1 # Buildsheet autogenerated by ravenadm tool -- Do not edit.
7 SDESC[standard]= Berkeley Internet Name Domain (Domain Name Server)
8 HOMEPAGE= https://www.isc.org/downloads/bind/
12 SITES[main]= ISC/bind9/9.18.21
13 DISTFILE[1]= bind-9.18.21.tar.xz:main
15 SPKGS[standard]= complete
22 OPTIONS_AVAILABLE= FIXED_RRSET GEOIP LARGE_FILE QUERYTRACE
23 OPTIONS_STANDARD= FIXED_RRSET GEOIP LARGE_FILE QUERYTRACE
25 BUILD_DEPENDS= idnkit:single:standard
27 libnghttp2:dev:standard
30 BUILDRUN_DEPENDS= json-c:primary:standard
31 libuv:primary:standard
33 libnghttp2:primary:standard
34 EXRUN[tools]= idnkit:single:standard
36 USES= cclibs:server,tools cpe iconv pkgconfig ssl readline
37 ncurses:build libtool perl:build
38 GNOME_COMPONENTS= libxml2
40 DISTNAME= bind-9.18.21
43 LICENSE_FILE= MPL:{{WRKSRC}}/COPYRIGHT
47 FPC_EQUIVALENT= dns/bind918
50 CONFIGURE_ARGS= --localstatedir=/var
51 --sysconfdir={{ETCDIR}}
56 --with-openssl={{OPENSSLBASE}}
58 STD_CDEFINES="-DDIG_SIGCHASE=1"
62 INSTALL_REQ_TOOLCHAIN= yes
63 PLIST_SUB= ETCDIR={{BIND_ETCDIR}}
66 SUB_FILES= pkg-message-server
69 [FIXED_RRSET].DESCRIPTION= Enable fixed rrset ordering
70 [FIXED_RRSET].CONFIGURE_ENABLE_BOTH= fixed-rrset
72 [QUERYTRACE].DESCRIPTION= Enable the very verbose query tracelogging
73 [QUERYTRACE].CONFIGURE_ENABLE_BOTH= querytrace
75 [GEOIP].DESCRIPTION= Allow geographically based ACL
76 [GEOIP].BUILDRUN_DEPENDS_ON= GeoIP:single:standard
77 [GEOIP].CONFIGURE_ENABLE_BOTH= geoip
79 [LARGE_FILE].DESCRIPTION= 64-bit file support
80 [LARGE_FILE].CONFIGURE_ENABLE_BOTH= largefile
83 ${REINPLACE_CMD} -e "s|/opt/local|${PREFIX}|g" \
87 ${MKDIR} ${STAGEDIR}${ETCDIR} ${STAGEDIR}${STD_DOCDIR}/arm
88 . for i in dynamic master slave working
89 ${MKDIR} ${STAGEDIR}${ETCDIR}/$i
91 . for l in bind/filter-a bind/filter-aaaa libbind9 libdns libirs libisc libisccc libisccfg libns
92 ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/${l}.so
94 ${INSTALL_DATA} ${WRKDIR}/named.conf \
95 ${STAGEDIR}${ETCDIR}/named.conf.sample
96 ${INSTALL_DATA} ${FILESDIR}/named.root \
98 ${INSTALL_DATA} ${FILESDIR}/empty.db \
99 ${STAGEDIR}${ETCDIR}/master
100 ${INSTALL_DATA} ${FILESDIR}/localhost-forward.db \
101 ${STAGEDIR}${ETCDIR}/master
102 ${INSTALL_DATA} ${FILESDIR}/localhost-reverse.db \
103 ${STAGEDIR}${ETCDIR}/master
104 ${RM} -r ${STAGEDIR}/var
106 ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.rst ${STAGEDIR}${STD_DOCDIR}/arm
107 ${INSTALL_DATA} ${WRKSRC}/CHANGES ${WRKSRC}/README* ${STAGEDIR}${STD_DOCDIR}
109 [FILE:743:descriptions/desc.server]
110 BIND is open source software that enables you to publish your Domain Name
111 System (DNS) information on the Internet, and to resolve DNS queries for
112 your users. The name BIND stands for "Berkeley Internet Name Domain",
113 because the software originated in the early 1980s at the University of
114 California at Berkeley.
116 BIND is by far the most widely used DNS software on the Internet,
117 providing a robust and stable platform on top of which organizations can
118 build distributed computing systems with the knowledge that those systems
119 are fully compliant with published DNS standards.
