diff --git a/opendnssec/DESCR b/opendnssec/DESCR
new file mode 100644
index 0000000000..188dfb3e64
--- /dev/null
+++ b/opendnssec/DESCR
@@ -0,0 +1,4 @@
+The OpenDNSSEC project announces the development of Open Source software
+that manages the security of domain names on the Internet.
+The project intends to drive adoption of Domain Name System Security Extensions
+(DNSSEC) to further enhance Internet security.
diff --git a/opendnssec/MESSAGE b/opendnssec/MESSAGE
new file mode 100644
index 0000000000..29d99e534f
--- /dev/null
+++ b/opendnssec/MESSAGE
@@ -0,0 +1,7 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.3 2010/05/09 19:07:53 pettai Exp $
+
+For latest information about configurating OpenDNSSEC, see:
+http://trac.opendnssec.org/wiki/WikiStart
+
+===========================================================================
diff --git a/opendnssec/Makefile b/opendnssec/Makefile
new file mode 100644
index 0000000000..1f81511ea7
--- /dev/null
+++ b/opendnssec/Makefile
@@ -0,0 +1,82 @@
+# $NetBSD: Makefile,v 1.26 2010/05/09 19:07:53 pettai Exp $
+#
+
+DISTNAME=	opendnssec-1.1.0rc2
+CATEGORIES=	net security
+MASTER_SITES=	http://www.opendnssec.org/files/source/
+
+MAINTAINER=	pettai@nordu.net
+HOMEPAGE=	http://www.opendnssec.org/
+COMMENT=	OSS for a fast and easy DNSSEC deployment
+LICENSE=	2-clause-bsd
+
+DEPENDS+=	${PYPKGPREFIX}-4Suite-[0-9]*:../../textproc/py-4Suite
+DEPENDS+=	ldns>=1.6.4:../../net/ldns
+BUILD_DEPENDS+=	CUnit-[0-9]*:../../devel/cunit
+
+PKG_DESTDIR_SUPPORT=	user-destdir
+
+BUILD_DEFS+=	VARBASE
+
+USE_TOOLS+=	bash gmake
+CONFIG_SHELL=	${BASH}
+USE_LANGUAGES=	c c++
+USE_LIBTOOL=	yes
+
+GNU_CONFIGURE=		yes
+CONFIGURE_ARGS+=	--prefix=${PREFIX:Q}
+CONFIGURE_ARGS+=	--localstatedir=${VARBASE}
+CONFIGURE_ENV+=		RUBY=${RUBY}
+
+ODS_USER?=	opendnssec
+ODS_GROUP?=	opendnssec
+
+PKG_GROUPS=		${ODS_GROUP}
+PKG_USERS=		${ODS_USER}:${ODS_GROUP}
+PKG_GECOS.${ODS_USER}=	OpenDNSSEC user
+PKG_HOME.${ODS_USER}=	${VARBASE}/opendnssec
+PKG_SHELL.${ODS_USER}=	${SH}
+PKG_USERS_VARS+=	ODS_USER
+PKG_GROUPS_VARS+=	ODS_GROUP
+
+EGDIR=			${PREFIX}/share/examples/opendnssec
+ODS_SYSCONFDIR=		${PKG_SYSCONFDIR}/opendnssec
+
+SUBST_CLASSES+=		paths
+SUBST_FILES.paths=	${WRKSRC}/conf/Makefile.in
+SUBST_STAGE.paths=	post-patch
+SUBST_SED.paths=	-e 's,@EGDIR@,${EGDIR},'
+
+CXXFLAGS.NetBSD+=	-D_NETBSD_SOURCE
+
+CONF_FILES=	${EGDIR}/conf.xml.sample \
+			${ODS_SYSCONFDIR}/conf.xml
+CONF_FILES+=	${EGDIR}/kasp.xml.sample \
+			${ODS_SYSCONFDIR}/kasp.xml
+CONF_FILES+=	${EGDIR}/zonefetch.xml.sample \
+			${ODS_SYSCONFDIR}/zonefetch.xml
