4 files changed, 165 insertions, 4 deletions

diff --git a/dns/bind910/Makefile b/dns/bind910/Makefile
index 582a0c927a9b..312b2a0eb313 100644
--- a/dns/bind910/Makefile
+++ b/dns/bind910/Makefile
@@ -8,7 +8,7 @@ PORTVERSION=	${ISCVERSION:S/-P/P/}
 PORTREVISION=	0
 .else
 # dns/bind910 here
-PORTREVISION=	0
+PORTREVISION=	1
 .endif
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	ISC/bind9/${ISCVERSION}
@@ -58,7 +58,8 @@ OPTIONS_RADIO_GOSTDEF=	GOST GOST_ASN1
 
 .if !defined(BIND_TOOLS_SLAVE)
 OPTIONS_DEFAULT+=	RRL
-OPTIONS_DEFINE+=	LINKS RPZ_NSIP RPZ_NSDNAME RRL DOCS NEWSTATS GEOIP
+OPTIONS_DEFINE+=	LINKS RPZ_NSIP RPZ_NSDNAME RRL DOCS NEWSTATS GEOIP \
+			MINCACHE
 OPTIONS_GROUP=		DLZ
 OPTIONS_GROUP_DLZ=	DLZ_POSTGRESQL DLZ_MYSQL DLZ_BDB \
 			DLZ_LDAP DLZ_FILESYSTEM DLZ_STUB
@@ -81,6 +82,7 @@ GOST_DESC=		GOST raw keys (new default)
 GOST_ASN1_DESC=		GOST using ASN.1
 PYTHON_DESC=		Build with Python utilities
 START_LATE_DESC=	Start BIND late in the boot process
+MINCACHE_DESC=		Use the mincachettl patch
 
 LINKS_DESC=		Create conf file symlinks in ${PREFIX}
 NEWSTATS_DESC=		Enable alternate xml statistics channel format
@@ -98,6 +100,7 @@ GSSAPI_BASE_DESC=	Using Heimdal in base
 GSSAPI_HEIMDAL_DESC=	Using security/heimdal
 GSSAPI_MIT_DESC=	Using security/krb5
 GSSAPI_NONE_DESC=	Disable
+MINCACHE_EXTRA_PATCHES=	${FILESDIR}/extrapatch-bind-min-override-ttl
 
 .if !defined(BIND_TOOLS_SLAVE)
 CONFLICTS+=		bind-tools-9.*
diff --git a/dns/bind910/files/extrapatch-bind-min-override-ttl b/dns/bind910/files/extrapatch-bind-min-override-ttl
new file mode 100644
index 000000000000..fa6fd7be34fe
--- /dev/null
+++ b/dns/bind910/files/extrapatch-bind-min-override-ttl
@@ -0,0 +1,78 @@
+diff -Nabdur bind-9.6.0-P1.orig/bin/named/config.c bind-9.6.0-P1/bin/named/config.c
+--- bin/named/config.c	2009-05-22 12:24:49.000000000 +0400
++++ bin/named/config.c	2009-05-22 12:31:35.000000000 +0400
+@@ -129,6 +129,8 @@
+ 	min-roots 2;\n\
+ 	lame-ttl 600;\n\
+ 	max-ncache-ttl 10800; /* 3 hours */\n\
++       override-cache-ttl 0; /* do not override */\n\
++       min-cache-ttl 0; /* no minimal, zero is allowed */\n\
+ 	max-cache-ttl 604800; /* 1 week */\n\
+ 	transfer-format many-answers;\n\
+ 	max-cache-size 0;\n\
+diff -Nabdur bind-9.6.0-P1.orig/bin/named/server.c bind-9.6.0-P1/bin/named/server.c
+--- bin/named/server.c	2009-05-22 12:24:49.000000000 +0400
++++ bin/named/server.c	2009-05-22 12:32:18.000000000 +0400
+@@ -1727,6 +1727,16 @@
+ 		CHECK(mustbesecure(obj, view->resolver));
+ 
+ 	obj = NULL;
++	result = ns_config_get(maps, "override-cache-ttl", &obj);
++	INSIST(result == ISC_R_SUCCESS);
++	view->overridecachettl = cfg_obj_asuint32(obj);
++
++	obj = NULL;
++	result = ns_config_get(maps, "min-cache-ttl", &obj);
++	INSIST(result == ISC_R_SUCCESS);
++	view->mincachettl = cfg_obj_asuint32(obj);
++
++	obj = NULL;
+ 	result = ns_config_get(maps, "max-cache-ttl", &obj);
+ 	INSIST(result == ISC_R_SUCCESS);
+ 	view->maxcachettl = cfg_obj_asuint32(obj);
+diff -Nabdur bind-9.6.0-P1.orig/lib/dns/include/dns/view.h bind-9.6.0-P1/lib/dns/include/dns/view.h
+--- lib/dns/include/dns/view.h	2009-05-22 12:24:49.000000000 +0400
++++ lib/dns/include/dns/view.h	2009-05-22 12:29:03.000000000 +0400
+@@ -131,6 +131,8 @@
+ 	isc_boolean_t			provideixfr;
+ 	isc_boolean_t			requestnsid;
+ 	dns_ttl_t			maxcachettl;
++	dns_ttl_t			mincachettl;
++	dns_ttl_t			overridecachettl;
+ 	dns_ttl_t			maxncachettl;
+ 	in_port_t			dstport;
+ 	dns_aclenv_t			aclenv;
+diff -Nabdur bind-9.6.0-P1.orig/lib/dns/resolver.c bind-9.6.0-P1/lib/dns/resolver.c
+--- lib/dns/resolver.c	2009-05-22 12:24:49.000000000 +0400
++++ lib/dns/resolver.c	2009-05-22 12:30:41.000000000 +0400
+@@ -4054,6 +4054,18 @@
+ 		}
+ 
+ 		/*
++		 * Enforce the configure cache TTL override.
++		 */
++                if (res->view->overridecachettl)
++                        rdataset->ttl = res->view->overridecachettl;
++
++		/*
++		 * Enforce the configure minimum cache TTL.
++		 */
++                if (rdataset->ttl < res->view->mincachettl)
++                        rdataset->ttl = res->view->mincachettl;
++
++		/*
+ 		 * Enforce the configure maximum cache TTL.
+ 		 */
+ 		if (rdataset->ttl > res->view->maxcachettl)
+diff -Nabdur bind-9.6.0-P1.orig/lib/isccfg/namedconf.c bind-9.6.0-P1/lib/isccfg/namedconf.c
+--- lib/isccfg/namedconf.c	2009-05-22 12:24:49.000000000 +0400
++++ lib/isccfg/namedconf.c	2009-05-22 12:31:21.000000000 +0400
+@@ -821,6 +821,8 @@
+ 	{ "lame-ttl", &cfg_type_uint32, 0 },
+ 	{ "max-acache-size", &cfg_type_sizenodefault, 0 },
+ 	{ "max-cache-size", &cfg_type_sizenodefault, 0 },
++	{ "override-cache-ttl", &cfg_type_uint32, 0 },
++	{ "min-cache-ttl", &cfg_type_uint32, 0 },
+ 	{ "max-cache-ttl", &cfg_type_uint32, 0 },
+ 	{ "max-clients-per-query", &cfg_type_uint32, 0 },
+ 	{ "max-ncache-ttl", &cfg_type_uint32, 0 },
diff --git a/dns/bind99/Makefile b/dns/bind99/Makefile
index 044e443b1113..94b179ecfa9b 100644
--- a/dns/bind99/Makefile
+++ b/dns/bind99/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	bind
 PORTVERSION=	${ISCVERSION:S/-P/P/}
-PORTREVISION=	0
+PORTREVISION=	1
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	ISC/bind9/${ISCVERSION}
 PKGNAMESUFFIX=	99
@@ -43,7 +43,7 @@ SUB_FILES=	pkg-message
 
 OPTIONS_DEFAULT=	IPV6 SSL THREADS SIGCHASE IDN GSSAPI_NONE RRL
 OPTIONS_DEFINE=		SSL IDN REPLACE_BASE LARGE_FILE FIXED_RRSET SIGCHASE \
-			IPV6 THREADS FILTER_AAAA GOST PYTHON START_LATE \
+			IPV6 THREADS FILTER_AAAA GOST PYTHON START_LATE MINCACHE \
 			LINKS RPZ_NSIP RPZ_NSDNAME RRL DOCS RPZ_PATCH NEWSTATS
 OPTIONS_GROUP=		DLZ
 OPTIONS_GROUP_DLZ=	DLZ_POSTGRESQL DLZ_MYSQL DLZ_BDB \
@@ -62,6 +62,7 @@ FILTER_AAAA_DESC=	Enable filtering of AAAA records
 GOST_DESC=		Enable GOST ciphers, needs SSL (see help on 8 and 9)
 PYTHON_DESC=		Build with Python utilities
 START_LATE_DESC=	Start BIND late in the boot process
+MINCACHE_DESC=		Use the mincachettl patch
 
 LINKS_DESC=		Create conf file symlinks in ${PREFIX}
 NEWSTATS_DESC=		Enable alternate xml statistics channel format
@@ -80,6 +81,7 @@ GSSAPI_BASE_DESC=	${GSSAPI_DESC} (Heimdal in base)
 GSSAPI_HEIMDAL_DESC=	${GSSAPI_DESC} (security/heimdal)
 GSSAPI_MIT_DESC=	${GSSAPI_DESC} (security/krb5)
 GSSAPI_NONE_DESC=	No ${GSSAPI_DESC}
+MINCACHE_EXTRA_PATCHES=	${FILESDIR}/extrapatch-bind-min-override-ttl
 
 SSL_CONFIGURE_ON=	--with-openssl=${OPENSSLBASE}
 SSL_USE=		openssl=yes
diff --git a/dns/bind99/files/extrapatch-bind-min-override-ttl b/dns/bind99/files/extrapatch-bind-min-override-ttl
new file mode 100644
index 000000000000..fa6fd7be34fe
--- /dev/null
+++ b/dns/bind99/files/extrapatch-bind-min-override-ttl
@@ -0,0 +1,78 @@
+diff -Nabdur bind-9.6.0-P1.orig/bin/named/config.c bind-9.6.0-P1/bin/named/config.c
+--- bin/named/config.c	2009-05-22 12:24:49.000000000 +0400
++++ bin/named/config.c	2009-05-22 12:31:35.000000000 +0400
+@@ -129,6 +129,8 @@
+ 	min-roots 2;\n\
+ 	lame-ttl 600;\n\
+ 	max-ncache-ttl 10800; /* 3 hours */\n\
++       override-cache-ttl 0; /* do not override */\n\
++       min-cache-ttl 0; /* no minimal, zero is allowed */\n\
+ 	max-cache-ttl 604800; /* 1 week */\n\
+ 	transfer-format many-answers;\n\
+ 	max-cache-size 0;\n\
+diff -Nabdur bind-9.6.0-P1.orig/bin/named/server.c bind-9.6.0-P1/bin/named/server.c
+--- bin/named/server.c	2009-05-22 12:24:49.000000000 +0400
++++ bin/named/server.c	2009-05-22 12:32:18.000000000 +0400
+@@ -1727,6 +1727,16 @@
+ 		CHECK(mustbesecure(obj, view->resolver));
+ 
+ 	obj = NULL;
++	result = ns_config_get(maps, "override-cache-ttl", &obj);
++	INSIST(result == ISC_R_SUCCESS);
++	view->overridecachettl = cfg_obj_asuint32(obj);
++
++	obj = NULL;
++	result = ns_config_get(maps, "min-cache-ttl", &obj);
++	INSIST(result == ISC_R_SUCCESS);
++	view->mincachettl = cfg_obj_asuint32(obj);
++
++	obj = NULL;
+ 	result = ns_config_get(maps, "max-cache-ttl", &obj);
+ 	INSIST(result == ISC_R_SUCCESS);
+ 	view->maxcachettl = cfg_obj_asuint32(obj);
+diff -Nabdur bind-9.6.0-P1.orig/lib/dns/include/dns/view.h bind-9.6.0-P1/lib/dns/include/dns/view.h
+--- lib/dns/include/dns/view.h	2009-05-22 12:24:49.000000000 +0400
++++ lib/dns/include/dns/view.h	2009-05-22 12:29:03.000000000 +0400
+@@ -131,6 +131,8 @@
+ 	isc_boolean_t			provideixfr;
+ 	isc_boolean_t			requestnsid;
+ 	dns_ttl_t			maxcachettl;
++	dns_ttl_t			mincachettl;
++	dns_ttl_t			overridecachettl;
+ 	dns_ttl_t			maxncachettl;
+ 	in_port_t			dstport;
+ 	dns_aclenv_t			aclenv;
+diff -Nabdur bind-9.6.0-P1.orig/lib/dns/resolver.c bind-9.6.0-P1/lib/dns/resolver.c
+--- lib/dns/resolver.c	2009-05-22 12:24:49.000000000 +0400
++++ lib/dns/resolver.c	2009-05-22 12:30:41.000000000 +0400
+@@ -4054,6 +4054,18 @@
+ 		}
+ 
+ 		/*
++		 * Enforce the configure cache TTL override.
++		 */
++                if (res->view->overridecachettl)
++                        rdataset->ttl = res->view->overridecachettl;
++
++		/*
++		 * Enforce the configure minimum cache TTL.
++		 */
++                if (rdataset->ttl < res->view->mincachettl)
++                        rdataset->ttl = res->view->mincachettl;
++
++		/*
+ 		 * Enforce the configure maximum cache TTL.
+ 		 */
+ 		if (rdataset->ttl > res->view->maxcachettl)
+diff -Nabdur bind-9.6.0-P1.orig/lib/isccfg/namedconf.c bind-9.6.0-P1/lib/isccfg/namedconf.c
+--- lib/isccfg/namedconf.c	2009-05-22 12:24:49.000000000 +0400
++++ lib/isccfg/namedconf.c	2009-05-22 12:31:21.000000000 +0400
+@@ -821,6 +821,8 @@
+ 	{ "lame-ttl", &cfg_type_uint32, 0 },
+ 	{ "max-acache-size", &cfg_type_sizenodefault, 0 },
+ 	{ "max-cache-size", &cfg_type_sizenodefault, 0 },
++	{ "override-cache-ttl", &cfg_type_uint32, 0 },
++	{ "min-cache-ttl", &cfg_type_uint32, 0 },
+ 	{ "max-cache-ttl", &cfg_type_uint32, 0 },
+ 	{ "max-clients-per-query", &cfg_type_uint32, 0 },
+ 	{ "max-ncache-ttl", &cfg_type_uint32, 0 },