git: 0672207477da - main - dns/bind920: add BIND9 9.20
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 23 Jul 2024 18:48:51 UTC
The branch main has been updated by mat:
URL: https://cgit.FreeBSD.org/ports/commit/?id=0672207477da087cfb07ee72230c468dd8f0023c
commit 0672207477da087cfb07ee72230c468dd8f0023c
Author: Mathieu Arnold <mat@FreeBSD.org>
AuthorDate: 2024-07-23 18:37:06 +0000
Commit: Mathieu Arnold <mat@FreeBSD.org>
CommitDate: 2024-07-23 18:48:09 +0000
dns/bind920: add BIND9 9.20
Changes: https://downloads.isc.org/isc/bind9/9.20.0/doc/arm/html/notes.html#notes-for-bind-9-20-0
---
dns/bind918/Makefile | 2 +-
dns/bind920/Makefile | 229 +++++++++++
dns/bind920/distinfo | 3 +
dns/bind920/files/BIND.chroot.dist | 24 ++
dns/bind920/files/BIND.chroot.local.dist | 18 +
dns/bind920/files/empty.db | 8 +
dns/bind920/files/extrapatch-bind-min-override-ttl | 74 ++++
dns/bind920/files/extrapatch-bind-tools | 27 ++
dns/bind920/files/extrapatch-no-bind-tools | 40 ++
dns/bind920/files/localhost-forward.db | 8 +
dns/bind920/files/localhost-reverse.db | 10 +
dns/bind920/files/named.conf.in | 378 +++++++++++++++++
dns/bind920/files/named.in | 453 +++++++++++++++++++++
dns/bind920/files/named.root | 92 +++++
.../files/patch-bin_named_include_named_globals.h | 13 +
dns/bind920/files/patch-configure.ac | 13 +
dns/bind920/files/pkg-message.in | 22 +
dns/bind920/pkg-descr | 13 +
dns/bind920/pkg-help | 14 +
dns/bind920/pkg-plist | 293 +++++++++++++
20 files changed, 1733 insertions(+), 1 deletion(-)
diff --git a/dns/bind918/Makefile b/dns/bind918/Makefile
index 68543abc0283..7f612da4eda2 100644
--- a/dns/bind918/Makefile
+++ b/dns/bind918/Makefile
@@ -28,7 +28,7 @@ COMMENT= BIND DNS suite with updated DNSSEC and DNS64
# Uncomment when bind920 comes of age. +3 years if ESV, +1year otherwise, see
# https://kb.isc.org/docs/aa-00896
# DEPRECATED= End of life, please migrate to a newer version of BIND9
-# EXPIRATION_DATE= 2023-12-31
+# EXPIRATION_DATE= 2025-12-31
LICENSE= MPL20
LICENSE_FILE= ${WRKSRC}/LICENSE
diff --git a/dns/bind920/Makefile b/dns/bind920/Makefile
new file mode 100644
index 000000000000..f8aa3afb381d
--- /dev/null
+++ b/dns/bind920/Makefile
@@ -0,0 +1,229 @@
+# pkg-help formatted with fmt 59 63
+
+PORTNAME= bind
+DISTVERSION= 9.20.0
+.if defined(BIND_TOOLS_SLAVE)
+# dns/bind-tools here
+PORTREVISION= 0
+.else
+# XXX: correct version
+# dns/bind920 here
+PORTREVISION= 0
+.endif
+CATEGORIES= dns net
+MASTER_SITES= ISC/bind9/${DISTVERSION}
+.if defined(BIND_TOOLS_SLAVE)
+PKGNAMESUFFIX= -tools
+.else
+PKGNAMESUFFIX= 920
+.endif
+
+MAINTAINER= mat@FreeBSD.org
+WWW= https://www.isc.org/bind/
+.if defined(BIND_TOOLS_SLAVE)
+COMMENT= Command line tools from BIND: delv, dig, host, nslookup...