121 The BIND software distribution has three parts:
122 1. Domain Name Resolver
123 2. Domain Name Authority server
126 This package contains parts 1 and 2.
129 [FILE:357:descriptions/desc.tools]
130 BIND is open source software that enables you to publish your Domain Name
131 System (DNS) information on the Internet, and to resolve DNS queries for
132 your users. The name BIND stands for "Berkeley Internet Name Domain",
133 because the software originated in the early 1980s at the University of
134 California at Berkeley.
136 This package contains the BIND tools.
140 a556be22505d9ea4f9c6717aee9c549739c68498aff3ca69035787ecc648fec5 5507132 bind-9.18.21.tar.xz
143 [FILE:618:manifests/plist.server]
144 @sample %%ETCDIR%%/named.conf.sample
154 libbind9-%%LIBVER%%.so
162 libisccc-%%LIBVER%%.so
164 libisccfg-%%LIBVER%%.so
177 @dir(bind,bind,) %%ETCDIR%%/dynamic
178 @dir(bind,bind,) %%ETCDIR%%/slave
179 @dir(bind,bind,) %%ETCDIR%%/working
182 [FILE:304:manifests/plist.tools]
208 [FILE:624:manifests/plist.man]
214 dnssec-dsfromkey.1.gz
215 dnssec-importkey.1.gz
216 dnssec-keyfromlabel.1.gz
226 named-compilezone.1.gz
227 named-journalprint.1.gz
246 [FILE:2355:manifests/plist.dev]
350 include/irs/resconf.h
482 [FILE:148:files/empty.db]
484 @ SOA @ nobody.localhost. 42 1d 12h 1w 3h
485 ; Serial, Refresh, Retry, Expire, Neg. cache TTL
489 ; Silence a BIND warning
493 [FILE:158:files/localhost-forward.db]
495 localhost. SOA localhost. nobody.localhost. 42 1d 12h 1w 3h
496 ; Serial, Refresh, Retry, Expire, Neg. cache TTL
504 [FILE:226:files/localhost-reverse.db]
506 @ SOA localhost. nobody.localhost. 42 1d 12h 1w 3h
507 ; Serial, Refresh, Retry, Expire, Neg. cache TTL
513 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR localhost.
517 [FILE:19802:files/named.conf.in]
518 // Refer to the named.conf(5) and named(8) man pages, and the documentation
519 // in /usr/local/share/doc/bind for more details.
521 // If you are going to set up an authoritative server, make sure you
522 // understand the hairy details of how DNS works. Even with
523 // simple mistakes, you can break connectivity for affected parties,
524 // or cause huge amounts of useless Internet traffic.
527 // All file and path names are relative to the chroot directory,
528 // if any, and should be fully qualified.
529 directory "%%ETCDIR%%/working";
530 pid-file "/var/run/named/pid";
531 dump-file "/var/dump/named_dump.db";
532 statistics-file "/var/stats/named.stats";
534 // If named is being used only as a local resolver, this is a safe default.
535 // For named to be accessible to the network, comment this option, specify
536 // the proper IP address, or delete this option.
537 listen-on { 127.0.0.1; };
539 // If you have IPv6 enabled on this system, uncomment this option for
540 // use as a local resolver. To give access to the network, specify
541 // an IPv6 address, or the keyword "any".
542 // listen-on-v6 { ::1; };
544 // These zones are already covered by the empty zones listed below.
545 // If you remove the related empty zones below, comment these lines out.
546 disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
547 disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
548 disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
550 // If you've got a DNS server around at your upstream provider, enter
551 // its IP address here, and enable the line below. This will make you
552 // benefit from its cache, thus reduce overall DNS traffic in the Internet.
559 // If the 'forwarders' clause is not empty the default is to 'forward first'
560 // which will fall back to sending a query from your local server if the name
561 // servers in 'forwarders' do not have the answer. Alternatively you can
562 // force your name server to never initiate queries of its own by enabling the
566 // If you wish to have forwarding configured automatically based on
567 // the entries in /etc/resolv.conf, uncomment the following line and
568 // set named_auto_forward=yes in /etc/rc.conf. You can also enable
569 // named_auto_forward_only (the effect of which is described above).
