Introduce BIND 9.10.0rc1

BIND 9.10 includes a number of changes from earlier releases, including: - DNS Response-rate limiting (DNS RRL) - A new "prefetch" option can improve recursive resolver performance - ACLs can now be specified based on geographic location using the MaxMind GeoIP databases. - A new compile-time option, NATIVE_PKCS11 allows the BIND 9 cryptography functions to use the PKCS#11 API natively. *NOTE* This is a release candidate, it may contain bugs. *NOTE* Changes: https://lists.isc.org/pipermail/bind-announce/2014-April/000906.html Sponsored by: Absolight
svn path=/head/; revision=350819
2014-04-10 16:01:27 +00:00 · 2014-04-10 16:01:27 +00:00 · 93a3b5d186 · 2021-03-31 03:12:20 +00:00
commit 93a3b5d186
parent 0cfc5d7ce7
19 changed files with 1508 additions and 0 deletions
--- a/dns/Makefile
+++ b/dns/Makefile
@ -9,6 +9,7 @@
    SUBDIR += autotrust
    SUBDIR += bind-tools
    SUBDIR += bind10
+    SUBDIR += bind910
    SUBDIR += bind98
    SUBDIR += bind99
    SUBDIR += bindgraph
--- a/dns/bind910/Makefile
+++ b/dns/bind910/Makefile
@ -0,0 +1,230 @@
+# $FreeBSD$
+
+PORTNAME=	bind
+PORTVERSION=	9.10.0rc1
+CATEGORIES=	dns net ipv6
+MASTER_SITES=	${MASTER_SITE_ISC}
+MASTER_SITE_SUBDIR=	bind9/${ISCVERSION}
+PKGNAMESUFFIX=	910
+DISTNAME=	${PORTNAME}-${ISCVERSION}
+
+MAINTAINER=	mat@FreeBSD.org
+COMMENT=	BIND DNS suite with updated DNSSEC and DNS64
+
+LICENSE=	ISCL
+
+# ISC releases things like 9.8.0-P1, which our versioning doesn't like
+ISCVERSION=	9.10.0rc1
+
+MAKE_JOBS_UNSAFE=	yes
+
+LIB_DEPENDS=	libxml2.so:${PORTSDIR}/textproc/libxml2
+
+GNU_CONFIGURE=	yes
+CONFIGURE_ARGS=	--localstatedir=/var --disable-linux-caps \
+		--disable-symtable \
+		--with-randomdev=/dev/random \
+		--with-libxml2=${LOCALBASE} \
+		--without-python
+ETCDIR=		${PREFIX}/etc/namedb
+
+CONFLICTS=	bind9*-9.[456789].* bind9*-sdb-9.[456789].* bind-tools-9.*
+
+OPTIONS_SUB=	yes
+OPTIONS_DEFAULT=	IPV6 SSL THREADS SIGCHASE IDN
+OPTIONS_DEFINE=		IDN REPLACE_BASE LARGE_FILE \
+			FIXED_RRSET SIGCHASE IPV6 THREADS GSSAPI FILTER_AAAA
+OPTIONS_RADIO=	CRYPTO
+OPTIONS_RADIO_CRYPTO=	SSL NATIVE_PKCS11
+
+.if !defined(BIND_TOOLS_SLAVE)
+OPTIONS_DEFAULT+=	RRL
+OPTIONS_DEFINE+=	LINKS RPZ_NSIP RPZ_NSDNAME RRL DOCS NEWSTATS GEOIP
+OPTIONS_GROUP=		DLZ
+OPTIONS_GROUP_DLZ=	DLZ_POSTGRESQL DLZ_MYSQL DLZ_BDB \
+			DLZ_LDAP DLZ_FILESYSTEM DLZ_STUB
+.endif	# BIND_TOOLS_SLAVE
+
+SSL_DESC=		Build with OpenSSL (Required for DNSSEC)
+REPLACE_BASE_DESC=	Replace base BIND (FreeBSD 9.x and earlier)
+LARGE_FILE_DESC=	64-bit file support
+FIXED_RRSET_DESC=	Enable fixed rrset ordering
+SIGCHASE_DESC=		dig/host/nslookup will do DNSSEC validation
+FILTER_AAAA_DESC=	Enable filtering of AAAA records
+CRYPTO_DESC=		Choose which crypto engine to use
+NATIVE_PKCS11_DESC=	Use PKCS\#11 native API (**READ HELP**)
+GEOIP_DESC=		Allow geographically based ACL.
+
+LINKS_DESC=		Create conf file symlinks in ${PREFIX}
+NEWSTATS_DESC=		Enable alternate xml statistics channel format
+RPZ_NSIP_DESC=		Enable RPZ NSIP trigger rules
+RPZ_NSDNAME_DESC=	Enable RPZ NSDNAME policy records
+RRL_DESC=		Response Rate Limiting
+DLZ_DESC=		Dynamically Loadable Zones
+DLZ_POSTGRESQL_DESC=	DLZ Postgres driver
+DLZ_MYSQL_DESC=		DLZ MySQL driver (no threading)
+DLZ_BDB_DESC=		DLZ BDB driver
+DLZ_LDAP_DESC=		DLZ LDAP driver
+DLZ_FILESYSTEM_DESC=	DLZ filesystem driver
+DLZ_STUB_DESC=		DLZ stub driver
+
+.if !defined(BIND_TOOLS_SLAVE)
+CONFLICTS+=		bind-tools-9.*
+.endif	# BIND_TOOLS_SLAVE
+
+SSL_CONFIGURE_ON=	--with-openssl=${OPENSSLBASE}
+SSL_USE=		openssl=yes
+SSL_CONFIGURE_OFF=	--disable-openssl-version-check --without-openssl
+
+NEWSTATS_CONFIGURE_ENABLE=	newstats
+
+IDN_USES=		iconv
+IDN_CONFIGURE_ON=	--with-idn=${LOCALBASE} ${ICONV_CONFIGURE_BASE}
+IDN_LIB_DEPENDS=	libidnkit.so:${PORTSDIR}/dns/idnkit
+IDN_CONFIGURE_OFF=	--without-idn
+
+LARGE_FILE_CONFIGURE_ENABLE=	largefile
+
+SIGCHASE_CONFIGURE_ON=	STD_CDEFINES="-DDIG_SIGCHASE=1"
+
+IPV6_CONFIGURE_ENABLE=	ipv6
+
+FILTER_AAAA_CONFIGURE_ENABLE=	filter-aaaa
+
+NATIVE_PKCS11_CONFIGURE_ENABLE=	native-pkcs11
+
+GEOIP_CONFIGURE_WITH=	geoip
+GEOIP_LIB_DEPENDS=	libGeoIP.so:${PORTSDIR}/net/GeoIP
+
+DLZ_POSTGRESQL_CONFIGURE_ON=	--with-dlz-postgres=yes
+DLZ_POSTGRESQL_USE=		pgsql=yes
+
+FIXED_RRSET_CONFIGURE_ENABLE=	fixed-rrset
+
+RPZ_NSIP_CONFIGURE_ENABLE=	rpz-nsip
+
+RPZ_NSDNAME_CONFIGURE_ENABLE=	rpz-nsdname
+
+RRL_CONFIGURE_ENABLE=	rrl
+
+DLZ_MYSQL_CONFIGURE_ON=	--with-dlz-mysql=yes
+DLZ_MYSQL_USE=		mysql=yes
+
+DLZ_BDB_CONFIGURE_ON=	--with-dlz-bdb=yes
+DLZ_BDB_USE=		bdb=yes
+
+DLZ_LDAP_CONFIGURE_ON=	--with-dlz-ldap=yes
+DLZ_LDAP_USE=		openldap=yes
+
+DLZ_FILESYSTEM_CONFIGURE_ON=	--with-dlz-filesystem=yes
+
+DLZ_STUB_CONFIGURE_ON=	--with-dlz-stub=yes
+
+.if defined(HEIMDAL_HOME)
+GSSAPI_CONFIGURE_ON=	--with-gssapi=${HEIMDAL_HOME}
+GSSAPI_CONFIGURE_OFF=	--without-gssapi
+.else
+GSSAPI_CONFIGURE_WITH=	gssapi
+.endif
+
+.include <bsd.port.options.mk>
+
+.if (${ARCH} == "amd64")
+ARCH=		x86_64
+.endif
+
+.if !${PORT_OPTIONS:MLINKS} || ${PORT_OPTIONS:MREPLACE_BASE}
+PKGINSTALL=${NONEXISTENT}
+.endif
+
+.if ${PORT_OPTIONS:MTHREADS} && !${PORT_OPTIONS:MDLZ_MYSQL}
+CONFIGURE_ARGS+=	--enable-threads
+.else
+CONFIGURE_ARGS+=	--disable-threads
+.endif
+
+.if ${PORT_OPTIONS:MREPLACE_BASE}
+.if ${OPSYS} == FreeBSD && ${OSVERSION} >= 1000100
+IGNORE=		REPLACE_BASE option is not supported on this release
+.endif
+PKGNAMESUFFIX=	-base
+PREFIX=		/usr
+PLIST_SUB+=	SHARE_MAN="share/"
+NO_MTREE=	yes
+BIND_DESTETC=	/etc/namedb
+.else
+PLIST_SUB+=	SHARE_MAN=""
+.if ${OPSYS} == FreeBSD && ${OSVERSION} >= 1000100
+BIND_DESTETC=	${PREFIX}/etc/namedb
+PKGINSTALL=	${NONEXISTENT}
+.else
+BIND_DESTETC=	${PREFIX}/etc
+.endif
+.endif
+
+PKGDEINSTALL=	${PKGINSTALL}
+
+CONFIGURE_ARGS+=	--prefix=${PREFIX} \
+			--sysconfdir=${BIND_DESTETC}
+PLIST_SUB+=	BIND_DESTETC="${BIND_DESTETC}"
+SUB_LIST+=	BIND_DESTETC="${BIND_DESTETC}"
+
+.if ${OPSYS} == FreeBSD && ${OSVERSION} >= 1000100
+PLIST_SUB+=	NOBASE="" BASE="@comment "
+USE_RC_SUBR+=	named
+SUB_FILES+=	named.conf
+.else
+PLIST_SUB+=	NOBASE="@comment " BASE=""
+.if ${PORT_OPTIONS:MSSL}
+WITH_OPENSSL_PORT=	yes
+.endif
+.endif
+
+.if !defined(BIND_TOOLS_SLAVE)
+post-patch:
+.for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.1 \
+	rndc/rndc.8
+	@${MV} ${WRKSRC}/bin/${FILE} ${WRKSRC}/bin/${FILE}.Dist
+	@${SED} -e 's#/etc/named.conf#${BIND_DESTETC}/named.conf#g' \
+		-e 's#/etc/rndc.conf#${BIND_DESTETC}/rndc.conf#g' \
+		-e "s#/var\/run\/named\/named.pid#/var/run/named/pid#" \
+		${WRKSRC}/bin/${FILE}.Dist > ${WRKSRC}/bin/${FILE}
+.endfor
+	@${MV} ${WRKSRC}/Makefile.in ${WRKSRC}/Makefile.in.Dist
+	@${SED} -e 's#.*bind\.keys.*##' ${WRKSRC}/Makefile.in.Dist > \
+		${WRKSRC}/Makefile.in
+	@${MV} ${WRKSRC}/bin/named/Makefile.in ${WRKSRC}/bin/named/Makefile.in.Dist
+	@${SED} -e 's/$${PERL}/#/' -e 's/bind.keys.h/#/g' -e 's/bind9.xsl.h/#/g' \
+		${WRKSRC}/bin/named/Makefile.in.Dist > \
+		${WRKSRC}/bin/named/Makefile.in
+
+.if ${PORT_OPTIONS:MDOCS}
+PORTDOCS=	*
+.endif
+post-install:
+.if ${PORT_OPTIONS:MDOCS}
+	${MKDIR} ${STAGEDIR}${DOCSDIR}/arm ${STAGEDIR}${DOCSDIR}/misc
+	${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm
+	${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR}
+	${INSTALL_DATA} ${WRKSRC}/doc/misc/[a-z]* ${STAGEDIR}${DOCSDIR}/misc
+	${INSTALL_DATA} ${WRKSRC}/CHANGES ${WRKSRC}/COPYRIGHT ${WRKSRC}/FAQ \
+		${WRKSRC}/HISTORY ${WRKSRC}/README ${STAGEDIR}${DOCSDIR}
+.endif
+
+.if ${OPSYS} == FreeBSD && ${OSVERSION} >= 1000100
+	${MKDIR} ${STAGEDIR}${BIND_DESTETC}
+.for i in dynamic master slave working
+	@${MKDIR} ${STAGEDIR}${BIND_DESTETC}/$i
+.endfor
+	${INSTALL_DATA} ${WRKDIR}/named.conf ${STAGEDIR}${BIND_DESTETC}/named.conf.sample
+	${INSTALL_DATA} ${FILESDIR}/named.root ${STAGEDIR}${BIND_DESTETC}
+	${INSTALL_DATA} ${FILESDIR}/empty.db ${STAGEDIR}${BIND_DESTETC}/master
+	${INSTALL_DATA} ${FILESDIR}/localhost-forward.db ${STAGEDIR}${BIND_DESTETC}/master
+	${INSTALL_DATA} ${FILESDIR}/localhost-reverse.db ${STAGEDIR}${BIND_DESTETC}/master
+.endif
+	${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \
+		${STAGEDIR}${BIND_DESTETC}/rndc.conf.sample
+
+.endif	# BIND_TOOLS_SLAVE
+
+.include <bsd.port.mk>
--- a/dns/bind910/distinfo
+++ b/dns/bind910/distinfo
@ -0,0 +1,2 @@
+SHA256 (bind-9.10.0rc1.tar.gz) = a529d80d4ea474440f079a4f7407e37407387fcf06b81a534ebc9fb8d1c6019a
+SIZE (bind-9.10.0rc1.tar.gz) = 8285665
--- a/dns/bind910/files/empty.db
+++ b/dns/bind910/files/empty.db
@ -0,0 +1,11 @@
+
+; $FreeBSD$
+
+$TTL 3h
+@ SOA @ nobody.localhost. 42 1d 12h 1w 3h
+	; Serial, Refresh, Retry, Expire, Neg. cache TTL
+
+@	NS	@
+
+; Silence a BIND warning
+@	A	127.0.0.1
--- a/dns/bind910/files/localhost-forward.db
+++ b/dns/bind910/files/localhost-forward.db
@ -0,0 +1,11 @@
+
+; $FreeBSD$
+
+$TTL 3h
+localhost. SOA localhost. nobody.localhost. 42 1d 12h 1w 3h
+	; Serial, Refresh, Retry, Expire, Neg. cache TTL
+
+	NS	localhost.
+
+	A	127.0.0.1
+	AAAA	::1
--- a/dns/bind910/files/localhost-reverse.db
+++ b/dns/bind910/files/localhost-reverse.db
@ -0,0 +1,13 @@
+
+; $FreeBSD$
+
+$TTL 3h
+@ SOA localhost. nobody.localhost. 42 1d 12h 1w 3h
+	; Serial, Refresh, Retry, Expire, Neg. cache TTL
+
+	NS	localhost.
+
+1.0.0	PTR	localhost.
+
+1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR localhost.
+
--- a/dns/bind910/files/named.conf.in
+++ b/dns/bind910/files/named.conf.in
@ -0,0 +1,360 @@
+// $FreeBSD$
+//
+// Refer to the named.conf(5) and named(8) man pages, and the documentation
+// in /usr/share/doc/bind9 for more details.
+//
+// If you are going to set up an authoritative server, make sure you
+// understand the hairy details of how DNS works.  Even with
+// simple mistakes, you can break connectivity for affected parties,
+// or cause huge amounts of useless Internet traffic.
+
+options {
+	// All file and path names are relative to the chroot directory,
+	// if any, and should be fully qualified.
+	directory	"%%BIND_DESTETC%%/working";
+	pid-file	"/var/run/named/pid";
+	dump-file	"/var/dump/named_dump.db";
+	statistics-file	"/var/stats/named.stats";
+
+// If named is being used only as a local resolver, this is a safe default.