+.else
+COMMENT= BIND DNS suite with updated DNSSEC and DNS64
+.endif
+
+# Uncomment when bind922 comes of age. +3 years if ESV, +1year otherwise, see
+# https://kb.isc.org/docs/aa-00896
+# DEPRECATED= End of life, please migrate to a newer version of BIND9
+# EXPIRATION_DATE= XXX-12-31
+
+LICENSE= MPL20
+LICENSE_FILE= ${WRKSRC}/COPYRIGHT
+
+LIB_DEPENDS= libuv.so:devel/libuv \
+ libnghttp2.so:www/libnghttp2 \
+ liburcu.so:sysutils/liburcu \
+ libxml2.so:textproc/libxml2
+
+.if !defined(BIND_TOOLS_SLAVE)
+RUN_DEPENDS= bind-tools>0:dns/bind-tools
+.endif
+
+USES= autoreconf compiler:c11 cpe libedit libtool pkgconfig ssl tar:xz
+
+CPE_VENDOR= isc
+CPE_VERSION= ${DISTVERSION:C/-.*//}
+.if ${DISTVERSION:M*-*}
+CPE_UPDATE= ${DISTVERSION:C/.*-//:tl}
+.endif
+
+GNU_CONFIGURE= yes
+GNU_CONFIGURE_MANPREFIX= ${PREFIX}/share
+CONFIGURE_ARGS= --localstatedir=/var \
+ --sysconfdir=${ETCDIR} \
+ --with-libxml2 \
+ --with-openssl=${OPENSSLBASE} \
+ --enable-dnsrps \
+ --with-readline=libedit
+CONFIGURE_ENV= READLINE_CFLAGS="-L${LOCALBASE}/lib"
+ETCDIR= ${PREFIX}/etc/namedb
+
+# FIXME: figure out why build fails if enabled
+CONFIGURE_ARGS+= --disable-tracing
+
+.if defined(BIND_TOOLS_SLAVE)
+EXTRA_PATCHES= ${PATCHDIR}/extrapatch-bind-tools
+CONFIGURE_ARGS+= --libdir=${PREFIX}/lib/bind-tools
+.else
+USE_RC_SUBR= named
+SUB_FILES= named.conf pkg-message
+EXTRA_PATCHES= ${PATCHDIR}/extrapatch-no-bind-tools
+
+PORTDOCS= *
+
+CONFLICTS= bind918 bind9-devel
+.endif # BIND_TOOLS_SLAVE
+
+MAKE_JOBS_UNSAFE= yes
+
+OPTIONS_DEFAULT= GSSAPI_NONE IDN JSON LMDB \
+ TCP_FASTOPEN DNSTAP
+OPTIONS_DEFINE= DNSTAP DOCS FIXED_RRSET GEOIP IDN JSON LARGE_FILE LMDB \
+ OVERRIDECACHE QUERYTRACE \
+ START_LATE TCP_FASTOPEN
+
+OPTIONS_SINGLE= GSSAPI
+OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE
+
+.if defined(BIND_TOOLS_SLAVE)
+OPTIONS_EXCLUDE= DOCS GEOIP LMDB \
+ OVERRIDECACHE QUERYTRACE START_LATE \
+ TCP_FASTOPEN
+.endif # BIND_TOOLS_SLAVE
+
+OPTIONS_SUB= yes
+
+DNSTAP_DESC= Provides fast passive logging of DNS messages
+FIXED_RRSET_DESC= Enable fixed rrset ordering
+GSSAPI_BASE_DESC= Using Heimdal in base (nsupdate is broken)
+GSSAPI_HEIMDAL_DESC= Using security/heimdal (nsupdate is broken)
+GSSAPI_MIT_DESC= Using security/krb5
+GSSAPI_NONE_DESC= Disable
+LARGE_FILE_DESC= 64-bit file support
+LMDB_DESC= Use LMDB for zone management
+OVERRIDECACHE_DESC= Use the override-cache patch
+QUERYTRACE_DESC= Enable the very verbose query tracelogging
+START_LATE_DESC= Start BIND late in the boot process (see help)
+TCP_FASTOPEN_DESC= RFC 7413 support
+
+DOCS_ALL_TARGET= all html
+DOCS_BUILD_DEPENDS= sphinx-build:textproc/py-sphinx \
+ ${PYTHON_PKGNAMEPREFIX}sphinx_rtd_theme>0:textproc/py-sphinx_rtd_theme@${PY_FLAVOR}
+DOCS_USES= gmake python:env
+
+DNSTAP_CONFIGURE_ENABLE= dnstap
+DNSTAP_LIB_DEPENDS= libfstrm.so:devel/fstrm \
+ libprotobuf-c.so:devel/protobuf-c
+
+FIXED_RRSET_CONFIGURE_ENABLE= fixed-rrset
+
+GEOIP_CONFIGURE_ENABLE= geoip
+GEOIP_CONFIGURE_WITH= maxminddb
+GEOIP_LIB_DEPENDS= libmaxminddb.so:net/libmaxminddb
+
+GSSAPI_BASE_CONFIGURE_ON= --with-gssapi="${KRB5CONFIG}" \
+ ${GSSAPI_CONFIGURE_ARGS}
+GSSAPI_BASE_USES= gssapi
+
+GSSAPI_HEIMDAL_CONFIGURE_ON= --with-gssapi="${KRB5CONFIG}" \
+ ${GSSAPI_CONFIGURE_ARGS}
+GSSAPI_HEIMDAL_USES= gssapi:heimdal
+
+GSSAPI_MIT_CONFIGURE_ON= --with-gssapi="${KRB5CONFIG}" \
+ ${GSSAPI_CONFIGURE_ARGS}
+GSSAPI_MIT_USES= gssapi:mit
+
+GSSAPI_NONE_CONFIGURE_ON= --without-gssapi
+
+IDN_CONFIGURE_OFF= --without-libidn2
+IDN_CONFIGURE_ON= ${ICONV_CONFIGURE_BASE} \
+ --with-libidn2=${LOCALBASE}
