1 files changed, 30 insertions, 0 deletions

diff --git a/dns/bind912/pkg-help b/dns/bind912/pkg-help
new file mode 100644
index 000000000000..aa85330b21d7
--- /dev/null
+++ b/dns/bind912/pkg-help
@@ -0,0 +1,30 @@
+                       NATIVE_PKCS11
+When using the NATIVE_PKCS11 option, BIND will use the PKCS#11
+engine specified by the named_pkcss11_engine variable in
+/etc/rc.conf for *all* crypto operations.
+
+This is primarily intended to be used in an authoritative
+case.
+
+If BIND is also operating as a validating resolver,
+NATIVE_PKCS11 should not be used, because the HSM will be
+used for all crypto, including DNSSEC validations, and the
+HSM is likely to be slower than the CPU for this purpose.
+Additionally, the HSM might not support all of the PKCS#11
+API functions needed for signature verification.
+
+
+                            GOST
+If using a chrooted instance of BIND on FreeBSD 8.x and 9.x,
+the OpenSSL engines MUST be accessible from within the chroot.
+If BIND is chrooted in /var/named, this can be achieved by
+either copying content of /usr/local/lib/engines into
+/var/named/usr/local/lib/engines, or by creating that directory
+and adding this line to /etc/fstab:
+/usr/local/lib/engines  /var/named/usr/local/lib/engines nullfs ro 0 0
+
+
+                         START_LATE
+Most of the time, BIND needs to start early in the boot
+process.  Enable this if BIND starts too early for you and
+you need it to start later.