bind9-devel BIND DNS suite with updated DNSSEC and DNS64
9.12.0.a.2017.08.14 dns =0

Maintainer: mat@FreeBSD.org
Port Added: 05 Nov 2015 15:01:37
Also Listed In: net ipv6
License: MPL

BIND version 9 is a major rewrite of nearly all aspects of the underlying BIND
architecture.  Some of the important features of BIND 9 are:

DNS Security: DNSSEC (signed zones), TSIG (signed DNS requests)
IP version 6: Answers DNS queries on IPv6 sockets, IPv6 resource records (AAAA)
     Experimental IPv6 Resolver Library
DNS Protocol Enhancements: IXFR, DDNS, Notify, EDNS0
     Improved standards conformance
Views: One server process can provide multiple "views" of the DNS namespace,
     e.g. an "inside" view to certain clients, and an "outside" view to others.
Multiprocessor Support

See the CHANGES file for more information on new features.

WWW: https://www.isc.org/software/bind

SVNWeb : Homepage : PortsMon : pkg-plist

---

To install the port: cd /usr/ports/dns/bind9-devel/ && make install clean
To add the package: pkg install bind9-devel

PKGNAME: bind9-devel

distinfo:

TIMESTAMP = 1502715475
SHA256 (bind9-60fd71e.tar.gz) = 51587c0f86ed6ceb2c73124c2b8ce87d16e1eb29fae819bd1ede2cc2ab7a7b6f
SIZE (bind9-60fd71e.tar.gz) = 11899803

---

NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Library dependencies:

1. libxml2.so : textproc/libxml2
2. libidnkit.so : dns/idnkit
3. libjson-c.so : devel/json-c
4. liblmdb.so : databases/lmdb
5. libedit.so.0 : devel/libedit
6. libiconv.so : converters/libiconv

There are no ports dependent upon this port

---

Configuration Options

===> The following configuration options are available for bind9-devel-9.12.0.a.2017.08.14:
     DNSTAP=off: Provides fast passive logging of DNS messages
     DOCS=on: Build and/or install documentation
     FILTER_AAAA=off: Enable filtering of AAAA records
     FIXED_RRSET=off: Enable fixed rrset ordering
     GEOIP=off: Allow geographically based ACL.
     IDN=on: International Domain Names support
     IPV6=on: IPv6 protocol support
     JSON=on: JSON file/format/parser support
     LARGE_FILE=off: 64-bit file support
     LMDB=on: Use LMDB for zone management
     MINCACHE=off: Use the mincachettl patch
     PORTREVISION=off: Show PORTREVISION in the version string
     PYTHON=off: Build with Python utilities
     QUERYTRACE=off: Enable the very verbose query tracelogging
     RPZ_NSDNAME=on: Enable RPZ NSDNAME policy records
     RPZ_NSIP=on: Enable RPZ NSIP trigger rules
     SIGCHASE=on: dig/host/nslookup will do DNSSEC validation
     START_LATE=off: Start BIND late in the boot process (see help)
     THREADS=on: Threading support
====> Dynamically Loadable Zones
     DLZ_POSTGRESQL=off: DLZ Postgres driver
     DLZ_MYSQL=off: DLZ MySQL driver (no threading)
     DLZ_BDB=off: DLZ BDB driver
     DLZ_LDAP=off: DLZ LDAP driver
     DLZ_FILESYSTEM=on: DLZ filesystem driver
     DLZ_STUB=off: DLZ stub driver
====> GSSAPI Security API support: you have to select exactly one of them
     GSSAPI_BASE=off: Using Heimdal in base
     GSSAPI_HEIMDAL=off: Using security/heimdal
     GSSAPI_MIT=off: Using security/krb5
     GSSAPI_NONE=on: Disable
====> Choose which crypto engine to use: you can only select none or one of them
     SSL=on: Build with OpenSSL (Required for DNSSEC)
     NATIVE_PKCS11=off: Use PKCS#11 native API (**READ HELP**)
====> Enable GOST ciphers, needs SSL: you can only select none or one of them
     GOST=off: GOST raw keys (new default)
     GOST_ASN1=off: GOST using ASN.1
===> Use 'make config' to modify these settings

---

USES:

cpe libedit iconv ssl

---

Master Sites:

1. http://distcache.FreeBSD.org/local-distfiles/mat/bind/
2. http://distcache.eu.FreeBSD.org/local-distfiles/mat/bind/
3. http://distcache.us-east.FreeBSD.org/local-distfiles/mat/bind/
4. http://distcache.us-west.FreeBSD.org/local-distfiles/mat/bind/

Update to latest commit.

Sponsored by:	Absolight

Fix build with --enable-querytrace.

Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

Update to latest commit.

Security:	CVE-2017-3142
Security:	CVE-2017-3143
Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

Update to latest commit.

MFH:		2017Q2
Security:	CVE-2017-3140
Security:	CVE-2017-3141
Sponsored by:	Absolight

Remove special handling for testing and documentation domains, per RFC
6761 recommendations.