570 // include "%%ETCDIR%%/auto_forward.conf";
573 Modern versions of BIND use a random UDP port for each outgoing
574 query by default in order to dramatically reduce the possibility
575 of cache poisoning. All users are strongly encouraged to utilize
576 this feature, and to configure their firewalls to accommodate it.
578 AS A LAST RESORT in order to get around a restrictive firewall
579 policy you can try enabling the option below. Use of this option
580 will significantly reduce your ability to withstand cache poisoning
581 attacks, and should be avoided if at all possible.
583 Replace NNNNN in the example with a number between 49160 and 65530.
585 // query-source address * port NNNNN;
588 // If you enable a local name server, don't forget to enter 127.0.0.1
589 // first in your /etc/resolv.conf so this server will be queried.
590 // Also, make sure to enable it in /etc/rc.conf.
592 // The traditional root hints mechanism. Use this, OR the slave zones below.
593 zone "." { type hint; file "%%ETCDIR%%/named.root"; };
595 /* Slaving the following zones from the root name servers has some
596 significant advantages:
597 1. Faster local resolution for your users
598 2. No spurious traffic will be sent from your network to the roots
599 3. Greater resilience to any potential root server failure/DDoS
601 On the other hand, this method requires more monitoring than the
602 hints file to be sure that an unexpected failure mode has not
603 incapacitated your server. Name servers that are serving a lot
604 of clients will benefit more from this approach than individual
605 hosts. Use with caution.
607 To use this mechanism, uncomment the entries below, and comment
610 As documented at http://dns.icann.org/services/axfr/ these zones:
611 "." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and a few others
612 are available for AXFR from these servers on IPv4 and IPv6:
613 xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org
618 file "%%ETCDIR%%/slave/root.slave";
620 192.0.32.132; // lax.xfr.dns.icann.org
621 2620:0:2d0:202::132; // lax.xfr.dns.icann.org
622 192.0.47.132; // iad.xfr.dns.icann.org
623 2620:0:2830:202::132; // iad.xfr.dns.icann.org
629 file "%%ETCDIR%%/slave/arpa.slave";
631 192.0.32.132; // lax.xfr.dns.icann.org
632 2620:0:2d0:202::132; // lax.xfr.dns.icann.org
633 192.0.47.132; // iad.xfr.dns.icann.org
634 2620:0:2830:202::132; // iad.xfr.dns.icann.org
638 zone "in-addr.arpa" {
640 file "%%ETCDIR%%/slave/in-addr.arpa.slave";
642 192.0.32.132; // lax.xfr.dns.icann.org
643 2620:0:2d0:202::132; // lax.xfr.dns.icann.org
644 192.0.47.132; // iad.xfr.dns.icann.org
645 2620:0:2830:202::132; // iad.xfr.dns.icann.org
651 file "%%ETCDIR%%/slave/ip6.arpa.slave";
653 192.0.32.132; // lax.xfr.dns.icann.org
654 2620:0:2d0:202::132; // lax.xfr.dns.icann.org
655 192.0.47.132; // iad.xfr.dns.icann.org
656 2620:0:2830:202::132; // iad.xfr.dns.icann.org
662 /* Serving the following zones locally will prevent any queries
663 for these zones leaving your network and going to the root
664 name servers. This has two significant advantages:
665 1. Faster local resolution for your users
666 2. No spurious traffic will be sent from your network to the roots
668 // RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)
669 zone "localhost" { type master; file "%%ETCDIR%%/master/localhost-forward.db"; };
670 zone "127.in-addr.arpa" { type master; file "%%ETCDIR%%/master/localhost-reverse.db"; };
671 zone "255.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
673 // RFC 1912-style zone for IPv6 localhost address (RFC 6303)
674 zone "0.ip6.arpa" { type master; file "%%ETCDIR%%/master/localhost-reverse.db"; };
676 // "This" Network (RFCs 1912, 5735 and 6303)
677 zone "0.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
679 // Private Use Networks (RFCs 1918, 5735 and 6303)
680 zone "10.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
681 zone "16.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
682 zone "17.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
683 zone "18.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
684 zone "19.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
685 zone "20.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
686 zone "21.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
687 zone "22.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
688 zone "23.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
689 zone "24.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
690 zone "25.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
691 zone "26.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
692 zone "27.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
693 zone "28.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
694 zone "29.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
695 zone "30.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
696 zone "31.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
697 zone "168.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
699 // Shared Address Space (RFC 6598)
700 zone "64.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
701 zone "65.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
702 zone "66.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
703 zone "67.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
704 zone "68.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
705 zone "69.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
706 zone "70.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
707 zone "71.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
708 zone "72.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
709 zone "73.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
710 zone "74.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
711 zone "75.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
712 zone "76.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
713 zone "77.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
714 zone "78.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
715 zone "79.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
716 zone "80.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
717 zone "81.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
718 zone "82.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
719 zone "83.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
720 zone "84.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
721 zone "85.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
722 zone "86.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
723 zone "87.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
724 zone "88.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
725 zone "89.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
726 zone "90.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
727 zone "91.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
728 zone "92.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
729 zone "93.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
730 zone "94.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
731 zone "95.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
732 zone "96.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
733 zone "97.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
734 zone "98.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
735 zone "99.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
736 zone "100.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
737 zone "101.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
738 zone "102.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
739 zone "103.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
740 zone "104.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
741 zone "105.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
742 zone "106.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
743 zone "107.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
744 zone "108.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
745 zone "109.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
746 zone "110.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
747 zone "111.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
748 zone "112.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
749 zone "113.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
750 zone "114.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
751 zone "115.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
752 zone "116.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
753 zone "117.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
754 zone "118.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
755 zone "119.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
756 zone "120.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
757 zone "121.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
758 zone "122.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
759 zone "123.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
760 zone "124.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
761 zone "125.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
762 zone "126.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
763 zone "127.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
765 // Link-local/APIPA (RFCs 3927, 5735 and 6303)
766 zone "254.169.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
768 // IETF protocol assignments (RFCs 5735 and 5736)
769 zone "0.0.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
771 // TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303)
772 zone "2.0.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
773 zone "100.51.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
774 zone "113.0.203.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
776 // IPv6 Example Range for Documentation (RFCs 3849 and 6303)
777 zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
779 // Router Benchmark Testing (RFCs 2544 and 5735)
780 zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
781 zone "19.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
783 // IANA Reserved - Old Class E Space (RFC 5735)
784 zone "240.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
785 zone "241.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
786 zone "242.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
787 zone "243.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
788 zone "244.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
789 zone "245.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
790 zone "246.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
791 zone "247.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
792 zone "248.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
793 zone "249.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
794 zone "250.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
795 zone "251.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
796 zone "252.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
797 zone "253.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
798 zone "254.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
800 // IPv6 Unassigned Addresses (RFC 4291)
801 zone "1.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
802 zone "3.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
803 zone "4.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
804 zone "5.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
805 zone "6.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
806 zone "7.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
807 zone "8.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
808 zone "9.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
809 zone "a.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
810 zone "b.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
811 zone "c.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
812 zone "d.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
813 zone "e.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
814 zone "0.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
815 zone "1.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
816 zone "2.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
817 zone "3.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
818 zone "4.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
819 zone "5.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
820 zone "6.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
821 zone "7.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
822 zone "8.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
823 zone "9.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
824 zone "a.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
825 zone "b.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
826 zone "0.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
827 zone "1.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
828 zone "2.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
829 zone "3.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
830 zone "4.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
831 zone "5.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
832 zone "6.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
833 zone "7.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
835 // IPv6 ULA (RFCs 4193 and 6303)
836 zone "c.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
837 zone "d.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
839 // IPv6 Link Local (RFCs 4291 and 6303)
840 zone "8.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
841 zone "9.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
842 zone "a.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
843 zone "b.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
845 // IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303)
846 zone "c.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
847 zone "d.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
848 zone "e.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
849 zone "f.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
851 // IP6.INT is Deprecated (RFC 4159)
852 zone "ip6.int" { type master; file "%%ETCDIR%%/master/empty.db"; };
854 // NB: Do not use the IP addresses below, they are faked, and only
855 // serve demonstration/documentation purposes!
857 // Example slave zone config entries. It can be convenient to become
858 // a slave at least for the zone your own domain is in. Ask
859 // your network administrator for the IP address of the responsible
860 // master name server.
862 // Do not forget to include the reverse lookup zone!
863 // This is named after the first bytes of the IP address, in reverse
864 // order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6.
866 // Before starting to set up a master zone, make sure you fully
867 // understand how DNS and BIND work. There are sometimes
868 // non-obvious pitfalls. Setting up a slave zone is usually simpler.
870 // NB: Don't blindly enable the examples below. :-) Use actual names
871 // and addresses instead.
873 /* An example dynamic zone
874 key "exampleorgkey" {
876 secret "sf87HJqjkqh8ac87a02lla==";
883 file "%%ETCDIR%%/dynamic/example.org";
887 /* Example of a slave reverse zone
888 zone "1.168.192.in-addr.arpa" {
890 file "%%ETCDIR%%/slave/1.168.192.in-addr.arpa";
898 [FILE:11622:files/named.in]
903 # REQUIRE: %%NAMED_REQUIRE%%
904 # BEFORE: %%NAMED_BEFORE%%
908 # Add the following lines to /etc/rc.conf to enable BIND:
909 # named_enable (bool): Run named, the DNS server (or NO).
910 # named_program (str): Path to named, if you want a different one.
911 # named_conf (str): Path to the configuration file
912 # named_flags (str): Use this for flags OTHER than -u and -c
913 # named_uid (str): User to run named as
914 # named_chrootdir (str): Chroot directory (or "" not to auto-chroot it)
915 # Historically, was /var/named
916 # named_chroot_autoupdate (bool): Automatically install/update chrooted
917 # components of named.
918 # named_symlink_enable (bool): Symlink the chrooted pid file
919 # named_wait (bool): Wait for working name service before exiting
920 # named_wait_host (str): Hostname to check if named_wait is enabled
921 # named_auto_forward (str): Set up forwarders from /etc/resolv.conf
922 # named_auto_forward_only (str): Do "forward only" instead of "forward first"
928 desc="named BIND startup script"
931 load_rc_config ${name}
933 extra_commands=reload
935 start_precmd=named_prestart
936 start_postcmd=named_poststart
937 reload_cmd=named_reload
939 stop_postcmd=named_poststop
941 named_enable=${named_enable:-"NO"}
942 named_program=${named_program:-"%%PREFIX%%/sbin/named"}
943 named_conf=${named_conf:-"%%ETCDIR%%/named.conf"}
944 named_flags=${named_flags:-""}
945 named_uid=${named_uid:-"bind"}
946 named_chrootdir=${named_chrootdir:-""}
947 named_chroot_autoupdate=${named_chroot_autoupdate:-"YES"}
948 named_symlink_enable=${named_symlink_enable:-"YES"}
949 named_wait=${named_wait:-"NO"}
950 named_wait_host=${named_wait_host:-"localhost"}
951 named_auto_forward=${named_auto_forward:-"NO"}
952 named_auto_forward_only=${named_auto_forward_only:-"NO"}
954 # Not configuration variables but having them here keeps rclint happy
955 required_dirs="${named_chrootdir}"
956 _named_confdirroot="${named_conf%/*}"
957 _named_confdir="${named_chrootdir}${_named_confdirroot}"
958 _named_program_root="${named_program%/sbin/named}"
959 _openssl_engines="%%LOCALBASE%%/lib/engines"
961 # Needed if named.conf and rndc.conf are moved or if rndc.conf is used
962 rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"}
963 rndc_key=${rndc_key:-"$_named_confdir/rndc.key"}
965 # If running in a chroot cage, ensure that the appropriate files
966 # exist inside the cage, as well as helper symlinks into the cage
969 # As this is called after the is_running and required_dir checks
970 # are made in run_rc_command(), we can safely assume ${named_chrootdir}
971 # exists and named isn't running at this point (unless forcestart
978 # If it's the first time around, fiddle with things and move the
979 # current configuration to the chroot.
980 if [ -d ${_named_confdirroot} -a ! -d ${_named_confdir} ]; then
981 warn "named chroot: Moving current configuration in the chroot!"
982 install -d ${_named_confdir%/*}
983 mv ${_named_confdirroot} ${_named_confdir}
986 # Create (or update) the chroot directory structure
988 if [ -r %%PREFIX%%/etc/mtree/BIND.chroot.dist ]; then
989 mtree -deU -f %%PREFIX%%/etc/mtree/BIND.chroot.dist \
990 -p ${named_chrootdir}
992 warn "%%PREFIX%%/etc/mtree/BIND.chroot.dist missing,"
993 warn "${named_chrootdir} directory structure not updated"
995 if [ -r %%PREFIX%%/etc/mtree/BIND.chroot.local.dist ]; then
996 mkdir -p ${named_chrootdir}%%PREFIX%%
997 mtree -deU -f %%PREFIX%%/etc/mtree/BIND.chroot.local.dist \
998 -p ${named_chrootdir}%%PREFIX%%
1000 warn "%%PREFIX%%/etc/mtree/BIND.chroot.local.dist missing,"
1001 warn "${named_chrootdir}%%PREFIX%% directory structure not updated"
1004 # Create (or update) the configuration directory symlink
1006 if [ ! -L "${_named_confdirroot}" ]; then
1007 if [ -d "${_named_confdirroot}" ]; then
1008 warn "named chroot: ${_named_confdirroot} is a directory!"
1009 elif [ -e "${_named_confdirroot}" ]; then
1010 warn "named chroot: ${_named_confdirroot} exists!"
1012 ln -s ${_named_confdir} ${_named_confdirroot}
1015 # Make sure it points to the right place.
1016 ln -shf ${_named_confdir} ${_named_confdirroot}
1019 # Mount a devfs in the chroot directory if needed
1021 if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
1022 umount ${named_chrootdir}/dev 2>/dev/null
1023 devfs_domount ${named_chrootdir}/dev devfsrules_hide_all
1024 devfs -m ${named_chrootdir}/dev rule apply path null unhide
1025 devfs -m ${named_chrootdir}/dev rule apply path random unhide
1027 if [ -c ${named_chrootdir}/dev/null -a \
1028 -c ${named_chrootdir}/dev/random ]; then
1029 info "named chroot: using pre-mounted devfs."
1031 err 1 "named chroot: devfs cannot be mounted from " \
1032 "within a jail. Thus a chrooted named cannot " \
1033 "be run from within a jail. Either mount the " \
1034 "devfs with null and random from the host, or " \
1035 "run named without chrooting it, set " \
1036 "named_chrootdir=\"\" in /etc/rc.conf."
1040 # If OpenSSL from ports, then the engines should be present in the
1041 # chroot, named loads them after chrooting.
1042 if [ -d ${_openssl_engines} ]; then
1043 # FIXME when 8.4 is gone see if
1044 # security.jail.param.allow.mount.nullfs can be used.
1045 if [ `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ]; then
1046 mkdir -p ${named_chrootdir}${_openssl_engines}
1047 mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
1049 warn "named chroot: cannot nullfs mount OpenSSL" \
1050 "engines into the chroot, will copy the shared" \
1051 "libraries instead."
1052 mkdir -p ${named_chrootdir}${_openssl_engines}
1053 cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
1057 # Copy and/or update key files to the chroot /etc
1059 for file in localtime protocols services; do
1060 if [ -r /etc/${file} ] && \
1061 ! cmp -s /etc/${file} "${named_chrootdir}/etc/${file}"; then
1062 cp -p /etc/${file} "${named_chrootdir}/etc/${file}"
1067 # Make symlinks to the correct pid file
1071 checkyesno named_symlink_enable &&
1072 ln -fs "${named_chrootdir}${pidfile}" ${pidfile}
1079 if checkyesno named_wait; then
1080 until ${_named_program_root}/bin/host ${named_wait_host} >/dev/null 2>&1; do
1081 echo " Waiting for nameserver to resolve ${named_wait_host}"
1089 # This is a one line function, but ${named_program} is not defined early
1090 # enough to be there when the reload_cmd variable is defined up there.
1096 if get_pidfile_from_conf pid-file ${named_conf}; then
1097 pidfile="${_pidfile_from_conf}"
1099 pidfile="/var/run/named/pid"
1107 # This duplicates an undesirably large amount of code from the stop
1108 # routine in rc.subr in order to use rndc to shut down the process,
1109 # and to give it a second chance in case rndc fails.
1110 rc_pid=$(check_pidfile ${pidfile} ${command})
1111 if [ -z "${rc_pid}" ]; then
1112 [ -n "${rc_fast}" ] && return 0
1116 echo 'Stopping named.'
1118 wait_for_pids ${rc_pid}
1120 echo -n 'rndc failed, trying kill: '
1121 kill -TERM ${rc_pid}
1122 wait_for_pids ${rc_pid}
1128 if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
1129 # if using OpenSSL from ports, unmount OpenSSL engines, if they
1130 # were not mounted but only copied, do nothing.
1131 if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then
1132 umount ${named_chrootdir}${_openssl_engines}
1135 if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
1136 umount ${named_chrootdir}/dev 2>/dev/null || true
1138 warn "named chroot:" \
1139 "cannot unmount devfs from inside jail!"
1146 if [ -e "$1" ]; then
1149 install -o root -g wheel -m 0644 /dev/null $1
1154 if [ -z "${rndc_flags}" ]; then
1155 if [ -s "${rndc_conf}" ] ; then
1156 rndc_flags="-c ${rndc_conf}"
1157 elif [ -s "${rndc_key}" ] ; then
1158 rndc_flags="-k ${rndc_key}"
1164 ${_named_program_root}/sbin/rndc ${rndc_flags} "$@"
1171 if [ -n "${named_pidfile}" ]; then
1172 warn 'named_pidfile: now determined from the conf file'
1175 piddir=`/usr/bin/dirname ${pidfile}`
1176 if [ ! -d ${piddir} ]; then
1177 install -d -o ${named_uid} -g ${named_uid} ${piddir}
1180 command_args="-u ${named_uid:=root} -c ${named_conf} ${command_args}"
1182 local line nsip firstns
1184 # Is the user using a sandbox?
1186 if [ -n "${named_chrootdir}" ]; then
1187 rc_flags="${rc_flags} -t ${named_chrootdir}"
1188 checkyesno named_chroot_autoupdate && chroot_autoupdate
1190 named_symlink_enable=NO
1193 # Create an rndc.key file for the user if none exists
1195 confgen_command="${_named_program_root}/sbin/rndc-confgen -a -b256 -u ${named_uid} \
1196 -c ${_named_confdir}/rndc.key"
1197 if [ -s "${_named_confdir}/rndc.conf" ]; then
1198 unset confgen_command
1200 if [ -s "${_named_confdir}/rndc.key" ]; then
1201 case `stat -f%Su ${_named_confdir}/rndc.key` in
1202 root|${named_uid}) ;;
1203 *) ${confgen_command} ;;
1211 checkconf="${_named_program_root}/bin/named-checkconf"
1212 if ! checkyesno named_chroot_autoupdate && [ -n "${named_chrootdir}" ]; then
1213 checkconf="${checkconf} -t ${named_chrootdir}"
1216 # Create a forwarder configuration based on /etc/resolv.conf
1217 if checkyesno named_auto_forward; then
1218 if [ ! -s /etc/resolv.conf ]; then
1219 warn "named_auto_forward enabled, but no /etc/resolv.conf"
1221 # Empty the file in case it is included in named.conf
1222 [ -s "${_named_confdir}/auto_forward.conf" ] &&
1223 create_file ${_named_confdir}/auto_forward.conf
1225 ${checkconf} ${named_conf} ||
1226 err 3 'named-checkconf for ${named_conf} failed'
1230 create_file /var/run/naf-resolv.conf
1231 create_file /var/run/auto_forward.conf
1233 echo ' forwarders {' > /var/run/auto_forward.conf
1237 'nameserver '*|'nameserver '*)
1238 nsip=${line##nameserver[ ]}
1240 if [ -z "${firstns}" ]; then
1241 if [ ! "${nsip}" = '127.0.0.1' ]; then
1242 echo 'nameserver 127.0.0.1'
1243 echo " ${nsip};" >> /var/run/auto_forward.conf
1248 [ "${nsip}" = '127.0.0.1' ] && continue
1249 echo " ${nsip};" >> /var/run/auto_forward.conf
1255 done < /etc/resolv.conf > /var/run/naf-resolv.conf
1257 echo ' };' >> /var/run/auto_forward.conf
1258 echo '' >> /var/run/auto_forward.conf
1259 if checkyesno named_auto_forward_only; then
1260 echo " forward only;" >> /var/run/auto_forward.conf
1262 echo " forward first;" >> /var/run/auto_forward.conf
1265 if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then
1266 unlink /var/run/naf-resolv.conf
1268 [ -e /etc/resolv.conf ] && unlink /etc/resolv.conf
1269 mv /var/run/naf-resolv.conf /etc/resolv.conf
1272 if cmp -s ${_named_confdir}/auto_forward.conf \
1273 /var/run/auto_forward.conf; then
1274 unlink /var/run/auto_forward.conf
1276 [ -e "${_named_confdir}/auto_forward.conf" ] &&
1277 unlink ${_named_confdir}/auto_forward.conf
1278 mv /var/run/auto_forward.conf \
1279 ${_named_confdir}/auto_forward.conf
1282 # Empty the file in case it is included in named.conf
1283 [ -s "${_named_confdir}/auto_forward.conf" ] &&
1284 create_file ${_named_confdir}/auto_forward.conf
1287 ${checkconf} ${named_conf} || err 3 "named-checkconf for ${named_conf} failed"
1293 [FILE:3289:files/named.root]
1294 ; This file holds the information on root name servers needed to
1295 ; initialize cache of Internet domain name servers
1296 ; (e.g. reference this file in the "cache . <file>"
1297 ; configuration file of BIND domain name servers).
