bind911 BIND DNS suite with updated DNSSEC and DNS64
9.11.4P1 dns =9

Maintainer: mat@FreeBSD.org
Port Added: 04 Jul 2016 09:47:39
Also Listed In: net ipv6
License: MPL20

BIND version 9 is a major rewrite of nearly all aspects of the underlying BIND
architecture.  Some of the important features of BIND 9 are:

DNS Security: DNSSEC (signed zones), TSIG (signed DNS requests)
IP version 6: Answers DNS queries on IPv6 sockets, IPv6 resource records (AAAA)
     Experimental IPv6 Resolver Library
DNS Protocol Enhancements: IXFR, DDNS, Notify, EDNS0
     Improved standards conformance
Views: One server process can provide multiple "views" of the DNS namespace,
     e.g. an "inside" view to certain clients, and an "outside" view to others.
Multiprocessor Support

See the CHANGES file for more information on new features.

WWW: https://www.isc.org/software/bind

SVNWeb : Homepage : PortsMon

Pseudo-pkg-plist information, but much better, from make generate-plist
Expand this list (449 items)

1. /usr/local/share/licenses/bind911-9.11.4P1/catalog.mk
2. /usr/local/share/licenses/bind911-9.11.4P1/LICENSE
3. /usr/local/share/licenses/bind911-9.11.4P1/MPL20
4. bin/arpaname
5. bin/bind9-config
6. bin/delv
7. bin/dig
8. @comment bin/dnstap-read
9. bin/host
10. bin/isc-config.sh
11. bin/mdig
12. bin/named-rrchecker
13. bin/nslookup
14. bin/nsupdate
15. @sample etc/mtree/BIND.chroot.dist.sample
16. @sample etc/mtree/BIND.chroot.local.dist.sample
17. etc/namedb/bind.keys
18. etc/namedb/master/empty.db
19. etc/namedb/master/localhost-forward.db
20. etc/namedb/master/localhost-reverse.db
21. @sample etc/namedb/named.conf.sample
22. etc/namedb/named.root
23. etc/namedb/rndc.conf.sample
24. include/bind9/check.h
25. include/bind9/getaddresses.h
26. include/bind9/version.h
27. include/dns/acache.h
28. include/dns/acl.h
29. include/dns/adb.h
30. include/dns/badcache.h
31. include/dns/bit.h
32. include/dns/byaddr.h
33. include/dns/cache.h
34. include/dns/callbacks.h
35. include/dns/catz.h
36. include/dns/cert.h
37. include/dns/client.h
38. include/dns/clientinfo.h
39. include/dns/compress.h
40. include/dns/db.h
41. include/dns/dbiterator.h
42. include/dns/dbtable.h
43. include/dns/diff.h
44. include/dns/dispatch.h
45. include/dns/dlz.h
46. include/dns/dlz_dlopen.h
47. include/dns/dns64.h
48. include/dns/dnssec.h
49. include/dns/dnstap.h
50. @comment include/dns/dnstap.pb-c.h
51. include/dns/ds.h
52. include/dns/dsdigest.h
53. include/dns/dyndb.h
54. include/dns/ecdb.h
55. include/dns/edns.h
56. include/dns/enumclass.h
57. include/dns/enumtype.h
58. include/dns/events.h
59. include/dns/fixedname.h
60. include/dns/forward.h
61. include/dns/geoip.h
62. include/dns/ipkeylist.h
63. include/dns/iptable.h
64. include/dns/journal.h
65. include/dns/keydata.h
66. include/dns/keyflags.h
67. include/dns/keytable.h
68. include/dns/keyvalues.h
69. include/dns/lib.h
70. include/dns/log.h
71. include/dns/lookup.h
72. include/dns/master.h
73. include/dns/masterdump.h
74. include/dns/message.h
75. include/dns/name.h
76. include/dns/ncache.h
77. include/dns/nsec.h
78. include/dns/nsec3.h
79. include/dns/nta.h
80. include/dns/opcode.h
81. include/dns/order.h
82. include/dns/peer.h
83. include/dns/portlist.h
84. include/dns/private.h
85. include/dns/rbt.h
86. include/dns/rcode.h
87. include/dns/rdata.h
88. include/dns/rdataclass.h
89. include/dns/rdatalist.h
90. include/dns/rdataset.h
91. include/dns/rdatasetiter.h
92. include/dns/rdataslab.h
93. include/dns/rdatastruct.h
94. include/dns/rdatatype.h
95. include/dns/request.h