+IDN_LIB_DEPENDS= libidn2.so:dns/libidn2
+IDN_USES= iconv
+
+JSON_CONFIGURE_WITH= json-c
+JSON_LIB_DEPENDS= libjson-c.so:devel/json-c
+JSON_LDFLAGS= -L${LOCALBASE}/lib -ljson-c
+
+LARGE_FILE_CONFIGURE_ENABLE= largefile
+
+LMDB_CONFIGURE_WITH= lmdb=${LOCALBASE}
+LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb
+
+OVERRIDECACHE_EXTRA_PATCHES= ${FILESDIR}/extrapatch-bind-min-override-ttl
+
+QUERYTRACE_CONFIGURE_ENABLE= querytrace
+
+START_LATE_SUB_LIST= NAMED_BEFORE="LOGIN" \
+ NAMED_REQUIRE="SERVERS cleanvar"
+START_LATE_SUB_LIST_OFF= NAMED_BEFORE="SERVERS" \
+ NAMED_REQUIRE="NETWORKING ldconfig syslogd"
+
+TCP_FASTOPEN_CONFIGURE_ENABLE= tcp-fastopen
+
+.include <bsd.port.options.mk>
+
+.if defined(WITH_DEBUG)
+CONFIGURE_ARGS+= --enable-developer \
+ --enable-symtable
+USES+= perl5
+USE_PERL5= build
+BUILD_DEPENDS+= cmocka>0:sysutils/cmocka
+.endif
+
+.if !${PORT_OPTIONS:MDOCS}
+CONFIGURE_ENV+= ac_cv_path_SPHINX_BUILD=
+.endif
+
+.include <bsd.port.pre.mk>
+
+.if ${SSL_DEFAULT} == base
+SUB_LIST+= ENGINES=/usr/lib/engines
+.else
+SUB_LIST+= ENGINES=${LOCALBASE}/lib/engines
+.endif
+
+post-patch:
+.for FILE in check/named-checkconf.rst named/named.rst nsupdate/nsupdate.rst \
+ rndc/rndc.rst
+ @${REINPLACE_CMD} -e 's#/etc/named.conf#${ETCDIR}/named.conf#g' \
+ -e 's#/etc/rndc.conf#${ETCDIR}/rndc.conf#g' \
+ -e "s#/var\/run\/named\/named.pid#/var/run/named/pid#" \
+ ${WRKSRC}/bin/${FILE}
+.endfor
+
+.if !defined(BIND_TOOLS_SLAVE)
+post-install:
+ ${MKDIR} ${STAGEDIR}${PREFIX}/etc/mtree
+ ${MKDIR} ${STAGEDIR}${ETCDIR}
+. for i in dynamic primary secondary working
+ @${MKDIR} ${STAGEDIR}${ETCDIR}/$i
+. endfor
+ ${INSTALL_DATA} ${WRKDIR}/named.conf ${STAGEDIR}${ETCDIR}/named.conf.sample
+ ${INSTALL_DATA} ${FILESDIR}/named.root ${STAGEDIR}${ETCDIR}
+ ${INSTALL_DATA} ${FILESDIR}/empty.db ${STAGEDIR}${ETCDIR}/primary
+ ${INSTALL_DATA} ${FILESDIR}/localhost-forward.db ${STAGEDIR}${ETCDIR}/primary
+ ${INSTALL_DATA} ${FILESDIR}/localhost-reverse.db ${STAGEDIR}${ETCDIR}/primary
+ ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.dist ${STAGEDIR}${PREFIX}/etc/mtree/BIND.chroot.dist.sample
+ ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.local.dist ${STAGEDIR}${PREFIX}/etc/mtree/BIND.chroot.local.dist.sample
+
+post-install-DOCS-on:
+ ${MKDIR} ${STAGEDIR}${DOCSDIR}/arm
+ ${INSTALL_DATA} ${WRKSRC}/CHANGES* \
+ ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR}
+ cd ${WRKSRC}/doc/arm/_build/html && ${COPYTREE_SHARE} . ${STAGEDIR}${DOCSDIR}/arm
+.else
+
+do-install:
+ for dir in bin lib doc/man; do \
+ (cd ${INSTALL_WRKSRC}/$$dir && ${SETENV} ${MAKE_ENV} ${FAKEROOT} ${MAKE_CMD} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} ${INSTALL_TARGET}) ; \
+ done
+ @${RM} -r ${STAGEDIR}${PREFIX}/include
+
+.endif # BIND_TOOLS_SLAVE
+
+.include <bsd.port.post.mk>
diff --git a/dns/bind920/distinfo b/dns/bind920/distinfo
new file mode 100644
index 000000000000..bd8867b8c1a8
--- /dev/null
+++ b/dns/bind920/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1721758685
+SHA256 (bind-9.20.0.tar.xz) = cc580998017b51f273964058e8cb3aa5482bc785243dea71e5556ec565a13347
+SIZE (bind-9.20.0.tar.xz) = 5760416
diff --git a/dns/bind920/files/BIND.chroot.dist b/dns/bind920/files/BIND.chroot.dist
new file mode 100644
index 000000000000..5616dd712f6b
--- /dev/null
+++ b/dns/bind920/files/BIND.chroot.dist
@@ -0,0 +1,24 @@
+# mtree -deU -f files/BIND.chroot.dist -p tmp
+# mtree -cjnb -k uname,gname,mode -p tmp
+
+/set type=file uname=root gname=wheel mode=0755
+. type=dir
+ dev type=dir mode=0555
+ ..
+ etc type=dir
+ ..
+ tmp type=dir mode=01777
+ ..
+/set type=file uname=bind gname=bind mode=0755
+ var type=dir uname=root gname=wheel
+ dump type=dir
+ ..
+ log type=dir
+ ..
+ run type=dir
+ named type=dir
+ ..
+ ..
+ stats type=dir
+ ..
+ ..
diff --git a/dns/bind920/files/BIND.chroot.local.dist b/dns/bind920/files/BIND.chroot.local.dist
new file mode 100644
index 000000000000..ba248df5c430
--- /dev/null
+++ b/dns/bind920/files/BIND.chroot.local.dist
@@ -0,0 +1,18 @@
+# mtree -deU -f files/BIND.etc.dist -p tmp
+# mtree -cjnb -k uname,gname,mode -p tmp
+
+/set type=file uname=root gname=wheel mode=0755
+. type=dir
+ etc type=dir
+/set type=file uname=bind gname=wheel mode=0755
+ namedb type=dir uname=root
+ dynamic type=dir
+ ..
+ primary type=dir uname=root
+ ..
+ secondary type=dir
+ ..
+ working type=dir
+ ..
+ ..
+ ..
diff --git a/dns/bind920/files/empty.db b/dns/bind920/files/empty.db
new file mode 100644
index 000000000000..30870e74342f
--- /dev/null
+++ b/dns/bind920/files/empty.db
@@ -0,0 +1,8 @@
+$TTL 3h
+@ SOA @ nobody.localhost. 42 1d 12h 1w 3h
+ ; Serial, Refresh, Retry, Expire, Neg. cache TTL
+
+@ NS @
+
+; Silence a BIND warning
+@ A 127.0.0.1
diff --git a/dns/bind920/files/extrapatch-bind-min-override-ttl b/dns/bind920/files/extrapatch-bind-min-override-ttl
new file mode 100644
index 000000000000..1d4441c9f8c4
--- /dev/null
+++ b/dns/bind920/files/extrapatch-bind-min-override-ttl
@@ -0,0 +1,74 @@
+Add the override-cache-ttl feature.
+
+--- bin/named/config.c.orig 2024-07-08 13:09:16 UTC
++++ bin/named/config.c
+@@ -180,6 +180,7 @@ options {\n\
+ notify-source *;\n\
+ notify-source-v6 *;\n\
+ nsec3-test-zone no;\n\
++ override-cache-ttl 0; /* do not override */\n\
+ parental-source *;\n\
+ parental-source-v6 *;\n\
+ provide-ixfr true;\n\
+--- bin/named/server.c.orig 2024-07-08 13:09:16 UTC
++++ bin/named/server.c
+@@ -4509,6 +4509,11 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewl
+ }
+
+ obj = NULL;
++ result = named_config_get(maps, "override-cache-ttl", &obj);
++ INSIST(result == ISC_R_SUCCESS);
++ view->overridecachettl = cfg_obj_asduration(obj);
++
++ obj = NULL;
+ result = named_config_get(maps, "max-cache-ttl", &obj);
+ INSIST(result == ISC_R_SUCCESS);
+ view->maxcachettl = cfg_obj_asduration(obj);
+--- doc/arm/reference.rst.orig 2024-07-08 13:09:17 UTC
++++ doc/arm/reference.rst
+@@ -4340,6 +4340,10 @@ Tuning
+ cannot exceed 7 days and is silently truncated to 7 days if set to a
+ greater value.
+
++.. namedconf:statement:: override-cache-ttl
++
++ Enforce the configure cache TTL override.
++
+ .. namedconf:statement:: max-cache-ttl
+ :tags: server
+ :short: Specifies the maximum time (in seconds) that the server caches ordinary (positive) answers.
+--- lib/dns/include/dns/view.h.orig 2024-07-08 13:09:17 UTC
++++ lib/dns/include/dns/view.h
+@@ -151,6 +151,7 @@ struct dns_view {
+ bool requestnsid;
+ bool sendcookie;
+ dns_ttl_t maxcachettl;
++ dns_ttl_t overridecachettl;
+ dns_ttl_t maxncachettl;
+ dns_ttl_t mincachettl;
+ dns_ttl_t minncachettl;
+--- lib/dns/resolver.c.orig 2024-07-08 13:09:17 UTC
++++ lib/dns/resolver.c
+@@ -5859,6 +5859,12 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_mes
+ }
+
+ /*
++ * Enforce the configure cache TTL override.
++ */
++ if (res->view->overridecachettl)
++ rdataset->ttl = res->view->overridecachettl;
++
++ /*
+ * Enforce the configure maximum cache TTL.
+ */
+ if (rdataset->ttl > res->view->maxcachettl) {
+--- lib/isccfg/namedconf.c.orig 2024-07-08 13:09:17 UTC
++++ lib/isccfg/namedconf.c
+@@ -2148,6 +2148,7 @@ static cfg_clausedef_t view_clauses[] = {
+ #endif /* ifdef HAVE_LMDB */
+ { "max-acache-size", NULL, CFG_CLAUSEFLAG_ANCIENT },
+ { "max-cache-size", &cfg_type_sizeorpercent, 0 },
++ { "override-cache-ttl", &cfg_type_duration, 0 },
+ { "max-cache-ttl", &cfg_type_duration, 0 },
+ { "max-clients-per-query", &cfg_type_uint32, 0 },
+ { "max-ncache-ttl", &cfg_type_duration, 0 },
diff --git a/dns/bind920/files/extrapatch-bind-tools b/dns/bind920/files/extrapatch-bind-tools
new file mode 100644
index 000000000000..0416f8b80b37
--- /dev/null
+++ b/dns/bind920/files/extrapatch-bind-tools
@@ -0,0 +1,27 @@
+Only select the "tools" part of bind for building.
+
+--- Makefile.am.orig 2023-12-02 10:13:03 UTC
++++ Makefile.am
+@@ -17,7 +17,6 @@ bind.keys.h: bind.keys Makefile
+ .PHONY: doc
+
+ EXTRA_DIST = \
+- bind.keys \
+ util/bindkeys.pl \
+ util/dtrace.sh \
+ contrib \
+--- bin/Makefile.am.orig 2023-12-01 14:21:34 UTC
++++ bin/Makefile.am
+@@ -1 +1 @@
+-SUBDIRS = named rndc dig delv dnssec tools nsupdate check confgen tests plugins
++SUBDIRS = dig delv dnssec tools nsupdate
+--- bin/tools/Makefile.am.orig 2023-12-01 14:21:34 UTC
++++ bin/tools/Makefile.am
+@@ -11,7 +11,6 @@ LDADD += \
+ bin_PROGRAMS = \
+ arpaname \
+ mdig \
+- named-journalprint \
+ named-rrchecker \
+ nsec3hash
+
diff --git a/dns/bind920/files/extrapatch-no-bind-tools b/dns/bind920/files/extrapatch-no-bind-tools
new file mode 100644
index 000000000000..9a168202eb50
--- /dev/null
+++ b/dns/bind920/files/extrapatch-no-bind-tools
@@ -0,0 +1,40 @@
+Exclude the "tools" from building and installing.
+
+--- bin/Makefile.am.orig 2024-05-03 07:23:28 UTC
++++ bin/Makefile.am
+@@ -1 +1 @@
+-SUBDIRS = named rndc dig delv dnssec tools nsupdate check confgen tests plugins
++SUBDIRS = named rndc tools check confgen tests plugins
+--- bin/tools/Makefile.am.orig 2024-05-03 07:23:29 UTC
++++ bin/tools/Makefile.am
+@@ -9,29 +9,10 @@ LDADD += \
+ $(LIBISC_LIBS)
+
+ bin_PROGRAMS = \
+- arpaname \
+- mdig \
+- named-journalprint \
+- named-rrchecker \
+- nsec3hash
++ named-journalprint
+
+ arpaname_LDADD = \
+ $(LIBISC_LIBS)
+-
+-if HAVE_DNSTAP
+-bin_PROGRAMS += \
+- dnstap-read
+-
+-dnstap_read_CPPFLAGS = \
+- $(AM_CPPFLAGS) \
+- $(DNSTAP_CFLAGS) \
+- -I$(top_builddir)/lib/dns
+-
+-dnstap_read_LDADD = \
+- $(LIBDNS_LIBS) \
+- $(LIBISC_LIBS) \
+- $(DNSTAP_LIBS)
+-endif
+
+ if HAVE_LMDB
+ bin_PROGRAMS += \
diff --git a/dns/bind920/files/localhost-forward.db b/dns/bind920/files/localhost-forward.db
new file mode 100644
index 000000000000..fdd2e9ce4bee
--- /dev/null
+++ b/dns/bind920/files/localhost-forward.db
@@ -0,0 +1,8 @@
+$TTL 3h
+localhost. SOA localhost. nobody.localhost. 42 1d 12h 1w 3h
+ ; Serial, Refresh, Retry, Expire, Neg. cache TTL
+
+ NS localhost.