1299 ; This file is made available by InterNIC
1300 ; under anonymous FTP as
1301 ; file /domain/named.cache
1302 ; on server FTP.INTERNIC.NET
1303 ; -OR- RS.INTERNIC.NET
1305 ; last update: April 11, 2017
1306 ; related version of root zone: 2017041101
1308 ; formerly NS.INTERNIC.NET
1310 . 3600000 NS A.ROOT-SERVERS.NET.
1311 A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
1312 A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
1314 ; FORMERLY NS1.ISI.EDU
1316 . 3600000 NS B.ROOT-SERVERS.NET.
1317 B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
1318 B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::b
1320 ; FORMERLY C.PSI.NET
1322 . 3600000 NS C.ROOT-SERVERS.NET.
1323 C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
1324 C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
1326 ; FORMERLY TERP.UMD.EDU
1328 . 3600000 NS D.ROOT-SERVERS.NET.
1329 D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
1330 D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
1332 ; FORMERLY NS.NASA.GOV
1334 . 3600000 NS E.ROOT-SERVERS.NET.
1335 E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
1336 E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e
1338 ; FORMERLY NS.ISC.ORG
1340 . 3600000 NS F.ROOT-SERVERS.NET.
1341 F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
1342 F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
1344 ; FORMERLY NS.NIC.DDN.MIL
1346 . 3600000 NS G.ROOT-SERVERS.NET.
1347 G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
1348 G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d
1350 ; FORMERLY AOS.ARL.ARMY.MIL
1352 . 3600000 NS H.ROOT-SERVERS.NET.
1353 H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53
1354 H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53
1356 ; FORMERLY NIC.NORDU.NET
1358 . 3600000 NS I.ROOT-SERVERS.NET.
1359 I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
1360 I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
1362 ; OPERATED BY VERISIGN, INC.
1364 . 3600000 NS J.ROOT-SERVERS.NET.
1365 J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
1366 J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
1368 ; OPERATED BY RIPE NCC
1370 . 3600000 NS K.ROOT-SERVERS.NET.
1371 K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
1372 K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
1376 . 3600000 NS L.ROOT-SERVERS.NET.
1377 L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
1378 L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42
1382 . 3600000 NS M.ROOT-SERVERS.NET.
1383 M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
1384 M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
1388 [FILE:1637:files/pkg-message-server.in]
1389 **********************************************************************
1390 * _ _____ _____ _____ _ _ _____ ___ ___ _ _ *
1391 * / \|_ _|_ _| ____| \ | |_ _|_ _/ _ \| \ | | *
1392 * / _ \ | | | | | _| | \| | | | | | | | | \| | *
1393 * / ___ \| | | | | |___| |\ | | | | | |_| | |\ | *
1394 * /_/ \_\_| |_| |_____|_| \_| |_| |___\___/|_| \_| *
1396 * BIND requires configuration of rndc, including a "secret" key. *
1397 * The easiest, and most secure way to configure rndc is to run *
1398 * 'rndc-confgen -a' to generate the proper conf file, with a new *
1399 * random key, and appropriate file permissions. *
1401 * The %%PREFIX%%/etc/rc.d/named script will do that for you. *
1403 * If using syslog to log the BIND9 activity, and using a *
1404 * chroot'ed installation, you will need to tell syslog to *
1405 * install a log socket in the BIND9 chroot by running: *
1407 * # sysrc altlog_proglist+=named *
1409 * And then restarting syslogd with: service syslogd restart *
1411 **********************************************************************
1414 [FILE:59:files/special.mk]
1415 BIND_ETCDIR?= etc/namedb
1416 ETCDIR= ${PREFIX}/${BIND_ETCDIR}