While there:
- Fix invalid syntax in sample slave config.
- Add a message about having syslogd working with BIND9 chroot.

PR:		217915
Reported by:	eserte12 yahoo de
Sponsored by:	Absolight

Update to latest snapshot.

Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

Update to latest snapshot.

Sponsored by:	Absolight

Update to 9.9.10, 9.10.5, 9.11.1 and 9.12 to latest snapshot.

While there:

Make it more maintainable by sorting stuff in the Makefile and removing
vestigial pre 10.3 things.

Refresh the root zone hints.

"Fix" the configuration section telling you to get some top level
zones from f.root-servers.net, which does not allow axfr any more. [1]

PR:		218656 [1]
Reported by:	Thomas Steen Rasmussen / Tykling [1]
MFH:		2017Q2
Sponsored by:	Absolight

Unbreak rndc calls when using non default rndc.key location.

PR:		218335
Sponsored by:	Absolight

Update to latest commit.

Security:	c6861494-1ffb-11e7-934d-d05099c0ae8c
Sponsored by:	Absolight

Update to latest snapshot.

Sponsored by:	Absolight

Update to latest commit.

MFH:		2017Q1
Security:	CVE-2017-3135
Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

Update to latest commit.

MFH:            2017Q1
Security:       CVE-2016-9131 CVE-2016-9147 CVE-2016-9444 CVE-2016-9778
Sponsored by:   Absolight

Update to latest commit.

Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

Cleanup CONFLICTS.

Sponsored by:	Absolight

This was fixed by the previous commit.

Sponsored by:	Absolight

Fixup libedit for all BIND9 ports, and fix spurious json dependency by
adding an option.

PR:		215170
Reported by:	sunpoet
Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

dns/bind9-devel: Set LDFLAGS for ports-based libedit/ncurses

The latest version failed to configure using ports libedit+ncurses:
  configure: checking for readline with -ledit
  checking for readline... no
  configure: checking for readline with -ledit -lterminfo
  checking for readline... no
  configure: checking for readline with -ledit -ltermcap
  checking for readline... no
  configure: checking for readline with -ledit -lncurses
  checking for readline... no
  configure: checking for readline with -ledit -lcurses
  checking for readline... no
  configure: error: The readline library was not found.

Setting LDFLAGS allows the build to complete as before.

Approved by:	just-fix-it/explicit LDFLAGS blanket

Update to latest commit.

Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

Remarke MAKE_JOBS_UNSAFE everywhere.

Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

So, on 9, it is failing to build it with jobs.

It builds .a before all the .o that are supposed to go in the .a are
built.  Imagine what happens after that...

Reported by:	Craig Leres
Sponsored by:	Absolight

Update to latest commit.

MFH:		2016Q3
Security:	CVE-2016-2776
Sponsored by:	Absolight

Remove MAKE_JOBS_UNSAFE for BIND9.

It was added in 2009 in r232247 without the reason it was failing, I've
tried with -J 2-10, and can't have one of the BIND9 port fail.
Feel free to add it back, but please, add the reason why it fails.

Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

The START_LATE option is not needed by bind-tools.

Sponsored by:	Absolight

The NEWSTATS and RRL options were removed in BIND9 9.10, so remove them
from here, also, make the upstream default options default for real.

While there, put back the BIND_TOOLS knobs in bind9-devel.

Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

Update to latest commit.

add LMDB as a default option, its footprint is really small, and it
speeds up zones operations dramatically.

Sponsored by:	Absolight

Update to latest snapshot.

Sponsored by:	Absolight

Update to latest snapshot.

Sponsored by:	Absolight

Convert to USES=ssl.

Sponsored by:	Absolight

Update to latest snapshot.

Sponsored by:	Absolight

Update to latest snapshot.

Sponsored by:	Absolight

BIND9 update, 9.9.9-P2, 9.10.4-P2, 9.11.0b2 and latest 9.12 snapshot.

MFH:		2016Q3
Security:	CVE-2016-2775
Changes:	https://lists.isc.org/pipermail/bind-announce/2016-July/000996.html
Changes:	https://lists.isc.org/pipermail/bind-announce/2016-July/000997.html
Changes:	https://lists.isc.org/pipermail/bind-announce/2016-July/000998.html
Changes:	https://lists.isc.org/pipermail/bind-announce/2016-July/000999.html
Sponsored by:	Absolight

Update to latest snapshot.

Catch up on license changes.

