diff -ruN dns/dnsdist.orig/Makefile dns/dnsdist/Makefile
--- dns/dnsdist.orig/Makefile	2019-08-19 15:35:27.000000000 +0000
+++ dns/dnsdist/Makefile	2019-12-02 15:23:32.401471000 +0000
@@ -2,13 +2,11 @@
 # $FreeBSD: head/dns/dnsdist/Makefile 509290 2019-08-19 15:35:27Z jbeich $
 
 PORTNAME=	dnsdist
-DISTVERSION=	1.3.3
-PORTREVISION=	11
+DISTVERSION=	1.4.0
 CATEGORIES=	dns net
-MASTER_SITES=	https://downloads.powerdns.com/releases/ \
-		LOCAL/cpm
+MASTER_SITES=	https://downloads.powerdns.com/releases/
 
-MAINTAINER=	cpm@FreeBSD.org
+MAINTAINER=	tremere@cainites.net
 COMMENT=	Highly DNS-, DoS- and abuse-aware loadbalancer
 
 LICENSE=	GPLv2 UNLICENSE
@@ -18,48 +16,51 @@
 
 BUILD_DEPENDS=	${LOCALBASE}/lib/libatomic_ops.a:devel/libatomic_ops
 LIB_DEPENDS=	libboost_serialization.so:devel/boost-libs \
+		libh2o-evloop.so:www/h2o \
 		libprotobuf.so:devel/protobuf \
 		libre2.so:devel/re2 \
 		libsodium.so:security/libsodium
 
-GNU_CONFIGURE=	yes
 USES=		bison compiler:c++14-lang cpe gmake libedit libtool localbase \
 		pkgconfig tar:bz2
+USE_RC_SUBR=	dnsdist
+
+GNU_CONFIGURE=	yes
 CONFIGURE_ARGS=	--bindir=${PREFIX}/sbin \
+		--enable-dns-over-https \
 		--enable-dns-over-tls \
 		--enable-dnscrypt \
-		--enable-libsodium \
-		--enable-re2
+		--with-libsodium \
+		--with-re2
 
 INSTALL_TARGET=	install-strip
 
 USERS=		_dnsdist
 GROUPS=		_dnsdist
 
-USE_RC_SUBR=	dnsdist
-
-OPTIONS_DEFINE=		FSTRM LUAJIT SNMP
+OPTIONS_DEFINE=		DNSTAP LUAJIT SNMP
 OPTIONS_DEFAULT=	GNUTLS OPENSSL
 OPTIONS_MULTI=		TLS
 OPTIONS_MULTI_TLS=	GNUTLS OPENSSL
 
-FSTRM_DESC=		dnstap support (see dnstap.info)
-LUAJIT_DESC=		Use LuaJIT instead of Lua
+DNSTAP_DESC=	dnstap support (see dnstap.info)
+LUAJIT_DESC=	Use LuaJIT instead of Lua
 
-FSTRM_LIB_DEPENDS=	libfstrm.so:devel/fstrm
-FSTRM_CONFIGURE_ENABLE=	fstrm
+DNSTAP_LIB_DEPENDS=		libfstrm.so:devel/fstrm
+DNSTAP_CONFIGURE_ENABLE=	dnstap
 
 GNUTLS_LIB_DEPENDS=	libgnutls.so:security/gnutls
-GNUTLS_CONFIGURE_ENABLE=gnutls
+GNUTLS_CONFIGURE_WITH=	gnutls
 
-LUAJIT_LIB_DEPENDS=	libluajit-5.1.so:lang/luajit
+LUAJIT_LIB_DEPENDS=	libluajit-5.1.so:lang/luajit-openresty
 LUAJIT_USES_OFF=	lua
-LUAJIT_CONFIGURE_ON=	--with-lua=luajit
 LUAJIT_CONFIGURE_OFF=	--with-lua=lua-${LUA_VER}
+LUAJIT_CONFIGURE_ON=	--with-lua=luajit
 
 OPENSSL_USES=		ssl
-OPENSSL_CONFIGURE_ENABLE=libssl
-OPENSSL_CONFIGURE_ON=	LIBSSL_CFLAGS=-I${OPENSSLINC} LIBSSL_LIBS="-L${OPENSSLLIB} -lssl"
+OPENSSL_CONFIGURE_ON=	LIBSSL_CFLAGS=-I${OPENSSLINC} \
+			LIBSSL_LIBS="-L${OPENSSLLIB} -lssl"
+OPENSSL_CONFIGURE_WITH=	libssl
 
 SNMP_LIB_DEPENDS=	libnetsnmp.so:net-mgmt/net-snmp
 SNMP_CONFIGURE_WITH=	net-snmp
diff -ruN dns/dnsdist.orig/distinfo dns/dnsdist/distinfo
--- dns/dnsdist.orig/distinfo	2018-11-11 09:54:04.000000000 +0000
+++ dns/dnsdist/distinfo	2019-12-02 15:04:10.091656000 +0000
@@ -1,3 +1,3 @@
-TIMESTAMP = 1541860683
-SHA256 (dnsdist-1.3.3.tar.bz2) = 9fb24f9032025955169f3c6e9b0a05b6aa9d6441ec47da08d22de1c1aa23e8cf
-SIZE (dnsdist-1.3.3.tar.bz2) = 971253
+TIMESTAMP = 1574322989
+SHA256 (dnsdist-1.4.0.tar.bz2) = a336fa2c3eb381c2464d9d9790014fd6d4505029ed2c1b73ee1dc9115a2f1dc0
+SIZE (dnsdist-1.4.0.tar.bz2) = 1044479
diff -ruN dns/dnsdist.orig/files/dnsdist.in dns/dnsdist/files/dnsdist.in
--- dns/dnsdist.orig/files/dnsdist.in	2018-04-01 15:14:45.000000000 +0000
+++ dns/dnsdist/files/dnsdist.in	2019-12-03 13:50:05.381757000 +0000
@@ -3,12 +3,25 @@
 # $FreeBSD: head/dns/dnsdist/files/dnsdist.in 466166 2018-04-01 15:14:45Z cpm $
 #
 # PROVIDE: dnsdist
-# REQUIRE: NETWORKING DAEMON
+# REQUIRE: DAEMON LOGIN NETWORKING
 # KEYWORD: shutdown
 #
 # Add the following line to /etc/rc.conf to enable dnsdist:
 #
 # dnsdist_enable="YES"
+#
+# Multiple profiles are supported with
+#
+# dnsdist_profiles="name1 name2"
+# dnsdist_name1_enable="YES"
+# dnsdist_name1_config="/path/to/config1"
+# dnsdist_name2_enable="YES"
+# dnsdist_name2_config="/path/to/config2"
+#
+# This script does't validate uid/gid per profile (yet)
+# It still uses the default or definition of
+# dnsdist_priv_user and/or dnsdist_priv_group
+#
 
 . /etc/rc.subr
 
@@ -17,15 +30,67 @@
 rcvar=dnsdist_enable
 
 load_rc_config ${name}
-
+: ${dnsdist_enable:=NO}
+: ${dnsdist_config:=%%ETCDIR%%/dnsdist.conf}
 : ${dnsdist_priv_user:=_dnsdist}
 : ${dnsdist_priv_group:=_dnsdist}
-: ${dnsdist_enable:=NO}
 
-pidfile=/var/run/${name}.pid
-
+pidfile="/var/run/${name}.pid"
+required_files=${dnsdist_config}
+actual_command="%%PREFIX%%/sbin/${name} -C ${dnsdist_config} -u ${dnsdist_priv_user} -g ${dnsdist_priv_group} --supervised"
 command=/usr/sbin/daemon
-actual_command=/usr/local/sbin/${name}
-command_args="-c -f -r -P ${pidfile} ${actual_command} -u ${dnsdist_priv_user} -g ${dnsdist_priv_group} --supervised"
+command_args="-c -f -r -P {pidfile} -- ${actual_command}"
+
+if [ -n "$2" ]; then
+	profile="$2"
+	if [ "x${dnsdist_profiles}" != "x" ]; then
+		eval dnsdist_config="\${dnsdist_${profile}_config:-%%ETCDIR%%/dnsdist-${profile}.conf}"
+		if [ "x${dnsdist_config}" = "x" ]; then
+			echo "You must define a configuration file (dnsdist_${profile}_config)"
+			exit 1
+		fi
+		eval dnsdist_enable="\${dnsdist_${profile}_enable:-${dnsdist_enable}}"
+		pidfile="/var/run/${name}-${profile}.pid"
+		required_files="${dnsdist_config}"
+		actual_command="%%PREFIX%%/sbin/${name} -C ${dnsdist_config} -u ${dnsdist_priv_user} -g ${dnsdist_priv_group} --supervised"
+		command_args="-c -f -r -P {pidfile} -- ${actual_command}"
+	else
+		echo "$0: extra argument ignored"
+	fi
+else
+	if [ "x${dnsdist_profiles}" != "x" -a "x$1" != "x" ]; then
+		for profile in ${dnsdist_profiles}; do
+			eval _enable="\${dnsdist_${profile}_enable}"
+			case "x${_enable:-${dnsdist_enable}}" in
+			x|x[Nn][Oo]|x[Nn][Oo][Nn][Ee])
+				continue
+				;;
+			x[Yy][Ee][Ss])
+				;;
+			*)
+				if test -z "$_enable"; then
+					_var=dnsdist_enable
+				else
+					_var=dnsdist_"${profile}"_enable
+				fi
+				echo "Bad value" \
+				    "'${_enable:-${dnsdist_enable}}'" \
+				    "for ${_var}. " \
+				    "Profile ${profile} skipped."
+				continue
+				;;
+			esac
+			echo "===> dnsdist profile: ${profile}"
+			%%PREFIX%%/etc/rc.d/dnsdist $1 ${profile}
+			retcode="$?"
+			if [ "0${retcode}" -ne 0 ]; then
+				failed="${profile} (${retcode}) ${failed:-}"
+			else
+				success="${profile} ${success:-}"
+			fi
+		done
+		exit 0
+	fi
+fi
 
 run_rc_command "$1"
diff -ruN dns/dnsdist.orig/files/patch-dnsdist-lua-vars.cc dns/dnsdist/files/patch-dnsdist-lua-vars.cc
--- dns/dnsdist.orig/files/patch-dnsdist-lua-vars.cc	2019-03-17 11:38:01.000000000 +0000
+++ dns/dnsdist/files/patch-dnsdist-lua-vars.cc	1970-01-01 00:00:00.000000000 +0000
@@ -1,11 +0,0 @@
---- dnsdist-lua-vars.cc.orig	2018-10-03 09:48:10 UTC
-+++ dnsdist-lua-vars.cc
-@@ -22,6 +22,8 @@
- #include "dnsdist.hh"
- #include "ednsoptions.hh"
- 
-+#undef BADSIG // signal.h SIG_ERR
-+
- void setupLuaVars()
- {
-   g_lua.writeVariable("DNSAction", std::unordered_map<string,int>{