdio.h -include/isc/stdlib.h -include/isc/stdtime.h -include/isc/strerror.h -include/isc/string.h -include/isc/symtab.h -include/isc/syslog.h -include/isc/task.h -include/isc/taskpool.h -include/isc/thread.h -include/isc/time.h -include/isc/timer.h -include/isc/tm.h -include/isc/types.h -include/isc/util.h -include/isc/version.h -include/isc/xml.h -include/isccc/alist.h -include/isccc/base64.h -include/isccc/cc.h -include/isccc/ccmsg.h -include/isccc/events.h -include/isccc/lib.h -include/isccc/result.h -include/isccc/sexpr.h -include/isccc/symtab.h -include/isccc/symtype.h -include/isccc/types.h -include/isccc/util.h -include/isccc/version.h -include/isccfg/aclconf.h -include/isccfg/cfg.h -include/isccfg/dnsconf.h -include/isccfg/grammar.h -include/isccfg/log.h -include/isccfg/namedconf.h -include/isccfg/version.h -include/lwres/context.h -include/lwres/int.h -include/lwres/ipv6.h -include/lwres/lang.h -include/lwres/list.h -include/lwres/lwbuffer.h -include/lwres/lwpacket.h -include/lwres/lwres.h -include/lwres/net.h -include/lwres/netdb.h -include/lwres/platform.h -include/lwres/result.h -include/lwres/stdlib.h -include/lwres/string.h -include/lwres/version.h -lib/libbind9.a -lib/libdns.a -lib/libisc.a -lib/libisccc.a -lib/libisccfg.a -lib/liblwres.a -man/man1/arpaname.1.gz -man/man1/bind9-config.1.gz -man/man1/dig.1.gz -man/man1/host.1.gz -man/man1/isc-config.sh.1.gz -man/man1/nslookup.1.gz -man/man1/nsupdate.1.gz -man/man3/lwres.3.gz -man/man3/lwres_addr_parse.3.gz -man/man3/lwres_buffer.3.gz -man/man3/lwres_buffer_add.3.gz -man/man3/lwres_buffer_back.3.gz -man/man3/lwres_buffer_clear.3.gz -man/man3/lwres_buffer_first.3.gz -man/man3/lwres_buffer_forward.3.gz -man/man3/lwres_buffer_getmem.3.gz -man/man3/lwres_buffer_getuint16.3.gz -man/man3/lwres_buffer_getuint32.3.gz -man/man3/lwres_buffer_getuint8.3.gz -man/man3/lwres_buffer_init.3.gz -man/man3/lwres_buffer_invalidate.3.gz -man/man3/lwres_buffer_putmem.3.gz -man/man3/lwres_buffer_putuint16.3.gz -man/man3/lwres_buffer_putuint32.3.gz -man/man3/lwres_buffer_putuint8.3.gz -man/man3/lwres_buffer_subtract.3.gz -man/man3/lwres_conf_clear.3.gz -man/man3/lwres_conf_get.3.gz -man/man3/lwres_conf_init.3.gz -man/man3/lwres_conf_parse.3.gz -man/man3/lwres_conf_print.3.gz -man/man3/lwres_config.3.gz -man/man3/lwres_context.3.gz -man/man3/lwres_context_allocmem.3.gz -man/man3/lwres_context_create.3.gz -man/man3/lwres_context_destroy.3.gz -man/man3/lwres_context_freemem.3.gz -man/man3/lwres_context_initserial.3.gz -man/man3/lwres_context_nextserial.3.gz -man/man3/lwres_context_sendrecv.3.gz -man/man3/lwres_endhostent.3.gz -man/man3/lwres_endhostent_r.3.gz -man/man3/lwres_freeaddrinfo.3.gz -man/man3/lwres_freehostent.3.gz -man/man3/lwres_gabn.3.gz -man/man3/lwres_gabnrequest_free.3.gz -man/man3/lwres_gabnrequest_parse.3.gz -man/man3/lwres_gabnrequest_render.3.gz -man/man3/lwres_gabnresponse_free.3.gz -man/man3/lwres_gabnresponse_parse.3.gz -man/man3/lwres_gabnresponse_render.3.gz -man/man3/lwres_gai_strerror.3.gz -man/man3/lwres_getaddrinfo.3.gz -man/man3/lwres_getaddrsbyname.3.gz -man/man3/lwres_gethostbyaddr.3.gz -man/man3/lwres_gethostbyaddr_r.3.gz -man/man3/lwres_gethostbyname.3.gz -man/man3/lwres_gethostbyname2.3.gz -man/man3/lwres_gethostbyname_r.3.gz -man/man3/lwres_gethostent.3.gz -man/man3/lwres_gethostent_r.3.gz -man/man3/lwres_getipnode.3.gz -man/man3/lwres_getipnodebyaddr.3.gz -man/man3/lwres_getipnodebyname.3.gz -man/man3/lwres_getnamebyaddr.3.gz -man/man3/lwres_getnameinfo.3.gz -man/man3/lwres_getrrsetbyname.3.gz -man/man3/lwres_gnba.3.gz -man/man3/lwres_gnbarequest_free.3.gz -man/man3/lwres_gnbarequest_parse.3.gz -man/man3/lwres_gnbarequest_render.3.gz -man/man3/lwres_gnbaresponse_free.3.gz -man/man3/lwres_gnbaresponse_parse.3.gz -man/man3/lwres_gnbaresponse_render.3.gz -man/man3/lwres_herror.3.gz -man/man3/lwres_hstrerror.3.gz -man/man3/lwres_inetntop.3.gz -man/man3/lwres_lwpacket_parseheader.3.gz -man/man3/lwres_lwpacket_renderheader.3.gz -man/man3/lwres_net_ntop.3.gz -man/man3/lwres_noop.3.gz -man/man3/lwres_nooprequest_free.3.gz -man/man3/lwres_nooprequest_parse.3.gz -man/man3/lwres_nooprequest_render.3.gz -man/man3/lwres_noopresponse_free.3.gz -man/man3/lwres_noopresponse_parse.3.gz -man/man3/lwres_noopresponse_render.3.gz -man/man3/lwres_packet.3.gz -man/man3/lwres_resutil.3.gz -man/man3/lwres_sethostent.3.gz -man/man3/lwres_sethostent_r.3.gz -man/man3/lwres_string_parse.3.gz -man/man5/named.conf.5.gz -man/man5/rndc.conf.5.gz -man/man8/ddns-confgen.8.gz -%%PYTHON%%man/man8/dnssec-checkds.8.gz -%%PYTHON%%man/man8/dnssec-coverage.8.gz -man/man8/dnssec-dsfromkey.8.gz -man/man8/dnssec-importkey.8.gz -man/man8/dnssec-keyfromlabel.8.gz -man/man8/dnssec-keygen.8.gz -man/man8/dnssec-revoke.8.gz -man/man8/dnssec-settime.8.gz -man/man8/dnssec-signzone.8.gz -man/man8/dnssec-verify.8.gz -man/man8/genrandom.8.gz -man/man8/isc-hmac-fixup.8.gz -man/man8/lwresd.8.gz -man/man8/named-checkconf.8.gz -man/man8/named-checkzone.8.gz -man/man8/named-compilezone.8.gz -man/man8/named-journalprint.8.gz -man/man8/named.8.gz -man/man8/nsec3hash.8.gz -man/man8/rndc-confgen.8.gz -man/man8/rndc.8.gz -sbin/ddns-confgen -%%PYTHON%%sbin/dnssec-checkds -%%PYTHON%%sbin/dnssec-coverage -sbin/dnssec-dsfromkey -sbin/dnssec-importkey -sbin/dnssec-keyfromlabel -sbin/dnssec-keygen -sbin/dnssec-revoke -sbin/dnssec-settime -sbin/dnssec-signzone -sbin/dnssec-verify -sbin/genrandom -sbin/isc-hmac-fixup -sbin/lwresd -sbin/named -sbin/named-checkconf -sbin/named-checkzone -sbin/named-compilezone -sbin/named-journalprint -sbin/nsec3hash -sbin/rndc -sbin/rndc-confgen -@dir(bind,bind,) %%ETCDIR%%/dynamic -@dir %%ETCDIR%%/master -@dir(bind,bind,) %%ETCDIR%%/slave -@dir(bind,bind,) %%ETCDIR%%/working |