+CONF_FILES+=	${EGDIR}/zonelist.xml.sample \
+			${ODS_SYSCONFDIR}/zonelist.xml
+
+INSTALLATION_DIRS=	${EGDIR} ${ODS_SYSCONFDIR}
+INSTALLATION_DIRS+=	share/opendnssec
+INSTALLATION_DIRS+=	lib/opendnssec
+INSTALLATION_DIRS+=	lib/opendnssec/signer
+INSTALLATION_DIRS+=	lib/opendnssec/kasp_auditor
+INSTALLATION_DIRS+=	${VARBASE}/opendnssec
+INSTALLATION_DIRS+=	${VARBASE}/opendnssec/tmp
+INSTALLATION_DIRS+=	${VARBASE}/opendnssec/signconf
+INSTALLATION_DIRS+=	${VARBASE}/opendnssec/signed
+INSTALLATION_DIRS+=	${VARBASE}/opendnssec/unsigned
+
+.include "options.mk"
+
+pre-install:
+	${MKDIR} ${DESTDIR}${PKG_SYSCONFDIR}/opendnssec
+
+.include "../../lang/python/application.mk"
+.include "../../devel/cunit/buildlink3.mk"
+.include "../../textproc/libxml2/buildlink3.mk"
+.include "../../net/ldns/buildlink3.mk"
+.include "../../databases/sqlite3/buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"
diff --git a/opendnssec/PLIST b/opendnssec/PLIST
new file mode 100644
index 0000000000..b3549e92dd
--- /dev/null
+++ b/opendnssec/PLIST
@@ -0,0 +1,86 @@
+@comment $NetBSD: PLIST,v 1.12 2010/05/09 19:07:53 pettai Exp $
+bin/ods-auditor
+bin/ods-hsmspeed
+bin/ods-hsmutil
+bin/ods-kasp2html
+bin/ods-kaspcheck
+bin/ods-ksmutil
+include/hsmtest.h
+include/libhsm.h
+include/libhsmdns.h
+lib/libhsm.la
+lib/opendnssec/kasp_auditor.rb
+lib/opendnssec/kasp_auditor/auditor.rb
+lib/opendnssec/kasp_auditor/config.rb
+lib/opendnssec/kasp_auditor/key_tracker.rb
+lib/opendnssec/kasp_auditor/parse.rb
+lib/opendnssec/kasp_auditor/partial_auditor.rb
+lib/opendnssec/kasp_auditor/preparser.rb
+lib/opendnssec/kasp_checker.rb
+lib/opendnssec/signer/Engine.py
+lib/opendnssec/signer/Engine.pyc
+lib/opendnssec/signer/Engine.pyo
+lib/opendnssec/signer/EngineConfig.py
+lib/opendnssec/signer/EngineConfig.pyc
+lib/opendnssec/signer/EngineConfig.pyo
+lib/opendnssec/signer/Util.py
+lib/opendnssec/signer/Util.pyc
+lib/opendnssec/signer/Util.pyo
+lib/opendnssec/signer/Worker.py
+lib/opendnssec/signer/Worker.pyc
+lib/opendnssec/signer/Worker.pyo
+lib/opendnssec/signer/Zone.py
+lib/opendnssec/signer/Zone.pyc
+lib/opendnssec/signer/Zone.pyo
+lib/opendnssec/signer/ZoneConfig.py
+lib/opendnssec/signer/ZoneConfig.pyc
+lib/opendnssec/signer/ZoneConfig.pyo
+lib/opendnssec/signer/ZoneList.py
+lib/opendnssec/signer/ZoneList.pyc
+lib/opendnssec/signer/ZoneList.pyo
+lib/opendnssec/time_shift.rb
+libexec/opendnssec/create_dnskey
+libexec/opendnssec/finalizer
+libexec/opendnssec/get_class
+libexec/opendnssec/get_serial
+libexec/opendnssec/quicksorter
+libexec/opendnssec/signer
+libexec/opendnssec/zone_fetcher
+libexec/opendnssec/zone_reader
+man/man1/ods-auditor.1
+man/man1/ods-hsmspeed.1
+man/man1/ods-hsmutil.1
+man/man1/ods-kaspcheck.1
+man/man1/ods-ksmutil.1
+man/man5/ods-timing.5
+man/man7/opendnssec.7
+man/man8/ods-control.8
+man/man8/ods-enforcerd.8
+man/man8/ods-signer.8
+man/man8/ods-signerd.8
+sbin/ods-control
+sbin/ods-enforcerd
+sbin/ods-signer
+sbin/ods-signerd
+share/examples/opendnssec/conf.xml
+share/examples/opendnssec/conf.xml.sample
+share/examples/opendnssec/kasp.xml
+share/examples/opendnssec/kasp.xml.sample
+share/examples/opendnssec/zonefetch.xml
+share/examples/opendnssec/zonefetch.xml.sample
+share/examples/opendnssec/zonelist.xml
+share/examples/opendnssec/zonelist.xml.sample
+share/opendnssec.spec
+share/opendnssec/conf.rnc
+share/opendnssec/conf.rng
+share/opendnssec/database_create.sqlite3
+share/opendnssec/kasp.rnc
+share/opendnssec/kasp.rng
+share/opendnssec/kasp2html.xsl
+share/opendnssec/signconf.rnc
+share/opendnssec/signconf.rng
+share/opendnssec/zonefetch.rnc
+share/opendnssec/zonefetch.rng
+share/opendnssec/zonelist.rnc
+share/opendnssec/zonelist.rng
+@pkgdir etc/opendnssec
diff --git a/opendnssec/distinfo b/opendnssec/distinfo
new file mode 100644
index 0000000000..4d8c29bc5a
--- /dev/null
+++ b/opendnssec/distinfo
@@ -0,0 +1,6 @@
+$NetBSD: distinfo,v 1.11 2010/05/09 19:07:53 pettai Exp $
+
+SHA1 (opendnssec-1.1.0rc2.tar.gz) = 40117acbfcc39275d61ee573743dbbecb85467c5
+RMD160 (opendnssec-1.1.0rc2.tar.gz) = 2957767db9e46252ac5f5bab26688b84e436171c
+Size (opendnssec-1.1.0rc2.tar.gz) = 2205985 bytes
+SHA1 (patch-aa) = 0007803ca6b323775b7d5e03d5f00c07030e14cc
diff --git a/opendnssec/options.mk b/opendnssec/options.mk
new file mode 100644
index 0000000000..32578f00c9
--- /dev/null
+++ b/opendnssec/options.mk
@@ -0,0 +1,26 @@
+# $NetBSD: options.mk,v 1.7 2010/05/09 19:07:53 pettai Exp $
+
+PKG_OPTIONS_VAR=		PKG_OPTIONS.opendnssec
+PKG_SUPPORTED_OPTIONS=		auditor softhsm
+PKG_SUGGESTED_OPTIONS=		auditor softhsm
+
+.include "../../mk/bsd.options.mk"
+
+###
+### Kasp Auditor
+###
+.if !empty(PKG_OPTIONS:Mauditor)
+.include "../../lang/ruby/buildlink3.mk"
+DEPENDS+=	rubygems:../../misc/rubygems
+DEPENDS+=	${RUBY_PKGPREFIX}-dnsruby>=1.46:../../net/ruby-dnsruby
+.else
+CONFIGURE_ARGS+=	--disable-auditor
+.endif
+
+###
+### SoftHSM
+###
+.if !empty(PKG_OPTIONS:Msofthsm)
+DEPENDS+=	softhsm:../../security/softhsm
+.include "../../security/softhsm/buildlink3.mk"
+.endif
diff --git a/opendnssec/patches/patch-aa b/opendnssec/patches/patch-aa
new file mode 100644
index 0000000000..4a0decebba
--- /dev/null
+++ b/opendnssec/patches/patch-aa
@@ -0,0 +1,45 @@
+$NetBSD: patch-aa,v 1.6 2010/05/09 19:07:53 pettai Exp $
+
+--- conf/Makefile.in.orig	2009-12-19 21:39:52.000000000 +0100
++++ conf/Makefile.in	2009-12-19 21:43:40.000000000 +0100
+@@ -166,6 +166,7 @@
+ sharedstatedir = @sharedstatedir@
+ srcdir = @srcdir@
+ sysconfdir = @sysconfdir@/opendnssec
++EGDIR=@EGDIR@
+ target_alias = @target_alias@
+ top_build_prefix = @top_build_prefix@
+ top_builddir = @top_builddir@
+@@ -540,19 +541,19 @@
+ 		(echo "kasp.xml built")
+ 
+ install-data-hook:
+-	test -d ${DESTDIR}${sysconfdir} || mkdir -p ${DESTDIR}${sysconfdir}
+-	test -f ${DESTDIR}${sysconfdir}/conf.xml || \
+-		${INSTALL_DATA} -m 0640 ${top_builddir}/conf.xml ${DESTDIR}${sysconfdir}
+-	${INSTALL_DATA} -m 640 ${top_builddir}/conf.xml ${DESTDIR}${sysconfdir}/conf.xml.sample
+-	test -f ${DESTDIR}${sysconfdir}/zonelist.xml || \
+-		${INSTALL_DATA} ${top_builddir}/zonelist.xml ${DESTDIR}${sysconfdir}
+-	${INSTALL_DATA} ${top_builddir}/zonelist.xml ${DESTDIR}${sysconfdir}/zonelist.xml.sample
+-	test -f ${DESTDIR}${sysconfdir}/zonefetch.xml || \
+-		${INSTALL_DATA} -m 0640 ${top_builddir}/zonefetch.xml ${DESTDIR}${sysconfdir}
+-	${INSTALL_DATA} -m 640 ${top_builddir}/zonefetch.xml ${DESTDIR}${sysconfdir}/zonefetch.xml.sample
+-	test -f ${DESTDIR}${sysconfdir}/kasp.xml || \
+-		${INSTALL_DATA} ${top_builddir}/kasp.xml ${DESTDIR}${sysconfdir}
+-	${INSTALL_DATA} ${top_builddir}/kasp.xml ${DESTDIR}${sysconfdir}/kasp.xml.sample
++	test -d ${DESTDIR}${EGDIR} || mkdir -p ${DESTDIR}${EGDIR}
++	test -f ${DESTDIR}${EGDIR}/conf.xml || \
++		${INSTALL_DATA} -m 0640 ${top_builddir}/conf.xml ${DESTDIR}${EGDIR}
++	${INSTALL_DATA} -m 640 ${top_builddir}/conf.xml ${DESTDIR}${EGDIR}/conf.xml.sample
++	test -f ${DESTDIR}${EGDIR}/zonelist.xml || \
++		${INSTALL_DATA} ${top_builddir}/zonelist.xml ${DESTDIR}${EGDIR}
++	${INSTALL_DATA} ${top_builddir}/zonelist.xml ${DESTDIR}${EGDIR}/zonelist.xml.sample
++	test -f ${DESTDIR}${EGDIR}/zonefetch.xml || \
++		${INSTALL_DATA} -m 0640 ${top_builddir}/zonefetch.xml ${DESTDIR}${EGDIR}
++	${INSTALL_DATA} -m 640 ${top_builddir}/zonefetch.xml ${DESTDIR}${EGDIR}/zonefetch.xml.sample
++	test -f ${DESTDIR}${EGDIR}/kasp.xml || \
++		${INSTALL_DATA} ${top_builddir}/kasp.xml ${DESTDIR}${EGDIR}
++	${INSTALL_DATA} ${top_builddir}/kasp.xml ${DESTDIR}${EGDIR}/kasp.xml.sample
+ # Tell versions [3.59,3.63) of GNU make to not export all variables.
+ # Otherwise a system limit (for SysV at least) may be exceeded.
+ .NOEXPORT: