diff options
author | Mathieu Arnold <mat@FreeBSD.org> | 2017-04-20 13:12:35 +0000 |
---|---|---|
committer | Mathieu Arnold <mat@FreeBSD.org> | 2017-04-20 13:12:35 +0000 |
commit | d4de1a5f8c1fc3ae00e1050dcb48c9ff57757baf (patch) | |
tree | 83dc667c9d40043bd7f9644278700b0cd5b21008 /dns/bind911 | |
parent | 7fb3b970f6f6977b5abd5cb866da41591dedc201 (diff) | |
download | ports-d4de1a5f8c1fc3ae00e1050dcb48c9ff57757baf.tar.gz ports-d4de1a5f8c1fc3ae00e1050dcb48c9ff57757baf.zip |
Notes
Diffstat (limited to 'dns/bind911')
-rw-r--r-- | dns/bind911/Makefile | 235 | ||||
-rw-r--r-- | dns/bind911/distinfo | 6 | ||||
-rw-r--r-- | dns/bind911/files/extrapatch-bind-min-override-ttl | 16 | ||||
-rw-r--r-- | dns/bind911/files/named.conf.in | 34 | ||||
-rw-r--r-- | dns/bind911/files/named.root | 6 | ||||
-rw-r--r-- | dns/bind911/files/patch-bin_tests_system_dlzexternal_Makefile.in | 8 | ||||
-rw-r--r-- | dns/bind911/files/patch-configure | 12 | ||||
-rw-r--r-- | dns/bind911/pkg-help | 10 |
8 files changed, 167 insertions, 160 deletions
diff --git a/dns/bind911/Makefile b/dns/bind911/Makefile index ba559395a9fc..1136bb195737 100644 --- a/dns/bind911/Makefile +++ b/dns/bind911/Makefile @@ -8,7 +8,7 @@ PORTVERSION= ${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/} PORTREVISION= 0 .else # dns/bind9xx here -PORTREVISION= 1 +PORTREVISION= 0 .endif CATEGORIES= dns net ipv6 MASTER_SITES= ISC/bind9/${ISCVERSION} @@ -27,9 +27,10 @@ COMMENT= BIND DNS suite with updated DNSSEC and DNS64 .endif LICENSE= MPL +LICENSE_FILE= ${WRKSRC}/COPYRIGHT # ISC releases things like 9.8.0-P1, which our versioning doesn't like -ISCVERSION= 9.11.0-P5 +ISCVERSION= 9.11.1 USES= cpe libedit @@ -42,27 +43,34 @@ CPE_UPDATE= ${ISCVERSION:C/.*-//:tl} LIB_DEPENDS= libxml2.so:textproc/libxml2 GNU_CONFIGURE= yes -CONFIGURE_ARGS+= --localstatedir=/var --disable-linux-caps \ +CONFIGURE_ARGS= --localstatedir=/var --disable-linux-caps \ --disable-symtable \ --with-randomdev=/dev/random \ --with-libxml2=${LOCALBASE} \ --with-readline="-L${LOCALBASE}/lib -ledit" \ --with-dlopen=yes \ --sysconfdir=${ETCDIR} +ETCDIR= ${PREFIX}/etc/namedb + +CONFLICTS= bind99 bind910 bind9-devel + .if defined(BIND_TOOLS_SLAVE) CONFIGURE_ARGS+= --disable-shared -.endif -ETCDIR= ${PREFIX}/etc/namedb +CONFLICTS+= bind911 +.else +USE_RC_SUBR= named +SUB_FILES= pkg-message named.conf +CONFLICTS+= bind-tools +.endif # BIND_TOOLS_SLAVE -CONFLICTS+= bind99 bind910 bind9-devel +MAKE_JOBS_UNSAFE= yes -.if !defined(BIND_TOOLS_SLAVE) -SUB_FILES= pkg-message -.endif +PORTDOCS= * OPTIONS_DEFAULT= SSL THREADS SIGCHASE IDN GSSAPI_NONE JSON OPTIONS_DEFINE= IDN LARGE_FILE PYTHON JSON \ FIXED_RRSET SIGCHASE IPV6 THREADS FILTER_AAAA + OPTIONS_RADIO= CRYPTO GOSTDEF OPTIONS_RADIO_CRYPTO= SSL NATIVE_PKCS11 OPTIONS_RADIO_GOSTDEF= GOST GOST_ASN1 @@ -81,150 +89,135 @@ OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE OPTIONS_SUB= yes -SSL_DESC= Build with OpenSSL (Required for DNSSEC) -LARGE_FILE_DESC= 64-bit file support -FIXED_RRSET_DESC= Enable fixed rrset ordering -SIGCHASE_DESC= dig/host/nslookup will do DNSSEC validation -FILTER_AAAA_DESC= Enable filtering of AAAA records CRYPTO_DESC= Choose which crypto engine to use -NATIVE_PKCS11_DESC= Use PKCS\#11 native API (**READ HELP**) -GEOIP_DESC= Allow geographically based ACL. -GOSTDEF_DESC= Enable GOST ciphers, needs SSL (see help on 8 and 9) -GOST_DESC= GOST raw keys (new default) -GOST_ASN1_DESC= GOST using ASN.1 -PYTHON_DESC= Build with Python utilities -START_LATE_DESC= Start BIND late in the boot process -MINCACHE_DESC= Use the mincachettl patch -PORTREVISION_DESC= Show PORTREVISION in the version string -QUERYTRACE_DESC= Enable the very verbose query tracelogging -LMDB_DESC= Use LMDB for zone management -DNSTAP_DESC= Provides fast passive logging of DNS messages - -RPZ_NSIP_DESC= Enable RPZ NSIP trigger rules -RPZ_NSDNAME_DESC= Enable RPZ NSDNAME policy records -DLZ_DESC= Dynamically Loadable Zones -DLZ_POSTGRESQL_DESC= DLZ Postgres driver -DLZ_MYSQL_DESC= DLZ MySQL driver (no threading) DLZ_BDB_DESC= DLZ BDB driver -DLZ_LDAP_DESC= DLZ LDAP driver +DLZ_DESC= Dynamically Loadable Zones DLZ_FILESYSTEM_DESC= DLZ filesystem driver +DLZ_LDAP_DESC= DLZ LDAP driver +DLZ_MYSQL_DESC= DLZ MySQL driver (no threading) +DLZ_POSTGRESQL_DESC= DLZ Postgres driver DLZ_STUB_DESC= DLZ stub driver +DNSTAP_DESC= Provides fast passive logging of DNS messages +FILTER_AAAA_DESC= Enable filtering of AAAA records +FIXED_RRSET_DESC= Enable fixed rrset ordering +GEOIP_DESC= Allow geographically based ACL. +GOSTDEF_DESC= Enable GOST ciphers, needs SSL +GOST_ASN1_DESC= GOST using ASN.1 +GOST_DESC= GOST raw keys (new default) GSSAPI_BASE_DESC= Using Heimdal in base GSSAPI_HEIMDAL_DESC= Using security/heimdal GSSAPI_MIT_DESC= Using security/krb5 GSSAPI_NONE_DESC= Disable +LARGE_FILE_DESC= 64-bit file support +LMDB_DESC= Use LMDB for zone management +MINCACHE_DESC= Use the mincachettl patch +NATIVE_PKCS11_DESC= Use PKCS\#11 native API (**READ HELP**) +PORTREVISION_DESC= Show PORTREVISION in the version string +PYTHON_DESC= Build with Python utilities +QUERYTRACE_DESC= Enable the very verbose query tracelogging +RPZ_NSDNAME_DESC= Enable RPZ NSDNAME policy records +RPZ_NSIP_DESC= Enable RPZ NSIP trigger rules +SIGCHASE_DESC= dig/host/nslookup will do DNSSEC validation +SSL_DESC= Build with OpenSSL (Required for DNSSEC) +START_LATE_DESC= Start BIND late in the boot process (see help) -.if defined(BIND_TOOLS_SLAVE) -CONFLICTS+= bind911 -.else -CONFLICTS+= bind-tools -.endif # BIND_TOOLS_SLAVE +DLZ_BDB_CONFIGURE_ON= --with-dlz-bdb=yes +DLZ_BDB_USES= bdb -SSL_CONFIGURE_ON= --with-openssl=${OPENSSLBASE} -SSL_USES= ssl -SSL_CONFIGURE_OFF= --disable-openssl-version-check --without-openssl +DLZ_FILESYSTEM_CONFIGURE_ON= --with-dlz-filesystem=yes -LMDB_CONFIGURE_WITH= lmdb -LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb +DLZ_LDAP_CONFIGURE_ON= --with-dlz-ldap=yes +DLZ_LDAP_USE= openldap=yes -IDN_USES= iconv -IDN_CONFIGURE_ON= --with-idn=${LOCALBASE} ${ICONV_CONFIGURE_BASE} -IDN_LIB_DEPENDS= libidnkit.so:dns/idnkit -IDN_CONFIGURE_OFF= --without-idn +DLZ_MYSQL_CONFIGURE_ON= --with-dlz-mysql=yes +DLZ_MYSQL_PREVENTS= THREADS +DLZ_MYSQL_USES= mysql -LARGE_FILE_CONFIGURE_ENABLE= largefile +DLZ_POSTGRESQL_CONFIGURE_ON= --with-dlz-postgres=yes +DLZ_POSTGRESQL_USES= pgsql -SIGCHASE_CONFIGURE_ON= STD_CDEFINES="-DDIG_SIGCHASE=1" +DLZ_STUB_CONFIGURE_ON= --with-dlz-stub=yes -IPV6_CONFIGURE_ENABLE= ipv6 +DNSTAP_CONFIGURE_ENABLE= dnstap +DNSTAP_IMPLIES= THREADS +DNSTAP_LIB_DEPENDS= libfstrm.so:devel/fstrm \ + libprotobuf-c.so:devel/protobuf-c FILTER_AAAA_CONFIGURE_ENABLE= filter-aaaa -NATIVE_PKCS11_CONFIGURE_ENABLE= native-pkcs11 +FIXED_RRSET_CONFIGURE_ENABLE= fixed-rrset GEOIP_CONFIGURE_WITH= geoip GEOIP_LIB_DEPENDS= libGeoIP.so:net/GeoIP -JSON_LIB_DEPENDS= libjson-c.so:devel/json-c -JSON_CONFIGURE_WITH= libjson - -GOST_CONFIGURE_ON= --with-gost GOST_ASN1_CONFIGURE_ON= --with-gost=asn1 -PYTHON_CONFIGURE_WITH= python=${PYTHON_CMD} -PYTHON_USES= python -PYTHON_BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}ply>=0:devel/py-ply -PYTHON_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}ply>=0:devel/py-ply +GOST_CONFIGURE_ON= --with-gost -DLZ_POSTGRESQL_CONFIGURE_ON= --with-dlz-postgres=yes -DLZ_POSTGRESQL_USES= pgsql +GSSAPI_BASE_CONFIGURE_ON= \ + --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" +GSSAPI_BASE_USES= gssapi -FIXED_RRSET_CONFIGURE_ENABLE= fixed-rrset +GSSAPI_HEIMDAL_CONFIGURE_ON= \ + --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" +GSSAPI_HEIMDAL_USES= gssapi:heimdal -RPZ_NSIP_CONFIGURE_ENABLE= rpz-nsip +GSSAPI_MIT_CONFIGURE_ON= \ + --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" +GSSAPI_MIT_USES= gssapi:mit -RPZ_NSDNAME_CONFIGURE_ENABLE= rpz-nsdname +GSSAPI_NONE_CONFIGURE_ON= --without-gssapi -DLZ_MYSQL_CONFIGURE_ON= --with-dlz-mysql=yes -DLZ_MYSQL_USES= mysql +IDN_CONFIGURE_OFF= --without-idn +IDN_CONFIGURE_ON= --with-idn=${LOCALBASE} ${ICONV_CONFIGURE_BASE} +IDN_LIB_DEPENDS= libidnkit.so:dns/idnkit +IDN_USES= iconv -DLZ_BDB_CONFIGURE_ON= --with-dlz-bdb=yes -DLZ_BDB_USES= bdb +IPV6_CONFIGURE_ENABLE= ipv6 -DLZ_LDAP_CONFIGURE_ON= --with-dlz-ldap=yes -DLZ_LDAP_USE= openldap=yes +JSON_CONFIGURE_WITH= libjson +JSON_LIB_DEPENDS= libjson-c.so:devel/json-c -DLZ_FILESYSTEM_CONFIGURE_ON= --with-dlz-filesystem=yes +LARGE_FILE_CONFIGURE_ENABLE= largefile -DLZ_STUB_CONFIGURE_ON= --with-dlz-stub=yes +LMDB_CONFIGURE_WITH= lmdb +LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb -START_LATE_SUB_LIST= NAMED_REQUIRE="SERVERS cleanvar" \ - NAMED_BEFORE="LOGIN" -START_LATE_SUB_LIST_OFF=NAMED_REQUIRE="NETWORKING ldconfig syslogd" \ - NAMED_BEFORE="SERVERS" +MINCACHE_EXTRA_PATCHES= ${FILESDIR}/extrapatch-bind-min-override-ttl -GSSAPI_BASE_USES= gssapi -GSSAPI_BASE_CONFIGURE_ON= \ - --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" -GSSAPI_HEIMDAL_USES= gssapi:heimdal -GSSAPI_HEIMDAL_CONFIGURE_ON= \ - --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" -GSSAPI_MIT_USES= gssapi:mit -GSSAPI_MIT_CONFIGURE_ON= \ - --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" -GSSAPI_NONE_CONFIGURE_ON= --without-gssapi +NATIVE_PKCS11_CONFIGURE_ENABLE= native-pkcs11 +NATIVE_PKCS11_IMPLIES= THREADS -MINCACHE_EXTRA_PATCHES= ${FILESDIR}/extrapatch-bind-min-override-ttl +PYTHON_BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}ply>=0:devel/py-ply +PYTHON_CONFIGURE_WITH= python=${PYTHON_CMD} +PYTHON_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}ply>=0:devel/py-ply +PYTHON_USES= python QUERYTRACE_CONFIGURE_ENABLE= querytrace -DNSTAP_CONFIGURE_ENABLE= dnstap -DNSTAP_LIB_DEPENDS= libfstrm.so:devel/fstrm \ - libprotobuf-c.so:devel/protobuf-c - -.include <bsd.port.options.mk> +RPZ_NSDNAME_CONFIGURE_ENABLE= rpz-nsdname -.if !${PORT_OPTIONS:MGOST} && !${PORT_OPTIONS:MGOST_ASN1} -CONFIGURE_ARGS+= --without-gost -.endif +RPZ_NSIP_CONFIGURE_ENABLE= rpz-nsip -.if ${PORT_OPTIONS:MTHREADS} && !${PORT_OPTIONS:MDLZ_MYSQL} -CONFIGURE_ARGS+= --enable-threads -.else -CONFIGURE_ARGS+= --disable-threads -.endif +SIGCHASE_CONFIGURE_ON= STD_CDEFINES="-DDIG_SIGCHASE=1" -.if !defined(BIND_TOOLS_SLAVE) -USE_RC_SUBR+= named -SUB_FILES+= named.conf -.endif +SSL_CONFIGURE_OFF= --disable-openssl-version-check --without-openssl +SSL_CONFIGURE_ON= --with-openssl=${OPENSSLBASE} +SSL_USES= ssl -MAKE_JOBS_UNSAFE= yes +START_LATE_SUB_LIST= NAMED_REQUIRE="SERVERS cleanvar" \ + NAMED_BEFORE="LOGIN" +START_LATE_SUB_LIST_OFF=NAMED_REQUIRE="NETWORKING ldconfig syslogd" \ + NAMED_BEFORE="SERVERS" -PORTDOCS= * +THREADS_CONFIGURE_ENABLE= threads .include <bsd.port.pre.mk> +.if !${PORT_OPTIONS:MGOST} && !${PORT_OPTIONS:MGOST_ASN1} +CONFIGURE_ARGS+= --without-gost +.endif + .if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && ${SSL_DEFAULT} == base BROKEN= OpenSSL from the base system does not support GOST, add \ DEFAULT_VERSIONS+=ssl=openssl to your /etc/make.conf and rebuild everything \ @@ -232,16 +225,13 @@ BROKEN= OpenSSL from the base system does not support GOST, add \ .endif post-patch: - @${REINPLACE_CMD} -e 's|readline/readline.h|editline/readline.h|; \ - s|readline/history.h|histedit.h|' \ - ${WRKSRC}/bin/dig/nslookup.c ${WRKSRC}/bin/nsupdate/nsupdate.c .if defined(BIND_TOOLS_SLAVE) @${REINPLACE_CMD} -e 's#^SUBDIRS.*#SUBDIRS = lib bin#' \ -e 's#isc-config.sh installdirs#installdirs#' \ -e 's#.*INSTALL.*isc-config.*##' \ -e 's#.*INSTALL.*bind.keys.*##' \ ${WRKSRC}/Makefile.in - @${REINPLACE_CMD} -e 's#^SUBDIRS.*#SUBDIRS = dig delv dnssec tools nsupdate \\#' \ + @${REINPLACE_CMD} -e 's#^SUBDIRS.*#SUBDIRS = delv dig dnssec tools nsupdate \\#' \ -e 's#^ .*check confgen ##' \ ${WRKSRC}/bin/Makefile.in .else @@ -255,27 +245,18 @@ post-patch: .endif .if !defined(BIND_TOOLS_SLAVE) -.if ${PORTREVISION:N0} +. if ${PORTREVISION:N0} post-patch-PORTREVISION-on: @${REINPLACE_CMD} -e '/EXTENSIONS/s#=$$#=_${PORTREVISION}#' \ ${WRKSRC}/version -.endif +. endif post-install: -.if ${PORT_OPTIONS:MDOCS} - ${MKDIR} ${STAGEDIR}${DOCSDIR}/arm - ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm - ${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR} - ${INSTALL_DATA} ${WRKSRC}/CHANGES ${WRKSRC}/COPYRIGHT ${WRKSRC}/FAQ \ - ${WRKSRC}/HISTORY ${WRKSRC}/README ${STAGEDIR}${DOCSDIR} -.endif - -.if ${OPSYS} == DragonFly || (${OPSYS} == FreeBSD && ${OSVERSION} >= 1000100) ${MKDIR} ${STAGEDIR}${PREFIX}/etc/mtree ${MKDIR} ${STAGEDIR}${ETCDIR} -.for i in dynamic master slave working +. for i in dynamic master slave working @${MKDIR} ${STAGEDIR}${ETCDIR}/$i -.endfor +. endfor ${INSTALL_DATA} ${WRKDIR}/named.conf ${STAGEDIR}${ETCDIR}/named.conf.sample ${INSTALL_DATA} ${FILESDIR}/named.root ${STAGEDIR}${ETCDIR} ${INSTALL_DATA} ${FILESDIR}/empty.db ${STAGEDIR}${ETCDIR}/master @@ -283,9 +264,15 @@ post-install: ${INSTALL_DATA} ${FILESDIR}/localhost-reverse.db ${STAGEDIR}${ETCDIR}/master ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.dist ${STAGEDIR}${PREFIX}/etc/mtree ${INSTALL_DATA} ${FILESDIR}/BIND.chroot.local.dist ${STAGEDIR}${PREFIX}/etc/mtree -.endif ${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \ ${STAGEDIR}${ETCDIR}/rndc.conf.sample + +post-install-DOCS-on: + ${MKDIR} ${STAGEDIR}${DOCSDIR}/arm + ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm + ${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/CHANGES ${WRKSRC}/FAQ \ + ${WRKSRC}/HISTORY ${WRKSRC}/README ${STAGEDIR}${DOCSDIR} .endif # BIND_TOOLS_SLAVE # Can't use USE_PYTHON=autoplist diff --git a/dns/bind911/distinfo b/dns/bind911/distinfo index 3b402c6735d4..78d19e4fe4d4 100644 --- a/dns/bind911/distinfo +++ b/dns/bind911/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1492054601 -SHA256 (bind-9.11.0-P5.tar.gz) = 1e283f0567b484687dfd7b936e26c9af4f64043daf73cbd8f3eb1122c9fb71f5 -SIZE (bind-9.11.0-P5.tar.gz) = 9698446 +TIMESTAMP = 1492691449 +SHA256 (bind-9.11.1.tar.gz) = 22050095f5c82a1385cc4174190ac60392670bbc5d63d592ecae52a214bc10b2 +SIZE (bind-9.11.1.tar.gz) = 9762743 diff --git a/dns/bind911/files/extrapatch-bind-min-override-ttl b/dns/bind911/files/extrapatch-bind-min-override-ttl index 9fff03cc737f..2f8224d375ef 100644 --- a/dns/bind911/files/extrapatch-bind-min-override-ttl +++ b/dns/bind911/files/extrapatch-bind-min-override-ttl @@ -1,4 +1,4 @@ ---- bin/named/config.c.orig 2016-10-21 05:13:38 UTC +--- bin/named/config.c.orig 2017-04-14 03:58:25 UTC +++ bin/named/config.c @@ -154,6 +154,8 @@ options {\n\ lame-ttl 600;\n\ @@ -9,9 +9,9 @@ max-cache-ttl 604800; /* 1 week */\n\ transfer-format many-answers;\n\ max-cache-size 90%;\n\ ---- bin/named/server.c.orig 2016-10-21 05:13:38 UTC +--- bin/named/server.c.orig 2017-04-14 03:58:25 UTC +++ bin/named/server.c -@@ -3638,6 +3638,16 @@ configure_view(dns_view_t *view, dns_vie +@@ -3693,6 +3693,16 @@ configure_view(dns_view_t *view, dns_vie } obj = NULL; @@ -28,7 +28,7 @@ result = ns_config_get(maps, "max-cache-ttl", &obj); INSIST(result == ISC_R_SUCCESS); view->maxcachettl = cfg_obj_asuint32(obj); ---- lib/dns/include/dns/view.h.orig 2016-10-21 05:13:38 UTC +--- lib/dns/include/dns/view.h.orig 2017-04-14 03:58:25 UTC +++ lib/dns/include/dns/view.h @@ -146,6 +146,8 @@ struct dns_view { isc_boolean_t requestnsid; @@ -39,9 +39,9 @@ dns_ttl_t maxncachettl; isc_uint32_t nta_lifetime; isc_uint32_t nta_recheck; ---- lib/dns/resolver.c.orig 2016-10-21 05:13:38 UTC +--- lib/dns/resolver.c.orig 2017-04-14 03:58:25 UTC +++ lib/dns/resolver.c -@@ -5433,6 +5433,18 @@ cache_name(fetchctx_t *fctx, dns_name_t +@@ -5439,6 +5439,18 @@ cache_name(fetchctx_t *fctx, dns_name_t } /* @@ -60,9 +60,9 @@ * Enforce the configure maximum cache TTL. */ if (rdataset->ttl > res->view->maxcachettl) ---- lib/isccfg/namedconf.c.orig 2016-10-21 05:13:38 UTC +--- lib/isccfg/namedconf.c.orig 2017-04-14 03:58:25 UTC +++ lib/isccfg/namedconf.c -@@ -1735,6 +1735,8 @@ view_clauses[] = { +@@ -1759,6 +1759,8 @@ view_clauses[] = { { "nosit-udp-size", &cfg_type_uint32, CFG_CLAUSEFLAG_OBSOLETE }, { "max-acache-size", &cfg_type_sizenodefault, 0 }, { "max-cache-size", &cfg_type_sizeorpercent, 0 }, diff --git a/dns/bind911/files/named.conf.in b/dns/bind911/files/named.conf.in index a7ab7d7b7ced..254a65f66085 100644 --- a/dns/bind911/files/named.conf.in +++ b/dns/bind911/files/named.conf.in @@ -93,7 +93,7 @@ zone "." { type hint; file "%%ETCDIR%%/named.root"; }; the hint zone above. As documented at http://dns.icann.org/services/axfr/ these zones: - "." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and ROOT-SERVERS.NET + "." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and a few others are available for AXFR from these servers on IPv4 and IPv6: xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org */ @@ -102,7 +102,10 @@ zone "." { type slave; file "%%ETCDIR%%/slave/root.slave"; masters { - 192.5.5.241; // F.ROOT-SERVERS.NET. + 192.0.32.132; // lax.xfr.dns.icann.org + 2620:0:2d0:202::132; // lax.xfr.dns.icann.org + 192.0.47.132; // iad.xfr.dns.icann.org + 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; }; @@ -110,10 +113,35 @@ zone "arpa" { type slave; file "%%ETCDIR%%/slave/arpa.slave"; masters { - 192.5.5.241; // F.ROOT-SERVERS.NET. + 192.0.32.132; // lax.xfr.dns.icann.org + 2620:0:2d0:202::132; // lax.xfr.dns.icann.org + 192.0.47.132; // iad.xfr.dns.icann.org + 2620:0:2830:202::132; // iad.xfr.dns.icann.org }; notify no; }; +zone "in-addr.arpa" { + type slave; + file "%%ETCDIR%%/slave/in-addr.arpa.slave"; + masters { + 192.0.32.132; // lax.xfr.dns.icann.org + 2620:0:2d0:202::132; // lax.xfr.dns.icann.org + 192.0.47.132; // iad.xfr.dns.icann.org + 2620:0:2830:202::132; // iad.xfr.dns.icann.org + }; + notify no; +} +zone "ip6.arpa" { + type slave; + file "%%ETCDIR%%/slave/ip6.arpa.slave"; + masters { + 192.0.32.132; // lax.xfr.dns.icann.org + 2620:0:2d0:202::132; // lax.xfr.dns.icann.org + 192.0.47.132; // iad.xfr.dns.icann.org + 2620:0:2830:202::132; // iad.xfr.dns.icann.org + }; + notify no; +} */ /* Serving the following zones locally will prevent any queries diff --git a/dns/bind911/files/named.root b/dns/bind911/files/named.root index 21ec7ca71f9b..70d2d9f7d35c 100644 --- a/dns/bind911/files/named.root +++ b/dns/bind911/files/named.root @@ -13,8 +13,8 @@ ; on server FTP.INTERNIC.NET ; -OR- RS.INTERNIC.NET ; -; last update: March 23, 2016 -; related version of root zone: 2016032301 +; last update: April 11, 2017 +; related version of root zone: 2017041101 ; ; formerly NS.INTERNIC.NET ; @@ -44,6 +44,7 @@ D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d ; . 3600000 NS E.ROOT-SERVERS.NET. E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 +E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e ; ; FORMERLY NS.ISC.ORG ; @@ -55,6 +56,7 @@ F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f ; . 3600000 NS G.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 +G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d ; ; FORMERLY AOS.ARL.ARMY.MIL ; diff --git a/dns/bind911/files/patch-bin_tests_system_dlzexternal_Makefile.in b/dns/bind911/files/patch-bin_tests_system_dlzexternal_Makefile.in index d7b87fd655d6..4b79d1b9151a 100644 --- a/dns/bind911/files/patch-bin_tests_system_dlzexternal_Makefile.in +++ b/dns/bind911/files/patch-bin_tests_system_dlzexternal_Makefile.in @@ -1,11 +1,11 @@ ---- bin/tests/system/dlzexternal/Makefile.in.orig 2016-07-28 12:26:36 UTC +--- bin/tests/system/dlzexternal/Makefile.in.orig 2017-04-14 03:58:25 UTC +++ bin/tests/system/dlzexternal/Makefile.in -@@ -35,7 +35,7 @@ OBJS = ${DLOPENOBJS} +@@ -31,7 +31,7 @@ OBJS = @BIND9_MAKE_RULES@ CFLAGS = @CFLAGS@ @SO_CFLAGS@ -SO_LDFLAGS = @LDFLAGS@ @SO_LDFLAGS@ +SO_LDFLAGS = @SO_LDFLAGS@ - dlopen@EXEEXT@: ${DLOPENOBJS} - ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} \ + driver.@SO@: ${SO_OBJS} + ${LIBTOOL_MODE_LINK} @SO_LD@ ${SO_LDFLAGS} -o $@ driver.@O@ diff --git a/dns/bind911/files/patch-configure b/dns/bind911/files/patch-configure index 9b672e65e7b1..93c6090b7de4 100644 --- a/dns/bind911/files/patch-configure +++ b/dns/bind911/files/patch-configure @@ -1,6 +1,6 @@ ---- configure.orig 2016-08-30 11:01:49 UTC +--- configure.orig 2017-04-14 03:58:25 UTC +++ configure -@@ -14341,27 +14341,9 @@ done +@@ -14401,27 +14401,9 @@ done # problems start to show up. saved_libs="$LIBS" for TRY_LIBS in \ @@ -20,7 +20,7 @@ - # -L/usr/local/lib to LIBS, which can make the - # -lgssapi_krb5 test succeed with shared libraries even - # when you are trying to build with KTH in /usr/lib. -- if test "$use_gssapi" = "/usr" +- if test "/usr" = "$use_gssapi" - then - LIBS="$TRY_LIBS" - else @@ -30,7 +30,7 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5 $as_echo_n "checking linking as $TRY_LIBS... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext -@@ -14404,47 +14386,7 @@ $as_echo "no" >&6; } ;; +@@ -14464,47 +14446,7 @@ $as_echo "no" >&6; } ;; no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;; esac @@ -43,7 +43,7 @@ - # many times as it is the right thing. Something better - # needs to be done. - # -- if test "$use_gssapi" = "/usr" -a \ +- if test "/usr" = "$use_gssapi" -a \ - -f /usr/local/lib/libkrb5.a; then - FIX_KTH_VS_MIT=yes - fi @@ -79,7 +79,7 @@ DNS_GSSAPI_LIBS="$LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5 -@@ -22563,7 +22505,7 @@ $as_echo "" >&6; } +@@ -22666,7 +22608,7 @@ $as_echo "" >&6; } # Check other locations for includes. # Order is important (sigh). diff --git a/dns/bind911/pkg-help b/dns/bind911/pkg-help index aa85330b21d7..a5432496e8c6 100644 --- a/dns/bind911/pkg-help +++ b/dns/bind911/pkg-help @@ -14,16 +14,6 @@ Additionally, the HSM might not support all of the PKCS#11 API functions needed for signature verification. - GOST -If using a chrooted instance of BIND on FreeBSD 8.x and 9.x, -the OpenSSL engines MUST be accessible from within the chroot. -If BIND is chrooted in /var/named, this can be achieved by -either copying content of /usr/local/lib/engines into -/var/named/usr/local/lib/engines, or by creating that directory -and adding this line to /etc/fstab: -/usr/local/lib/engines /var/named/usr/local/lib/engines nullfs ro 0 0 - - START_LATE Most of the time, BIND needs to start early in the boot process. Enable this if BIND starts too early for you and |