1. Bind 9.8.x has reached its EOL back in 2014-09 2. It does not configure and compile with security/krb5 (#181696 and #206454) 3. dns/bind-tools is based off Bind 9.11 (most recent) and includes nsupdate with GSS-TSIG support There is no need to maintain this port anymore, it can safely be replaced with dns/bind-tools
(In reply to Michael Osipov from comment #0) I would be glad to use bind-tools instead of samba-nsupdate, but, unfortunately, by default they are build without any Kerbero5 support, hence no signing of the requests. I guess, samba-nsupdate should be updated to use same setup as bind-tools, but enforce system-wide Heimdal kerberos, leaving other options to the port builders. And we need cooperation from the bind* port maintainer.
You can just create it as a SLAVE port of dns/bind-tools, enabling kerberos as you go.
(In reply to Timur I. Bakeyev from comment #1) I am confused: you can select (make config) your GSS-API flavor. Doesn't this do for you?
Any advance here?
(In reply to Michael Osipov from comment #3) You have to do that manually. That absolutelly not what I/we/end user want(s). Maybe there is a python alternative to nsupdate with signing enabled, need to check for that. Otherwise we stick to this "solution".
(In reply to Timur I. Bakeyev from comment #5) I do use GSS-TSIG with Active Directory too but I don't see the issue calling 'make config'. Why not request to have Heimdal base to be on by default?
samba-nsupdate was updated to the latest bind version. Should be enough for a while.