+// For named to be accessible to the network, comment this option, specify
+// the proper IP address, or delete this option.
+	listen-on	{ 127.0.0.1; };
+
+// If you have IPv6 enabled on this system, uncomment this option for
+// use as a local resolver.  To give access to the network, specify
+// an IPv6 address, or the keyword "any".
+//	listen-on-v6	{ ::1; };
+
+// These zones are already covered by the empty zones listed below.
+// If you remove the related empty zones below, comment these lines out.
+	disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
+	disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
+	disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
+
+// If you've got a DNS server around at your upstream provider, enter
+// its IP address here, and enable the line below.  This will make you
+// benefit from its cache, thus reduce overall DNS traffic in the Internet.
+/*
+	forwarders {
+		127.0.0.1;
+	};
+*/
+
+// If the 'forwarders' clause is not empty the default is to 'forward first'
+// which will fall back to sending a query from your local server if the name
+// servers in 'forwarders' do not have the answer.  Alternatively you can
+// force your name server to never initiate queries of its own by enabling the
+// following line:
+//	forward only;
+
+// If you wish to have forwarding configured automatically based on
+// the entries in /etc/resolv.conf, uncomment the following line and
+// set named_auto_forward=yes in /etc/rc.conf.  You can also enable
+// named_auto_forward_only (the effect of which is described above).
+//	include "/etc/namedb/auto_forward.conf";
+
+	/*
+	   Modern versions of BIND use a random UDP port for each outgoing
+	   query by default in order to dramatically reduce the possibility
+	   of cache poisoning.  All users are strongly encouraged to utilize
+	   this feature, and to configure their firewalls to accommodate it.
+
+	   AS A LAST RESORT in order to get around a restrictive firewall
+	   policy you can try enabling the option below.  Use of this option
+	   will significantly reduce your ability to withstand cache poisoning
+	   attacks, and should be avoided if at all possible.
+
+	   Replace NNNNN in the example with a number between 49160 and 65530.
+	*/
+	// query-source address * port NNNNN;
+};
+
+// If you enable a local name server, don't forget to enter 127.0.0.1
+// first in your /etc/resolv.conf so this server will be queried.
+// Also, make sure to enable it in /etc/rc.conf.
+
+// The traditional root hints mechanism. Use this, OR the slave zones below.
+zone "." { type hint; file "%%BIND_DESTETC%%/named.root"; };
+
+/*	Slaving the following zones from the root name servers has some
+	significant advantages:
+	1. Faster local resolution for your users
+	2. No spurious traffic will be sent from your network to the roots
+	3. Greater resilience to any potential root server failure/DDoS
+
+	On the other hand, this method requires more monitoring than the
+	hints file to be sure that an unexpected failure mode has not
+	incapacitated your server.  Name servers that are serving a lot
+	of clients will benefit more from this approach than individual
+	hosts.  Use with caution.
+
+	To use this mechanism, uncomment the entries below, and comment
+	the hint zone above.
+
+	As documented at http://dns.icann.org/services/axfr/ these zones:
+	"." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and ROOT-SERVERS.NET
+	are available for AXFR from these servers on IPv4 and IPv6:
+	xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org
+*/
+/*
+zone "." {
+	type slave;
+	file "/etc/namedb/slave/root.slave";
+	masters {
+		192.5.5.241;	// F.ROOT-SERVERS.NET.
+	};
+	notify no;
+};
+zone "arpa" {
+	type slave;
+	file "/etc/namedb/slave/arpa.slave";
+	masters {
+		192.5.5.241;	// F.ROOT-SERVERS.NET.
+	};
+	notify no;
+};
+*/
+
+/*	Serving the following zones locally will prevent any queries
+	for these zones leaving your network and going to the root
+	name servers.  This has two significant advantages:
+	1. Faster local resolution for your users
+	2. No spurious traffic will be sent from your network to the roots
+*/
+// RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)
+zone "localhost"	{ type master; file "%%BIND_DESTETC%%/master/localhost-forward.db"; };
+zone "127.in-addr.arpa"	{ type master; file "%%BIND_DESTETC%%/master/localhost-reverse.db"; };
+zone "255.in-addr.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+
+// RFC 1912-style zone for IPv6 localhost address (RFC 6303)
+zone "0.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/localhost-reverse.db"; };
+
+// "This" Network (RFCs 1912, 5735 and 6303)
+zone "0.in-addr.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+
+// Private Use Networks (RFCs 1918, 5735 and 6303)
+zone "10.in-addr.arpa"	   { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "16.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "17.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "18.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "19.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "20.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "21.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "22.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "23.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "24.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "25.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "26.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "27.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "28.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "29.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "30.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "31.172.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "168.192.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+
+// Shared Address Space (RFC 6598)
+zone "64.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "65.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "66.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "67.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "68.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "69.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "70.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "71.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "72.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "73.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "74.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "75.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "76.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "77.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "78.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "79.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "80.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "81.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "82.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "83.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "84.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "85.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "86.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "87.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "88.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "89.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "90.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "91.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "92.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "93.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "94.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "95.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "96.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "97.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "98.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "99.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "100.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "101.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "102.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "103.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "104.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "105.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "106.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "107.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "108.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "109.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "110.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "111.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "112.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "113.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "114.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "115.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "116.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "117.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "118.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "119.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "120.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "121.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "122.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "123.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "124.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "125.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "126.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "127.100.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+
+// Link-local/APIPA (RFCs 3927, 5735 and 6303)
+zone "254.169.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+
+// IETF protocol assignments (RFCs 5735 and 5736)
+zone "0.0.192.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+
+// TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303)
+zone "2.0.192.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "100.51.198.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "113.0.203.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+
+// IPv6 Example Range for Documentation (RFCs 3849 and 6303)
+zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+
+// Domain Names for Documentation and Testing (BCP 32)
+zone "test" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "example" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "invalid" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "example.com" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "example.net" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "example.org" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+
+// Router Benchmark Testing (RFCs 2544 and 5735)
+zone "18.198.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "19.198.in-addr.arpa" { type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+
+// IANA Reserved - Old Class E Space (RFC 5735)
+zone "240.in-addr.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "241.in-addr.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "242.in-addr.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "243.in-addr.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "244.in-addr.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "245.in-addr.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "246.in-addr.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "247.in-addr.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "248.in-addr.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "249.in-addr.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "250.in-addr.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "251.in-addr.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "252.in-addr.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "253.in-addr.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "254.in-addr.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+
+// IPv6 Unassigned Addresses (RFC 4291)
+zone "1.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "3.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "4.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "5.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "6.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "7.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "8.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "9.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "a.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "b.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "c.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "d.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "e.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "0.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "1.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "2.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "3.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "4.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "5.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "6.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "7.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "8.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "9.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "a.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "b.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "0.e.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "1.e.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "2.e.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "3.e.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "4.e.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "5.e.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "6.e.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "7.e.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+
+// IPv6 ULA (RFCs 4193 and 6303)
+zone "c.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "d.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+
+// IPv6 Link Local (RFCs 4291 and 6303)
+zone "8.e.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "9.e.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "a.e.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "b.e.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+
+// IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303)
+zone "c.e.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "d.e.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "e.e.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+zone "f.e.f.ip6.arpa"	{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+
+// IP6.INT is Deprecated (RFC 4159)
+zone "ip6.int"		{ type master; file "%%BIND_DESTETC%%/master/empty.db"; };
+
+// NB: Do not use the IP addresses below, they are faked, and only
+// serve demonstration/documentation purposes!
+//
+// Example slave zone config entries.  It can be convenient to become
+// a slave at least for the zone your own domain is in.  Ask
+// your network administrator for the IP address of the responsible
+// master name server.
+//
+// Do not forget to include the reverse lookup zone!
+// This is named after the first bytes of the IP address, in reverse
+// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6.
+//
+// Before starting to set up a master zone, make sure you fully
+// understand how DNS and BIND work.  There are sometimes
+// non-obvious pitfalls.  Setting up a slave zone is usually simpler.
+//
+// NB: Don't blindly enable the examples below. :-)  Use actual names
+// and addresses instead.