96. include/dns/resolver.h
97. include/dns/result.h
98. include/dns/rootns.h
99. include/dns/rpz.h
100. include/dns/rriterator.h
101. include/dns/rrl.h
102. include/dns/sdb.h
103. include/dns/sdlz.h
104. include/dns/secalg.h
105. include/dns/secproto.h
106. include/dns/soa.h
107. include/dns/ssu.h
108. include/dns/stats.h
109. include/dns/tcpmsg.h
110. include/dns/time.h
111. include/dns/timer.h
112. include/dns/tkey.h
113. include/dns/tsec.h
114. include/dns/tsig.h
115. include/dns/ttl.h
116. include/dns/types.h
117. include/dns/update.h
118. include/dns/validator.h
119. include/dns/version.h
120. include/dns/view.h
121. include/dns/xfrin.h
122. include/dns/zone.h
123. include/dns/zonekey.h
124. include/dns/zt.h
125. include/dst/dst.h
126. include/dst/gssapi.h
127. include/dst/lib.h
128. include/dst/result.h
129. include/irs/context.h
130. include/irs/dnsconf.h
131. include/irs/netdb.h
132. include/irs/platform.h
133. include/irs/resconf.h
134. include/irs/types.h
135. include/irs/version.h
136. include/isc/aes.h
137. include/isc/app.h
138. include/isc/assertions.h
139. include/isc/atomic.h
140. include/isc/backtrace.h
141. include/isc/base32.h
142. include/isc/base64.h
143. include/isc/bind9.h
144. include/isc/boolean.h
145. include/isc/buffer.h
146. include/isc/bufferlist.h
147. include/isc/commandline.h
148. include/isc/condition.h
149. include/isc/counter.h
150. include/isc/crc64.h
151. include/isc/deprecated.h
152. include/isc/dir.h
153. include/isc/entropy.h
154. include/isc/errno.h
155. include/isc/error.h
156. include/isc/event.h
157. include/isc/eventclass.h
158. include/isc/file.h
159. include/isc/formatcheck.h
160. include/isc/fsaccess.h
161. include/isc/hash.h
162. include/isc/heap.h
163. include/isc/hex.h
164. include/isc/hmacmd5.h
165. include/isc/hmacsha.h
166. include/isc/ht.h
167. include/isc/httpd.h
168. include/isc/int.h
169. include/isc/interfaceiter.h
170. include/isc/iterated_hash.h
171. include/isc/json.h
172. include/isc/keyboard.h
173. include/isc/lang.h
174. include/isc/lex.h
175. include/isc/lfsr.h
176. include/isc/lib.h
177. include/isc/likely.h
178. include/isc/list.h
179. include/isc/log.h
180. include/isc/magic.h
181. include/isc/md5.h
182. include/isc/mem.h
183. include/isc/meminfo.h
184. include/isc/msgcat.h
185. include/isc/msgs.h
186. include/isc/mutex.h
187. include/isc/mutexblock.h
188. include/isc/net.h
189. include/isc/netaddr.h
190. include/isc/netdb.h
191. include/isc/netscope.h
192. include/isc/offset.h
193. include/isc/once.h
194. include/isc/ondestroy.h
195. include/isc/os.h
196. include/isc/parseint.h
197. include/isc/platform.h
198. include/isc/pool.h
199. include/isc/portset.h
200. include/isc/print.h
201. include/isc/queue.h
202. include/isc/quota.h
203. include/isc/radix.h
204. include/isc/random.h
205. include/isc/ratelimiter.h
206. include/isc/refcount.h
207. include/isc/regex.h
208. include/isc/region.h
209. include/isc/resource.h
210. include/isc/result.h
211. include/isc/resultclass.h
212. include/isc/rwlock.h
213. include/isc/safe.h
214. include/isc/serial.h
215. include/isc/sha1.h
216. include/isc/sha2.h
217. include/isc/sockaddr.h
218. include/isc/socket.h
219. include/isc/stat.h
220. include/isc/stats.h
221. include/isc/stdio.h
222. include/isc/stdlib.h
223. include/isc/stdtime.h
224. include/isc/strerror.h
225. include/isc/string.h
226. include/isc/symtab.h
227. include/isc/syslog.h
228. include/isc/task.h
229. include/isc/taskpool.h
230. include/isc/thread.h
231. include/isc/time.h
232. include/isc/timer.h
233. include/isc/tm.h
234. include/isc/types.h
235. include/isc/util.h
236. include/isc/version.h
237. include/isc/xml.h
238. include/isccc/alist.h
239. include/isccc/base64.h
240. include/isccc/cc.h
241. include/isccc/ccmsg.h
242. include/isccc/events.h
243. include/isccc/lib.h
244. include/isccc/result.h
245. include/isccc/sexpr.h
246. include/isccc/symtab.h
247. include/isccc/symtype.h
248. include/isccc/types.h
249. include/isccc/util.h
250. include/isccc/version.h
251. include/isccfg/aclconf.h
252. include/isccfg/cfg.h
253. include/isccfg/dnsconf.h
254. include/isccfg/grammar.h
255. include/isccfg/log.h
256. include/isccfg/namedconf.h
257. include/isccfg/version.h
258. include/lwres/context.h
259. include/lwres/int.h
260. include/lwres/ipv6.h
261. include/lwres/lang.h
262. include/lwres/list.h
263. include/lwres/lwbuffer.h
264. include/lwres/lwpacket.h
265. include/lwres/lwres.h
266. include/lwres/net.h
267. include/lwres/netdb.h
268. include/lwres/platform.h
269. include/lwres/result.h
270. include/lwres/stdlib.h
271. include/lwres/string.h
272. include/lwres/version.h
273. include/pk11/constants.h
274. include/pk11/internal.h
275. include/pk11/pk11.h
276. include/pk11/result.h
277. include/pk11/site.h
278. include/pkcs11/cryptoki.h
279. include/pkcs11/eddsa.h
280. include/pkcs11/pkcs11.h
281. include/pkcs11/pkcs11f.h
282. include/pkcs11/pkcs11t.h
283. lib/libbind9.a
284. lib/libdns.a
285. lib/libirs.a
286. lib/libisc.a
287. lib/libisccc.a
288. lib/libisccfg.a
289. lib/liblwres.a
290. man/man1/arpaname.1.gz
291. man/man1/bind9-config.1.gz
292. man/man1/delv.1.gz
293. man/man1/dig.1.gz
294. @comment man/man1/dnstap-read.1.gz
295. man/man1/host.1.gz
296. man/man1/isc-config.sh.1.gz
297. man/man1/mdig.1.gz
298. man/man1/named-rrchecker.1.gz
299. man/man1/nslookup.1.gz
300. man/man1/nsupdate.1.gz
301. man/man3/lwres.3.gz
302. man/man3/lwres_addr_parse.3.gz
303. man/man3/lwres_buffer.3.gz
304. man/man3/lwres_buffer_add.3.gz
305. man/man3/lwres_buffer_back.3.gz
306. man/man3/lwres_buffer_clear.3.gz
307. man/man3/lwres_buffer_first.3.gz
308. man/man3/lwres_buffer_forward.3.gz
309. man/man3/lwres_buffer_getmem.3.gz
310. man/man3/lwres_buffer_getuint16.3.gz
311. man/man3/lwres_buffer_getuint32.3.gz
312. man/man3/lwres_buffer_getuint8.3.gz
313. man/man3/lwres_buffer_init.3.gz
314. man/man3/lwres_buffer_invalidate.3.gz
315. man/man3/lwres_buffer_putmem.3.gz
316. man/man3/lwres_buffer_putuint16.3.gz
317. man/man3/lwres_buffer_putuint32.3.gz
318. man/man3/lwres_buffer_putuint8.3.gz
319. man/man3/lwres_buffer_subtract.3.gz
320. man/man3/lwres_conf_clear.3.gz
321. man/man3/lwres_conf_get.3.gz
322. man/man3/lwres_conf_init.3.gz
323. man/man3/lwres_conf_parse.3.gz
324. man/man3/lwres_conf_print.3.gz
325. man/man3/lwres_config.3.gz
326. man/man3/lwres_context.3.gz
327. man/man3/lwres_context_allocmem.3.gz
328. man/man3/lwres_context_create.3.gz
329. man/man3/lwres_context_destroy.3.gz
330. man/man3/lwres_context_freemem.3.gz
331. man/man3/lwres_context_initserial.3.gz
332. man/man3/lwres_context_nextserial.3.gz
333. man/man3/lwres_context_sendrecv.3.gz
334. man/man3/lwres_endhostent.3.gz
335. man/man3/lwres_endhostent_r.3.gz
336. man/man3/lwres_freeaddrinfo.3.gz
337. man/man3/lwres_freehostent.3.gz
338. man/man3/lwres_gabn.3.gz
339. man/man3/lwres_gabnrequest_free.3.gz
340. man/man3/lwres_gabnrequest_parse.3.gz
341. man/man3/lwres_gabnrequest_render.3.gz
342. man/man3/lwres_gabnresponse_free.3.gz
343. man/man3/lwres_gabnresponse_parse.3.gz
344. man/man3/lwres_gabnresponse_render.3.gz
345. man/man3/lwres_gai_strerror.3.gz
346. man/man3/lwres_getaddrinfo.3.gz
347. man/man3/lwres_getaddrsbyname.3.gz
348. man/man3/lwres_gethostbyaddr.3.gz
349. man/man3/lwres_gethostbyaddr_r.3.gz
350. man/man3/lwres_gethostbyname.3.gz
351. man/man3/lwres_gethostbyname2.3.gz
352. man/man3/lwres_gethostbyname_r.3.gz
353. man/man3/lwres_gethostent.3.gz
354. man/man3/lwres_gethostent_r.3.gz
355. man/man3/lwres_getipnode.3.gz
356. man/man3/lwres_getipnodebyaddr.3.gz
357. man/man3/lwres_getipnodebyname.3.gz
358. man/man3/lwres_getnamebyaddr.3.gz
359. man/man3/lwres_getnameinfo.3.gz
360. man/man3/lwres_getrrsetbyname.3.gz
361. man/man3/lwres_gnba.3.gz
362. man/man3/lwres_gnbarequest_free.3.gz
363. man/man3/lwres_gnbarequest_parse.3.gz
364. man/man3/lwres_gnbarequest_render.3.gz
365. man/man3/lwres_gnbaresponse_free.3.gz
366. man/man3/lwres_gnbaresponse_parse.3.gz
367. man/man3/lwres_gnbaresponse_render.3.gz
368. man/man3/lwres_herror.3.gz
369. man/man3/lwres_hstrerror.3.gz
370. man/man3/lwres_inetntop.3.gz
371. man/man3/lwres_lwpacket_parseheader.3.gz
372. man/man3/lwres_lwpacket_renderheader.3.gz
373. man/man3/lwres_net_ntop.3.gz
374. man/man3/lwres_noop.3.gz
375. man/man3/lwres_nooprequest_free.3.gz
376. man/man3/lwres_nooprequest_parse.3.gz
377. man/man3/lwres_nooprequest_render.3.gz
378. man/man3/lwres_noopresponse_free.3.gz
379. man/man3/lwres_noopresponse_parse.3.gz
380. man/man3/lwres_noopresponse_render.3.gz
381. man/man3/lwres_packet.3.gz
382. man/man3/lwres_resutil.3.gz
383. man/man3/lwres_sethostent.3.gz
384. man/man3/lwres_sethostent_r.3.gz
385. man/man3/lwres_string_parse.3.gz
386. man/man5/named.conf.5.gz
387. man/man5/rndc.conf.5.gz
388. man/man8/ddns-confgen.8.gz
389. man/man8/dnssec-checkds.8.gz
390. man/man8/dnssec-coverage.8.gz
391. man/man8/dnssec-dsfromkey.8.gz
392. man/man8/dnssec-importkey.8.gz
393. man/man8/dnssec-keyfromlabel.8.gz
394. man/man8/dnssec-keygen.8.gz
395. man/man8/dnssec-keymgr.8.gz
396. man/man8/dnssec-revoke.8.gz
397. man/man8/dnssec-settime.8.gz
398. man/man8/dnssec-signzone.8.gz
399. man/man8/dnssec-verify.8.gz
400. man/man8/genrandom.8.gz
401. man/man8/isc-hmac-fixup.8.gz
402. man/man8/lwresd.8.gz
403. man/man8/named-checkconf.8.gz
404. man/man8/named-checkzone.8.gz
405. man/man8/named-compilezone.8.gz
406. man/man8/named-journalprint.8.gz
407. man/man8/named-nzd2nzf.8.gz
408. man/man8/named.8.gz
409. man/man8/nsec3hash.8.gz
410. @comment man/man8/pkcs11-destroy.8.gz
411. @comment man/man8/pkcs11-keygen.8.gz
412. @comment man/man8/pkcs11-list.8.gz
413. @comment man/man8/pkcs11-tokens.8.gz
414. man/man8/rndc-confgen.8.gz
415. man/man8/rndc.8.gz
416. man/man8/tsig-keygen.8.gz
417. sbin/ddns-confgen
418. sbin/dnssec-checkds
419. sbin/dnssec-coverage
420. sbin/dnssec-dsfromkey
421. sbin/dnssec-importkey
422. sbin/dnssec-keyfromlabel
423. sbin/dnssec-keygen
424. sbin/dnssec-keymgr
425. sbin/dnssec-revoke
426. sbin/dnssec-settime
427. sbin/dnssec-signzone
428. sbin/dnssec-verify
429. sbin/genrandom
430. sbin/isc-hmac-fixup
431. sbin/lwresd
432. sbin/named
433. sbin/named-checkconf
434. sbin/named-checkzone
435. sbin/named-compilezone
436. sbin/named-journalprint
437. sbin/named-nzd2nzf
438. sbin/nsec3hash
439. @comment sbin/pkcs11-destroy
440. @comment sbin/pkcs11-keygen
441. @comment sbin/pkcs11-list
442. @comment sbin/pkcs11-tokens
443. sbin/rndc
444. sbin/rndc-confgen
445. sbin/tsig-keygen
446. @dir(bind,bind,) etc/namedb/dynamic
447. @dir etc/namedb/master
448. @dir(bind,bind,) etc/namedb/slave
449. @dir(bind,bind,) etc/namedb/working
Collapse this list.

---

To install the port: cd /usr/ports/dns/bind911/ && make install clean
To add the package: pkg install bind911

PKGNAME: bind911

distinfo:

TIMESTAMP = 1533712466
SHA256 (bind-9.11.4-P1.tar.gz) = b0e0dc3c8bf26989b1cad53f90d44a48e39404afc68f65c45bae79b446f0fe23
SIZE (bind-9.11.4-P1.tar.gz) = 9623403

---

NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Build dependencies:

1. py27-ply>=0 : devel/py-ply@py27
2. python2.7 : lang/python27

Runtime dependencies:

1. py27-ply>=0 : devel/py-ply@py27
2. python2.7 : lang/python27

Library dependencies:

1. libxml2.so : textproc/libxml2
2. libidnkit.so : dns/idnkit
3. libjson-c.so : devel/json-c
4. liblmdb.so : databases/lmdb
5. libedit.so.0 : devel/libedit
6. libiconv.so : converters/libiconv

This port is required by:

for Build

1. dns/zkt
2. security/sssd

for Run

1. dns/zkt

* - deleted ports are only shown under the This port is required by section. It was harder to do for the Required section. Perhaps later...

---

Configuration Options

===> The following configuration options are available for bind911-9.11.4P1:
     DNSTAP=off: Provides fast passive logging of DNS messages
     DOCS=on: Build and/or install documentation
     FILTER_AAAA=on: Enable filtering of AAAA records
     FIXED_RRSET=off: Enable fixed rrset ordering
     GEOIP=off: Allow geographically based ACL.
     IDN=on: International Domain Names support
     IPV6=on: IPv6 protocol support
     JSON=on: JSON file/format/parser support
     LARGE_FILE=off: 64-bit file support
     LMDB=on: Use LMDB for zone management
     MINCACHE=off: Use the mincachettl patch
     PORTREVISION=off: Show PORTREVISION in the version string
     PYTHON=on: Build with Python utilities
     QUERYTRACE=off: Enable the very verbose query tracelogging
     RPZ_NSDNAME=on: Enable RPZ NSDNAME policy records
     RPZ_NSIP=on: Enable RPZ NSIP trigger rules
     SIGCHASE=on: dig/host/nslookup will do DNSSEC validation
     START_LATE=off: Start BIND late in the boot process (see help)
     TCP_FASTOPEN=on: RFC 7413 support
     THREADS=on: Threading support
     TUNING_LARGE=off: Tune named for large systems (**READ HELP**)
====> Dynamically Loadable Zones
     DLZ_POSTGRESQL=off: DLZ Postgres driver
     DLZ_MYSQL=off: DLZ MySQL driver (no threading)
     DLZ_BDB=off: DLZ BDB driver
     DLZ_LDAP=off: DLZ LDAP driver
     DLZ_FILESYSTEM=on: DLZ filesystem driver
     DLZ_STUB=off: DLZ stub driver
====> GSSAPI Security API support: you have to select exactly one of them
     GSSAPI_BASE=off: Using Heimdal in base
     GSSAPI_HEIMDAL=off: Using security/heimdal
     GSSAPI_MIT=off: Using security/krb5
     GSSAPI_NONE=on: Disable
====> Choose which crypto engine to use: you can only select none or one of them
     SSL=on: Build with OpenSSL (Required for DNSSEC)
     NATIVE_PKCS11=off: Use PKCS#11 native API (**READ HELP**)
====> Enable GOST ciphers, needs SSL: you can only select none or one of them
     GOST=off: GOST raw keys (new default)
     GOST_ASN1=off: GOST using ASN.1
===> Use 'make config' to modify these settings

---

USES:

cpe libedit iconv python ssl

---

Master Sites:

1. ftp://ftp.ciril.fr/pub/isc/bind9/9.11.4-P1/
2. ftp://ftp.freenet.de/pub/ftp.isc.org/isc/bind9/9.11.4-P1/
3. ftp://ftp.funet.fi/pub/mirrors/ftp.isc.org/isc/bind9/9.11.4-P1/
4. ftp://ftp.iij.ad.jp/pub/network/isc/bind9/9.11.4-P1/
5. ftp://ftp.isc.org/isc/bind9/9.11.4-P1/
6. ftp://ftp.mirrorservice.org/sites/ftp.isc.org/isc/bind9/9.11.4-P1/
7. ftp://ftp.nominum.com/pub/isc/bind9/9.11.4-P1/
8. ftp://ftp.ntua.gr/pub/net/isc/isc/bind9/9.11.4-P1/
9. ftp://ftp.ripe.net/mirrors/sites/ftp.isc.org/isc/bind9/9.11.4-P1/
10. ftp://ftp.task.gda.pl/mirror/ftp.isc.org/isc/bind9/9.11.4-P1/
11. ftp://ftp.u-aizu.ac.jp/pub/net/isc/bind9/9.11.4-P1/
12. https://ftp.isc.org/isc/bind9/9.11.4-P1/

• 2015-03-24

  Affects: users of dns/bind9*

  Author: mat@FreeBSD.org

  Reason: 
    This is only for FreeBSD 10.0+.
  
    BIND auto chroot has been added back to the named rc script.  As enabling it
    by default would most certainly break people's setup, it is not.  To enable
    it, and chroot it in /var/named, add the following line to your rc.conf file:
  
    named_chrootdir="/var/named"
  
    On first launch, the rc script will move the /usr/local/etc/namedb directory
    into the chroot, and create a symlink to it.
  
    Note that, if you're running from within a jail, you need to have a
    /var/named/dev devfs created beforehand, with the null and random devices.
  
  

• 2013-11-12

  Affects: users of dns/bind9*

  Author: erwin@FreeBSD.org

  Reason: 
    All bind9 ports have been updated to support FreeBSD 10.x after
    BIND was removed from the base system.  It is now self-contained
    in ${PREFIX}/etc/namedb, and chroot and symlinking options are
    no longer supported out of the box.
  
    For users of FreeBSD 9.x and earlier, the LINKS option is no longer
    enabled by default, but still supported.  No other changes should
    affect those users, and updating without changing already set options
    will keep the system in the same state.
  
  

Update to 9.11.4-P1 and 9.12.2-P1.

Security:	CVE-2018-5740
Sponsored by:	Absolight

Update BIND9 ports to 9.11.4, 9.12.2 and 9.13.2.

Sponsored by:	Absolight

Include a patch to fix CVE-2018-5738 in all the BIND9 ports.

MFH:		2018Q2 (blanket)
Security:	CVE-2018-5738
Sponsored by:	Absolight

Move things around a bit to be more handbook compliant.

Sponsored by:	Absolight

Add BIND9 9.13.0.

The ISC changed their release model, they are now doing
odd-unstable/even-stable release numbering.  This is a development
version, consider it alpha/beta quality.  The next stable release will
be 9.14.0.

Changes:	https://kb.isc.org/article/AA-01612
Sponsored by:	Absolight

Add PY_FLAVOR to Python module dependencies.

Sponsored by:	Absolight

Fix build when LOCALBASE!=/usr/local.

PR:		227554
Submitted by:	John Hein
Sponsored by:	Absolight

Enable the FILTER_AAAA option by default, the feature was made non
optional in recent versions, so might as well do it in older ones.

PR:		226383
Sponsored by:	Absolight

Update BIND9 ports to 9.9.12, 9.10.7, 9.11.3 and 9.12.1.

Sponsored by:	Absolight

Teach named where its pid file should be by default, to be consistent
with the default configuration, rc script, man pages...

PR:		225687
Reported by:	John W. O'Brien
Sponsored by:	Absolight

Add a TCP_FASTOPEN option (default on) to allow not building it in. [1]

It is annoying because it outputs one line saying it cannot enable
TCP_FASTOPEN when the deamon starts.

While there, discover that FILTER_AAAA is always enabled in 9.12+ and no
longer an option, so remove it.

PR:		217288 [1] (based on)
Reported by:	doktornotor mailinator com
Sponsored by:	Absolight

Catch up with the conflicts lines in the BIND9 ports.

Sponsored by:	Absolight

Remove support for bind-tools from the BIND9 9.11 port.

Sponsored by:	Absolight

Update named.root.

Sponsored by:	People afraid of a nuclear holocaust.

Update BIND9* to 9.9.11-P1, 9.10.6-P1, 9.11.2-P1 and 9.12.0rc3

MFH:		2018Q1
Security:	CVE-2017-3145
Sponsored by:	Absolight

Add a TUNING_LARGE option.

https://kb.isc.org/article/AA-01314/0

Tunes certain compiled-in constants and default settings to
values better suited to large servers with 12/16GB+ of memory.
This can improve performance on such servers, but will consume
more memory and may degrade performance on smaller systems.

PR:		224859
Sponsored by:	Absolight

Fix altlog_proglist warning when it contains more than the named service.

PR:		224951
Submitted by:	Trix Farrar
Sponsored by:	Absolight

Update devel/json-c to 0.13

- Add TEST_TARGET
- While I'm here, fix shebang for net/opensips
- Bump PORTREVISION of dependent ports for shlib change

Changes:	https://github.com/json-c/json-c/blob/master/ChangeLog
PR:		224675
Exp-run by:	antoine

Add an extra check to make sure syslogd is correctly configured when
using chroot.

Sponsored by:	Absolight

Add a symlink to named's session-keyfile.

Using nsupdate -l, and chroot was broken because nsupdate could not find
the keyfile by itself.

PR:		223403
Submitted by:	Harald Schmalzbauer
Sponsored by:	Absolight

Update license of ports using MPL (without version)

All ports now should use MPL[10|11|20] license.

Approved by:	portmgr (blanket)

Enable the PYTHON option by default, it brings a few interesting DNSSEC
tools.

Sponsored by:	Absolight

Install the mtree file as .sample to allow users to change them.

Sponsored by:	Absolight

Update BIND9 ports to 9.{9.11,10.6,11.2}.

Sponsored by:	Absolight

Update to 9.{9.10,10.5,11.1}-P3.

Sponsored by:	Absolight

Update to 9.{9.10,10.5,11.1}-P2.

Security:	CVE-2017-3142
Security:	CVE-2017-3143
Sponsored by:	Absolight

Update to 9.9.10-P1, 9.10.5-P1, 9.11.1-P1.

MFH:		2017Q2
Security:	CVE-2017-3140
Security:	CVE-2017-3141
Sponsored by:	Absolight

Remove special handling for testing and documentation domains, per RFC
6761 recommendations.

While there:
- Fix invalid syntax in sample slave config.
- Add a message about having syslogd working with BIND9 chroot.

PR:		217915
Reported by:	eserte12 yahoo de
Sponsored by:	Absolight

Update to 9.9.10, 9.10.5, 9.11.1 and 9.12 to latest snapshot.

While there:

Make it more maintainable by sorting stuff in the Makefile and removing
vestigial pre 10.3 things.

Refresh the root zone hints.

"Fix" the configuration section telling you to get some top level
zones from f.root-servers.net, which does not allow axfr any more. [1]

PR:		218656 [1]
Reported by:	Thomas Steen Rasmussen / Tykling [1]
MFH:		2017Q2
Sponsored by:	Absolight

Unbreak rndc calls when using non default rndc.key location.

PR:		218335
Sponsored by:	Absolight

Security update to 9.11.0P5.

Security:	c6861494-1ffb-11e7-934d-d05099c0ae8c
Approved by:	so
MFH:		2017Q2

Remove private URLs that should never have been committed.

Pointy hat:	mat
Sponsored by:	Absolight

Update to 9.9.9-P6, 9.10.4-P6 and 9.11.0-P3.

While there, remove the RPZ_PATCH for BIND9 9.9, it has not been updated
for years, and, it does not build any more.

MFH:		2017Q1
Security:	CVE-2017-3135
Sponsored by:	Absolight

Commit the cleanups that should have gone in with the pervious update.

Sponsored by:	Absolight

Security update to 9.11.0-P2.

Approved by:	so
Security:	d4c7e9a9-d893-11e6-9b4d-d050996490d0
MFH:		2017Q1

Switch bind-tools to BIND9 9.11.

Sponsored by:	Absolight

Cleanup CONFLICTS.

Sponsored by:	Absolight

Fixup libedit for all BIND9 ports, and fix spurious json dependency by
adding an option.

PR:		215170
Reported by:	sunpoet
Sponsored by:	Absolight

Security update:

dns/bind99:  9.9.9-P3  -> 9.9.9-P4
dns/bind910: 9.10.4-P3 -> 9.10.4-P4
dns/bind911: 9.11.0    -> 9.11.0-P1

Security:	CVE-2016-8864
Submitted by:	mat
MFH:		2016Q4

Update to 9.11.0

Changes:	https://lists.isc.org/pipermail/bind-announce/2016-October/001007.html
Sponsored by:	Absolight

Remarke MAKE_JOBS_UNSAFE everywhere.

Sponsored by:	Absolight

So, on 9, it is failing to build it with jobs.

It builds .a before all the .o that are supposed to go in the .a are
built.  Imagine what happens after that...

Reported by:	Craig Leres
Sponsored by:	Absolight

Remove MAKE_JOBS_UNSAFE for BIND9.

It was added in 2009 in r232247 without the reason it was failing, I've
tried with -J 2-10, and can't have one of the BIND9 port fail.
Feel free to add it back, but please, add the reason why it fails.

Sponsored by:	Absolight

Update BIND9 to latest versions, 9.9.9-P3, 9.10.4-P3, 9.11.0rc3

MFH:		2016Q3
Security:	CVE-2016-2776
Sponsored by:	Absolight

The START_LATE option is not needed by bind-tools.

Sponsored by:	Absolight

The NEWSTATS and RRL options were removed in BIND9 9.10, so remove them
from here, also, make the upstream default options default for real.

While there, put back the BIND_TOOLS knobs in bind9-devel.

Sponsored by:	Absolight

Update to 9.11.0rc1.

While there, remove obsolete configure options, and set as default the
one that default to yes.

Changes:	https://lists.isc.org/pipermail/bind-announce/2016-August/001002.html
Sponsored by:	Absolight

Update to 9.11.0b3.

MFH:		2016Q3
Security:	CVE-2016-2775
Changes:	https://lists.isc.org/pipermail/bind-announce/2016-July/001001.html
Sponsored by:	Absolight

BIND9 update, 9.9.9-P2, 9.10.4-P2, 9.11.0b2 and latest 9.12 snapshot.

MFH:		2016Q3
Security:	CVE-2016-2775
Changes:	https://lists.isc.org/pipermail/bind-announce/2016-July/000996.html
Changes:	https://lists.isc.org/pipermail/bind-announce/2016-July/000997.html
Changes:	https://lists.isc.org/pipermail/bind-announce/2016-July/000998.html
Changes:	https://lists.isc.org/pipermail/bind-announce/2016-July/000999.html
Sponsored by:	Absolight

Introduce BIND9 9.11.0b1. (beta1)

BIND 9.11 brings many changes to BIND, including a new license
(the Mozilla Public License 2.0 -- you can read about it here:
https://www.isc.org/blogs/bind9-adopts-the-mpl-2-0-license-with-bind-9-11-0/)
and many new features, including:

-  Catalog zones, a new way to provision zones on slave servers
-  dyndb api, a fast new api enabling BIND to serve zones stored
   in a database (Developed by Petr Spacek of RedHat)
-  RNDC showzone, view-only mode and other improvements
-  dnstap query and response logging (Robert Edmonds is the author
   of dnstap, see www.dnstap.info)
-  EDNS Client-subnet (authoritative server functions)
-  DNSSEC key manager, a new utility (Thanks to Sebastian Castro
   for helping with development.)
-  Automatic CDS/CDSKEY generation
-  Negative Trust Anchors for DNSSEC validators
-  IPv6 bias to encourage use of IPv6 DNS servers
-  Minimal response to "any" queries (Thanks to Tony Finch for
   the contribution)
-  DNS Cookies are now enabled by default, using the standardized code point

Changes:	https://lists.isc.org/pipermail/bind-announce/2016-June/000994.html
Sponsored by:	Absolight

15 vulnerabilities affecting 134 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities

Last updated:
2018-08-17 23:13:03