FreeBSD Bugzilla – Attachment 211849 Details for
Bug 244332
[patch] dns/bind916: Enable filter-aaaa for bind916
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
bind916 shar to enable filter-aaaa option
bind916.shar (text/plain), 69.71 KB, created by
Zane J Chua
on 2020-02-23 08:34:29 UTC
(
hide
)
Description:
bind916 shar to enable filter-aaaa option
Filename:
MIME Type:
Creator:
Zane J Chua
Created:
2020-02-23 08:34:29 UTC
Size:
69.71 KB
patch
obsolete
># This is a shell archive. Save it in a file, remove anything before ># this line, and then unpack it by entering "sh file". Note, it may ># create directories; files and directories will be owned by you and ># have default permissions. ># ># This archive contains: ># ># bind916 ># bind916/distinfo ># bind916/files ># bind916/files/BIND.chroot.dist ># bind916/files/BIND.chroot.local.dist ># bind916/files/empty.db ># bind916/files/extrapatch-bind-min-override-ttl ># bind916/files/extrapatch-bind-tools ># bind916/files/extrapatch-no-bind-tools ># bind916/files/localhost-forward.db ># bind916/files/localhost-reverse.db ># bind916/files/named.conf.in ># bind916/files/named.in ># bind916/files/named.root ># bind916/files/patch-bin_named_include_named_globals.h ># bind916/files/patch-bin_tests_system_dlzexternal_Makefile.in ># bind916/files/patch-configure ># bind916/files/pkg-message.in ># bind916/Makefile ># bind916/pkg-descr ># bind916/pkg-help ># bind916/pkg-plist ># >echo c - bind916 >mkdir -p bind916 > /dev/null 2>&1 >echo x - bind916/distinfo >sed 's/^X//' >bind916/distinfo << 'END-of-bind916/distinfo' >XTIMESTAMP = 1582188168 >XSHA256 (bind-9.16.0.tar.xz) = af4bd9bdaeb1aa7399429972f3a8aa01dd6886b7ae046d703ab8da45330f2e28 >XSIZE (bind-9.16.0.tar.xz) = 4533976 >END-of-bind916/distinfo >echo c - bind916/files >mkdir -p bind916/files > /dev/null 2>&1 >echo x - bind916/files/BIND.chroot.dist >sed 's/^X//' >bind916/files/BIND.chroot.dist << 'END-of-bind916/files/BIND.chroot.dist' >X# $FreeBSD$ >X# >X# mtree -deU -f files/BIND.chroot.dist -p tmp >X# mtree -cjnb -k uname,gname,mode -p tmp >X >X/set type=file uname=root gname=wheel mode=0755 >X. type=dir >X dev type=dir mode=0555 >X .. >X etc type=dir >X .. >X tmp type=dir mode=01777 >X .. >X/set type=file uname=bind gname=bind mode=0755 >X var type=dir uname=root gname=wheel >X dump type=dir >X .. >X log type=dir >X .. >X run type=dir >X named type=dir >X .. >X .. >X stats type=dir >X .. >X .. >END-of-bind916/files/BIND.chroot.dist >echo x - bind916/files/BIND.chroot.local.dist >sed 's/^X//' >bind916/files/BIND.chroot.local.dist << 'END-of-bind916/files/BIND.chroot.local.dist' >X# $FreeBSD$ >X# >X# mtree -deU -f files/BIND.etc.dist -p tmp >X# mtree -cjnb -k uname,gname,mode -p tmp >X >X/set type=file uname=root gname=wheel mode=0755 >X. type=dir >X etc type=dir >X/set type=file uname=bind gname=wheel mode=0755 >X namedb type=dir uname=root >X dynamic type=dir >X .. >X master type=dir uname=root >X .. >X slave type=dir >X .. >X working type=dir >X .. >X .. >X .. >END-of-bind916/files/BIND.chroot.local.dist >echo x - bind916/files/empty.db >sed 's/^X//' >bind916/files/empty.db << 'END-of-bind916/files/empty.db' >X >X; $FreeBSD$ >X >X$TTL 3h >X@ SOA @ nobody.localhost. 42 1d 12h 1w 3h >X ; Serial, Refresh, Retry, Expire, Neg. cache TTL >X >X@ NS @ >X >X; Silence a BIND warning >X@ A 127.0.0.1 >END-of-bind916/files/empty.db >echo x - bind916/files/extrapatch-bind-min-override-ttl >sed 's/^X//' >bind916/files/extrapatch-bind-min-override-ttl << 'END-of-bind916/files/extrapatch-bind-min-override-ttl' >XAdd the override-cache-ttl feature. >X >X--- bin/named/config.c.orig 2020-02-12 20:03:44 UTC >X+++ bin/named/config.c >X@@ -177,6 +177,7 @@ options {\n\ >X notify-source *;\n\ >X notify-source-v6 *;\n\ >X nsec3-test-zone no;\n\ >X+ override-cache-ttl 0; /* do not override */\n\ >X provide-ixfr true;\n\ >X qname-minimization relaxed;\n\ >X query-source address *;\n\ >X--- bin/named/server.c.orig 2020-02-12 20:03:44 UTC >X+++ bin/named/server.c >X@@ -4178,6 +4178,11 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewl >X } >X >X obj = NULL; >X+ result = named_config_get(maps, "override-cache-ttl", &obj); >X+ INSIST(result == ISC_R_SUCCESS); >X+ view->overridecachettl = cfg_obj_asuint32(obj); >X+ >X+ obj = NULL; >X result = named_config_get(maps, "max-cache-ttl", &obj); >X INSIST(result == ISC_R_SUCCESS); >X view->maxcachettl = cfg_obj_asduration(obj); >X--- lib/dns/include/dns/view.h.orig 2020-02-12 20:03:44 UTC >X+++ lib/dns/include/dns/view.h >X@@ -152,6 +152,7 @@ struct dns_view { >X bool requestnsid; >X bool sendcookie; >X dns_ttl_t maxcachettl; >X+ dns_ttl_t overridecachettl; >X dns_ttl_t maxncachettl; >X dns_ttl_t mincachettl; >X dns_ttl_t minncachettl; >X--- lib/dns/resolver.c.orig 2020-02-12 20:03:44 UTC >X+++ lib/dns/resolver.c >X@@ -5975,6 +5975,12 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adb >X } >X >X /* >X+ * Enforce the configure cache TTL override. >X+ */ >X+ if (res->view->overridecachettl) >X+ rdataset->ttl = res->view->overridecachettl; >X+ >X+ /* >X * Enforce the configure maximum cache TTL. >X */ >X if (rdataset->ttl > res->view->maxcachettl) { >X--- lib/isccfg/namedconf.c.orig 2020-02-12 20:03:44 UTC >X+++ lib/isccfg/namedconf.c >X@@ -1993,6 +1993,7 @@ static cfg_clausedef_t view_clauses[] = { >X #endif >X { "max-acache-size", &cfg_type_sizenodefault, CFG_CLAUSEFLAG_OBSOLETE }, >X { "max-cache-size", &cfg_type_sizeorpercent, 0 }, >X+ { "override-cache-ttl", &cfg_type_duration, 0 }, >X { "max-cache-ttl", &cfg_type_duration, 0 }, >X { "max-clients-per-query", &cfg_type_uint32, 0 }, >X { "max-ncache-ttl", &cfg_type_duration, 0 }, >END-of-bind916/files/extrapatch-bind-min-override-ttl >echo x - bind916/files/extrapatch-bind-tools >sed 's/^X//' >bind916/files/extrapatch-bind-tools << 'END-of-bind916/files/extrapatch-bind-tools' >XOnly select the "tools" part of bind for building. >X >X--- Makefile.in.orig 2019-08-12 14:08:48 UTC >X+++ Makefile.in >X@@ -14,7 +14,7 @@ top_builddir = @top_builddir@ >X >X VERSION=@BIND9_VERSION@ >X >X-SUBDIRS = make lib fuzz bin doc >X+SUBDIRS = lib bin >X TARGETS = >X PREREQS = bind.keys.h >X >X@@ -51,7 +51,6 @@ installdirs: >X $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1 >X >X install:: installdirs >X- ${INSTALL_DATA} ${top_srcdir}/bind.keys ${DESTDIR}${sysconfdir} >X >X uninstall:: >X rm -f ${DESTDIR}${sysconfdir}/bind.keys >X--- bin/Makefile.in.orig 2019-08-12 14:08:48 UTC >X+++ bin/Makefile.in >X@@ -11,8 +11,8 @@ srcdir = @srcdir@ >X VPATH = @srcdir@ >X top_srcdir = @top_srcdir@ >X >X-SUBDIRS = named rndc dig delv dnssec tools nsupdate check confgen \ >X- @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ plugins tests >X+SUBDIRS = dig delv dnssec tools nsupdate \ >X+ @NZD_TOOLS@ @PYTHON_TOOLS@ >X TARGETS = >X >X @BIND9_MAKE_RULES@ >END-of-bind916/files/extrapatch-bind-tools >echo x - bind916/files/extrapatch-no-bind-tools >sed 's/^X//' >bind916/files/extrapatch-no-bind-tools << 'END-of-bind916/files/extrapatch-no-bind-tools' >XExclude the "tools" from building and installing. >X >X--- bin/Makefile.in.orig 2019-06-28 12:33:29 UTC >X+++ bin/Makefile.in >X@@ -11,8 +11,8 @@ srcdir = @srcdir@ >X VPATH = @srcdir@ >X top_srcdir = @top_srcdir@ >X >X-SUBDIRS = named rndc dig delv dnssec tools nsupdate check confgen \ >X- @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ plugins tests >X+SUBDIRS = named rndc tools check confgen \ >X+ @NZD_TOOLS@ @PKCS11_TOOLS@ plugins tests >X TARGETS = >X >X @BIND9_MAKE_RULES@ >X--- bin/tools/Makefile.in.orig 2019-06-28 12:33:29 UTC >X+++ bin/tools/Makefile.in >X@@ -41,10 +41,7 @@ SUBDIRS = >X >X DNSTAPTARGETS = dnstap-read@EXEEXT@ >X NZDTARGETS = named-nzd2nzf@EXEEXT@ >X-TARGETS = arpaname@EXEEXT@ named-journalprint@EXEEXT@ \ >X- named-rrchecker@EXEEXT@ nsec3hash@EXEEXT@ \ >X- mdig@EXEEXT@ \ >X- @DNSTAPTARGETS@ @NZDTARGETS@ >X+TARGETS = @DNSTAPTARGETS@ @NZDTARGETS@ >X >X DNSTAPSRCS = dnstap-read.c >X NZDSRCS = named-nzd2nzf.c >X@@ -120,21 +117,6 @@ dnstap: >X ${INSTALL_DATA} ${srcdir}/dnstap-read.1 ${DESTDIR}${mandir}/man1 >X >X install:: ${TARGETS} installdirs @DNSTAP@ @NZD_TOOLS@ >X- ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} arpaname@EXEEXT@ \ >X- ${DESTDIR}${bindir} >X- ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-journalprint@EXEEXT@ \ >X- ${DESTDIR}${sbindir} >X- ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-rrchecker@EXEEXT@ \ >X- ${DESTDIR}${bindir} >X- ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} nsec3hash@EXEEXT@ \ >X- ${DESTDIR}${sbindir} >X- ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} mdig@EXEEXT@ \ >X- ${DESTDIR}${bindir} >X- ${INSTALL_DATA} ${srcdir}/arpaname.1 ${DESTDIR}${mandir}/man1 >X- ${INSTALL_DATA} ${srcdir}/named-journalprint.8 ${DESTDIR}${mandir}/man8 >X- ${INSTALL_DATA} ${srcdir}/named-rrchecker.1 ${DESTDIR}${mandir}/man1 >X- ${INSTALL_DATA} ${srcdir}/nsec3hash.8 ${DESTDIR}${mandir}/man8 >X- ${INSTALL_DATA} ${srcdir}/mdig.1 ${DESTDIR}${mandir}/man1 >X >X uninstall:: >X rm -f ${DESTDIR}${mandir}/man1/mdig.1 >END-of-bind916/files/extrapatch-no-bind-tools >echo x - bind916/files/localhost-forward.db >sed 's/^X//' >bind916/files/localhost-forward.db << 'END-of-bind916/files/localhost-forward.db' >X >X; $FreeBSD$ >X >X$TTL 3h >Xlocalhost. SOA localhost. nobody.localhost. 42 1d 12h 1w 3h >X ; Serial, Refresh, Retry, Expire, Neg. cache TTL >X >X NS localhost. >X >X A 127.0.0.1 >X AAAA ::1 >END-of-bind916/files/localhost-forward.db >echo x - bind916/files/localhost-reverse.db >sed 's/^X//' >bind916/files/localhost-reverse.db << 'END-of-bind916/files/localhost-reverse.db' >X >X; $FreeBSD$ >X >X$TTL 3h >X@ SOA localhost. nobody.localhost. 42 1d 12h 1w 3h >X ; Serial, Refresh, Retry, Expire, Neg. cache TTL >X >X NS localhost. >X >X1.0.0 PTR localhost. >X >X1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR localhost. >X >END-of-bind916/files/localhost-reverse.db >echo x - bind916/files/named.conf.in >sed 's/^X//' >bind916/files/named.conf.in << 'END-of-bind916/files/named.conf.in' >X// $FreeBSD$ >X// >X// Refer to the named.conf(5) and named(8) man pages, and the documentation >X// in /usr/local/share/doc/bind for more details. >X// >X// If you are going to set up an authoritative server, make sure you >X// understand the hairy details of how DNS works. Even with >X// simple mistakes, you can break connectivity for affected parties, >X// or cause huge amounts of useless Internet traffic. >X >Xoptions { >X // All file and path names are relative to the chroot directory, >X // if any, and should be fully qualified. >X directory "%%ETCDIR%%/working"; >X pid-file "/var/run/named/pid"; >X dump-file "/var/dump/named_dump.db"; >X statistics-file "/var/stats/named.stats"; >X >X// If named is being used only as a local resolver, this is a safe default. >X// For named to be accessible to the network, comment this option, specify >X// the proper IP address, or delete this option. >X listen-on { 127.0.0.1; }; >X >X// If you have IPv6 enabled on this system, uncomment this option for >X// use as a local resolver. To give access to the network, specify >X// an IPv6 address, or the keyword "any". >X// listen-on-v6 { ::1; }; >X >X// These zones are already covered by the empty zones listed below. >X// If you remove the related empty zones below, comment these lines out. >X disable-empty-zone "255.255.255.255.IN-ADDR.ARPA"; >X disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; >X disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; >X >X// If you've got a DNS server around at your upstream provider, enter >X// its IP address here, and enable the line below. This will make you >X// benefit from its cache, thus reduce overall DNS traffic in the Internet. >X/* >X forwarders { >X 127.0.0.1; >X }; >X*/ >X >X// If the 'forwarders' clause is not empty the default is to 'forward first' >X// which will fall back to sending a query from your local server if the name >X// servers in 'forwarders' do not have the answer. Alternatively you can >X// force your name server to never initiate queries of its own by enabling the >X// following line: >X// forward only; >X >X// If you wish to have forwarding configured automatically based on >X// the entries in /etc/resolv.conf, uncomment the following line and >X// set named_auto_forward=yes in /etc/rc.conf. You can also enable >X// named_auto_forward_only (the effect of which is described above). >X// include "%%ETCDIR%%/auto_forward.conf"; >X >X /* >X Modern versions of BIND use a random UDP port for each outgoing >X query by default in order to dramatically reduce the possibility >X of cache poisoning. All users are strongly encouraged to utilize >X this feature, and to configure their firewalls to accommodate it. >X >X AS A LAST RESORT in order to get around a restrictive firewall >X policy you can try enabling the option below. Use of this option >X will significantly reduce your ability to withstand cache poisoning >X attacks, and should be avoided if at all possible. >X >X Replace NNNNN in the example with a number between 49160 and 65530. >X */ >X // query-source address * port NNNNN; >X}; >X >X// If you enable a local name server, don't forget to enter 127.0.0.1 >X// first in your /etc/resolv.conf so this server will be queried. >X// Also, make sure to enable it in /etc/rc.conf. >X >X// The traditional root hints mechanism. Use this, OR the slave zones below. >Xzone "." { type hint; file "%%ETCDIR%%/named.root"; }; >X >X/* Slaving the following zones from the root name servers has some >X significant advantages: >X 1. Faster local resolution for your users >X 2. No spurious traffic will be sent from your network to the roots >X 3. Greater resilience to any potential root server failure/DDoS >X >X On the other hand, this method requires more monitoring than the >X hints file to be sure that an unexpected failure mode has not >X incapacitated your server. Name servers that are serving a lot >X of clients will benefit more from this approach than individual >X hosts. Use with caution. >X >X To use this mechanism, uncomment the entries below, and comment >X the hint zone above. >X >X As documented at http://dns.icann.org/services/axfr/ these zones: >X "." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and a few others >X are available for AXFR from these servers on IPv4 and IPv6: >X xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org >X*/ >X/* >Xzone "." { >X type slave; >X file "%%ETCDIR%%/slave/root.slave"; >X masters { >X 192.0.32.132; // lax.xfr.dns.icann.org >X 2620:0:2d0:202::132; // lax.xfr.dns.icann.org >X 192.0.47.132; // iad.xfr.dns.icann.org >X 2620:0:2830:202::132; // iad.xfr.dns.icann.org >X }; >X notify no; >X}; >Xzone "arpa" { >X type slave; >X file "%%ETCDIR%%/slave/arpa.slave"; >X masters { >X 192.0.32.132; // lax.xfr.dns.icann.org >X 2620:0:2d0:202::132; // lax.xfr.dns.icann.org >X 192.0.47.132; // iad.xfr.dns.icann.org >X 2620:0:2830:202::132; // iad.xfr.dns.icann.org >X }; >X notify no; >X}; >Xzone "in-addr.arpa" { >X type slave; >X file "%%ETCDIR%%/slave/in-addr.arpa.slave"; >X masters { >X 192.0.32.132; // lax.xfr.dns.icann.org >X 2620:0:2d0:202::132; // lax.xfr.dns.icann.org >X 192.0.47.132; // iad.xfr.dns.icann.org >X 2620:0:2830:202::132; // iad.xfr.dns.icann.org >X }; >X notify no; >X}; >Xzone "ip6.arpa" { >X type slave; >X file "%%ETCDIR%%/slave/ip6.arpa.slave"; >X masters { >X 192.0.32.132; // lax.xfr.dns.icann.org >X 2620:0:2d0:202::132; // lax.xfr.dns.icann.org >X 192.0.47.132; // iad.xfr.dns.icann.org >X 2620:0:2830:202::132; // iad.xfr.dns.icann.org >X }; >X notify no; >X}; >X*/ >X >X/* Serving the following zones locally will prevent any queries >X for these zones leaving your network and going to the root >X name servers. This has two significant advantages: >X 1. Faster local resolution for your users >X 2. No spurious traffic will be sent from your network to the roots >X*/ >X// RFCs 1912, 5735 and 6303 (and BCP 32 for localhost) >Xzone "localhost" { type master; file "%%ETCDIR%%/master/localhost-forward.db"; }; >Xzone "127.in-addr.arpa" { type master; file "%%ETCDIR%%/master/localhost-reverse.db"; }; >Xzone "255.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >X >X// RFC 1912-style zone for IPv6 localhost address (RFC 6303) >Xzone "0.ip6.arpa" { type master; file "%%ETCDIR%%/master/localhost-reverse.db"; }; >X >X// "This" Network (RFCs 1912, 5735 and 6303) >Xzone "0.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >X >X// Private Use Networks (RFCs 1918, 5735 and 6303) >Xzone "10.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "16.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "17.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "18.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "19.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "20.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "21.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "22.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "23.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "24.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "25.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "26.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "27.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "28.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "29.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "30.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "31.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "168.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >X >X// Shared Address Space (RFC 6598) >Xzone "64.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "65.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "66.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "67.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "68.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "69.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "70.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "71.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "72.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "73.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "74.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "75.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "76.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "77.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "78.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "79.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "80.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "81.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "82.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "83.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "84.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "85.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "86.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "87.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "88.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "89.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "90.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "91.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "92.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "93.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "94.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "95.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "96.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "97.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "98.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "99.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "100.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "101.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "102.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "103.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "104.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "105.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "106.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "107.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "108.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "109.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "110.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "111.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "112.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "113.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "114.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "115.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "116.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "117.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "118.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "119.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "120.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "121.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "122.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "123.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "124.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "125.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "126.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "127.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >X >X// Link-local/APIPA (RFCs 3927, 5735 and 6303) >Xzone "254.169.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >X >X// IETF protocol assignments (RFCs 5735 and 5736) >Xzone "0.0.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >X >X// TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303) >Xzone "2.0.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "100.51.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "113.0.203.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >X >X// IPv6 Example Range for Documentation (RFCs 3849 and 6303) >Xzone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >X >X// Router Benchmark Testing (RFCs 2544 and 5735) >Xzone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "19.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >X >X// IANA Reserved - Old Class E Space (RFC 5735) >Xzone "240.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "241.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "242.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "243.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "244.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "245.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "246.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "247.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "248.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "249.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "250.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "251.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "252.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "253.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "254.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >X >X// IPv6 Unassigned Addresses (RFC 4291) >Xzone "1.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "3.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "4.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "5.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "6.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "7.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "8.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "9.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "a.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "b.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "c.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "d.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "e.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "0.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "1.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "2.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "3.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "4.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "5.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "6.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "7.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "8.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "9.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "a.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "b.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "0.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "1.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "2.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "3.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "4.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "5.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "6.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "7.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >X >X// IPv6 ULA (RFCs 4193 and 6303) >Xzone "c.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "d.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >X >X// IPv6 Link Local (RFCs 4291 and 6303) >Xzone "8.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "9.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "a.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "b.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >X >X// IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303) >Xzone "c.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "d.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "e.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >Xzone "f.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; }; >X >X// IP6.INT is Deprecated (RFC 4159) >Xzone "ip6.int" { type master; file "%%ETCDIR%%/master/empty.db"; }; >X >X// NB: Do not use the IP addresses below, they are faked, and only >X// serve demonstration/documentation purposes! >X// >X// Example slave zone config entries. It can be convenient to become >X// a slave at least for the zone your own domain is in. Ask >X// your network administrator for the IP address of the responsible >X// master name server. >X// >X// Do not forget to include the reverse lookup zone! >X// This is named after the first bytes of the IP address, in reverse >X// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6. >X// >X// Before starting to set up a master zone, make sure you fully >X// understand how DNS and BIND work. There are sometimes >X// non-obvious pitfalls. Setting up a slave zone is usually simpler. >X// >X// NB: Don't blindly enable the examples below. :-) Use actual names >X// and addresses instead. >X >X/* An example dynamic zone >Xkey "exampleorgkey" { >X algorithm hmac-md5; >X secret "sf87HJqjkqh8ac87a02lla=="; >X}; >Xzone "example.org" { >X type master; >X allow-update { >X key "exampleorgkey"; >X }; >X file "%%ETCDIR%%/dynamic/example.org"; >X}; >X*/ >X >X/* Example of a slave reverse zone >Xzone "1.168.192.in-addr.arpa" { >X type slave; >X file "%%ETCDIR%%/slave/1.168.192.in-addr.arpa"; >X masters { >X 192.168.1.1; >X }; >X}; >X*/ >END-of-bind916/files/named.conf.in >echo x - bind916/files/named.in >sed 's/^X//' >bind916/files/named.in << 'END-of-bind916/files/named.in' >X#!/bin/sh >X# >X# $FreeBSD$ >X# >X >X# PROVIDE: named >X# REQUIRE: %%NAMED_REQUIRE%% >X# BEFORE: %%NAMED_BEFORE%% >X# KEYWORD: shutdown >X >X# >X# Add the following lines to /etc/rc.conf to enable BIND: >X# named_enable (bool): Run named, the DNS server (or NO). >X# named_program (str): Path to named, if you want a different one. >X# named_conf (str): Path to the configuration file >X# named_flags (str): Use this for flags OTHER than -u and -c >X# named_uid (str): User to run named as >X# named_chrootdir (str): Chroot directory (or "" not to auto-chroot it) >X# Historically, was /var/named >X# named_chroot_autoupdate (bool): Automatically install/update chrooted >X# components of named. >X# named_symlink_enable (bool): Symlink the chrooted pid file >X# named_wait (bool): Wait for working name service before exiting >X# named_wait_host (str): Hostname to check if named_wait is enabled >X# named_auto_forward (str): Set up forwarders from /etc/resolv.conf >X# named_auto_forward_only (str): Do "forward only" instead of "forward first" >X%%NATIVE_PKCS11%%# named_pkcs11_engine (str): Path to the PKCS#11 library to use. >X# >X >X. /etc/rc.subr >X >Xname=named >Xdesc="named BIND startup script" >Xrcvar=named_enable >X >Xload_rc_config ${name} >X >Xextra_commands=reload >X >Xstart_precmd=named_prestart >Xstart_postcmd=named_poststart >Xreload_cmd=named_reload >Xstop_cmd=named_stop >Xstop_postcmd=named_poststop >X >Xnamed_enable=${named_enable:-"NO"} >Xnamed_program=${named_program:-"%%PREFIX%%/sbin/named"} >Xnamed_conf=${named_conf:-"%%ETCDIR%%/named.conf"} >Xnamed_flags=${named_flags:-""} >Xnamed_uid=${named_uid:-"bind"} >Xnamed_chrootdir=${named_chrootdir:-""} >Xnamed_chroot_autoupdate=${named_chroot_autoupdate:-"YES"} >Xnamed_symlink_enable=${named_symlink_enable:-"YES"} >Xnamed_wait=${named_wait:-"NO"} >Xnamed_wait_host=${named_wait_host:-"localhost"} >Xnamed_auto_forward=${named_auto_forward:-"NO"} >Xnamed_auto_forward_only=${named_auto_forward_only:-"NO"} >X%%NATIVE_PKCS11%%named_pkcs11_engine=${named_pkcs11_engine:-""} >X >X# Not configuration variables but having them here keeps rclint happy >Xrequired_dirs="${named_chrootdir}" >X_named_confdirroot="${named_conf%/*}" >X_named_confdir="${named_chrootdir}${_named_confdirroot}" >X_named_program_root="${named_program%/sbin/named}" >X_openssl_engines="%%ENGINES%%" >X >X# Needed if named.conf and rndc.conf are moved or if rndc.conf is used >Xrndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"} >Xrndc_key=${rndc_key:-"$_named_confdir/rndc.key"} >X >X# If running in a chroot cage, ensure that the appropriate files >X# exist inside the cage, as well as helper symlinks into the cage >X# from outside. >X# >X# As this is called after the is_running and required_dir checks >X# are made in run_rc_command(), we can safely assume ${named_chrootdir} >X# exists and named isn't running at this point (unless forcestart >X# is used). >X# >Xchroot_autoupdate() >X{ >X local file >X >X # If it's the first time around, fiddle with things and move the >X # current configuration to the chroot. >X if [ -d ${_named_confdirroot} -a ! -d ${_named_confdir} ]; then >X warn "named chroot: Moving current configuration in the chroot!" >X install -d ${_named_confdir%/*} >X mv ${_named_confdirroot} ${_named_confdir} >X fi >X >X # Create (or update) the chroot directory structure >X # >X if [ -r %%PREFIX%%/etc/mtree/BIND.chroot.dist ]; then >X mtree -deU -f %%PREFIX%%/etc/mtree/BIND.chroot.dist \ >X -p ${named_chrootdir} >X else >X warn "%%PREFIX%%/etc/mtree/BIND.chroot.dist missing," >X warn "${named_chrootdir} directory structure not updated" >X fi >X if [ -r %%PREFIX%%/etc/mtree/BIND.chroot.local.dist ]; then >X mkdir -p ${named_chrootdir}%%PREFIX%% >X mtree -deU -f %%PREFIX%%/etc/mtree/BIND.chroot.local.dist \ >X -p ${named_chrootdir}%%PREFIX%% >X else >X warn "%%PREFIX%%/etc/mtree/BIND.chroot.local.dist missing," >X warn "${named_chrootdir}%%PREFIX%% directory structure not updated" >X fi >X >X # Create (or update) the configuration directory symlink >X # >X if [ ! -L "${_named_confdirroot}" ]; then >X if [ -d "${_named_confdirroot}" ]; then >X warn "named chroot: ${_named_confdirroot} is a directory!" >X elif [ -e "${_named_confdirroot}" ]; then >X warn "named chroot: ${_named_confdirroot} exists!" >X else >X ln -s ${_named_confdir} ${_named_confdirroot} >X fi >X else >X # Make sure it points to the right place. >X ln -shf ${_named_confdir} ${_named_confdirroot} >X fi >X >X # Mount a devfs in the chroot directory if needed >X # >X if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then >X umount ${named_chrootdir}/dev 2>/dev/null >X devfs_domount ${named_chrootdir}/dev devfsrules_hide_all >X devfs -m ${named_chrootdir}/dev rule apply path null unhide >X devfs -m ${named_chrootdir}/dev rule apply path random unhide >X else >X if [ -c ${named_chrootdir}/dev/null -a \ >X -c ${named_chrootdir}/dev/random ]; then >X info "named chroot: using pre-mounted devfs." >X else >X err 1 "named chroot: devfs cannot be mounted from " \ >X "within a jail. Thus a chrooted named cannot " \ >X "be run from within a jail. Either mount the " \ >X "devfs with null and random from the host, or " \ >X "run named without chrooting it, set " \ >X "named_chrootdir=\"\" in /etc/rc.conf." >X fi >X fi >X >X # The OpenSSL engines and BIND9 plugins should be present in the >X # chroot, named loads them after chrooting. >X null_mount_or_copy ${_openssl_engines} >X null_mount_or_copy %%PREFIX%%/lib/named >X >X # Copy and/or update key files to the chroot /etc >X # >X for file in localtime protocols services; do >X if [ -r /etc/${file} ] && \ >X ! cmp -s /etc/${file} "${named_chrootdir}/etc/${file}"; then >X cp -p /etc/${file} "${named_chrootdir}/etc/${file}" >X fi >X done >X} >X >X# Make symlinks to the correct pid file >X# >Xmake_symlinks() >X{ >X checkyesno named_symlink_enable && >X ln -fs "${named_chrootdir}${pidfile}" ${pidfile} && >X ln -fs "${named_chrootdir}${sessionkeyfile}" ${sessionkeyfile} >X} >X >Xnamed_poststart() >X{ >X make_symlinks >X >X if checkyesno named_wait; then >X until ${_named_program_root}/bin/host ${named_wait_host} >/dev/null 2>&1; do >X echo " Waiting for nameserver to resolve ${named_wait_host}" >X sleep 1 >X done >X fi >X} >X >Xnamed_reload() >X{ >X # This is a one line function, but ${named_program} is not defined early >X # enough to be there when the reload_cmd variable is defined up there. >X rndc reload >X} >X >Xfind_pidfile() >X{ >X if get_pidfile_from_conf pid-file ${named_conf}; then >X pidfile="${_pidfile_from_conf}" >X else >X pidfile="/var/run/named/pid" >X fi >X} >X >Xfind_sessionkeyfile() >X{ >X if get_pidfile_from_conf session-keyfile ${named_conf}; then >X sessionkeyfile="${_pidfile_from_conf}" >X else >X sessionkeyfile="/var/run/named/session.key" >X fi >X} >X >Xnamed_stop() >X{ >X find_pidfile >X >X # This duplicates an undesirably large amount of code from the stop >X # routine in rc.subr in order to use rndc to shut down the process, >X # and to give it a second chance in case rndc fails. >X rc_pid=$(check_pidfile ${pidfile} ${command}) >X if [ -z "${rc_pid}" ]; then >X [ -n "${rc_fast}" ] && return 0 >X _run_rc_notrunning >X return 1 >X fi >X echo 'Stopping named.' >X if rndc stop; then >X wait_for_pids ${rc_pid} >X else >X echo -n 'rndc failed, trying kill: ' >X kill -TERM ${rc_pid} >X wait_for_pids ${rc_pid} >X fi >X} >X >Xnamed_poststop() >X{ >X if [ -n "${named_chrootdir}" ]; then >X null_umount %%PREFIX%%/lib/named >X null_umount ${_openssl_engines} >X if [ -c ${named_chrootdir}/dev/null ]; then >X # unmount /dev >X if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then >X umount ${named_chrootdir}/dev 2>/dev/null || true >X else >X warn "named chroot:" \ >X "cannot unmount devfs from inside jail!" >X fi >X fi >X fi >X} >X >Xcan_mount() >X{ >X local kld >X kld=$1 >X if ! load_kld $kld; then >X return 1 >X fi >X if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] || >X [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] || >X [ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then >X return 0 >X fi >X return 1 >X} >X >Xnull_mount_or_copy() >X{ >X local dir >X dir=$1 >X >X if [ -d ${dir} ]; then >X mkdir -p ${named_chrootdir}${dir} >X if can_mount nullfs ; then >X mount -t nullfs ${dir} ${named_chrootdir}${dir} >X else >X warn "named chroot: cannot nullfs mount OpenSSL" \ >X "engines into the chroot, will copy the shared" \ >X "libraries instead." >X cp -f ${dir}/*.so ${named_chrootdir}${dir} >X fi >X fi >X} >X >Xnull_umount() >X{ >X local dir >X dir=$1 >X >X if [ -d ${dir} ]; then >X if can_mount nullfs; then >X umount ${named_chrootdir}${dir} >X fi >X fi >X} >X >Xcreate_file() >X{ >X if [ -e "$1" ]; then >X unlink $1 >X fi >X install -o root -g wheel -m 0644 /dev/null $1 >X} >X >Xrndc() >X{ >X if [ -z "${rndc_flags}" ]; then >X if [ -s "${rndc_conf}" ] ; then >X rndc_flags="-c ${rndc_conf}" >X elif [ -s "${rndc_key}" ] ; then >X rndc_flags="-k ${rndc_key}" >X else >X rndc_flags="" >X fi >X fi >X >X ${_named_program_root}/sbin/rndc ${rndc_flags} "$@" >X} >X >Xnamed_prestart() >X{ >X find_pidfile >X find_sessionkeyfile >X >X if [ -n "${named_pidfile}" ]; then >X warn 'named_pidfile: now determined from the conf file' >X fi >X >X if [ -n "${named_sessionkeyfile}" ]; then >X warn 'named_sessionkeyfile: now determined from the conf file' >X fi >X >X piddir=`/usr/bin/dirname ${pidfile}` >X if [ ! -d ${piddir} ]; then >X install -d -o ${named_uid} -g ${named_uid} ${piddir} >X fi >X >X sessionkeydir=`/usr/bin/dirname ${sessionkeyfile}` >X if [ ! -d ${sessionkeydir} ]; then >X install -d -o ${named_uid} -g ${named_uid} ${sessionkeydir} >X fi >X >X command_args="-u ${named_uid:=root} -c ${named_conf} ${command_args}" >X >X%%NATIVE_PKCS11%% if [ -z "${named_pkcs11_engine}"]; then >X%%NATIVE_PKCS11%% err 3 "named_pkcs11_engine has to be set to the PKCS#11 engine's library you want to use" >X%%NATIVE_PKCS11%% elif [ ! -f ${named_pkcs11_engine} ]; then >X%%NATIVE_PKCS11%% err 3 "named_pkcs11_engine the PKCS#11 engine's library you want to use doesn't exist" >X%%NATIVE_PKCS11%% else >X%%NATIVE_PKCS11%% mkdir -p ${named_chrootdir}${named_pkcs11_engine%/*} >X%%NATIVE_PKCS11%% cp -p ${named_pkcs11_engine} ${named_chrootdir}${named_pkcs11_engine} >X%%NATIVE_PKCS11%% command_args="-E ${named_pkcs11_engine} ${command_args}" >X%%NATIVE_PKCS11%% fi >X >X local line nsip firstns >X >X # Is the user using a sandbox? >X # >X if [ -n "${named_chrootdir}" ]; then >X rc_flags="${rc_flags} -t ${named_chrootdir}" >X checkyesno named_chroot_autoupdate && chroot_autoupdate >X >X case "${altlog_proglist}" in >X *named*) >X ;; >X *) >X warn 'Using chroot without setting altlog_proglist, logging may not' >X warn 'work correctly. Run sysrc altlog_proglist+=named' >X ;; >X esac >X else >X named_symlink_enable=NO >X fi >X >X # Create an rndc.key file for the user if none exists >X # >X confgen_command="${_named_program_root}/sbin/rndc-confgen -a -b256 -u ${named_uid} \ >X -c ${_named_confdir}/rndc.key" >X if [ -s "${_named_confdir}/rndc.conf" ]; then >X unset confgen_command >X fi >X if [ -s "${_named_confdir}/rndc.key" ]; then >X case `stat -f%Su ${_named_confdir}/rndc.key` in >X root|${named_uid}) ;; >X *) ${confgen_command} ;; >X esac >X else >X ${confgen_command} >X fi >X >X local checkconf >X >X checkconf="${_named_program_root}/sbin/named-checkconf" >X if ! checkyesno named_chroot_autoupdate && [ -n "${named_chrootdir}" ]; then >X checkconf="${checkconf} -t ${named_chrootdir}" >X fi >X >X # Create a forwarder configuration based on /etc/resolv.conf >X if checkyesno named_auto_forward; then >X if [ ! -s /etc/resolv.conf ]; then >X warn "named_auto_forward enabled, but no /etc/resolv.conf" >X >X # Empty the file in case it is included in named.conf >X [ -s "${_named_confdir}/auto_forward.conf" ] && >X create_file ${_named_confdir}/auto_forward.conf >X >X ${checkconf} ${named_conf} || >X err 3 'named-checkconf for ${named_conf} failed' >X return >X fi >X >X create_file /var/run/naf-resolv.conf >X create_file /var/run/auto_forward.conf >X >X echo ' forwarders {' > /var/run/auto_forward.conf >X >X while read line; do >X case "${line}" in >X 'nameserver '*|'nameserver '*) >X nsip=${line##nameserver[ ]} >X >X if [ -z "${firstns}" ]; then >X if [ ! "${nsip}" = '127.0.0.1' ]; then >X echo 'nameserver 127.0.0.1' >X echo " ${nsip};" >> /var/run/auto_forward.conf >X fi >X >X firstns=1 >X else >X [ "${nsip}" = '127.0.0.1' ] && continue >X echo " ${nsip};" >> /var/run/auto_forward.conf >X fi >X ;; >X esac >X >X echo ${line} >X done < /etc/resolv.conf > /var/run/naf-resolv.conf >X >X echo ' };' >> /var/run/auto_forward.conf >X echo '' >> /var/run/auto_forward.conf >X if checkyesno named_auto_forward_only; then >X echo " forward only;" >> /var/run/auto_forward.conf >X else >X echo " forward first;" >> /var/run/auto_forward.conf >X fi >X >X if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then >X unlink /var/run/naf-resolv.conf >X else >X [ -e /etc/resolv.conf ] && unlink /etc/resolv.conf >X mv /var/run/naf-resolv.conf /etc/resolv.conf >X fi >X >X if cmp -s ${_named_confdir}/auto_forward.conf \ >X /var/run/auto_forward.conf; then >X unlink /var/run/auto_forward.conf >X else >X [ -e "${_named_confdir}/auto_forward.conf" ] && >X unlink ${_named_confdir}/auto_forward.conf >X mv /var/run/auto_forward.conf \ >X ${_named_confdir}/auto_forward.conf >X fi >X else >X # Empty the file in case it is included in named.conf >X [ -s "${_named_confdir}/auto_forward.conf" ] && >X create_file ${_named_confdir}/auto_forward.conf >X fi >X >X ${checkconf} ${named_conf} || err 3 "named-checkconf for ${named_conf} failed" >X} >X >Xrun_rc_command "$1" >END-of-bind916/files/named.in >echo x - bind916/files/named.root >sed 's/^X//' >bind916/files/named.root << 'END-of-bind916/files/named.root' >X; >X; $FreeBSD$ >X; >X >X; This file holds the information on root name servers needed to >X; initialize cache of Internet domain name servers >X; (e.g. reference this file in the "cache . <file>" >X; configuration file of BIND domain name servers). >X; >X; This file is made available by InterNIC >X; under anonymous FTP as >X; file /domain/named.cache >X; on server FTP.INTERNIC.NET >X; -OR- RS.INTERNIC.NET >X; >X; last update: November 16, 2017 >X; related version of root zone: 2017111601 >X; >X; FORMERLY NS.INTERNIC.NET >X; >X. 3600000 NS A.ROOT-SERVERS.NET. >XA.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 >XA.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30 >X; >X; FORMERLY NS1.ISI.EDU >X; >X. 3600000 NS B.ROOT-SERVERS.NET. >XB.ROOT-SERVERS.NET. 3600000 A 199.9.14.201 >XB.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b >X; >X; FORMERLY C.PSI.NET >X; >X. 3600000 NS C.ROOT-SERVERS.NET. >XC.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 >XC.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c >X; >X; FORMERLY TERP.UMD.EDU >X; >X. 3600000 NS D.ROOT-SERVERS.NET. >XD.ROOT-SERVERS.NET. 3600000 A 199.7.91.13 >XD.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d >X; >X; FORMERLY NS.NASA.GOV >X; >X. 3600000 NS E.ROOT-SERVERS.NET. >XE.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 >XE.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e >X; >X; FORMERLY NS.ISC.ORG >X; >X. 3600000 NS F.ROOT-SERVERS.NET. >XF.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 >XF.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f >X; >X; FORMERLY NS.NIC.DDN.MIL >X; >X. 3600000 NS G.ROOT-SERVERS.NET. >XG.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 >XG.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d >X; >X; FORMERLY AOS.ARL.ARMY.MIL >X; >X. 3600000 NS H.ROOT-SERVERS.NET. >XH.ROOT-SERVERS.NET. 3600000 A 198.97.190.53 >XH.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53 >X; >X; FORMERLY NIC.NORDU.NET >X; >X. 3600000 NS I.ROOT-SERVERS.NET. >XI.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 >XI.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53 >X; >X; OPERATED BY VERISIGN, INC. >X; >X. 3600000 NS J.ROOT-SERVERS.NET. >XJ.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 >XJ.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30 >X; >X; OPERATED BY RIPE NCC >X; >X. 3600000 NS K.ROOT-SERVERS.NET. >XK.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 >XK.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1 >X; >X; OPERATED BY ICANN >X; >X. 3600000 NS L.ROOT-SERVERS.NET. >XL.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 >XL.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42 >X; >X; OPERATED BY WIDE >X; >X. 3600000 NS M.ROOT-SERVERS.NET. >XM.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 >XM.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35 >X; End of file >END-of-bind916/files/named.root >echo x - bind916/files/patch-bin_named_include_named_globals.h >sed 's/^X//' >bind916/files/patch-bin_named_include_named_globals.h << 'END-of-bind916/files/patch-bin_named_include_named_globals.h' >XWe reference the pid file as being run/named/pid everywere else. >X >X--- bin/named/include/named/globals.h.orig 2020-02-12 20:03:44 UTC >X+++ bin/named/include/named/globals.h >X@@ -127,7 +127,7 @@ EXTERN bool named_g_forcelock INIT(false); >X >X #if NAMED_RUN_PID_DIR >X EXTERN const char *named_g_defaultpidfile INIT(NAMED_LOCALSTATEDIR "/run/named/" >X- "named.pid"); >X+ "pid"); >X #else >X EXTERN const char *named_g_defaultpidfile INIT(NAMED_LOCALSTATEDIR "/run/" >X "named.pid"); >END-of-bind916/files/patch-bin_named_include_named_globals.h >echo x - bind916/files/patch-bin_tests_system_dlzexternal_Makefile.in >sed 's/^X//' >bind916/files/patch-bin_tests_system_dlzexternal_Makefile.in << 'END-of-bind916/files/patch-bin_tests_system_dlzexternal_Makefile.in' >XBIND9 seems to be abusing LDFLAGS here, and it breaks our linker. >X >X--- bin/tests/system/dlzexternal/Makefile.in.orig 2019-06-28 12:33:29 UTC >X+++ bin/tests/system/dlzexternal/Makefile.in >X@@ -35,7 +35,7 @@ OBJS = >X @BIND9_MAKE_RULES@ >X >X CFLAGS = @CFLAGS@ @SO_CFLAGS@ >X-SO_LDFLAGS = @LDFLAGS@ @SO_LDFLAGS@ >X+SO_LDFLAGS = @SO_LDFLAGS@ >X >X driver.@SO@: ${SO_OBJS} >X ${LIBTOOL_MODE_LINK} @SO_LD@ ${SO_LDFLAGS} -o $@ driver.@O@ >END-of-bind916/files/patch-bin_tests_system_dlzexternal_Makefile.in >echo x - bind916/files/patch-configure >sed 's/^X//' >bind916/files/patch-configure << 'END-of-bind916/files/patch-configure' >XFixup gssapi and db detection. >X >X--- configure.orig 2020-02-12 20:03:44 UTC >X+++ configure >X@@ -17436,27 +17436,9 @@ done >X # problems start to show up. >X saved_libs="$LIBS" >X for TRY_LIBS in \ >X- "-lgssapi_krb5" \ >X- "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" \ >X- "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lresolv" \ >X- "-lgssapi" \ >X- "-lgssapi -lkrb5 -ldes -lcrypt -lasn1 -lroken -lcom_err" \ >X- "-lgssapi -lkrb5 -lcrypt -lasn1 -lroken -lcom_err" \ >X- "-lgssapi -lkrb5 -lgssapi_krb5 -lcrypt -lasn1 -lroken -lcom_err" \ >X- "-lgssapi -lkrb5 -lhx509 -lcrypt -lasn1 -lroken -lcom_err" \ >X- "-lgss -lkrb5" >X+ "$($KRB5CONFIG gssapi --libs)"; \ >X do >X- # Note that this does not include $saved_libs, because >X- # on FreeBSD machines this configure script has added >X- # -L/usr/local/lib to LIBS, which can make the >X- # -lgssapi_krb5 test succeed with shared libraries even >X- # when you are trying to build with KTH in /usr/lib. >X- if test "/usr" = "$use_gssapi" >X- then >X- LIBS="$TRY_LIBS $ISC_OPENSSL_LIBS" >X- else >X- LIBS="-L$use_gssapi/lib $TRY_LIBS $ISC_OPENSSL_LIBS" >X- fi >X+ LIBS="$TRY_LIBS" >X { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5 >X $as_echo_n "checking linking as $TRY_LIBS... " >&6; } >X cat confdefs.h - <<_ACEOF >conftest.$ac_ext >X@@ -17499,47 +17481,7 @@ $as_echo "no" >&6; } ;; >X no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;; >X esac >X >X- # >X- # XXXDCL Major kludge. Tries to cope with KTH in /usr/lib >X- # but MIT in /usr/local/lib and trying to build with KTH. >X- # /usr/local/lib can end up earlier on the link lines. >X- # Like most kludges, this one is not only inelegant it >X- # is also likely to be the wrong thing to do at least as >X- # many times as it is the right thing. Something better >X- # needs to be done. >X- # >X- if test "/usr" = "$use_gssapi" -a \ >X- -f /usr/local/lib/libkrb5.a; then >X- FIX_KTH_VS_MIT=yes >X- fi >X- >X- case "$FIX_KTH_VS_MIT" in >X- yes) >X- case "$enable_static_linking" in >X- yes) gssapi_lib_suffix=".a" ;; >X- *) gssapi_lib_suffix=".so" ;; >X- esac >X- >X- for lib in $LIBS; do >X- case $lib in >X- -L*) >X- ;; >X- -l*) >X- new_lib=`echo $lib | >X- sed -e s%^-l%$use_gssapi/lib/lib% \ >X- -e s%$%$gssapi_lib_suffix%` >X- NEW_LIBS="$NEW_LIBS $new_lib" >X- ;; >X- *) >X- as_fn_error $? "KTH vs MIT Kerberos confusion!" "$LINENO" 5 >X- ;; >X- esac >X- done >X- LIBS="$NEW_LIBS" >X- ;; >X- esac >X- >X- DST_GSSAPI_INC="-I$use_gssapi/include" >X+ DST_GSSAPI_INC="$($KRB5CONFIG gssapi --cflags)" >X DNS_GSSAPI_LIBS="$LIBS" >X >X { $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5 >X@@ -23046,7 +22988,7 @@ $as_echo "" >&6; } >X # Check other locations for includes. >X # Order is important (sigh). >X >X- bdb_incdirs="/db53 /db51 /db48 /db47 /db46 /db45 /db44 /db43 /db42 /db41 /db4 /db" >X+ bdb_incdirs="/db6 /db5 /db48" >X # include a blank element first >X for d in "" $bdb_incdirs >X do >END-of-bind916/files/patch-configure >echo x - bind916/files/pkg-message.in >sed 's/^X//' >bind916/files/pkg-message.in << 'END-of-bind916/files/pkg-message.in' >X[ >X{ >X# %!fmt 59 63 >X message: <<EOT >XBIND requires configuration of rndc, including a "secret" >Xkey. The easiest, and most secure way to configure rndc is >Xto run 'rndc-confgen -a' to generate the proper conf file, >Xwith a new random key, and appropriate file permissions. >X >XThe %%PREFIX%%/etc/rc.d/named script will do that for you. >X >XIf using syslog to log the BIND9 activity, and using a >Xchroot'ed installation, you will need to tell syslog to install >Xa log socket in the BIND9 chroot by running: >X >X # sysrc altlog_proglist+=named >X >XAnd then restarting syslogd with: service syslogd restart >XEOT >X type: install >X} >X] >END-of-bind916/files/pkg-message.in >echo x - bind916/Makefile >sed 's/^X//' >bind916/Makefile << 'END-of-bind916/Makefile' >X# $FreeBSD$ >X# pkg-help formatted with fmt 59 63 >X >XPORTNAME= bind >XPORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/} >X.if defined(BIND_TOOLS_SLAVE) >X# dns/bind-tools here >XPORTREVISION= 0 >X.else >X# dns/bind916 here >XPORTREVISION= 1 >X.endif >XCATEGORIES= dns net >XMASTER_SITES= ISC/bind9/${ISCVERSION} >X.if defined(BIND_TOOLS_SLAVE) >XPKGNAMESUFFIX= -tools >X.else >XPKGNAMESUFFIX= 916 >X.endif >XDISTNAME= ${PORTNAME}-${ISCVERSION} >X >XMAINTAINER= mat@FreeBSD.org >X.if defined(BIND_TOOLS_SLAVE) >XCOMMENT= Command line tools from BIND: delv, dig, host, nslookup... >X.else >XCOMMENT= BIND DNS suite with updated DNSSEC and DNS64 >X.endif >X >X# Uncomment when bind920 comes of age. >X# DEPRECATED= End of life, please migrate to a newer version of BIND9 >X# EXPIRATION_DATE= 2023-12-31 >X >XLICENSE= MPL20 >XLICENSE_FILE= ${WRKSRC}/COPYRIGHT >X >XLIB_DEPENDS= libuv.so:devel/libuv \ >X libxml2.so:textproc/libxml2 >X.if !defined(BIND_TOOLS_SLAVE) >XRUN_DEPENDS= bind-tools>0:dns/bind-tools >X.endif >X >XUSES= compiler:c11 cpe libedit pkgconfig ssl tar:xz >X# ISC releases things like 9.8.0-P1, which our versioning doesn't like >XISCVERSION= 9.16.0 >X >XCPE_VENDOR= isc >XCPE_VERSION= ${ISCVERSION:C/-.*//} >X.if ${ISCVERSION:M*-*} >XCPE_UPDATE= ${ISCVERSION:C/.*-//:tl} >X.endif >X >XGNU_CONFIGURE= yes >XCONFIGURE_ARGS= --disable-linux-caps \ >X --localstatedir=/var \ >X --sysconfdir=${ETCDIR} \ >X --with-dlopen=yes \ >X --with-libxml2 \ >X --with-openssl=${OPENSSLBASE} \ >X --with-readline="-L${LOCALBASE}/lib -ledit" >XETCDIR= ${PREFIX}/etc/namedb >X >X.if defined(BIND_TOOLS_SLAVE) >XCONFIGURE_ARGS+= --disable-shared >XEXTRA_PATCHES= ${PATCHDIR}/extrapatch-bind-tools >X.else >XUSE_RC_SUBR= named >XSUB_FILES= named.conf pkg-message >XEXTRA_PATCHES= ${PATCHDIR}/extrapatch-no-bind-tools >X >XPORTDOCS= * >X >XCONFLICTS= bind911 bind912 bind913 bind914 bind9-devel >X.endif # BIND_TOOLS_SLAVE >X >XMAKE_JOBS_UNSAFE= yes >X >XOPTIONS_DEFAULT= DLZ_FILESYSTEM GSSAPI_NONE IDN JSON LMDB PYTHON \ >X SIGCHASE TCP_FASTOPEN FILTER_AAAA >XOPTIONS_DEFINE= DNSTAP DOCS FIXED_RRSET GEOIP IDN JSON LARGE_FILE LMDB \ >X OVERRIDECACHE PORTREVISION PYTHON QUERYTRACE SIGCHASE \ >X START_LATE TCP_FASTOPEN TUNING_LARGE FILTER_AAAA >X >XOPTIONS_RADIO= CRYPTO >XOPTIONS_RADIO_CRYPTO= NATIVE_PKCS11 >X >XOPTIONS_GROUP= DLZ >XOPTIONS_GROUP_DLZ= DLZ_BDB DLZ_FILESYSTEM DLZ_LDAP DLZ_MYSQL \ >X DLZ_POSTGRESQL DLZ_STUB >X >XOPTIONS_SINGLE= GSSAPI >XOPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE >X >X.if defined(BIND_TOOLS_SLAVE) >XOPTIONS_EXCLUDE= ${OPTIONS_GROUP_DLZ} DNSTAP DOCS GEOIP LMDB \ >X OVERRIDECACHE PORTREVISION QUERYTRACE START_LATE \ >X TCP_FASTOPEN TUNING_LARGE >X.else >XOPTIONS_EXCLUDE= PYTHON >X.endif # BIND_TOOLS_SLAVE >X >XOPTIONS_SUB= yes >X >XCRYPTO_DESC= Choose which crypto engine to use >XDLZ_BDB_DESC= DLZ BDB driver >XDLZ_DESC= Dynamically Loadable Zones >XDLZ_FILESYSTEM_DESC= DLZ filesystem driver >XDLZ_LDAP_DESC= DLZ LDAP driver >XDLZ_MYSQL_DESC= DLZ MySQL driver (no threading) >XDLZ_POSTGRESQL_DESC= DLZ Postgres driver >XDLZ_STUB_DESC= DLZ stub driver >XDNSTAP_DESC= Provides fast passive logging of DNS messages >XFILTER_AAAA_DESC= Enable filtering of AAAA records >XFIXED_RRSET_DESC= Enable fixed rrset ordering >XGSSAPI_BASE_DESC= Using Heimdal in base >XGSSAPI_HEIMDAL_DESC= Using security/heimdal >XGSSAPI_MIT_DESC= Using security/krb5 >XGSSAPI_NONE_DESC= Disable >XLARGE_FILE_DESC= 64-bit file support >XLMDB_DESC= Use LMDB for zone management >XOVERRIDECACHE_DESC= Use the override-cache patch >XNATIVE_PKCS11_DESC= Use PKCS\#11 native API (**READ HELP**) >XPORTREVISION_DESC= Show PORTREVISION in the version string >XPYTHON_DESC= Build with Python utilities >XQUERYTRACE_DESC= Enable the very verbose query tracelogging >XSIGCHASE_DESC= dig/host/nslookup will do DNSSEC validation >XSTART_LATE_DESC= Start BIND late in the boot process (see help) >XTCP_FASTOPEN_DESC= RFC 7413 support >XTUNING_LARGE_DESC= Tune named for large systems (**READ HELP**) >X >XDLZ_BDB_CONFIGURE_ON= --with-dlz-bdb=yes >XDLZ_BDB_USES= bdb >X >XDLZ_FILESYSTEM_CONFIGURE_ON= --with-dlz-filesystem=yes >X >XDLZ_LDAP_CONFIGURE_ON= --with-dlz-ldap=yes >XDLZ_LDAP_USE= OPENLDAP=yes >X >XDLZ_MYSQL_CONFIGURE_ON= --with-dlz-mysql=yes >XDLZ_MYSQL_USES= mysql >X >XDLZ_POSTGRESQL_CONFIGURE_ON= --with-dlz-postgres=yes >XDLZ_POSTGRESQL_USES= pgsql >X >XDLZ_STUB_CONFIGURE_ON= --with-dlz-stub=yes >X >XDNSTAP_CONFIGURE_ENABLE= dnstap >XDNSTAP_LIB_DEPENDS= libfstrm.so:devel/fstrm \ >X libprotobuf-c.so:devel/protobuf-c >X >XFILTER_AAAA_CONFIGURE_ENABLE= filter-aaaa >X >XFIXED_RRSET_CONFIGURE_ENABLE= fixed-rrset >X >XGEOIP_CONFIGURE_ENABLE= geoip >XGEOIP_CONFIGURE_WITH= maxminddb >XGEOIP_LIB_DEPENDS= libmaxminddb.so:net/libmaxminddb >X >XGSSAPI_BASE_CONFIGURE_ON= --with-gssapi=${GSSAPIBASEDIR} \ >X KRB5CONFIG="${KRB5CONFIG}" >XGSSAPI_BASE_USES= gssapi >X >XGSSAPI_HEIMDAL_CONFIGURE_ON= --with-gssapi=${GSSAPIBASEDIR} \ >X KRB5CONFIG="${KRB5CONFIG}" >XGSSAPI_HEIMDAL_USES= gssapi:heimdal >X >XGSSAPI_MIT_CONFIGURE_ON= --with-gssapi=${GSSAPIBASEDIR} \ >X KRB5CONFIG="${KRB5CONFIG}" >XGSSAPI_MIT_USES= gssapi:mit >X >XGSSAPI_NONE_CONFIGURE_ON= --without-gssapi >X >XIDN_CONFIGURE_OFF= --without-libidn2 >XIDN_CONFIGURE_ON= ${ICONV_CONFIGURE_BASE} \ >X --with-libidn2=${LOCALBASE} >XIDN_LIB_DEPENDS= libidn2.so:dns/libidn2 >XIDN_USES= iconv >X >XJSON_CONFIGURE_WITH= json-c >XJSON_LIB_DEPENDS= libjson-c.so:devel/json-c >XJSON_LDFLAGS= -L${LOCALBASE}/lib -ljson-c >X >XLARGE_FILE_CONFIGURE_ENABLE= largefile >X >XLMDB_CONFIGURE_WITH= lmdb=${LOCALBASE} >XLMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb >X >XOVERRIDECACHE_EXTRA_PATCHES= ${FILESDIR}/extrapatch-bind-min-override-ttl >X >XNATIVE_PKCS11_CONFIGURE_ENABLE= native-pkcs11 >X >XPYTHON_BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}ply>=0:devel/py-ply@${PY_FLAVOR} >XPYTHON_CONFIGURE_WITH= python=${PYTHON_CMD} >XPYTHON_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}ply>=0:devel/py-ply@${PY_FLAVOR} >XPYTHON_USES= python >X >XQUERYTRACE_CONFIGURE_ENABLE= querytrace >X >XSIGCHASE_CONFIGURE_ON= STD_CDEFINES="-DDIG_SIGCHASE=1" >X >XSTART_LATE_SUB_LIST= NAMED_BEFORE="LOGIN" \ >X NAMED_REQUIRE="SERVERS cleanvar" >XSTART_LATE_SUB_LIST_OFF= NAMED_BEFORE="SERVERS" \ >X NAMED_REQUIRE="NETWORKING ldconfig syslogd" >X >XTCP_FASTOPEN_CONFIGURE_ENABLE= tcp-fastopen >X >XTUNING_LARGE_CONFIGURE_ON= --with-tuning=large >XTUNING_LARGE_CONFIGURE_OFF= --with-tuning=default >X >X.include <bsd.port.options.mk> >X >X.if defined(WITH_DEBUG) >XCONFIGURE_ARGS+= --enable-developer \ >X --enable-symtable >XUSES+= perl5 >XUSE_PERL5= build >XBUILD_DEPENDS+= cmocka>0:sysutils/cmocka >X.else >XCONFIGURE_ARGS+= --disable-symtable >X.endif >X >X.include <bsd.port.pre.mk> >X >X.if ${SSL_DEFAULT} == base >XSUB_LIST+= ENGINES=/usr/lib/engines >X.else >XSUB_LIST+= ENGINES=${LOCALBASE}/lib/engines >X.endif >X >Xpost-patch: >X.for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.1 \ >X rndc/rndc.8 >X @${REINPLACE_CMD} -e 's#/etc/named.conf#${ETCDIR}/named.conf#g' \ >X -e 's#/etc/rndc.conf#${ETCDIR}/rndc.conf#g' \ >X -e "s#/var\/run\/named\/named.pid#/var/run/named/pid#" \ >X ${WRKSRC}/bin/${FILE} >X.endfor >X >X.if !defined(BIND_TOOLS_SLAVE) >X. if ${PORTREVISION:N0} >Xpost-patch-PORTREVISION-on: >X @${REINPLACE_CMD} -e '/EXTENSIONS/s#=$$#=_${PORTREVISION}#' \ >X ${WRKSRC}/version >X. endif >X >Xpost-install: >X ${MKDIR} ${STAGEDIR}${PREFIX}/etc/mtree >X ${MKDIR} ${STAGEDIR}${ETCDIR} >X. for i in dynamic master slave working >X @${MKDIR} ${STAGEDIR}${ETCDIR}/$i >X. endfor >X ${INSTALL_DATA} ${WRKDIR}/named.conf ${STAGEDIR}${ETCDIR}/named.conf.sample >X ${INSTALL_DATA} ${FILESDIR}/named.root ${STAGEDIR}${ETCDIR} >X ${INSTALL_DATA} ${FILESDIR}/empty.db ${STAGEDIR}${ETCDIR}/master >X ${INSTALL_DATA} ${FILESDIR}/localhost-forward.db ${STAGEDIR}${ETCDIR}/master >X ${INSTALL_DATA} ${FILESDIR}/localhost-reverse.db ${STAGEDIR}${ETCDIR}/master >X ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.dist ${STAGEDIR}${PREFIX}/etc/mtree/BIND.chroot.dist.sample >X ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.local.dist ${STAGEDIR}${PREFIX}/etc/mtree/BIND.chroot.local.dist.sample >X ${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \ >X ${STAGEDIR}${ETCDIR}/rndc.conf.sample >X >Xpost-install-DOCS-on: >X ${MKDIR} ${STAGEDIR}${DOCSDIR}/arm >X ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm >X ${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR} >X ${INSTALL_DATA} ${WRKSRC}/CHANGES* ${WRKSRC}/HISTORY.md \ >X ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR} >X.else >X >X# Can't use USE_PYTHON=autoplist >Xpost-install-PYTHON-on: >X @${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -type f | ${SED} -e 's|${STAGEDIR}||' >> ${TMPPLIST} >X.endif # BIND_TOOLS_SLAVE >X >X.include <bsd.port.post.mk> >END-of-bind916/Makefile >echo x - bind916/pkg-descr >sed 's/^X//' >bind916/pkg-descr << 'END-of-bind916/pkg-descr' >XBIND version 9 is a major rewrite of nearly all aspects of the underlying BIND >Xarchitecture. Some of the important features of BIND 9 are: >X >XDNS Security: DNSSEC (signed zones), TSIG (signed DNS requests) >XIP version 6: Answers DNS queries on IPv6 sockets, IPv6 resource records (AAAA) >X Experimental IPv6 Resolver Library >XDNS Protocol Enhancements: IXFR, DDNS, Notify, EDNS0 >X Improved standards conformance >XViews: One server process can provide multiple "views" of the DNS namespace, >X e.g. an "inside" view to certain clients, and an "outside" view to others. >XMultiprocessor Support >X >XSee the CHANGES file for more information on new features. >X >XWWW: https://www.isc.org/downloads/bind/ >END-of-bind916/pkg-descr >echo x - bind916/pkg-help >sed 's/^X//' >bind916/pkg-help << 'END-of-bind916/pkg-help' >X NATIVE_PKCS11 >XWhen using the NATIVE_PKCS11 option, BIND will use the PKCS#11 >Xengine specified by the named_pkcss11_engine variable in >X/etc/rc.conf for *all* crypto operations. >X >XThis is primarily intended to be used in an authoritative >Xcase. >X >XIf BIND is also operating as a validating resolver, >XNATIVE_PKCS11 should not be used, because the HSM will be >Xused for all crypto, including DNSSEC validations, and the >XHSM is likely to be slower than the CPU for this purpose. >XAdditionally, the HSM might not support all of the PKCS#11 >XAPI functions needed for signature verification. >X >X >X GOST >XIf using a chrooted instance of BIND on FreeBSD 8.x and 9.x, >Xthe OpenSSL engines MUST be accessible from within the chroot. >XIf BIND is chrooted in /var/named, this can be achieved by >Xeither copying content of /usr/local/lib/engines into >X/var/named/usr/local/lib/engines, or by creating that directory >Xand adding this line to /etc/fstab: >X/usr/local/lib/engines /var/named/usr/local/lib/engines nullfs ro 0 0 >X >X >X START_LATE >XMost of the time, BIND needs to start early in the boot >Xprocess. Enable this if BIND starts too early for you and >Xyou need it to start later. >X >X >X TUNING_LARGE >X https://kb.isc.org/article/AA-01314/0 >XTunes certain compiled-in constants and default settings to >Xvalues better suited to large servers with 12/16GB+ of memory. >XThis can improve performance on such servers, but will consume >Xmore memory and may degrade performance on smaller systems. >END-of-bind916/pkg-help >echo x - bind916/pkg-plist >sed 's/^X//' >bind916/pkg-plist << 'END-of-bind916/pkg-plist' >X%%DNSTAP%%bin/dnstap-read >X@sample etc/mtree/BIND.chroot.dist.sample >X@sample etc/mtree/BIND.chroot.local.dist.sample >X%%ETCDIR%%/bind.keys >X%%ETCDIR%%/master/empty.db >X%%ETCDIR%%/master/localhost-forward.db >X%%ETCDIR%%/master/localhost-reverse.db >X@sample %%ETCDIR%%/named.conf.sample >X%%ETCDIR%%/named.root >X%%ETCDIR%%/rndc.conf.sample >Xinclude/bind9/check.h >Xinclude/bind9/getaddresses.h >Xinclude/bind9/version.h >Xinclude/dns/acl.h >Xinclude/dns/adb.h >Xinclude/dns/badcache.h >Xinclude/dns/bit.h >Xinclude/dns/byaddr.h >Xinclude/dns/cache.h >Xinclude/dns/callbacks.h >Xinclude/dns/catz.h >Xinclude/dns/cert.h >Xinclude/dns/client.h >Xinclude/dns/clientinfo.h >Xinclude/dns/compress.h >Xinclude/dns/db.h >Xinclude/dns/dbiterator.h >Xinclude/dns/dbtable.h >Xinclude/dns/diff.h >Xinclude/dns/dispatch.h >Xinclude/dns/dlz.h >Xinclude/dns/dlz_dlopen.h >Xinclude/dns/dns64.h >Xinclude/dns/dnsrps.h >Xinclude/dns/dnssec.h >Xinclude/dns/dnstap.h >Xinclude/dns/ds.h >Xinclude/dns/dsdigest.h >Xinclude/dns/dyndb.h >Xinclude/dns/ecdb.h >Xinclude/dns/ecs.h >Xinclude/dns/edns.h >Xinclude/dns/enumclass.h >Xinclude/dns/enumtype.h >Xinclude/dns/events.h >Xinclude/dns/fixedname.h >Xinclude/dns/forward.h >Xinclude/dns/geoip.h >Xinclude/dns/ipkeylist.h >Xinclude/dns/iptable.h >Xinclude/dns/journal.h >Xinclude/dns/keydata.h >Xinclude/dns/keyflags.h >Xinclude/dns/keytable.h >Xinclude/dns/keyvalues.h >Xinclude/dns/lib.h >Xinclude/dns/librpz.h >Xinclude/dns/log.h >Xinclude/dns/lookup.h >Xinclude/dns/master.h >Xinclude/dns/masterdump.h >Xinclude/dns/message.h >Xinclude/dns/name.h >Xinclude/dns/ncache.h >Xinclude/dns/nsec.h >Xinclude/dns/nsec3.h >Xinclude/dns/nta.h >Xinclude/dns/opcode.h >Xinclude/dns/order.h >Xinclude/dns/peer.h >Xinclude/dns/portlist.h >Xinclude/dns/private.h >Xinclude/dns/rbt.h >Xinclude/dns/rcode.h >Xinclude/dns/rdata.h >Xinclude/dns/rdataclass.h >Xinclude/dns/rdatalist.h >Xinclude/dns/rdataset.h >Xinclude/dns/rdatasetiter.h >Xinclude/dns/rdataslab.h >Xinclude/dns/rdatastruct.h >Xinclude/dns/rdatatype.h >Xinclude/dns/request.h >Xinclude/dns/resolver.h >Xinclude/dns/result.h >Xinclude/dns/rootns.h >Xinclude/dns/rpz.h >Xinclude/dns/rriterator.h >Xinclude/dns/rrl.h >Xinclude/dns/sdb.h >Xinclude/dns/sdlz.h >Xinclude/dns/secalg.h >Xinclude/dns/secproto.h >Xinclude/dns/soa.h >Xinclude/dns/ssu.h >Xinclude/dns/stats.h >Xinclude/dns/tcpmsg.h >Xinclude/dns/time.h >Xinclude/dns/timer.h >Xinclude/dns/tkey.h >Xinclude/dns/tsec.h >Xinclude/dns/tsig.h >Xinclude/dns/ttl.h >Xinclude/dns/types.h >Xinclude/dns/update.h >Xinclude/dns/validator.h >Xinclude/dns/version.h >Xinclude/dns/view.h >Xinclude/dns/xfrin.h >Xinclude/dns/zone.h >Xinclude/dns/zonekey.h >Xinclude/dns/zoneverify.h >Xinclude/dns/zt.h >Xinclude/dst/dst.h >Xinclude/dst/gssapi.h >Xinclude/dst/result.h >Xinclude/irs/context.h >Xinclude/irs/dnsconf.h >Xinclude/irs/netdb.h >Xinclude/irs/platform.h >Xinclude/irs/resconf.h >Xinclude/irs/types.h >Xinclude/irs/version.h >Xinclude/isc/aes.h >Xinclude/isc/app.h >Xinclude/isc/assertions.h >Xinclude/isc/astack.h >Xinclude/isc/atomic.h >Xinclude/isc/backtrace.h >Xinclude/isc/base32.h >Xinclude/isc/base64.h >Xinclude/isc/bind9.h >Xinclude/isc/buffer.h >Xinclude/isc/bufferlist.h >Xinclude/isc/commandline.h >Xinclude/isc/condition.h >Xinclude/isc/counter.h >Xinclude/isc/crc64.h >Xinclude/isc/deprecated.h >Xinclude/isc/dir.h >Xinclude/isc/endian.h >Xinclude/isc/errno.h >Xinclude/isc/error.h >Xinclude/isc/event.h >Xinclude/isc/eventclass.h >Xinclude/isc/file.h >Xinclude/isc/formatcheck.h >Xinclude/isc/fsaccess.h >Xinclude/isc/fuzz.h >Xinclude/isc/hash.h >Xinclude/isc/heap.h >Xinclude/isc/hex.h >Xinclude/isc/hmac.h >Xinclude/isc/hp.h >Xinclude/isc/ht.h >Xinclude/isc/httpd.h >Xinclude/isc/interfaceiter.h >Xinclude/isc/iterated_hash.h >Xinclude/isc/lang.h >Xinclude/isc/lex.h >Xinclude/isc/lfsr.h >Xinclude/isc/lib.h >Xinclude/isc/likely.h >Xinclude/isc/list.h >Xinclude/isc/log.h >Xinclude/isc/magic.h >Xinclude/isc/md.h >Xinclude/isc/mem.h >Xinclude/isc/meminfo.h >Xinclude/isc/mutex.h >Xinclude/isc/mutexblock.h >Xinclude/isc/net.h >Xinclude/isc/netaddr.h >Xinclude/isc/netdb.h >Xinclude/isc/netscope.h >Xinclude/isc/nonce.h >Xinclude/isc/offset.h >Xinclude/isc/once.h >Xinclude/isc/os.h >Xinclude/isc/parseint.h >Xinclude/isc/platform.h >Xinclude/isc/pool.h >Xinclude/isc/portset.h >Xinclude/isc/print.h >Xinclude/isc/queue.h >Xinclude/isc/quota.h >Xinclude/isc/radix.h >Xinclude/isc/random.h >Xinclude/isc/ratelimiter.h >Xinclude/isc/refcount.h >Xinclude/isc/regex.h >Xinclude/isc/region.h >Xinclude/isc/resource.h >Xinclude/isc/result.h >Xinclude/isc/resultclass.h >Xinclude/isc/rwlock.h >Xinclude/isc/safe.h >Xinclude/isc/serial.h >Xinclude/isc/siphash.h >Xinclude/isc/sockaddr.h >Xinclude/isc/socket.h >Xinclude/isc/stat.h >Xinclude/isc/stats.h >Xinclude/isc/stdatomic.h >Xinclude/isc/stdio.h >Xinclude/isc/stdtime.h >Xinclude/isc/strerr.h >Xinclude/isc/string.h >Xinclude/isc/symtab.h >Xinclude/isc/syslog.h >Xinclude/isc/task.h >Xinclude/isc/taskpool.h >Xinclude/isc/thread.h >Xinclude/isc/time.h >Xinclude/isc/timer.h >Xinclude/isc/tm.h >Xinclude/isc/types.h >Xinclude/isc/util.h >Xinclude/isc/version.h >Xinclude/isccc/alist.h >Xinclude/isccc/base64.h >Xinclude/isccc/cc.h >Xinclude/isccc/ccmsg.h >Xinclude/isccc/events.h >Xinclude/isccc/result.h >Xinclude/isccc/sexpr.h >Xinclude/isccc/symtab.h >Xinclude/isccc/symtype.h >Xinclude/isccc/types.h >Xinclude/isccc/util.h >Xinclude/isccc/version.h >Xinclude/isccfg/aclconf.h >Xinclude/isccfg/cfg.h >Xinclude/isccfg/dnsconf.h >Xinclude/isccfg/grammar.h >Xinclude/isccfg/log.h >Xinclude/isccfg/namedconf.h >Xinclude/isccfg/version.h >Xinclude/ns/client.h >Xinclude/ns/hooks.h >Xinclude/ns/interfacemgr.h >Xinclude/ns/lib.h >Xinclude/ns/listenlist.h >Xinclude/ns/log.h >Xinclude/ns/notify.h >Xinclude/ns/query.h >Xinclude/ns/server.h >Xinclude/ns/sortlist.h >Xinclude/ns/stats.h >Xinclude/ns/types.h >Xinclude/ns/update.h >Xinclude/ns/version.h >Xinclude/ns/xfrout.h >Xinclude/pk11/constants.h >Xinclude/pk11/internal.h >Xinclude/pk11/pk11.h >Xinclude/pk11/result.h >Xinclude/pk11/site.h >Xinclude/pkcs11/eddsa.h >Xinclude/pkcs11/pkcs11.h >Xlib/libbind9.a >Xlib/libdns.a >Xlib/libirs.a >Xlib/libisc.a >Xlib/libisccc.a >Xlib/libisccfg.a >Xlib/libns.a >Xlib/named/filter-aaaa.so >X%%DNSTAP%%man/man1/dnstap-read.1.gz >Xman/man5/named.conf.5.gz >Xman/man5/rndc.conf.5.gz >Xman/man8/ddns-confgen.8.gz >Xman/man8/filter-aaaa.8.gz >Xman/man8/named-checkconf.8.gz >Xman/man8/named-checkzone.8.gz >Xman/man8/named-compilezone.8.gz >X%%LMDB%%man/man8/named-nzd2nzf.8.gz >Xman/man8/named.8.gz >X%%NATIVE_PKCS11%%man/man8/pkcs11-destroy.8.gz >X%%NATIVE_PKCS11%%man/man8/pkcs11-keygen.8.gz >X%%NATIVE_PKCS11%%man/man8/pkcs11-list.8.gz >X%%NATIVE_PKCS11%%man/man8/pkcs11-tokens.8.gz >Xman/man8/rndc-confgen.8.gz >Xman/man8/rndc.8.gz >Xman/man8/tsig-keygen.8.gz >Xsbin/ddns-confgen >Xsbin/named >Xsbin/named-checkconf >Xsbin/named-checkzone >Xsbin/named-compilezone >X%%LMDB%%sbin/named-nzd2nzf >X%%NATIVE_PKCS11%%sbin/pkcs11-destroy >X%%NATIVE_PKCS11%%sbin/pkcs11-keygen >X%%NATIVE_PKCS11%%sbin/pkcs11-list >X%%NATIVE_PKCS11%%sbin/pkcs11-tokens >Xsbin/rndc >Xsbin/rndc-confgen >Xsbin/tsig-keygen >X@dir(bind,bind,) %%ETCDIR%%/dynamic >X@dir(bind,bind,) %%ETCDIR%%/slave >X@dir(bind,bind,) %%ETCDIR%%/working >END-of-bind916/pkg-plist >exit >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=211849">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 244332
: 211849