+
+/* An example dynamic zone
+key "exampleorgkey" {
+	algorithm hmac-md5;
+	secret "sf87HJqjkqh8ac87a02lla==";
+};
+zone "example.org" {
+	type master;
+	allow-update {
+		key "exampleorgkey";
+	};
+	file "/etc/namedb/dynamic/example.org";
+};
+*/
+
+/* Example of a slave reverse zone
+zone "1.168.192.in-addr.arpa" {
+	type slave;
+	file "/etc/namedb/slave/1.168.192.in-addr.arpa";
+	masters {
+		192.168.1.1;
+	};
+};
+*/
--- a/dns/bind910/files/named.in
+++ b/dns/bind910/files/named.in
@ -0,0 +1,206 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: named
+# REQUIRE: FILESYSTEMS defaultroute
+# BEFORE: NETWORKING
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name=named
+rcvar=named_enable
+
+load_rc_config $name
+
+extra_commands=reload
+
+start_precmd=named_prestart
+start_postcmd=named_poststart
+reload_cmd="${command%/named}/rndc reload"
+stop_cmd=named_stop
+
+named_enable=${named_enable:-"NO"}		# Run named, the DNS server (or NO).
+named_program=${named_program:-"%%PREFIX%%/sbin/named"}	# Path to named, if you want a different one.
+named_conf=${named_conf:-"%%BIND_DESTETC%%/named.conf"}	# Path to the configuration file
+named_flags=${named_flags:-""}			# Use this for flags OTHER than -u and -c
+named_uid=${named_uid:-"bind"}			# User to run named as
+named_wait=${named_wait:-"NO"}			# Wait for working name service before exiting
+named_wait_host=${named_wait_host:-"localhost"}	# Hostname to check if named_wait is enabled
+named_auto_forward=${named_auto_forward:-"NO"}	# Set up forwarders from /etc/resolv.conf
+named_auto_forward_only=${named_auto_forward_only:-"NO"}	# Do "forward only" instead of "forward first"
+%%NATIVE_PKCS11%%named_pkcs11_engine=${named_pkcs11_engine:-""}	# Path to the PKCS#11 library to use.
+named_confdir="${named_conf%/*}" 		# Not a configuration directive but makes rclint happy.
+
+named_poststart()
+{
+	if checkyesno named_wait; then
+		until ${command%/sbin/named}/bin/host $named_wait_host >/dev/null 2>&1; do
+			echo "	Waiting for nameserver to resolve $named_wait_host"
+			sleep 1
+		done
+	fi
+}
+
+find_pidfile()
+{
+	if get_pidfile_from_conf pid-file $named_conf; then
+		pidfile="$_pidfile_from_conf"
+	else
+		pidfile="/var/run/named/pid"
+	fi
+}
+
+named_stop()
+{
+	find_pidfile
+
+	# This duplicates an undesirably large amount of code from the stop
+	# routine in rc.subr in order to use rndc to shut down the process,
+	# and to give it a second chance in case rndc fails.
+	rc_pid=$(check_pidfile $pidfile $command)
+	if [ -z "$rc_pid" ]; then
+		[ -n "$rc_fast" ] && return 0
+		_run_rc_notrunning
+		return 1
+	fi
+	echo 'Stopping named.'
+	if ${command%/named}/rndc stop 2>/dev/null; then
+		wait_for_pids $rc_pid
+	else
+		echo -n 'rndc failed, trying kill: '
+		kill -TERM $rc_pid
+		wait_for_pids $rc_pid
+  	fi
+}
+
+create_file()
+{
+	if [ -e "$1" ]; then
+		unlink $1
+	fi
+	install -o root -g wheel -m 0644 /dev/null $1
+}
+
+named_prestart()
+{
+	find_pidfile
+
+	if [ -n "$named_pidfile" ]; then
+		warn 'named_pidfile: now determined from the conf file'
+	fi
+
+	echo ${pidfile%/pid}
+	if [ ! -d ${pidfile%/pid} ]; then
+		install -d -o ${named_uid} -g ${named_uid} ${pidfile%/pid}
+	fi
+
+	command_args="-u ${named_uid:=root} -c $named_conf $command_args"
+
+%%NATIVE_PKCS11%%	if [ -z "$named_pkcs11_engine"]; then
+%%NATIVE_PKCS11%%	  err 3 "named_pkcs11_engine has to be set to the PKCS#11 engine's library you want to use"
+%%NATIVE_PKCS11%%	elif [ ! -f $named_pkcs11_engine ]; then
+%%NATIVE_PKCS11%%	  err 3 "named_pkcs11_engine the PKCS#11 engine's library you want to use doesn't exist"
+%%NATIVE_PKCS11%%	else
+%%NATIVE_PKCS11%%	  command_args="-E $named_pkcs11_engine $command_args"
+%%NATIVE_PKCS11%%	fi
+%%NATIVE_PKCS11%%
+	local line nsip firstns
+
+	# Create an rndc.key file for the user if none exists
+	#
+	confgen_command="${command%/named}/rndc-confgen -a -b256 -u $named_uid \
+	    -c ${named_confdir}/rndc.key"
+	if [ -s "${named_confdir}/rndc.conf" ]; then
+		unset confgen_command
+	fi
+	if [ -s "${named_confdir}/rndc.key" ]; then
+		case `stat -f%Su ${named_confdir}/rndc.key` in
+		root|$named_uid) ;;
+		*) $confgen_command ;;
+		esac
+	else
+		$confgen_command
+	fi
+
+	local checkconf
+
+	checkconf="${command%/named}/named-checkconf"
+
+	# Create a forwarder configuration based on /etc/resolv.conf
+	if checkyesno named_auto_forward; then
+		if [ ! -s /etc/resolv.conf ]; then
+			warn "named_auto_forward enabled, but no /etc/resolv.conf"
+
+			# Empty the file in case it is included in named.conf
+			[ -s "${named_confdir}/auto_forward.conf" ] &&
+			    create_file ${named_confdir}/auto_forward.conf
+
+			$checkconf $named_conf ||
+			    err 3 'named-checkconf for $named_conf failed'
+			return
+		fi
+
+		create_file /var/run/naf-resolv.conf
+		create_file /var/run/auto_forward.conf
+
+		echo '	forwarders {' > /var/run/auto_forward.conf
+
+		while read line; do
+			case "$line" in
+			'nameserver '*|'nameserver	'*)
+				nsip=${line##nameserver[         ]}
+
+				if [ -z "$firstns" ]; then
+					if [ ! "$nsip" = '127.0.0.1' ]; then
+						echo 'nameserver 127.0.0.1'
+						echo "		${nsip};" >> /var/run/auto_forward.conf
+					fi
+
+					firstns=1
+				else
+					[ "$nsip" = '127.0.0.1' ] && continue
+					echo "		${nsip};" >> /var/run/auto_forward.conf
+				fi
+				;;
+			esac
+
+			echo $line
+		done < /etc/resolv.conf > /var/run/naf-resolv.conf
+
+		echo '	};' >> /var/run/auto_forward.conf
+		echo '' >> /var/run/auto_forward.conf
+		if checkyesno named_auto_forward_only; then
+			echo "	forward only;" >> /var/run/auto_forward.conf
+		else
+			echo "	forward first;" >> /var/run/auto_forward.conf
+		fi
+
+		if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then
+			unlink /var/run/naf-resolv.conf
+		else
+			[ -e /etc/resolv.conf ] && unlink /etc/resolv.conf
+			mv /var/run/naf-resolv.conf /etc/resolv.conf
+		fi
+
+		if cmp -s ${named_confdir}/auto_forward.conf \
+		    /var/run/auto_forward.conf; then
+			unlink /var/run/auto_forward.conf
+		else
+			[ -e "${named_confdir}/auto_forward.conf" ] &&
+			    unlink ${named_confdir}/auto_forward.conf
+			mv /var/run/auto_forward.conf \
+			    ${named_confdir}/auto_forward.conf
+		fi
+	else
+		# Empty the file in case it is included in named.conf
+		[ -s "${named_confdir}/auto_forward.conf" ] &&
+		    create_file ${named_confdir}/auto_forward.conf
+	fi
+
+	$checkconf $named_conf || err 3 'named-checkconf for $named_conf failed'
+}
+
+run_rc_command "$1"
--- a/dns/bind910/files/named.root
+++ b/dns/bind910/files/named.root
@ -0,0 +1,92 @@
+;
+; $FreeBSD$
+;
+
+;       This file holds the information on root name servers needed to
+;       initialize cache of Internet domain name servers
+;       (e.g. reference this file in the "cache  .  <file>"
+;       configuration file of BIND domain name servers).
+;
+;       This file is made available by InterNIC 
+;       under anonymous FTP as
+;           file                /domain/named.cache
+;           on server           FTP.INTERNIC.NET
+;       -OR-                    RS.INTERNIC.NET
+;
+;       last update:    Jan 3, 2013
+;       related version of root zone:   2013010300
+;
+; formerly NS.INTERNIC.NET
+;
+.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
+A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:BA3E::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+.                        3600000      NS    B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
+;
+; FORMERLY C.PSI.NET
+;
+.                        3600000      NS    C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
+;
+; FORMERLY TERP.UMD.EDU
+;
+.                        3600000      NS    D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
+D.ROOT-SERVERS.NET.	 3600000      AAAA  2001:500:2D::D
+;
+; FORMERLY NS.NASA.GOV
+;
+.                        3600000      NS    E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+.                        3600000      NS    F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
+F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2F::F
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+.                        3600000      NS    G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+.                        3600000      NS    H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
+H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::803F:235
+;
+; FORMERLY NIC.NORDU.NET
+;
+.                        3600000      NS    I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
+I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FE::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+.                        3600000      NS    J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
+J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:C27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+.                        3600000      NS    K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
+K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FD::1
+;
+; OPERATED BY ICANN
+;
+.                        3600000      NS    L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
+L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+.                        3600000      NS    M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
+M.ROOT-SERVERS.NET.      3600000      AAAA  2001:DC3::35
+; End of File
--- a/dns/bind910/files/patch-bindnssecMakefile.in
+++ b/dns/bind910/files/patch-bindnssecMakefile.in
@ -0,0 +1,17 @@
+--- ./bin/dnssec/Makefile.in.orig	2014-04-08 00:02:19.000000000 +0200
+++ ./bin/dnssec/Makefile.in	2014-04-10 15:49:49.000000000 +0200
+@@ -56,12 +56,12 @@
+ 
+ MANPAGES =	dnssec-dsfromkey.8 dnssec-keyfromlabel.8 dnssec-keygen.8 \
+ 		dnssec-revoke.8 dnssec-settime.8 dnssec-signzone.8 \
+-		dnssec-verify.8
+		dnssec-verify.8 dnssec-importkey.8
+ 
+ HTMLPAGES =	dnssec-dsfromkey.html dnssec-keyfromlabel.html \
+ 		dnssec-keygen.html dnssec-revoke.html \
+ 		dnssec-settime.html dnssec-signzone.html \
+-		dnssec-verify.html
+		dnssec-verify.html dnssec-importkey.html
+ 
+ MANOBJS =	${MANPAGES} ${HTMLPAGES}
+ 
--- a/dns/bind910/files/patch-bintestssystemdlzexternalMakefile.in
+++ b/dns/bind910/files/patch-bintestssystemdlzexternalMakefile.in
@ -0,0 +1,11 @@
+--- ./bin/tests/system/dlzexternal/Makefile.in.orig	2014-04-08 00:02:19.000000000 +0200
+++ ./bin/tests/system/dlzexternal/Makefile.in	2014-04-10 15:49:49.000000000 +0200
+@@ -43,7 +43,7 @@
+ @BIND9_MAKE_RULES@
+ 
+ CFLAGS =	@CFLAGS@ @SO_CFLAGS@
+-SO_LDFLAGS =	@LDFLAGS@ @SO_LDFLAGS@
+SO_LDFLAGS =	@SO_LDFLAGS@
+ 
+ dlopen@EXEEXT@: ${DLOPENOBJS}
+ 	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} \
--- a/dns/bind910/files/patch-libdnsincludednsMakefile.in
+++ b/dns/bind910/files/patch-libdnsincludednsMakefile.in
@ -0,0 +1,11 @@
+--- ./lib/dns/include/dns/Makefile.in.orig	2014-04-08 00:02:19.000000000 +0200
+++ ./lib/dns/include/dns/Makefile.in	2014-04-10 15:49:49.000000000 +0200
+@@ -28,7 +28,7 @@
+ 		ecdb.h events.h fixedname.h forward.h geoip.h iptable.h \
+ 		journal.h keydata.h keyflags.h keytable.h keyvalues.h \
+ 		lib.h lookup.h log.h master.h masterdump.h message.h \
+-		name.h nsec3.h ncache.h nsec.h opcode.h \
+		name.h ncache.h nsec.h nsec3.h opcode.h order.h \
+ 		peer.h portlist.h private.h \
+ 		rbt.h rcode.h rdata.h rdataclass.h rdatalist.h \
+ 		rdataset.h rdatasetiter.h rdataslab.h rdatatype.h request.h \
--- a/dns/bind910/files/patch-libiscincludeiscMakefile.in
+++ b/dns/bind910/files/patch-libiscincludeiscMakefile.in
@ -0,0 +1,11 @@
+--- ./lib/isc/include/isc/Makefile.in.orig	2014-04-08 00:02:19.000000000 +0200
+++ ./lib/isc/include/isc/Makefile.in	2014-04-10 15:49:49.000000000 +0200
+@@ -32,7 +32,7 @@
+ 		eventclass.h file.h formatcheck.h fsaccess.h \
+ 		hash.h heap.h hex.h hmacmd5.h hmacsha.h httpd.h \
+ 		interfaceiter.h @ISC_IPV6_H@ iterated_hash.h json.h \
+-		keyboard.h lang.h lex.h lfsr.h lib.h list.h log.h \
+		lang.h lex.h lfsr.h lib.h list.h log.h \
+ 		magic.h md5.h mem.h msgcat.h msgs.h mutexblock.h \
+ 		netaddr.h netscope.h ondestroy.h os.h parseint.h \
+ 		pool.h portset.h print.h queue.h quota.h \
--- a/dns/bind910/files/patch-libiscunixincludeisc__Makefile.in
+++ b/dns/bind910/files/patch-libiscunixincludeisc__Makefile.in
@ -0,0 +1,13 @@
+--- ./lib/isc/unix/include/isc/Makefile.in.orig	2014-04-08 00:02:19.000000000 +0200
+++ ./lib/isc/unix/include/isc/Makefile.in	2014-04-10 15:49:49.000000000 +0200
+@@ -21,8 +21,8 @@
+ 
+ @BIND9_VERSION@
+ 
+-HEADERS =	dir.h int.h net.h netdb.h offset.h stat.h stdtime.h \
+-		strerror.h syslog.h time.h
+HEADERS =	dir.h int.h keyboard.h net.h netdb.h offset.h stat.h \
+		stdtime.h strerror.h syslog.h time.h
+ 
+ SUBDIRS =
+ TARGETS =
--- a/dns/bind910/pkg-descr
+++ b/dns/bind910/pkg-descr
@ -0,0 +1,24 @@
+BIND version 9 is a major rewrite of nearly all aspects of the underlying BIND
+architecture.  Some of the important features of BIND 9 are:
+
+DNS Security: DNSSEC (signed zones), TSIG (signed DNS requests)
+IP version 6: Answers DNS queries on IPv6 sockets, IPv6 resource records (AAAA)
+     Experimental IPv6 Resolver Library
+DNS Protocol Enhancements: IXFR, DDNS, Notify, EDNS0
+     Improved standards conformance
+Views: One server process can provide multiple "views" of the DNS namespace,
+     e.g. an "inside" view to certain clients, and an "outside" view to others.
+Multiprocessor Support
+
+BIND 9.9 includes a number of changes from BIND 9.8 and earlier releases,
+including:
+	NXDOMAIN redirection
+	Improved startup and reconfiguration time, especially with large
+		numbers of authoritative zones
+	New "inline-signing" option, allows named to sign zones completely
+		transparently, including static zones
+	Many other new features, especially for DNSSEC
+
+See the CHANGES file for more information on features.
+
+WWW: https://www.isc.org/software/bind
--- a/dns/bind910/pkg-help
+++ b/dns/bind910/pkg-help
@ -0,0 +1,13 @@
+When using the NATIVE_PKCS11 option, BIND will use the PKCS#11
+engine specified by the named_pkcss11_engine variable in
+/etc/rc.conf for *all* crypto operations.
+
+This is primarily intended to be used in an authoritative
+case.
+
+If BIND will also be operating as a validating resolver,
+NATIVE_PKCS11 should not be used, because the HSM will be
+used for DNSSEC validations, and the HSM is likely to be
+slower than the CPU for this purpose.  Additionally, the HSM
+might not support all of the PKCS#11 API functions needed
+for signature verification.
--- a/dns/bind910/pkg-install
+++ b/dns/bind910/pkg-install
@ -0,0 +1,26 @@
+#!/bin/sh
+
+if [ "$2" = 'POST-INSTALL' ]
+then
+	/bin/mkdir -p /var/named${PKG_PREFIX}/etc
+fi
+
+for DIR in ${PKG_PREFIX}/etc /var/named${PKG_PREFIX}/etc; do
+	for FILE in named.conf rndc.key; do
+		if [ "$2" = 'POST-INSTALL' ]
+		then
+			/bin/ln -sf /etc/namedb/${FILE} ${DIR}/${FILE}
+		fi
+		if [ "$2" = 'POST-DEINSTALL' ]
+		then
+			[ -L ${DIR}/${FILE} ] && rm -f ${DIR}/${FILE}
+		fi
+	done
+done
+
+if [ "$2" = 'POST-DEINSTALL' ]
+then
+	cd /var/named && /bin/rmdir -p ./${PKG_PREFIX}/etc > /dev/null  2>&1 || :
+fi
+
+exit 0
--- a/dns/bind910/pkg-message
+++ b/dns/bind910/pkg-message
@ -0,0 +1,18 @@
+*************************************************************************
+*           _  _____ _____ _____ _   _ _____ ___ ___  _   _ 		*
+*	   / \|_   _|_   _| ____| \ | |_   _|_ _/ _ \| \ | |		*
+*	  / _ \ | |   | | |  _| |  \| | | |  | | | | |  \| |		*
+*	 / ___ \| |   | | | |___| |\  | | |  | | |_| | |\  |		*
+*	/_/   \_\_|   |_| |_____|_| \_| |_| |___\___/|_| \_|		*
+*									*
+*	If you are running BIND 9 in a chroot environment, make		*
+*	sure that there is a /dev/random device	in the chroot.		*
+*									*
+*	BIND 9 also requires configuration of rndc, including a		*
+*	"secret" key.  The easiest, and most secure way to configure	*
+*	rndc is to run 'rndc-confgen -a' to generate the proper	conf	*
+*	file, with a new random key, and appropriate file permissions.	*
+*									*
+*	The /etc/rc.d/named script in the base will do both for you.    *
+*									*
+*************************************************************************
--- a/dns/bind910/pkg-plist
+++ b/dns/bind910/pkg-plist
@ -0,0 +1,438 @@
+bin/bind9-config
+bin/delve
+bin/dig
+bin/host
+bin/isc-config.sh
+bin/nslookup
+bin/nsupdate
+include/bind9/check.h
+include/bind9/getaddresses.h
+include/bind9/version.h
+include/dns/acache.h
+include/dns/acl.h
+include/dns/adb.h
+include/dns/bit.h
+include/dns/byaddr.h
+include/dns/cache.h
+include/dns/callbacks.h
+include/dns/cert.h
+include/dns/client.h
+include/dns/clientinfo.h
+include/dns/compress.h
+include/dns/db.h
+include/dns/dbiterator.h
+include/dns/dbtable.h
+include/dns/diff.h
+include/dns/dispatch.h
+include/dns/dlz.h
+include/dns/dlz_dlopen.h
+include/dns/dns64.h
+include/dns/dnssec.h
+include/dns/ds.h
+include/dns/dsdigest.h
+include/dns/ecdb.h
+include/dns/enumclass.h
+include/dns/enumtype.h
+include/dns/events.h
+include/dns/fixedname.h
+include/dns/forward.h
+include/dns/geoip.h
+include/dns/iptable.h
+include/dns/journal.h
+include/dns/keydata.h
+include/dns/keyflags.h
+include/dns/keytable.h
+include/dns/keyvalues.h
+include/dns/lib.h
+include/dns/log.h
+include/dns/lookup.h
+include/dns/master.h
+include/dns/masterdump.h
+include/dns/message.h
+include/dns/name.h
+include/dns/ncache.h
+include/dns/nsec.h
+include/dns/nsec3.h
+include/dns/opcode.h
+include/dns/order.h
+include/dns/peer.h
+include/dns/portlist.h
+include/dns/private.h
+include/dns/rbt.h
+include/dns/rcode.h
+include/dns/rdata.h
+include/dns/rdataclass.h
+include/dns/rdatalist.h
+include/dns/rdataset.h
+include/dns/rdatasetiter.h
+include/dns/rdataslab.h
+include/dns/rdatastruct.h
+include/dns/rdatatype.h
+include/dns/request.h
+include/dns/resolver.h
+include/dns/result.h
+include/dns/rootns.h
+include/dns/rpz.h
+include/dns/rriterator.h
+include/dns/rrl.h
+include/dns/sdb.h
+include/dns/sdlz.h
+include/dns/secalg.h
+include/dns/secproto.h
+include/dns/soa.h
+include/dns/ssu.h
+include/dns/stats.h
+include/dns/tcpmsg.h
+include/dns/time.h
+include/dns/timer.h
+include/dns/tkey.h
+include/dns/tsec.h
+include/dns/tsig.h
+include/dns/ttl.h
+include/dns/types.h
+include/dns/update.h
+include/dns/validator.h
+include/dns/version.h
+include/dns/view.h
+include/dns/xfrin.h
+include/dns/zone.h
+include/dns/zonekey.h
+include/dns/zt.h
+include/dst/dst.h
+include/dst/gssapi.h
+include/dst/lib.h
+include/dst/result.h
+include/irs/context.h
+include/irs/dnsconf.h
+include/irs/netdb.h
+include/irs/platform.h
+include/irs/resconf.h
+include/irs/types.h
+include/irs/version.h
+include/isc/aes.h
+include/isc/app.h
+include/isc/assertions.h
+include/isc/atomic.h
+include/isc/backtrace.h
+include/isc/base32.h
+include/isc/base64.h
+include/isc/bind9.h
+include/isc/boolean.h
+include/isc/buffer.h
+include/isc/bufferlist.h
+include/isc/commandline.h
+include/isc/condition.h
+include/isc/crc64.h
+include/isc/dir.h
+include/isc/entropy.h
+include/isc/error.h
+include/isc/event.h
+include/isc/eventclass.h
+include/isc/file.h
+include/isc/formatcheck.h
+include/isc/fsaccess.h
+include/isc/hash.h
+include/isc/heap.h
+include/isc/hex.h
+include/isc/hmacmd5.h
+include/isc/hmacsha.h
+include/isc/httpd.h
+include/isc/int.h
+include/isc/interfaceiter.h
+include/isc/iterated_hash.h
+include/isc/json.h
+include/isc/keyboard.h
+include/isc/lang.h
+include/isc/lex.h
+include/isc/lfsr.h
+include/isc/lib.h
+include/isc/list.h
+include/isc/log.h
+include/isc/magic.h
+include/isc/md5.h
+include/isc/mem.h
+include/isc/msgcat.h
+include/isc/msgs.h
+include/isc/mutex.h
+include/isc/mutexblock.h
+include/isc/net.h
+include/isc/netaddr.h
+include/isc/netdb.h
+include/isc/netscope.h
+include/isc/offset.h
+include/isc/once.h
+include/isc/ondestroy.h
+include/isc/os.h
+include/isc/parseint.h
+include/isc/platform.h
+include/isc/pool.h
+include/isc/portset.h
+include/isc/print.h
+include/isc/queue.h
+include/isc/quota.h
+include/isc/radix.h
+include/isc/random.h
+include/isc/ratelimiter.h
+include/isc/refcount.h
+include/isc/regex.h
+include/isc/region.h
+include/isc/resource.h
+include/isc/result.h
+include/isc/resultclass.h
+include/isc/rwlock.h
+include/isc/safe.h
+include/isc/serial.h
+include/isc/sha1.h
+include/isc/sha2.h
+include/isc/sockaddr.h
+include/isc/socket.h
+include/isc/stat.h
+include/isc/stats.h
+include/isc/stdio.h
+include/isc/stdlib.h
+include/isc/stdtime.h
+include/isc/strerror.h
+include/isc/string.h
+include/isc/symtab.h
+include/isc/syslog.h
+include/isc/task.h
+include/isc/taskpool.h
+include/isc/thread.h
+include/isc/time.h
+include/isc/timer.h
+include/isc/tm.h
+include/isc/types.h
+include/isc/util.h
+include/isc/version.h
+include/isc/xml.h
+include/isccc/alist.h
+include/isccc/base64.h
+include/isccc/cc.h
+include/isccc/ccmsg.h
+include/isccc/events.h
+include/isccc/lib.h
+include/isccc/result.h
+include/isccc/sexpr.h
+include/isccc/symtab.h
+include/isccc/symtype.h
+include/isccc/types.h
+include/isccc/util.h
+include/isccc/version.h
+include/isccfg/aclconf.h
+include/isccfg/cfg.h
+include/isccfg/dnsconf.h
+include/isccfg/grammar.h
+include/isccfg/log.h
+include/isccfg/namedconf.h
+include/isccfg/version.h
+include/lwres/context.h
+include/lwres/int.h
+include/lwres/ipv6.h
+include/lwres/lang.h
+include/lwres/list.h
+include/lwres/lwbuffer.h
+include/lwres/lwpacket.h
+include/lwres/lwres.h
+include/lwres/net.h
+include/lwres/netdb.h
+include/lwres/platform.h
+include/lwres/result.h
+include/lwres/stdlib.h
+include/lwres/version.h
+include/pk11/constants.h
+include/pk11/internal.h
+include/pk11/pk11.h
+include/pk11/result.h
+include/pkcs11/cryptoki.h
+include/pkcs11/pkcs11.h
+include/pkcs11/pkcs11f.h
+include/pkcs11/pkcs11t.h
+lib/libbind9.a
+lib/libdns.a
+lib/libirs.a
+lib/libisc.a
+lib/libisccc.a
+lib/libisccfg.a
+lib/liblwres.a
+%%SHARE_MAN%%man/man1/arpaname.1.gz
+%%SHARE_MAN%%man/man1/bind9-config.1.gz
+%%SHARE_MAN%%man/man1/delve.1.gz
+%%SHARE_MAN%%man/man1/dig.1.gz
+%%SHARE_MAN%%man/man1/host.1.gz
+%%SHARE_MAN%%man/man1/isc-config.sh.1.gz
+%%SHARE_MAN%%man/man1/named-rrchecker.1.gz
+%%SHARE_MAN%%man/man1/nslookup.1.gz
+%%SHARE_MAN%%man/man1/nsupdate.1.gz
+%%SHARE_MAN%%man/man3/lwres.3.gz
+%%SHARE_MAN%%man/man3/lwres_addr_parse.3.gz
+%%SHARE_MAN%%man/man3/lwres_buffer.3.gz
+%%SHARE_MAN%%man/man3/lwres_buffer_add.3.gz
+%%SHARE_MAN%%man/man3/lwres_buffer_back.3.gz
+%%SHARE_MAN%%man/man3/lwres_buffer_clear.3.gz
+%%SHARE_MAN%%man/man3/lwres_buffer_first.3.gz
+%%SHARE_MAN%%man/man3/lwres_buffer_forward.3.gz
+%%SHARE_MAN%%man/man3/lwres_buffer_getmem.3.gz
+%%SHARE_MAN%%man/man3/lwres_buffer_getuint16.3.gz
+%%SHARE_MAN%%man/man3/lwres_buffer_getuint32.3.gz
+%%SHARE_MAN%%man/man3/lwres_buffer_getuint8.3.gz
+%%SHARE_MAN%%man/man3/lwres_buffer_init.3.gz
+%%SHARE_MAN%%man/man3/lwres_buffer_invalidate.3.gz
+%%SHARE_MAN%%man/man3/lwres_buffer_putmem.3.gz
+%%SHARE_MAN%%man/man3/lwres_buffer_putuint16.3.gz
+%%SHARE_MAN%%man/man3/lwres_buffer_putuint32.3.gz
+%%SHARE_MAN%%man/man3/lwres_buffer_putuint8.3.gz
+%%SHARE_MAN%%man/man3/lwres_buffer_subtract.3.gz
+%%SHARE_MAN%%man/man3/lwres_conf_clear.3.gz
+%%SHARE_MAN%%man/man3/lwres_conf_get.3.gz
+%%SHARE_MAN%%man/man3/lwres_conf_init.3.gz
+%%SHARE_MAN%%man/man3/lwres_conf_parse.3.gz
+%%SHARE_MAN%%man/man3/lwres_conf_print.3.gz
+%%SHARE_MAN%%man/man3/lwres_config.3.gz
+%%SHARE_MAN%%man/man3/lwres_context.3.gz
+%%SHARE_MAN%%man/man3/lwres_context_allocmem.3.gz
+%%SHARE_MAN%%man/man3/lwres_context_create.3.gz
+%%SHARE_MAN%%man/man3/lwres_context_destroy.3.gz
+%%SHARE_MAN%%man/man3/lwres_context_freemem.3.gz
+%%SHARE_MAN%%man/man3/lwres_context_initserial.3.gz
+%%SHARE_MAN%%man/man3/lwres_context_nextserial.3.gz
+%%SHARE_MAN%%man/man3/lwres_context_sendrecv.3.gz
+%%SHARE_MAN%%man/man3/lwres_endhostent.3.gz
+%%SHARE_MAN%%man/man3/lwres_endhostent_r.3.gz
+%%SHARE_MAN%%man/man3/lwres_freeaddrinfo.3.gz
+%%SHARE_MAN%%man/man3/lwres_freehostent.3.gz
+%%SHARE_MAN%%man/man3/lwres_gabn.3.gz
+%%SHARE_MAN%%man/man3/lwres_gabnrequest_free.3.gz
+%%SHARE_MAN%%man/man3/lwres_gabnrequest_parse.3.gz
+%%SHARE_MAN%%man/man3/lwres_gabnrequest_render.3.gz
+%%SHARE_MAN%%man/man3/lwres_gabnresponse_free.3.gz
+%%SHARE_MAN%%man/man3/lwres_gabnresponse_parse.3.gz
+%%SHARE_MAN%%man/man3/lwres_gabnresponse_render.3.gz
+%%SHARE_MAN%%man/man3/lwres_gai_strerror.3.gz
+%%SHARE_MAN%%man/man3/lwres_getaddrinfo.3.gz
+%%SHARE_MAN%%man/man3/lwres_getaddrsbyname.3.gz
+%%SHARE_MAN%%man/man3/lwres_gethostbyaddr.3.gz
+%%SHARE_MAN%%man/man3/lwres_gethostbyaddr_r.3.gz
+%%SHARE_MAN%%man/man3/lwres_gethostbyname.3.gz
+%%SHARE_MAN%%man/man3/lwres_gethostbyname2.3.gz
+%%SHARE_MAN%%man/man3/lwres_gethostbyname_r.3.gz
+%%SHARE_MAN%%man/man3/lwres_gethostent.3.gz
+%%SHARE_MAN%%man/man3/lwres_gethostent_r.3.gz
+%%SHARE_MAN%%man/man3/lwres_getipnode.3.gz
+%%SHARE_MAN%%man/man3/lwres_getipnodebyaddr.3.gz
+%%SHARE_MAN%%man/man3/lwres_getipnodebyname.3.gz
+%%SHARE_MAN%%man/man3/lwres_getnamebyaddr.3.gz
+%%SHARE_MAN%%man/man3/lwres_getnameinfo.3.gz
+%%SHARE_MAN%%man/man3/lwres_getrrsetbyname.3.gz
+%%SHARE_MAN%%man/man3/lwres_gnba.3.gz
+%%SHARE_MAN%%man/man3/lwres_gnbarequest_free.3.gz
+%%SHARE_MAN%%man/man3/lwres_gnbarequest_parse.3.gz
+%%SHARE_MAN%%man/man3/lwres_gnbarequest_render.3.gz
+%%SHARE_MAN%%man/man3/lwres_gnbaresponse_free.3.gz
+%%SHARE_MAN%%man/man3/lwres_gnbaresponse_parse.3.gz
+%%SHARE_MAN%%man/man3/lwres_gnbaresponse_render.3.gz
+%%SHARE_MAN%%man/man3/lwres_herror.3.gz
+%%SHARE_MAN%%man/man3/lwres_hstrerror.3.gz
+%%SHARE_MAN%%man/man3/lwres_inetntop.3.gz
+%%SHARE_MAN%%man/man3/lwres_lwpacket_parseheader.3.gz
+%%SHARE_MAN%%man/man3/lwres_lwpacket_renderheader.3.gz
+%%SHARE_MAN%%man/man3/lwres_net_ntop.3.gz
+%%SHARE_MAN%%man/man3/lwres_noop.3.gz
+%%SHARE_MAN%%man/man3/lwres_nooprequest_free.3.gz
+%%SHARE_MAN%%man/man3/lwres_nooprequest_parse.3.gz
+%%SHARE_MAN%%man/man3/lwres_nooprequest_render.3.gz
+%%SHARE_MAN%%man/man3/lwres_noopresponse_free.3.gz
+%%SHARE_MAN%%man/man3/lwres_noopresponse_parse.3.gz
+%%SHARE_MAN%%man/man3/lwres_noopresponse_render.3.gz
+%%SHARE_MAN%%man/man3/lwres_packet.3.gz
+%%SHARE_MAN%%man/man3/lwres_resutil.3.gz
+%%SHARE_MAN%%man/man3/lwres_sethostent.3.gz
+%%SHARE_MAN%%man/man3/lwres_sethostent_r.3.gz
+%%SHARE_MAN%%man/man3/lwres_string_parse.3.gz
+%%SHARE_MAN%%man/man5/named.conf.5.gz
+%%SHARE_MAN%%man/man5/rndc.conf.5.gz
+%%SHARE_MAN%%man/man8/ddns-confgen.8.gz
+%%SHARE_MAN%%man/man8/dnssec-dsfromkey.8.gz
+%%SHARE_MAN%%man/man8/dnssec-importkey.8.gz
+%%SHARE_MAN%%man/man8/dnssec-keyfromlabel.8.gz
+%%SHARE_MAN%%man/man8/dnssec-keygen.8.gz
+%%SHARE_MAN%%man/man8/dnssec-revoke.8.gz
+%%SHARE_MAN%%man/man8/dnssec-settime.8.gz
+%%SHARE_MAN%%man/man8/dnssec-signzone.8.gz
+%%SHARE_MAN%%man/man8/dnssec-verify.8.gz
+%%SHARE_MAN%%man/man8/genrandom.8.gz
+%%SHARE_MAN%%man/man8/isc-hmac-fixup.8.gz
+%%SHARE_MAN%%man/man8/lwresd.8.gz
+%%SHARE_MAN%%man/man8/named-checkconf.8.gz
+%%SHARE_MAN%%man/man8/named-checkzone.8.gz
+%%SHARE_MAN%%man/man8/named-compilezone.8.gz
+%%SHARE_MAN%%man/man8/named-journalprint.8.gz
+%%SHARE_MAN%%man/man8/named.8.gz
+%%SHARE_MAN%%man/man8/nsec3hash.8.gz
+%%SHARE_MAN%%man/man8/tsig-keygen.8.gz
+%%NATIVE_PKCS11%%%%SHARE_MAN%%man/man8/pkcs11-destroy.8.gz
+%%NATIVE_PKCS11%%%%SHARE_MAN%%man/man8/pkcs11-keygen.8.gz
+%%NATIVE_PKCS11%%%%SHARE_MAN%%man/man8/pkcs11-list.8.gz
+%%NATIVE_PKCS11%%%%SHARE_MAN%%man/man8/pkcs11-tokens.8.gz
+%%SHARE_MAN%%man/man8/rndc-confgen.8.gz
+%%SHARE_MAN%%man/man8/rndc.8.gz
+sbin/arpaname
+sbin/ddns-confgen
+sbin/dnssec-dsfromkey
+sbin/dnssec-importkey
+sbin/dnssec-keyfromlabel
+sbin/dnssec-keygen
+sbin/dnssec-revoke
+sbin/dnssec-settime
+sbin/dnssec-signzone
+sbin/dnssec-verify
+sbin/genrandom
+sbin/isc-hmac-fixup
+sbin/lwresd
+sbin/named
+sbin/named-checkconf
+sbin/named-checkzone
+sbin/named-compilezone
+sbin/named-journalprint
+sbin/named-rrchecker
+sbin/nsec3hash
+%%NATIVE_PKCS11%%sbin/pkcs11-destroy
+%%NATIVE_PKCS11%%sbin/pkcs11-keygen
+%%NATIVE_PKCS11%%sbin/pkcs11-list
+%%NATIVE_PKCS11%%sbin/pkcs11-tokens
+sbin/rndc
+sbin/rndc-confgen
+sbin/tsig-keygen
+%%BASE%%@unexec rm -f %%BIND_DESTETC%%/rndc.conf.sample
+%%NOBASE%%@unexec if cmp -s %D/%%ETCDIR%%/rndc.conf.sample %D/%%ETCDIR%%/rndc.conf; then rm -f %D/%%ETCDIR%%/rndc.conf; fi
+%%NOBASE%%%%ETCDIR%%/rndc.conf.sample
+%%NOBASE%%@exec if [ ! -f %D/%%ETCDIR%%/rndc.conf ] ; then cp -p %D/%F %B/rndc.conf; fi
+%%NOBASE%%@unexec if cmp -s %D/%%ETCDIR%%/named.conf.sample %D/%%ETCDIR%%/named.conf; then rm -f %D/%%ETCDIR%%/named.conf; fi
+%%NOBASE%%%%ETCDIR%%/named.conf.sample
+%%NOBASE%%@exec if [ ! -f %D/%%ETCDIR%%/named.conf ] ; then cp -p %D/%F %B/named.conf; fi
+%%NOBASE%%%%ETCDIR%%/named.root
+%%NOBASE%%%%ETCDIR%%/master/empty.db
+%%NOBASE%%%%ETCDIR%%/master/localhost-forward.db
+%%NOBASE%%%%ETCDIR%%/master/localhost-reverse.db
+%%NOBASE%%@exec mkdir -p %D/%%ETCDIR%%/dynamic
+%%NOBASE%%@exec chown bind:bind %D/%%ETCDIR%%/dynamic
+%%NOBASE%%@dirrmtry %%ETCDIR%%/dynamic
+%%NOBASE%%@exec mkdir -p %D/%%ETCDIR%%/master
+%%NOBASE%%@exec chown bind:bind %D/%%ETCDIR%%/master
+%%NOBASE%%@dirrmtry %%ETCDIR%%/master
+%%NOBASE%%@exec mkdir -p %D/%%ETCDIR%%/slave
+%%NOBASE%%@exec chown bind:bind %D/%%ETCDIR%%/slave
+%%NOBASE%%@dirrmtry %%ETCDIR%%/slave
+%%NOBASE%%@exec mkdir -p %D/%%ETCDIR%%/working
+%%NOBASE%%@exec chown bind:bind %D/%%ETCDIR%%/working
+%%NOBASE%%@dirrmtry %%ETCDIR%%/working
+%%NOBASE%%@dirrmtry %%ETCDIR%%
+@dirrm include/pkcs11
+@dirrm include/pk11
+@dirrm include/lwres
+@dirrm include/isccfg
+@dirrm include/isccc
+@dirrmtry include/isc
+@dirrm include/irs
+@dirrm include/dst
+@dirrm include/dns
+@dirrm include/bind9