+
+ A 127.0.0.1
+ AAAA ::1
diff --git a/dns/bind920/files/localhost-reverse.db b/dns/bind920/files/localhost-reverse.db
new file mode 100644
index 000000000000..376e94fa94a8
--- /dev/null
+++ b/dns/bind920/files/localhost-reverse.db
@@ -0,0 +1,10 @@
+$TTL 3h
+@ SOA localhost. nobody.localhost. 42 1d 12h 1w 3h
+ ; Serial, Refresh, Retry, Expire, Neg. cache TTL
+
+ NS localhost.
+
+1.0.0 PTR localhost.
+
+1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR localhost.
+
diff --git a/dns/bind920/files/named.conf.in b/dns/bind920/files/named.conf.in
new file mode 100644
index 000000000000..53704771a136
--- /dev/null
+++ b/dns/bind920/files/named.conf.in
@@ -0,0 +1,378 @@
+// Refer to the named.conf(5) and named(8) man pages, and the documentation
+// in /usr/local/share/doc/bind for more details.
+//
+// If you are going to set up an authoritative server, make sure you
+// understand the hairy details of how DNS works. Even with
+// simple mistakes, you can break connectivity for affected parties,
+// or cause huge amounts of useless Internet traffic.
+
+options {
+ // All file and path names are relative to the chroot directory,
+ // if any, and should be fully qualified.
+ directory "%%ETCDIR%%/working";
+ pid-file "/var/run/named/pid";
+ dump-file "/var/dump/named_dump.db";
+ statistics-file "/var/stats/named.stats";
+
+// If named is being used only as a local resolver, this is a safe default.
+// For named to be accessible to the network, comment this option, specify
+// the proper IP address, or delete this option.
+ listen-on { 127.0.0.1; };
+
+// If you have IPv6 enabled on this system, uncomment this option for
+// use as a local resolver. To give access to the network, specify
+// an IPv6 address, or the keyword "any".
+// listen-on-v6 { ::1; };
+
+// These zones are already covered by the empty zones listed below.
+// If you remove the related empty zones below, comment these lines out.
+ disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
+ disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
+ disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
+
+// If you've got a DNS server around at your upstream provider, enter
+// its IP address here, and enable the line below. This will make you
+// benefit from its cache, thus reduce overall DNS traffic in the Internet.
+/*
+ forwarders {
+ 127.0.0.1;
+ };
+*/
+
+// If the 'forwarders' clause is not empty the default is to 'forward first'
+// which will fall back to sending a query from your local server if the name
+// servers in 'forwarders' do not have the answer. Alternatively you can
+// force your name server to never initiate queries of its own by enabling the
+// following line:
+// forward only;
+
+// If you wish to have forwarding configured automatically based on
+// the entries in /etc/resolv.conf, uncomment the following line and
+// set named_auto_forward=yes in /etc/rc.conf. You can also enable
+// named_auto_forward_only (the effect of which is described above).
+// include "%%ETCDIR%%/auto_forward.conf";
+
+ /*
+ Modern versions of BIND use a random UDP port for each outgoing
+ query by default in order to dramatically reduce the possibility
+ of cache poisoning. All users are strongly encouraged to utilize
+ this feature, and to configure their firewalls to accommodate it.
+
+ AS A LAST RESORT in order to get around a restrictive firewall
+ policy you can try enabling the option below. Use of this option
+ will significantly reduce your ability to withstand cache poisoning
+ attacks, and should be avoided if at all possible.
+
+ Replace NNNNN in the example with a number between 49160 and 65530.
+ */
+ // query-source address * port NNNNN;
+};
+
+// If you enable a local name server, don't forget to enter 127.0.0.1
+// first in your /etc/resolv.conf so this server will be queried.
+// Also, make sure to enable it in /etc/rc.conf.
+
+// The traditional root hints mechanism. Use this, OR the secondary zones below.
+zone "." { type hint; file "%%ETCDIR%%/named.root"; };
+
+/* Slaving the following zones from the root name servers has some
+ significant advantages:
+ 1. Faster local resolution for your users
+ 2. No spurious traffic will be sent from your network to the roots
+ 3. Greater resilience to any potential root server failure/DDoS
+
+ On the other hand, this method requires more monitoring than the
+ hints file to be sure that an unexpected failure mode has not
+ incapacitated your server. Name servers that are serving a lot
+ of clients will benefit more from this approach than individual
+ hosts. Use with caution.
+
+ To use this mechanism, uncomment the entries below, and comment
+ the hint zone above.
+
+ As documented at http://dns.icann.org/services/axfr/ these zones:
+ "." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and a few others
+ are available for AXFR from these servers on IPv4 and IPv6:
+ xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org
+*/
+/*
+zone "." {
+ type secondary;
+ file "%%ETCDIR%%/secondary/root.secondary";
+ primaries {
+ 192.0.32.132; // lax.xfr.dns.icann.org
+ 2620:0:2d0:202::132; // lax.xfr.dns.icann.org
+ 192.0.47.132; // iad.xfr.dns.icann.org
+ 2620:0:2830:202::132; // iad.xfr.dns.icann.org
+ };
+ notify no;
+};
+zone "arpa" {
+ type secondary;
+ file "%%ETCDIR%%/secondary/arpa.secondary";
+ primaries {
+ 192.0.32.132; // lax.xfr.dns.icann.org
+ 2620:0:2d0:202::132; // lax.xfr.dns.icann.org
+ 192.0.47.132; // iad.xfr.dns.icann.org
+ 2620:0:2830:202::132; // iad.xfr.dns.icann.org
+ };
+ notify no;
+};
+zone "in-addr.arpa" {
+ type secondary;
+ file "%%ETCDIR%%/secondary/in-addr.arpa.secondary";
+ primaries {
+ 192.0.32.132; // lax.xfr.dns.icann.org
+ 2620:0:2d0:202::132; // lax.xfr.dns.icann.org
+ 192.0.47.132; // iad.xfr.dns.icann.org
+ 2620:0:2830:202::132; // iad.xfr.dns.icann.org
+ };
+ notify no;
+};
+zone "ip6.arpa" {
+ type secondary;
+ file "%%ETCDIR%%/secondary/ip6.arpa.secondary";
+ primaries {
+ 192.0.32.132; // lax.xfr.dns.icann.org
+ 2620:0:2d0:202::132; // lax.xfr.dns.icann.org
+ 192.0.47.132; // iad.xfr.dns.icann.org
+ 2620:0:2830:202::132; // iad.xfr.dns.icann.org
+ };
+ notify no;
+};
+*/
+
+/* Serving the following zones locally will prevent any queries
+ for these zones leaving your network and going to the root
+ name servers. This has two significant advantages:
+ 1. Faster local resolution for your users
+ 2. No spurious traffic will be sent from your network to the roots
+*/
+// RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)
+zone "localhost" { type primary; file "%%ETCDIR%%/primary/localhost-forward.db"; };
+zone "127.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/localhost-reverse.db"; };
+zone "255.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+
+// RFC 1912-style zone for IPv6 localhost address (RFC 6303)
+zone "0.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/localhost-reverse.db"; };
+
+// "This" Network (RFCs 1912, 5735 and 6303)
+zone "0.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+
+// Private Use Networks (RFCs 1918, 5735 and 6303)
+zone "10.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "16.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "17.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "18.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "19.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "20.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "21.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "22.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "23.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "24.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "25.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "26.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "27.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "28.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "29.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "30.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "31.172.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "168.192.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+
+// Shared Address Space (RFC 6598)
+zone "64.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "65.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "66.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "67.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "68.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "69.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "70.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "71.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "72.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "73.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "74.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "75.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "76.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "77.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "78.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "79.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "80.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "81.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "82.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "83.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "84.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "85.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "86.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "87.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "88.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "89.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "90.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "91.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "92.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "93.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "94.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "95.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "96.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "97.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "98.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "99.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "100.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "101.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "102.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "103.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "104.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "105.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "106.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "107.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "108.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "109.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "110.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "111.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "112.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "113.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "114.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "115.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "116.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "117.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "118.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "119.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "120.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "121.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "122.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "123.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "124.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "125.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "126.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "127.100.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+
+// Link-local/APIPA (RFCs 3927, 5735 and 6303)
+zone "254.169.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+
+// IETF protocol assignments (RFCs 5735 and 5736)
+zone "0.0.192.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+
+// TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303)
+zone "2.0.192.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "100.51.198.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "113.0.203.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+
+// IPv6 Example Range for Documentation (RFCs 3849 and 6303)
+zone "8.b.d.0.1.0.0.2.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+
+// Router Benchmark Testing (RFCs 2544 and 5735)
+zone "18.198.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "19.198.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+
+// IANA Reserved - Old Class E Space (RFC 5735)
+zone "240.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "241.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "242.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "243.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "244.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "245.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "246.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "247.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "248.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "249.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "250.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "251.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "252.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "253.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "254.in-addr.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+
+// IPv6 Unassigned Addresses (RFC 4291)
+zone "1.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "3.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "4.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "5.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "6.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "7.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "8.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "9.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "a.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "b.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "c.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "d.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "e.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "0.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "1.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "2.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "3.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "4.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "5.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "6.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "7.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "8.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "9.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "a.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "b.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "0.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "1.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "2.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "3.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "4.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "5.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "6.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "7.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+
+// IPv6 ULA (RFCs 4193 and 6303)
+zone "c.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "d.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+
+// IPv6 Link Local (RFCs 4291 and 6303)
+zone "8.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "9.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "a.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "b.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+
+// IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303)
+zone "c.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "d.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "e.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+zone "f.e.f.ip6.arpa" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+
+// IP6.INT is Deprecated (RFC 4159)
+zone "ip6.int" { type primary; file "%%ETCDIR%%/primary/empty.db"; };
+
+// NB: Do not use the IP addresses below, they are faked, and only
+// serve demonstration/documentation purposes!
+//
+// Example secondary zone config entries. It can be convenient to become
+// a secondary at least for the zone your own domain is in. Ask
+// your network administrator for the IP address of the responsible
+// primary name server.
+//
+// Do not forget to include the reverse lookup zone!
+// This is named after the first bytes of the IP address, in reverse
+// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6.
+//
+// Before starting to set up a primary zone, make sure you fully
+// understand how DNS and BIND work. There are sometimes
+// non-obvious pitfalls. Setting up a secondary zone is usually simpler.
+//
+// NB: Don't blindly enable the examples below. :-) Use actual names
+// and addresses instead.
+
+/* An example dynamic zone
+key "exampleorgkey" {
+ algorithm hmac-md5;
+ secret "sf87HJqjkqh8ac87a02lla==";
+};
+zone "example.org" {
+ type primary;
+ allow-update {
+ key "exampleorgkey";
+ };
+ file "%%ETCDIR%%/dynamic/example.org";
+};
+*/
+
+/* Example of a secondary reverse zone
+zone "1.168.192.in-addr.arpa" {
+ type secondary;
+ file "%%ETCDIR%%/secondary/1.168.192.in-addr.arpa";
+ primaries {
+ 192.168.1.1;
+ };
+};
+*/
diff --git a/dns/bind920/files/named.in b/dns/bind920/files/named.in
new file mode 100644
index 000000000000..b4d8133210eb
--- /dev/null
+++ b/dns/bind920/files/named.in
@@ -0,0 +1,453 @@
+#!/bin/sh
+
+# PROVIDE: named
+# REQUIRE: %%NAMED_REQUIRE%%
+# BEFORE: %%NAMED_BEFORE%%
+# KEYWORD: shutdown
+
+#
+# Add the following lines to /etc/rc.conf to enable BIND:
+# named_enable (bool): Run named, the DNS server (or NO).
+# named_program (str): Path to named, if you want a different one.
+# named_conf (str): Path to the configuration file
+# named_flags (str): Use this for flags OTHER than -u and -c
+# named_uid (str): User to run named as
+# named_chrootdir (str): Chroot directory (or "" not to auto-chroot it)
+# Historically, was /var/named
+# named_chroot_autoupdate (bool): Automatically install/update chrooted
+# components of named.
+# named_symlink_enable (bool): Symlink the chrooted pid file
+# named_wait (bool): Wait for working name service before exiting
+# named_wait_host (str): Hostname to check if named_wait is enabled
+# named_auto_forward (str): Set up forwarders from /etc/resolv.conf
+# named_auto_forward_only (str): Do "forward only" instead of "forward first"
+#
+
+. /etc/rc.subr
+
+name=named
+desc="named BIND startup script"
+rcvar=named_enable
+
+load_rc_config ${name}
+
+extra_commands=reload
+
+start_precmd=named_prestart
+start_postcmd=named_poststart
+reload_cmd=named_reload
+stop_cmd=named_stop
+stop_postcmd=named_poststop
+
+named_enable=${named_enable:-"NO"}
+named_program=${named_program:-"%%PREFIX%%/sbin/named"}
+named_conf=${named_conf:-"%%ETCDIR%%/named.conf"}
+named_flags=${named_flags:-""}
+named_uid=${named_uid:-"bind"}
+named_chrootdir=${named_chrootdir:-""}
*** 908 LINES SKIPPED ***