1 # Buildsheet autogenerated by ravenadm tool -- Do not edit.
7 SDESC[standard]= Berkeley Internet Name Domain (Domain Name Server)
8 HOMEPAGE= https://www.isc.org/downloads/bind/
12 SITES[main]= ISC/bind9/9.11.2
13 DISTFILE[1]= bind-9.11.2.tar.gz:main
15 SPKGS[standard]= complete
20 OPTIONS_AVAILABLE= FILTER_AAAA FIXED_RRSET GEOIP LARGE_FILE QUERYTRACE
21 OPTIONS_STANDARD= FILTER_AAAA FIXED_RRSET GEOIP LARGE_FILE QUERYTRACE
23 BUILD_DEPENDS= idnkit:single:standard
24 BUILDRUN_DEPENDS= libxml2:single:standard
25 json-c:single:standard
27 libedit:single:standard
28 EXRUN[tools]= idnkit:single:standard
30 USES= cpe iconv ssl cclibs:server,tools
34 LICENSE_FILE= MPL:{{WRKSRC}}/COPYRIGHT
37 FPC_EQUIVALENT= dns/bind911
40 CONFIGURE_ARGS= --localstatedir=/var
41 --sysconfdir={{PREFIX}}/etc/namedb
45 --disable-native-pkcs11
49 --with-randomdev=/dev/random
50 --with-readline="-L{{LOCALBASE}}/lib -ledit"
51 --with-openssl={{OPENSSLBASE}}
52 --with-libxml2={{LOCALBASE}}
54 --with-idn={{LOCALBASE}}
57 --with-dlz-filesystem=yes
62 {{ICONV_CONFIGURE_ARG}}
63 STD_CDEFINES="-DDIG_SIGCHASE=1"
67 PLIST_SUB= ETCDIR=etc/namedb
69 SUB_FILES= pkg-message-server
72 [FIXED_RRSET].DESCRIPTION= Enable fixed rrset ordering
73 [FIXED_RRSET].CONFIGURE_ENABLE_BOTH= fixed-rrset
75 [FILTER_AAAA].DESCRIPTION= Enable filtering of AAAA records
76 [FILTER_AAAA].CONFIGURE_ENABLE_BOTH= filter-aaaa
78 [QUERYTRACE].DESCRIPTION= Enable the very verbose query tracelogging
79 [QUERYTRACE].CONFIGURE_ENABLE_BOTH= querytrace
81 [GEOIP].DESCRIPTION= Allow geographically based ACL
82 [GEOIP].BUILDRUN_DEPENDS_ON= GeoIP:single:standard
83 [GEOIP].CONFIGURE_WITH_BOTH= geoip
85 [LARGE_FILE].DESCRIPTION= 64-bit file support
86 [LARGE_FILE].CONFIGURE_ENABLE_BOTH= largefile
89 . for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.1 \
91 @${REINPLACE_CMD} -e 's#/etc/named.conf#${PREFIX}etc/namedb/named.conf#g' \
92 -e 's#/etc/rndc.conf#${PREFIX}etc/namedb/rndc.conf#g' \
93 -e "s#/var\/run\/named\/named.pid#/var/run/named/pid#" \
96 ${REINPLACE_CMD} -e "s|/opt/local|${PREFIX}|g" \
100 ${MKDIR} ${STAGEDIR}${PREFIX}/etc/namedb \
101 ${STAGEDIR}${STD_DOCDIR}/arm
102 . for i in dynamic master slave working
103 @${MKDIR} ${STAGEDIR}${PREFIX}/etc/namedb/$i
105 ${INSTALL_DATA} ${WRKDIR}/named.conf \
106 ${STAGEDIR}${PREFIX}/etc/namedb/named.conf.sample
107 ${INSTALL_DATA} ${FILESDIR}/named.root \
108 ${STAGEDIR}${PREFIX}/etc/namedb
109 ${INSTALL_DATA} ${FILESDIR}/empty.db \
110 ${STAGEDIR}${PREFIX}/etc/namedb/master
111 ${INSTALL_DATA} ${FILESDIR}/localhost-forward.db \
112 ${STAGEDIR}${PREFIX}/etc/namedb/master
113 ${INSTALL_DATA} ${FILESDIR}/localhost-reverse.db \
114 ${STAGEDIR}${PREFIX}/etc/namedb/master
115 ${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \
116 ${STAGEDIR}${PREFIX}/etc/namedb/rndc.conf.sample
117 ${RM} -r ${STAGEDIR}/var
119 ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${STD_DOCDIR}/arm
120 ${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${STD_DOCDIR}
121 ${INSTALL_DATA} ${WRKSRC}/CHANGES \
122 ${WRKSRC}/HISTORY* ${WRKSRC}/README* ${STAGEDIR}${STD_DOCDIR}
124 [FILE:743:descriptions/desc.server]
125 BIND is open source software that enables you to publish your Domain Name
126 System (DNS) information on the Internet, and to resolve DNS queries for
127 your users. The name BIND stands for "Berkeley Internet Name Domain",
128 because the software originated in the early 1980s at the University of
129 California at Berkeley.
131 BIND is by far the most widely used DNS software on the Internet,
132 providing a robust and stable platform on top of which organizations can
133 build distributed computing systems with the knowledge that those systems
134 are fully compliant with published DNS standards.
136 The BIND software distribution has three parts:
137 1. Domain Name Resolver
138 2. Domain Name Authority server
141 This package contains parts 1 and 2.
144 [FILE:357:descriptions/desc.tools]
145 BIND is open source software that enables you to publish your Domain Name
146 System (DNS) information on the Internet, and to resolve DNS queries for
147 your users. The name BIND stands for "Berkeley Internet Name Domain",
148 because the software originated in the early 1980s at the University of
149 California at Berkeley.
151 This package contains the BIND tools.
155 7f46ad8620f7c3b0ac375d7a5211b15677708fda84ce25d7aeb7222fe2e3c77a 9782180 bind-9.11.2.tar.gz
158 [FILE:5760:manifests/plist.server]
159 @dir(bind,bind,) %%ETCDIR%%/dynamic
160 @dir(bind,bind,) %%ETCDIR%%/slave
161 @dir(bind,bind,) %%ETCDIR%%/working
171 @sample %%ETCDIR%%/named.conf.sample
453 lwres_addr_parse.3.gz
455 lwres_buffer_add.3.gz
456 lwres_buffer_back.3.gz
457 lwres_buffer_clear.3.gz
458 lwres_buffer_first.3.gz
459 lwres_buffer_forward.3.gz
460 lwres_buffer_getmem.3.gz
461 lwres_buffer_getuint16.3.gz
462 lwres_buffer_getuint32.3.gz
463 lwres_buffer_getuint8.3.gz
464 lwres_buffer_init.3.gz
465 lwres_buffer_invalidate.3.gz
466 lwres_buffer_putmem.3.gz
467 lwres_buffer_putuint16.3.gz
468 lwres_buffer_putuint32.3.gz
469 lwres_buffer_putuint8.3.gz
470 lwres_buffer_subtract.3.gz
471 lwres_conf_clear.3.gz
474 lwres_conf_parse.3.gz
475 lwres_conf_print.3.gz
478 lwres_context_allocmem.3.gz
479 lwres_context_create.3.gz
480 lwres_context_destroy.3.gz
481 lwres_context_freemem.3.gz
482 lwres_context_initserial.3.gz
483 lwres_context_nextserial.3.gz
484 lwres_context_sendrecv.3.gz
485 lwres_endhostent.3.gz
486 lwres_endhostent_r.3.gz
487 lwres_freeaddrinfo.3.gz
488 lwres_freehostent.3.gz
490 lwres_gabnrequest_free.3.gz
491 lwres_gabnrequest_parse.3.gz
492 lwres_gabnrequest_render.3.gz
493 lwres_gabnresponse_free.3.gz
494 lwres_gabnresponse_parse.3.gz
495 lwres_gabnresponse_render.3.gz
496 lwres_gai_strerror.3.gz
497 lwres_getaddrinfo.3.gz
498 lwres_getaddrsbyname.3.gz
499 lwres_gethostbyaddr.3.gz
500 lwres_gethostbyaddr_r.3.gz
501 lwres_gethostbyname.3.gz
502 lwres_gethostbyname2.3.gz
503 lwres_gethostbyname_r.3.gz
504 lwres_gethostent.3.gz
505 lwres_gethostent_r.3.gz
507 lwres_getipnodebyaddr.3.gz
508 lwres_getipnodebyname.3.gz
509 lwres_getnamebyaddr.3.gz
510 lwres_getnameinfo.3.gz
511 lwres_getrrsetbyname.3.gz
513 lwres_gnbarequest_free.3.gz
514 lwres_gnbarequest_parse.3.gz
515 lwres_gnbarequest_render.3.gz
516 lwres_gnbaresponse_free.3.gz
517 lwres_gnbaresponse_parse.3.gz
518 lwres_gnbaresponse_render.3.gz
522 lwres_lwpacket_parseheader.3.gz
523 lwres_lwpacket_renderheader.3.gz
526 lwres_nooprequest_free.3.gz
527 lwres_nooprequest_parse.3.gz
528 lwres_nooprequest_render.3.gz
529 lwres_noopresponse_free.3.gz
530 lwres_noopresponse_parse.3.gz
531 lwres_noopresponse_render.3.gz
534 lwres_sethostent.3.gz
535 lwres_sethostent_r.3.gz
536 lwres_string_parse.3.gz
545 named-compilezone.8.gz
546 named-journalprint.8.gz
565 [FILE:644:manifests/plist.tools]
585 dnssec-dsfromkey.8.gz
586 dnssec-importkey.8.gz
587 dnssec-keyfromlabel.8.gz
611 [FILE:3084:patches/patch-configure]
612 --- configure.orig 2017-07-24 05:36:50 UTC
614 @@ -14402,27 +14402,9 @@ done
615 # problems start to show up.
619 - "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" \
620 - "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lresolv" \
622 - "-lgssapi -lkrb5 -ldes -lcrypt -lasn1 -lroken -lcom_err" \
623 - "-lgssapi -lkrb5 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \
624 - "-lgssapi -lkrb5 -lgssapi_krb5 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \
625 - "-lgssapi -lkrb5 -lhx509 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \
627 + "$($KRB5CONFIG gssapi --libs)"; \
629 - # Note that this does not include $saved_libs, because
630 - # on FreeBSD machines this configure script has added
631 - # -L/usr/local/lib to LIBS, which can make the
632 - # -lgssapi_krb5 test succeed with shared libraries even
633 - # when you are trying to build with KTH in /usr/lib.
634 - if test "/usr" = "$use_gssapi"
638 - LIBS="-L$use_gssapi/lib $TRY_LIBS"
641 { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5
642 $as_echo_n "checking linking as $TRY_LIBS... " >&6; }
643 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
644 @@ -14465,47 +14447,7 @@ $as_echo "no" >&6; } ;;
645 no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;;
649 - # XXXDCL Major kludge. Tries to cope with KTH in /usr/lib
650 - # but MIT in /usr/local/lib and trying to build with KTH.
651 - # /usr/local/lib can end up earlier on the link lines.
652 - # Like most kludges, this one is not only inelegant it
653 - # is also likely to be the wrong thing to do at least as
654 - # many times as it is the right thing. Something better
655 - # needs to be done.
657 - if test "/usr" = "$use_gssapi" -a \
658 - -f /usr/local/lib/libkrb5.a; then
662 - case "$FIX_KTH_VS_MIT" in
664 - case "$enable_static_linking" in
665 - yes) gssapi_lib_suffix=".a" ;;
666 - *) gssapi_lib_suffix=".so" ;;
669 - for lib in $LIBS; do
674 - new_lib=`echo $lib |
675 - sed -e s%^-l%$use_gssapi/lib/lib% \
676 - -e s%$%$gssapi_lib_suffix%`
677 - NEW_LIBS="$NEW_LIBS $new_lib"
680 - as_fn_error $? "KTH vs MIT Kerberos confusion!" "$LINENO" 5
688 - DST_GSSAPI_INC="-I$use_gssapi/include"
689 + DST_GSSAPI_INC="$($KRB5CONFIG gssapi --cflags)"
690 DNS_GSSAPI_LIBS="$LIBS"
692 { $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5
693 @@ -22825,7 +22767,7 @@ $as_echo "" >&6; }
694 # Check other locations for includes.
695 # Order is important (sigh).
697 - bdb_incdirs="/db53 /db51 /db48 /db47 /db46 /db45 /db44 /db43 /db42 /db41 /db4 /db"
698 + bdb_incdirs="/db6 /db5 /db48"
699 # include a blank element first
700 for d in "" $bdb_incdirs
704 [FILE:148:files/empty.db]
706 @ SOA @ nobody.localhost. 42 1d 12h 1w 3h
707 ; Serial, Refresh, Retry, Expire, Neg. cache TTL
711 ; Silence a BIND warning
715 [FILE:158:files/localhost-forward.db]
717 localhost. SOA localhost. nobody.localhost. 42 1d 12h 1w 3h
718 ; Serial, Refresh, Retry, Expire, Neg. cache TTL
726 [FILE:226:files/localhost-reverse.db]
728 @ SOA localhost. nobody.localhost. 42 1d 12h 1w 3h
729 ; Serial, Refresh, Retry, Expire, Neg. cache TTL
735 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR localhost.
739 [FILE:19802:files/named.conf.in]
740 // Refer to the named.conf(5) and named(8) man pages, and the documentation
741 // in /usr/local/share/doc/bind for more details.
743 // If you are going to set up an authoritative server, make sure you
744 // understand the hairy details of how DNS works. Even with
745 // simple mistakes, you can break connectivity for affected parties,
746 // or cause huge amounts of useless Internet traffic.
749 // All file and path names are relative to the chroot directory,
750 // if any, and should be fully qualified.
751 directory "%%ETCDIR%%/working";
752 pid-file "/var/run/named/pid";
753 dump-file "/var/dump/named_dump.db";
754 statistics-file "/var/stats/named.stats";
756 // If named is being used only as a local resolver, this is a safe default.
757 // For named to be accessible to the network, comment this option, specify
758 // the proper IP address, or delete this option.
759 listen-on { 127.0.0.1; };
761 // If you have IPv6 enabled on this system, uncomment this option for
762 // use as a local resolver. To give access to the network, specify
763 // an IPv6 address, or the keyword "any".
764 // listen-on-v6 { ::1; };
766 // These zones are already covered by the empty zones listed below.
767 // If you remove the related empty zones below, comment these lines out.
768 disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
769 disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
770 disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
772 // If you've got a DNS server around at your upstream provider, enter
773 // its IP address here, and enable the line below. This will make you
774 // benefit from its cache, thus reduce overall DNS traffic in the Internet.
781 // If the 'forwarders' clause is not empty the default is to 'forward first'
782 // which will fall back to sending a query from your local server if the name
783 // servers in 'forwarders' do not have the answer. Alternatively you can
784 // force your name server to never initiate queries of its own by enabling the
788 // If you wish to have forwarding configured automatically based on
789 // the entries in /etc/resolv.conf, uncomment the following line and
790 // set named_auto_forward=yes in /etc/rc.conf. You can also enable
791 // named_auto_forward_only (the effect of which is described above).
792 // include "%%ETCDIR%%/auto_forward.conf";
795 Modern versions of BIND use a random UDP port for each outgoing
796 query by default in order to dramatically reduce the possibility
797 of cache poisoning. All users are strongly encouraged to utilize
798 this feature, and to configure their firewalls to accommodate it.
800 AS A LAST RESORT in order to get around a restrictive firewall
801 policy you can try enabling the option below. Use of this option
802 will significantly reduce your ability to withstand cache poisoning
803 attacks, and should be avoided if at all possible.
805 Replace NNNNN in the example with a number between 49160 and 65530.
807 // query-source address * port NNNNN;
810 // If you enable a local name server, don't forget to enter 127.0.0.1
811 // first in your /etc/resolv.conf so this server will be queried.
812 // Also, make sure to enable it in /etc/rc.conf.
814 // The traditional root hints mechanism. Use this, OR the slave zones below.
815 zone "." { type hint; file "%%ETCDIR%%/named.root"; };
817 /* Slaving the following zones from the root name servers has some
818 significant advantages:
819 1. Faster local resolution for your users
820 2. No spurious traffic will be sent from your network to the roots
821 3. Greater resilience to any potential root server failure/DDoS
823 On the other hand, this method requires more monitoring than the
824 hints file to be sure that an unexpected failure mode has not
825 incapacitated your server. Name servers that are serving a lot
826 of clients will benefit more from this approach than individual
827 hosts. Use with caution.
829 To use this mechanism, uncomment the entries below, and comment
832 As documented at http://dns.icann.org/services/axfr/ these zones:
833 "." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and a few others
834 are available for AXFR from these servers on IPv4 and IPv6:
835 xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org
840 file "%%ETCDIR%%/slave/root.slave";
842 192.0.32.132; // lax.xfr.dns.icann.org
843 2620:0:2d0:202::132; // lax.xfr.dns.icann.org
844 192.0.47.132; // iad.xfr.dns.icann.org
845 2620:0:2830:202::132; // iad.xfr.dns.icann.org
851 file "%%ETCDIR%%/slave/arpa.slave";
853 192.0.32.132; // lax.xfr.dns.icann.org
854 2620:0:2d0:202::132; // lax.xfr.dns.icann.org
855 192.0.47.132; // iad.xfr.dns.icann.org
856 2620:0:2830:202::132; // iad.xfr.dns.icann.org
860 zone "in-addr.arpa" {
862 file "%%ETCDIR%%/slave/in-addr.arpa.slave";
864 192.0.32.132; // lax.xfr.dns.icann.org
865 2620:0:2d0:202::132; // lax.xfr.dns.icann.org
866 192.0.47.132; // iad.xfr.dns.icann.org
867 2620:0:2830:202::132; // iad.xfr.dns.icann.org
873 file "%%ETCDIR%%/slave/ip6.arpa.slave";
875 192.0.32.132; // lax.xfr.dns.icann.org
876 2620:0:2d0:202::132; // lax.xfr.dns.icann.org
877 192.0.47.132; // iad.xfr.dns.icann.org
878 2620:0:2830:202::132; // iad.xfr.dns.icann.org
884 /* Serving the following zones locally will prevent any queries
885 for these zones leaving your network and going to the root
886 name servers. This has two significant advantages:
887 1. Faster local resolution for your users
888 2. No spurious traffic will be sent from your network to the roots
890 // RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)
891 zone "localhost" { type master; file "%%ETCDIR%%/master/localhost-forward.db"; };
892 zone "127.in-addr.arpa" { type master; file "%%ETCDIR%%/master/localhost-reverse.db"; };
893 zone "255.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
895 // RFC 1912-style zone for IPv6 localhost address (RFC 6303)
896 zone "0.ip6.arpa" { type master; file "%%ETCDIR%%/master/localhost-reverse.db"; };
898 // "This" Network (RFCs 1912, 5735 and 6303)
899 zone "0.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
901 // Private Use Networks (RFCs 1918, 5735 and 6303)
902 zone "10.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
903 zone "16.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
904 zone "17.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
905 zone "18.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
906 zone "19.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
907 zone "20.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
908 zone "21.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
909 zone "22.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
910 zone "23.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
911 zone "24.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
912 zone "25.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
913 zone "26.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
914 zone "27.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
915 zone "28.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
916 zone "29.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
917 zone "30.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
918 zone "31.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
919 zone "168.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
921 // Shared Address Space (RFC 6598)
922 zone "64.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
923 zone "65.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
924 zone "66.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
925 zone "67.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
926 zone "68.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
927 zone "69.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
928 zone "70.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
929 zone "71.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
930 zone "72.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
931 zone "73.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
932 zone "74.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
933 zone "75.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
934 zone "76.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
935 zone "77.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
936 zone "78.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
937 zone "79.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
938 zone "80.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
939 zone "81.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
940 zone "82.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
941 zone "83.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
942 zone "84.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
943 zone "85.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
944 zone "86.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
945 zone "87.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
946 zone "88.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
947 zone "89.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
948 zone "90.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
949 zone "91.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
950 zone "92.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
951 zone "93.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
952 zone "94.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
953 zone "95.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
954 zone "96.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
955 zone "97.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
956 zone "98.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
957 zone "99.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
958 zone "100.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
959 zone "101.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
960 zone "102.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
961 zone "103.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
962 zone "104.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
963 zone "105.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
964 zone "106.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
965 zone "107.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
966 zone "108.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
967 zone "109.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
968 zone "110.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
969 zone "111.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
970 zone "112.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
971 zone "113.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
972 zone "114.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
973 zone "115.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
974 zone "116.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
975 zone "117.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
976 zone "118.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
977 zone "119.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
978 zone "120.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
979 zone "121.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
980 zone "122.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
981 zone "123.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
982 zone "124.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
983 zone "125.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
984 zone "126.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
985 zone "127.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
987 // Link-local/APIPA (RFCs 3927, 5735 and 6303)
988 zone "254.169.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
990 // IETF protocol assignments (RFCs 5735 and 5736)
991 zone "0.0.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
993 // TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303)
994 zone "2.0.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
995 zone "100.51.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
996 zone "113.0.203.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
998 // IPv6 Example Range for Documentation (RFCs 3849 and 6303)
999 zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1001 // Router Benchmark Testing (RFCs 2544 and 5735)
1002 zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1003 zone "19.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1005 // IANA Reserved - Old Class E Space (RFC 5735)
1006 zone "240.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1007 zone "241.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1008 zone "242.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1009 zone "243.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1010 zone "244.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1011 zone "245.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1012 zone "246.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1013 zone "247.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1014 zone "248.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1015 zone "249.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1016 zone "250.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1017 zone "251.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1018 zone "252.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1019 zone "253.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1020 zone "254.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1022 // IPv6 Unassigned Addresses (RFC 4291)
1023 zone "1.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1024 zone "3.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1025 zone "4.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1026 zone "5.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1027 zone "6.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1028 zone "7.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1029 zone "8.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1030 zone "9.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1031 zone "a.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1032 zone "b.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1033 zone "c.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1034 zone "d.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1035 zone "e.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1036 zone "0.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1037 zone "1.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1038 zone "2.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1039 zone "3.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1040 zone "4.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1041 zone "5.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1042 zone "6.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1043 zone "7.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1044 zone "8.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1045 zone "9.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1046 zone "a.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1047 zone "b.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1048 zone "0.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1049 zone "1.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1050 zone "2.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1051 zone "3.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1052 zone "4.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1053 zone "5.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1054 zone "6.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1055 zone "7.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1057 // IPv6 ULA (RFCs 4193 and 6303)
1058 zone "c.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1059 zone "d.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1061 // IPv6 Link Local (RFCs 4291 and 6303)
1062 zone "8.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1063 zone "9.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1064 zone "a.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1065 zone "b.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1067 // IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303)
1068 zone "c.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1069 zone "d.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1070 zone "e.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1071 zone "f.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
1073 // IP6.INT is Deprecated (RFC 4159)
1074 zone "ip6.int" { type master; file "%%ETCDIR%%/master/empty.db"; };
1076 // NB: Do not use the IP addresses below, they are faked, and only
1077 // serve demonstration/documentation purposes!
1079 // Example slave zone config entries. It can be convenient to become
1080 // a slave at least for the zone your own domain is in. Ask
1081 // your network administrator for the IP address of the responsible
1082 // master name server.
1084 // Do not forget to include the reverse lookup zone!
1085 // This is named after the first bytes of the IP address, in reverse
1086 // order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6.
1088 // Before starting to set up a master zone, make sure you fully
1089 // understand how DNS and BIND work. There are sometimes
1090 // non-obvious pitfalls. Setting up a slave zone is usually simpler.
1092 // NB: Don't blindly enable the examples below. :-) Use actual names
1093 // and addresses instead.
1095 /* An example dynamic zone
1096 key "exampleorgkey" {
1098 secret "sf87HJqjkqh8ac87a02lla==";
1100 zone "example.org" {
1103 key "exampleorgkey";
1105 file "%%ETCDIR%%/dynamic/example.org";
1109 /* Example of a slave reverse zone
1110 zone "1.168.192.in-addr.arpa" {
1112 file "%%ETCDIR%%/slave/1.168.192.in-addr.arpa";
1120 [FILE:12389:files/named.in]
1125 # REQUIRE: %%NAMED_REQUIRE%%
1126 # BEFORE: %%NAMED_BEFORE%%
1130 # Add the following lines to /etc/rc.conf to enable BIND:
1131 # named_enable (bool): Run named, the DNS server (or NO).
1132 # named_program (str): Path to named, if you want a different one.
1133 # named_conf (str): Path to the configuration file
1134 # named_flags (str): Use this for flags OTHER than -u and -c
1135 # named_uid (str): User to run named as
1136 # named_chrootdir (str): Chroot directory (or "" not to auto-chroot it)
1137 # Historically, was /var/named
1138 # named_chroot_autoupdate (bool): Automatically install/update chrooted
1139 # components of named.
1140 # named_symlink_enable (bool): Symlink the chrooted pid file
1141 # named_wait (bool): Wait for working name service before exiting
1142 # named_wait_host (str): Hostname to check if named_wait is enabled
1143 # named_auto_forward (str): Set up forwarders from /etc/resolv.conf
1144 # named_auto_forward_only (str): Do "forward only" instead of "forward first"
1145 %%NATIVE_PKCS11%%# named_pkcs11_engine (str): Path to the PKCS#11 library to use.
1151 desc="named BIND startup script"
1154 load_rc_config ${name}
1156 extra_commands=reload
1158 start_precmd=named_prestart
1159 start_postcmd=named_poststart
1160 reload_cmd=named_reload
1162 stop_postcmd=named_poststop
1164 named_enable=${named_enable:-"NO"}
1165 named_program=${named_program:-"%%PREFIX%%/sbin/named"}
1166 named_conf=${named_conf:-"%%ETCDIR%%/named.conf"}
1167 named_flags=${named_flags:-""}
1168 named_uid=${named_uid:-"bind"}
1169 named_chrootdir=${named_chrootdir:-""}
1170 named_chroot_autoupdate=${named_chroot_autoupdate:-"YES"}
1171 named_symlink_enable=${named_symlink_enable:-"YES"}
1172 named_wait=${named_wait:-"NO"}
1173 named_wait_host=${named_wait_host:-"localhost"}
1174 named_auto_forward=${named_auto_forward:-"NO"}
1175 named_auto_forward_only=${named_auto_forward_only:-"NO"}
1176 %%NATIVE_PKCS11%%named_pkcs11_engine=${named_pkcs11_engine:-""}
1178 # Not configuration variables but having them here keeps rclint happy
1179 required_dirs="${named_chrootdir}"
1180 _named_confdirroot="${named_conf%/*}"
1181 _named_confdir="${named_chrootdir}${_named_confdirroot}"
1182 _named_program_root="${named_program%/sbin/named}"
1183 _openssl_engines="%%LOCALBASE%%/lib/engines"
1185 # Needed if named.conf and rndc.conf are moved or if rndc.conf is used
1186 rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"}
1187 rndc_key=${rndc_key:-"$_named_confdir/rndc.key"}
1189 # If running in a chroot cage, ensure that the appropriate files
1190 # exist inside the cage, as well as helper symlinks into the cage
1193 # As this is called after the is_running and required_dir checks
1194 # are made in run_rc_command(), we can safely assume ${named_chrootdir}
1195 # exists and named isn't running at this point (unless forcestart
1202 # If it's the first time around, fiddle with things and move the
1203 # current configuration to the chroot.
1204 if [ -d ${_named_confdirroot} -a ! -d ${_named_confdir} ]; then
1205 warn "named chroot: Moving current configuration in the chroot!"
1206 install -d ${_named_confdir%/*}
1207 mv ${_named_confdirroot} ${_named_confdir}
1210 # Create (or update) the chroot directory structure
1212 if [ -r %%PREFIX%%/etc/mtree/BIND.chroot.dist ]; then
1213 mtree -deU -f %%PREFIX%%/etc/mtree/BIND.chroot.dist \
1214 -p ${named_chrootdir}
1216 warn "%%PREFIX%%/etc/mtree/BIND.chroot.dist missing,"
1217 warn "${named_chrootdir} directory structure not updated"
1219 if [ -r %%PREFIX%%/etc/mtree/BIND.chroot.local.dist ]; then
1220 mkdir -p ${named_chrootdir}%%PREFIX%%
1221 mtree -deU -f %%PREFIX%%/etc/mtree/BIND.chroot.local.dist \
1222 -p ${named_chrootdir}%%PREFIX%%
1224 warn "%%PREFIX%%/etc/mtree/BIND.chroot.local.dist missing,"
1225 warn "${named_chrootdir}%%PREFIX%% directory structure not updated"
1228 # Create (or update) the configuration directory symlink
1230 if [ ! -L "${_named_confdirroot}" ]; then
1231 if [ -d "${_named_confdirroot}" ]; then
1232 warn "named chroot: ${_named_confdirroot} is a directory!"
1233 elif [ -e "${_named_confdirroot}" ]; then
1234 warn "named chroot: ${_named_confdirroot} exists!"
1236 ln -s ${_named_confdir} ${_named_confdirroot}
1239 # Make sure it points to the right place.
1240 ln -shf ${_named_confdir} ${_named_confdirroot}
1243 # Mount a devfs in the chroot directory if needed
1245 if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
1246 umount ${named_chrootdir}/dev 2>/dev/null
1247 devfs_domount ${named_chrootdir}/dev devfsrules_hide_all
1248 devfs -m ${named_chrootdir}/dev rule apply path null unhide
1249 devfs -m ${named_chrootdir}/dev rule apply path random unhide
1251 if [ -c ${named_chrootdir}/dev/null -a \
1252 -c ${named_chrootdir}/dev/random ]; then
1253 info "named chroot: using pre-mounted devfs."
1255 err 1 "named chroot: devfs cannot be mounted from " \
1256 "within a jail. Thus a chrooted named cannot " \
1257 "be run from within a jail. Either mount the " \
1258 "devfs with null and random from the host, or " \
1259 "run named without chrooting it, set " \
1260 "named_chrootdir=\"\" in /etc/rc.conf."
1264 # If OpenSSL from ports, then the engines should be present in the
1265 # chroot, named loads them after chrooting.
1266 if [ -d ${_openssl_engines} ]; then
1267 # FIXME when 8.4 is gone see if
1268 # security.jail.param.allow.mount.nullfs can be used.
1269 if [ `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ]; then
1270 mkdir -p ${named_chrootdir}${_openssl_engines}
1271 mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
1273 warn "named chroot: cannot nullfs mount OpenSSL" \
1274 "engines into the chroot, will copy the shared" \
1275 "libraries instead."
1276 mkdir -p ${named_chrootdir}${_openssl_engines}
1277 cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
1281 # Copy and/or update key files to the chroot /etc
1283 for file in localtime protocols services; do
1284 if [ -r /etc/${file} ] && \
1285 ! cmp -s /etc/${file} "${named_chrootdir}/etc/${file}"; then
1286 cp -p /etc/${file} "${named_chrootdir}/etc/${file}"
1291 # Make symlinks to the correct pid file
1295 checkyesno named_symlink_enable &&
1296 ln -fs "${named_chrootdir}${pidfile}" ${pidfile}
1303 if checkyesno named_wait; then
1304 until ${_named_program_root}/bin/host ${named_wait_host} >/dev/null 2>&1; do
1305 echo " Waiting for nameserver to resolve ${named_wait_host}"
1313 # This is a one line function, but ${named_program} is not defined early
1314 # enough to be there when the reload_cmd variable is defined up there.
1320 if get_pidfile_from_conf pid-file ${named_conf}; then
1321 pidfile="${_pidfile_from_conf}"
1323 pidfile="/var/run/named/pid"
1331 # This duplicates an undesirably large amount of code from the stop
1332 # routine in rc.subr in order to use rndc to shut down the process,
1333 # and to give it a second chance in case rndc fails.
1334 rc_pid=$(check_pidfile ${pidfile} ${command})
1335 if [ -z "${rc_pid}" ]; then
1336 [ -n "${rc_fast}" ] && return 0
1340 echo 'Stopping named.'
1342 wait_for_pids ${rc_pid}
1344 echo -n 'rndc failed, trying kill: '
1345 kill -TERM ${rc_pid}
1346 wait_for_pids ${rc_pid}
1352 if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
1353 # if using OpenSSL from ports, unmount OpenSSL engines, if they
1354 # were not mounted but only copied, do nothing.
1355 if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then
1356 umount ${named_chrootdir}${_openssl_engines}
1359 if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
1360 umount ${named_chrootdir}/dev 2>/dev/null || true
1362 warn "named chroot:" \
1363 "cannot unmount devfs from inside jail!"
1370 if [ -e "$1" ]; then
1373 install -o root -g wheel -m 0644 /dev/null $1
1378 if [ -z "${rndc_flags}" ]; then
1379 if [ -s "${rndc_conf}" ] ; then
1380 rndc_flags="-c ${rndc_conf}"
1381 elif [ -s "${rndc_key}" ] ; then
1382 rndc_flags="-k ${rndc_key}"
1388 ${_named_program_root}/sbin/rndc ${rndc_flags} "$@"
1395 if [ -n "${named_pidfile}" ]; then
1396 warn 'named_pidfile: now determined from the conf file'
1399 piddir=`/usr/bin/dirname ${pidfile}`
1400 if [ ! -d ${piddir} ]; then
1401 install -d -o ${named_uid} -g ${named_uid} ${piddir}
1404 command_args="-u ${named_uid:=root} -c ${named_conf} ${command_args}"
1406 %%NATIVE_PKCS11%% if [ -z "${named_pkcs11_engine}"]; then
1407 %%NATIVE_PKCS11%% err 3 "named_pkcs11_engine has to be set to the PKCS#11 engine's library you want to use"
1408 %%NATIVE_PKCS11%% elif [ ! -f ${named_pkcs11_engine} ]; then
1409 %%NATIVE_PKCS11%% err 3 "named_pkcs11_engine the PKCS#11 engine's library you want to use doesn't exist"
1410 %%NATIVE_PKCS11%% else
1411 %%NATIVE_PKCS11%% mkdir -p ${named_chrootdir}${named_pkcs11_engine%/*}
1412 %%NATIVE_PKCS11%% cp -p ${named_pkcs11_engine} ${named_chrootdir}${named_pkcs11_engine}
1413 %%NATIVE_PKCS11%% command_args="-E ${named_pkcs11_engine} ${command_args}"
1414 %%NATIVE_PKCS11%% fi
1416 local line nsip firstns
1418 # Is the user using a sandbox?
1420 if [ -n "${named_chrootdir}" ]; then
1421 rc_flags="${rc_flags} -t ${named_chrootdir}"
1422 checkyesno named_chroot_autoupdate && chroot_autoupdate
1424 named_symlink_enable=NO
1427 # Create an rndc.key file for the user if none exists
1429 confgen_command="${_named_program_root}/sbin/rndc-confgen -a -b256 -u ${named_uid} \
1430 -c ${_named_confdir}/rndc.key"
1431 if [ -s "${_named_confdir}/rndc.conf" ]; then
1432 unset confgen_command
1434 if [ -s "${_named_confdir}/rndc.key" ]; then
1435 case `stat -f%Su ${_named_confdir}/rndc.key` in
1436 root|${named_uid}) ;;
1437 *) ${confgen_command} ;;
1445 checkconf="${_named_program_root}/sbin/named-checkconf"
1446 if ! checkyesno named_chroot_autoupdate && [ -n "${named_chrootdir}" ]; then
1447 checkconf="${checkconf} -t ${named_chrootdir}"
1450 # Create a forwarder configuration based on /etc/resolv.conf
1451 if checkyesno named_auto_forward; then
1452 if [ ! -s /etc/resolv.conf ]; then
1453 warn "named_auto_forward enabled, but no /etc/resolv.conf"
1455 # Empty the file in case it is included in named.conf
1456 [ -s "${_named_confdir}/auto_forward.conf" ] &&
1457 create_file ${_named_confdir}/auto_forward.conf
1459 ${checkconf} ${named_conf} ||
1460 err 3 'named-checkconf for ${named_conf} failed'
1464 create_file /var/run/naf-resolv.conf
1465 create_file /var/run/auto_forward.conf
1467 echo ' forwarders {' > /var/run/auto_forward.conf
1471 'nameserver '*|'nameserver '*)
1472 nsip=${line##nameserver[ ]}
1474 if [ -z "${firstns}" ]; then
1475 if [ ! "${nsip}" = '127.0.0.1' ]; then
1476 echo 'nameserver 127.0.0.1'
1477 echo " ${nsip};" >> /var/run/auto_forward.conf
1482 [ "${nsip}" = '127.0.0.1' ] && continue
1483 echo " ${nsip};" >> /var/run/auto_forward.conf
1489 done < /etc/resolv.conf > /var/run/naf-resolv.conf
1491 echo ' };' >> /var/run/auto_forward.conf
1492 echo '' >> /var/run/auto_forward.conf
1493 if checkyesno named_auto_forward_only; then
1494 echo " forward only;" >> /var/run/auto_forward.conf
1496 echo " forward first;" >> /var/run/auto_forward.conf
1499 if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then
1500 unlink /var/run/naf-resolv.conf
1502 [ -e /etc/resolv.conf ] && unlink /etc/resolv.conf
1503 mv /var/run/naf-resolv.conf /etc/resolv.conf
1506 if cmp -s ${_named_confdir}/auto_forward.conf \
1507 /var/run/auto_forward.conf; then
1508 unlink /var/run/auto_forward.conf
1510 [ -e "${_named_confdir}/auto_forward.conf" ] &&
1511 unlink ${_named_confdir}/auto_forward.conf
1512 mv /var/run/auto_forward.conf \
1513 ${_named_confdir}/auto_forward.conf
1516 # Empty the file in case it is included in named.conf
1517 [ -s "${_named_confdir}/auto_forward.conf" ] &&
1518 create_file ${_named_confdir}/auto_forward.conf
1521 ${checkconf} ${named_conf} || err 3 "named-checkconf for ${named_conf} failed"
1527 [FILE:3289:files/named.root]
1528 ; This file holds the information on root name servers needed to
1529 ; initialize cache of Internet domain name servers
1530 ; (e.g. reference this file in the "cache . <file>"
1531 ; configuration file of BIND domain name servers).
1533 ; This file is made available by InterNIC
1534 ; under anonymous FTP as
1535 ; file /domain/named.cache
1536 ; on server FTP.INTERNIC.NET
1537 ; -OR- RS.INTERNIC.NET
1539 ; last update: April 11, 2017
1540 ; related version of root zone: 2017041101
1542 ; formerly NS.INTERNIC.NET
1544 . 3600000 NS A.ROOT-SERVERS.NET.
1545 A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
1546 A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
1548 ; FORMERLY NS1.ISI.EDU
1550 . 3600000 NS B.ROOT-SERVERS.NET.
1551 B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
1552 B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::b
1554 ; FORMERLY C.PSI.NET
1556 . 3600000 NS C.ROOT-SERVERS.NET.
1557 C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
1558 C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
1560 ; FORMERLY TERP.UMD.EDU
1562 . 3600000 NS D.ROOT-SERVERS.NET.
1563 D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
1564 D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
1566 ; FORMERLY NS.NASA.GOV
1568 . 3600000 NS E.ROOT-SERVERS.NET.
1569 E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
1570 E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e
1572 ; FORMERLY NS.ISC.ORG
1574 . 3600000 NS F.ROOT-SERVERS.NET.
1575 F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
1576 F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
1578 ; FORMERLY NS.NIC.DDN.MIL
1580 . 3600000 NS G.ROOT-SERVERS.NET.
1581 G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
1582 G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d
1584 ; FORMERLY AOS.ARL.ARMY.MIL
1586 . 3600000 NS H.ROOT-SERVERS.NET.
1587 H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53
1588 H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53
1590 ; FORMERLY NIC.NORDU.NET
1592 . 3600000 NS I.ROOT-SERVERS.NET.
1593 I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
1594 I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
1596 ; OPERATED BY VERISIGN, INC.
1598 . 3600000 NS J.ROOT-SERVERS.NET.
1599 J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
1600 J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
1602 ; OPERATED BY RIPE NCC
1604 . 3600000 NS K.ROOT-SERVERS.NET.
1605 K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
1606 K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
1610 . 3600000 NS L.ROOT-SERVERS.NET.
1611 L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
1612 L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42
1616 . 3600000 NS M.ROOT-SERVERS.NET.
1617 M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
1618 M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
1622 [FILE:1633:files/pkg-message-server.in]
1623 **********************************************************************
1624 * _ _____ _____ _____ _ _ _____ ___ ___ _ _ *
1625 * / \|_ _|_ _| ____| \ | |_ _|_ _/ _ \| \ | | *
1626 * / _ \ | | | | | _| | \| | | | | | | | | \| | *
1627 * / ___ \| | | | | |___| |\ | | | | | |_| | |\ | *
1628 * /_/ \_\_| |_| |_____|_| \_| |_| |___\___/|_| \_| *
1630 * BIND requires configuration of rndc, including a "secret" key. *
1631 * The easiest, and most secure way to configure rndc is to run *
1632 * 'rndc-confgen -a' to generate the proper conf file, with a new *
1633 * random key, and appropriate file permissions. *
1635 * The %%PREFIX%%/etc/rc.d/named script will do that for you. *
1637 * If using syslog to log the BIND9 activity, and using a *
1638 * chroot'ed installation, you will need to tell syslog to *
1639 * install a log socket in the BIND9 chroot by running: *
1641 * # sysrc altlog_proglist+=named *
1643 * And then restarting syslogd with: service syslogd restart *
1645 **********************************************************************