Sponsored by:	Absolight

Introduce BIND9 9.11.0b1. (beta1)

BIND 9.11 brings many changes to BIND, including a new license
(the Mozilla Public License 2.0 -- you can read about it here:
https://www.isc.org/blogs/bind9-adopts-the-mpl-2-0-license-with-bind-9-11-0/)
and many new features, including:

-  Catalog zones, a new way to provision zones on slave servers
-  dyndb api, a fast new api enabling BIND to serve zones stored
   in a database (Developed by Petr Spacek of RedHat)
-  RNDC showzone, view-only mode and other improvements
-  dnstap query and response logging (Robert Edmonds is the author
   of dnstap, see www.dnstap.info)
-  EDNS Client-subnet (authoritative server functions)
-  DNSSEC key manager, a new utility (Thanks to Sebastian Castro
   for helping with development.)
-  Automatic CDS/CDSKEY generation
-  Negative Trust Anchors for DNSSEC validators
-  IPv6 bias to encourage use of IPv6 DNS servers
-  Minimal response to "any" queries (Thanks to Tony Finch for
   the contribution)
-  DNS Cookies are now enabled by default, using the standardized code point

Changes:	https://lists.isc.org/pipermail/bind-announce/2016-June/000994.html
Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

Update to latest snapshot.

Sponsored by:	Absolight

Fix usage of WITH_OPENSSL_BASE, WITH_OPENSSL_PORT and OPENSSL_PORT.

WITH_OPENSSL_* can't be set after bsd.port.pre.mk.
Fold all other usage into using SSL_DEFAULT == foo

PR:		210149
Submitted by:	mat
Exp-run by:	antoine
Sponsored by:	The FreeBSD Foundation, Absolight
Differential Revision:	https://reviews.freebsd.org/D6577

Update to latest commit.

Sponsored by:	Absolight

Update to latest snapshot.

Sponsored by:	Absolight

Update to latest snapshot.

Sponsored by:	Absolight

Add --with-dlopen=yes to the default options to allow using third
parties dlz drivers.

While there:
- enable the DLZ_FILESYSTEM option by default
- convert to USES=mysql and USES=bdb

Requested by:	borius i ua
Sponsored by:	Absolight

Remove NLS, DOCS, EXAMPLES and IPV6 from OPTIONS_DEFAULT, they are enabled by
default anyway and don't need to be listed

Approved by:	portmgr blanket

Update to latest snapshot.

Sponsored by:	Absolight

Update to latest snapshot.

Sponsored by:	Absolight

Update to latest snapshot.

Sponsored by:	Absolight

Update to latest snapshot.

Sponsored by:	Absolight

Fix-ish the build WITH=PYTHON

Pointy hat to:	mat (for testing a snapshot and commiting another.)
Sponsored by:	Absolight

Update to latest snapshot.

While there, update the root hints file.

Sponsored by:	Absolight

Update to latest snapshot.

Sponsored by:	Absolight

Stop bringing in OpenSSL from ports, it builds fine with the base one on
9, and WITH_OPENSSL_PORT does not belong in a port's Makefile anyway.

Not bumping PORTREVISION because:
- if you are building with poudriere, it will detect that a dependency
  has changed and rebuild it.
- if you are building from ports, you will have OpenSSL from ports
  installed, and it will choose to use it.

Sponsored by:	Absolight

Remove ${PORTSDIR}/ from dependencies, categories d, e, f, and g.

With hat:	portmgr
Sponsored by:	Absolight

Update to latest snapshot.

Sponsored by:	Absolight

Update to latest snapshot.

Sponsored by:	Absolight

Update to latest snapshot.

Sponsored by:	Absolight

Update to 9.9.8-P4, 9.10.3-P4 and latest snapshot.

MFH:		2016Q1 (obviously)
Security:	CVE-2016-1285
Security:	CVE-2016-1286
Security:	CVE-2016-2088
Sponsored by:	Absolight

Update to latest snapshot.

Sponsored by:	Absolight

Update to latest commit.

Sponsored by:	Absolight

Mmm, some unintended change crept in, fix that.

Sponsored by:	Absolight

Update to latest snapshot.

Sponsored by:	Absolight

Update to latest snapshot.

Sponsored by:	Absolight

Update bind99 to 9.9.8-P3, bind910 to 9.10.3-P3 and bind9-devel to
latest snapshot.

MFH:		2016Q1
Security:	CVE-2015-8704
Security:	CVE-2015-8705
Sponsored by:	Absolight

Add the commit hash to the version.

Sponsored by:	Absolight

Update to 7321d8d.

Sponsored by:	Absolight

Remove that line, it should not have been there.

Sponsored by:	Absolight

Update to 20151219 snapshot.

- While there, update the named.root

Sponsored by:	Absolight

Update BIND9 to the latest patch releases, 9.9.8-P2, 9.10.3-P2, and snapshot.

MFH:		2015Q4
Changes:	https://kb.isc.org/article/AA-01326/81/BIND-9.9.8-P2-Release-Notes.html
Changes:	https://kb.isc.org/article/AA-01328/81/BIND-9.10.3-P2-Release-Notes.html
Security:	CVE-2015-3193
Security:	CVE-2015-8000
Security:	CVE-2015-8461
Sponsored by:	Absolight

Update to commit 2df6324.

Sponsored by:	Absolight

Update to commit e13d04f.

Sponsored by:	Absolight

Add a bind9 development version, extracted from their git repository.

Requested by:	many
Sponsored by:	Absolight

16 vulnerabilities affecting 117 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities