The current opendnssec porthas seen a massive rewrite by the upstream

so it was rechristened opendnssec Version 2.
To quote the announcement at <https://www.opendnssec.org>:

"OpenDNSSEC got a entire re-write of the enforcer. This part of
OpenDNSSEC controls changing signing keys in the right way to perform
a roll-over. Before, the enforcer would perform a roll-over according
to a strict paradigm. One scenario in which deviations would not be
possible.

The new enforcer is more aware of the zone changes being propagated in
the Internet. It can therefore decide when it is safe to make changes,
rather than to rely upon a given scenario.

PR:		211018
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl>
Sponsored by:	DK Hostmaster A/S

7 files changed, 218 insertions, 0 deletions

diff --git a/dns/Makefile b/dns/Makefile
index d770efbbe21..45d860bff13 100644
--- a/dns/Makefile
+++ b/dns/Makefile
@@ -105,6 +105,7 @@
     SUBDIR += opendd
     SUBDIR += opendnssec
     SUBDIR += opendnssec13
+    SUBDIR += opendnssec2
     SUBDIR += openresolv
     SUBDIR += p5-AnyEvent-CacheDNS
     SUBDIR += p5-AnyEvent-DNS-EtcHosts
diff --git a/dns/opendnssec2/Makefile b/dns/opendnssec2/Makefile
new file mode 100644
index 00000000000..8239863eddf
--- /dev/null
+++ b/dns/opendnssec2/Makefile
@@ -0,0 +1,84 @@
+# Created by: Jaap Akkerhuis <jaap@NLnetLabs.nl>
+# $FreeBSD$
+
+PORTNAME=	opendnssec
+PORTVERSION=	2.0.0
+CATEGORIES=	dns
+MASTER_SITES=	http://dist.opendnssec.org/source/
+PKGNAMESUFFIX=	2
+
+MAINTAINER=	jaap@NLnetLabs.nl
+COMMENT=	Tool suite for maintaining DNSSEC
+
+LICENSE=	BSD3CLAUSE
+
+BUILD_DEPENDS=	ldns>=1.6.16:dns/ldns
+LIB_DEPENDS=	libldns.so:dns/ldns
+
+GNU_CONFIGURE=	yes
+CONFIGURE_ARGS=	--localstatedir="${PREFIX}/var"
+USE_RC_SUBR=	opendnssec
+USE_GNOME=	libxml2
+USES=		perl5
+USES=		ssl
+USE_LDCONFIG=	yes
+
+SUB_FILES+=	pkg-message
+
+CONFLICTS=	opendnssec-1.[0-4]*
+
+USERS=		opendnssec
+GROUPS=		opendnssec
+
+PORTDOCS=	MIGRATION NEWS README.md
+MIGRATE=	README.md find_problematic_zones.sql \
+		convert_mysql mysql_convert.sql \
+		convert_sqlite sqlite_convert.sql
+
+OPTIONS_DEFINE=		SOFTHSM DOCS
+OPTIONS_SUB=		yes
+
+OPTIONS_SINGLE=		DB
+OPTIONS_SINGLE_DB=	SQLITE MYSQL
+
+OPTIONS_DEFAULT=	DOCS SQLITE
+
+SOFTHSM_DESC=		SoftHSM cryptographic store for PKCS \#11 interface
+
+MYSQL_DESC=		Use MYSQL backend
+SQLITE_DESC=		Use SQLite backend
+
+.include <bsd.port.options.mk>
+
+.if ${PORT_OPTIONS:MMYSQL}
+CONFIGURE_ARGS+=	--with-enforcer-database=mysql
+USES+=		mysql
+.endif
+
+.if ${PORT_OPTIONS:MSQLITE}
+USES=		sqlite
+CONFIGURE_ARGS+=	--with-enforcer-database=sqlite3
+BUILD_DEPENDS+=	sqlite3>=3.3.9:databases/sqlite3
+.endif
+
+.if ${PORT_OPTIONS:MSOFTHSM}
+CONFIGURE_ARGS+=	--with-pkcs11-softhsm=${LOCALBASE}/lib/softhsm/libsofthsm.so
+RUN_DEPENDS+=	softhsm>=1.2.0:security/softhsm
+.endif
+
+pre-install:
+.if ${PORT_OPTIONS:MMYSQL}
+	${REINPLACE_CMD} -e '/REQUIRE:/ s|$$| mysql|' ${WRKDIR}/opendnssec
+.endif
+
+post-install:
+.if ${PORT_OPTIONS:MDOCS}
+	@${MKDIR} ${STAGEDIR}${DOCSDIR}
+	${INSTALL_DATA} ${PORTDOCS:S|^|${WRKSRC}/|} ${STAGEDIR}${DOCSDIR}
+	${MKDIR} ${STAGEDIR}${DOCSDIR}/1.4-2.0_db_convert
+	${INSTALL_DATA} \
+		${MIGRATE:S|^|${WRKSRC}/enforcer/utils/1.4-2.0_db_convert/|} \
+		${STAGEDIR}${DOCSDIR}/1.4-2.0_db_convert
+.endif
+
+.include <bsd.port.mk>
diff --git a/dns/opendnssec2/distinfo b/dns/opendnssec2/distinfo
new file mode 100644
index 00000000000..ede7eed0ebf
--- /dev/null
+++ b/dns/opendnssec2/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1467876838
+SHA256 (opendnssec-2.0.0.tar.gz) = 3f3087ee1f2dee8b55d823d4b6825dc0212ea5162965382df11b2de36b888b7f
+SIZE (opendnssec-2.0.0.tar.gz) = 1072734
diff --git a/dns/opendnssec2/files/opendnssec.in b/dns/opendnssec2/files/opendnssec.in
new file mode 100644
index 00000000000..63320707366
--- /dev/null
+++ b/dns/opendnssec2/files/opendnssec.in
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+# $FreeBSD$
+#
+# PROVIDE: opendnssec
+# REQUIRE: LOGIN DAEMON
+# KEYWORD: shutdown
+#
+# Add the following line to /etc/rc.conf to enable opendnssec:
+#
+# opendnssec_enable="YES"
+
+. /etc/rc.subr
+
+name=opendnssec
+rcvar=opendnssec_enable
+
+load_rc_config $name
+
+opendnssec_enable=${opendnssec_enable:-"NO"}
+
+start_cmd="${name}_run start"
+stop_cmd="${name}_run stop"
+extra_commands="reload ksm hsm signer enforcer"
+
+procname=${opendnssec_procname}
+
+opendnssec_run()
+{
+    %%PREFIX%%/sbin/ods-control $1
+}
+
+run_rc_command "$1"
diff --git a/dns/opendnssec2/files/pkg-message.in b/dns/opendnssec2/files/pkg-message.in
new file mode 100644
index 00000000000..389bde5fcb4
--- /dev/null
+++ b/dns/opendnssec2/files/pkg-message.in
@@ -0,0 +1,27 @@
+######
+# A manual migration step is needed to migration from 1.4 to 2.0.
+#
+# First migrate to at least the 1.4.10 release if you have not already done
+# so.
+#
+# Review the documentation on the OpenDNSSEC site.  This can be
+# updated in between releases to provide more help.  Especially if
+# you have tooling around OpenDNSSEC you should be aware that some
+# command line utilities have changed.  A fair amount of backward
+# compatibility has been respected, but changes are present.
+# 
+# The enforcer does require a full migration, as the internal database has
+# been completely revised.  See the documentation in 
+# %%DOCSDIR%%/1.4-2.0_db_convert/README.md for a description.
+# 
+# Migration scripts are installed in %%DOCSDIR%%.
+#
+# The signer does not require any migration.  Backward compatibility is
+# respected from earlier 1.4 release.  The signer should not require a
+# full resign of your zone when upgrading, however if you decide to downgrade
+# a full resign is required.
+######
+
+An HowTo is provided at
+<https://wiki.opendnssec.org/display/DOCS20/Quick+start+guide>
+
diff --git a/dns/opendnssec2/pkg-descr b/dns/opendnssec2/pkg-descr
new file mode 100644
index 00000000000..147cc627fd9
--- /dev/null
+++ b/dns/opendnssec2/pkg-descr
@@ -0,0 +1,5 @@
+OpenDNSSEC was created as an open-source turn-key solution for
+DNSSEC. It secures zone data just before it is published in an
+authoritative name server.
+
+WWW: http://www.opendnssec.org
diff --git a/dns/opendnssec2/pkg-plist b/dns/opendnssec2/pkg-plist
new file mode 100644
index 00000000000..1b42598173c
--- /dev/null
+++ b/dns/opendnssec2/pkg-plist
@@ -0,0 +1,65 @@
+bin/ods-hsmspeed
+bin/ods-hsmutil
+bin/ods-kasp2html
+bin/ods-kaspcheck
+bin/ods-ksmutil
+@sample %%ETCDIR%%/addns.xml.sample
+@sample %%ETCDIR%%/conf.xml.sample
+@sample %%ETCDIR%%/kasp.xml.sample
+@sample %%ETCDIR%%/zonelist.xml.sample
+man/man1/ods-hsmspeed.1.gz
+man/man1/ods-hsmutil.1.gz
+man/man1/ods-kaspcheck.1.gz
+man/man1/ods-ksmutil.1.gz
+man/man5/ods-kasp.5.gz
+man/man5/ods-timing.5.gz
+man/man7/opendnssec.7.gz
+man/man8/ods-control.8.gz
+man/man8/ods-enforcer-db-setup.8.gz
+man/man8/ods-enforcer.8.gz
+man/man8/ods-enforcerd.8.gz
+man/man8/ods-signer.8.gz
+man/man8/ods-signerd.8.gz
+sbin/ods-control
+sbin/ods-enforcer
+sbin/ods-enforcer-db-setup
+sbin/ods-enforcerd
+sbin/ods-migrate
+sbin/ods-signer
+sbin/ods-signerd
+%%PORTDOCS%%%%DOCSDIR%%/1.4-2.0_db_convert/README.md
+%%PORTDOCS%%%%DOCSDIR%%/1.4-2.0_db_convert/convert_mysql
+%%PORTDOCS%%%%DOCSDIR%%/1.4-2.0_db_convert/convert_sqlite
+%%PORTDOCS%%%%DOCSDIR%%/1.4-2.0_db_convert/find_problematic_zones.sql
+%%PORTDOCS%%%%DOCSDIR%%/1.4-2.0_db_convert/mysql_convert.sql
+%%PORTDOCS%%%%DOCSDIR%%/1.4-2.0_db_convert/sqlite_convert.sql
+%%DATADIR%%/addns.rnc
+%%DATADIR%%/addns.rng
+%%DATADIR%%/conf.rnc
+%%DATADIR%%/conf.rng
+%%DATADIR%%/enforcerstate.rnc
+%%DATADIR%%/enforcerstate.rng
+%%DATADIR%%/kasp.rnc
+%%DATADIR%%/kasp.rng
+%%DATADIR%%/kasp2html.xsl
+@comment %%SQLITE%%%%DATADIR%%/migrate_1_4_8.sqlite3
+@comment %%SQLITE%%%%DATADIR%%/migrate_adapters_1.sqlite3
+@comment %%SQLITE%%%%DATADIR%%/migrate_keyshare_sqlite3.pl
+@comment %%SQLITE%%%%DATADIR%%/migrate_to_ng_sqlite.pl
+@comment %%MYSQL%%%%DATADIR%%/migrate_1_4_8.mysql
+@comment %%MYSQL%%%%DATADIR%%/migrate_adapters_1.mysql
+@comment %%MYSQL%%%%DATADIR%%/migrate_keyshare_mysql.pl
+@comment %%MYSQL%%%%DATADIR%%/migrate_zone_delete.mysql
+@comment %%MYSQL%%%%DATADIR%%/migrate_id_mysql.pl
+@comment %%MYSQL%%%%DATADIR%%/migrate_to_ng_mysql.pl
+%%DATADIR%%/signconf.rnc
+%%DATADIR%%/signconf.rng
+%%DATADIR%%/zonelist.rnc
+%%DATADIR%%/zonelist.rng
+@dir(opendnssec,opendnssec,) var/opendnssec
+@dir(opendnssec,opendnssec,) var/opendnssec/enforcer
+@dir(opendnssec,opendnssec,) var/opendnssec/signconf
+@dir(opendnssec,opendnssec,) var/opendnssec/signed
+@dir(opendnssec,opendnssec,) var/opendnssec/signer
+@dir(opendnssec,opendnssec,) var/opendnssec/unsigned
+@dir(opendnssec,opendnssec,) var/run/opendnssec