Ravenports generated: 19 Jan 2018 10:23

[ravenports.git] / bucket_6B / bind

# Buildsheet autogenerated by ravenadm tool -- Do not edit.

NAMEBASE=               bind
VERSION=                9.11.2
KEYWORDS=               dns net
VARIANTS=               standard
SDESC[standard]=        Berkeley Internet Name Domain (Domain Name Server)
HOMEPAGE=               https://www.isc.org/downloads/bind/
CONTACT=                nobody

DOWNLOAD_GROUPS=        main
SITES[main]=            ISC/bind9/9.11.2
DISTFILE[1]=            bind-9.11.2.tar.gz:main
DF_INDEX=               1
SPKGS[standard]=        complete
                        server
                        tools
                        docs

OPTIONS_AVAILABLE=      FILTER_AAAA FIXED_RRSET GEOIP LARGE_FILE QUERYTRACE
OPTIONS_STANDARD=       FILTER_AAAA FIXED_RRSET GEOIP LARGE_FILE QUERYTRACE

BUILD_DEPENDS=          idnkit:single:standard
BUILDRUN_DEPENDS=       libxml2:single:standard
                        json-c:single:standard
                        lmdb:single:standard
                        libedit:single:standard
EXRUN[tools]=           idnkit:single:standard

USES=                   cpe iconv ssl cclibs:server,tools

LICENSE=                MPL:server
LICENSE_SCHEME=         solo
LICENSE_FILE=           MPL:{{WRKSRC}}/COPYRIGHT

CPE_VENDOR=             isc
FPC_EQUIVALENT=         dns/bind911

MUST_CONFIGURE=         gnu
CONFIGURE_ARGS=         --localstatedir=/var
                        --sysconfdir={{PREFIX}}/etc/namedb
                        --disable-linux-caps
                        --disable-symtable
                        --disable-dnstap
                        --disable-native-pkcs11
                        --without-gssapi
                        --without-python
                        --without-gost
                        --with-randomdev=/dev/random
                        --with-readline="-L{{LOCALBASE}}/lib -ledit"
                        --with-openssl={{OPENSSLBASE}}
                        --with-libxml2={{LOCALBASE}}
                        --with-dlopen=yes
                        --with-idn={{LOCALBASE}}
                        --with-libjson
                        --with-lmdb
                        --with-dlz-filesystem=yes
                        --enable-ipv6
                        --enable-threads
                        --enable-rpz-nsdname
                        --enable-rpz-nsip
                        {{ICONV_CONFIGURE_ARG}}
                        STD_CDEFINES="-DDIG_SIGCHASE=1"

SINGLE_JOB=             yes

PLIST_SUB=              ETCDIR=etc/namedb
RC_SUBR=                named:server
SUB_FILES=              pkg-message-server
                        named.conf

[FIXED_RRSET].DESCRIPTION=              Enable fixed rrset ordering
[FIXED_RRSET].CONFIGURE_ENABLE_BOTH=    fixed-rrset

[FILTER_AAAA].DESCRIPTION=              Enable filtering of AAAA records
[FILTER_AAAA].CONFIGURE_ENABLE_BOTH=    filter-aaaa

[QUERYTRACE].DESCRIPTION=               Enable the very verbose query tracelogging
[QUERYTRACE].CONFIGURE_ENABLE_BOTH=     querytrace

[GEOIP].DESCRIPTION=                    Allow geographically based ACL
[GEOIP].BUILDRUN_DEPENDS_ON=            GeoIP:single:standard
[GEOIP].CONFIGURE_WITH_BOTH=            geoip

[LARGE_FILE].DESCRIPTION=               64-bit file support
[LARGE_FILE].CONFIGURE_ENABLE_BOTH=     largefile

post-patch:
.  for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.1 \
        rndc/rndc.8
        @${REINPLACE_CMD} -e 's#/etc/named.conf#${PREFIX}etc/namedb/named.conf#g' \
                -e 's#/etc/rndc.conf#${PREFIX}etc/namedb/rndc.conf#g' \
                -e "s#/var\/run\/named\/named.pid#/var/run/named/pid#" \
                ${WRKSRC}/bin/${FILE}
.  endfor
        ${REINPLACE_CMD} -e "s|/opt/local|${PREFIX}|g" \
                ${WRKSRC}/configure

post-install:
        ${MKDIR} ${STAGEDIR}${PREFIX}/etc/namedb \
                ${STAGEDIR}${STD_DOCDIR}/arm
.  for i in dynamic master slave working
        @${MKDIR} ${STAGEDIR}${PREFIX}/etc/namedb/$i
.  endfor
        ${INSTALL_DATA} ${WRKDIR}/named.conf \
                ${STAGEDIR}${PREFIX}/etc/namedb/named.conf.sample
        ${INSTALL_DATA} ${FILESDIR}/named.root \
                ${STAGEDIR}${PREFIX}/etc/namedb
        ${INSTALL_DATA} ${FILESDIR}/empty.db \
                ${STAGEDIR}${PREFIX}/etc/namedb/master
        ${INSTALL_DATA} ${FILESDIR}/localhost-forward.db \
                ${STAGEDIR}${PREFIX}/etc/namedb/master
        ${INSTALL_DATA} ${FILESDIR}/localhost-reverse.db \
                ${STAGEDIR}${PREFIX}/etc/namedb/master
        ${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \
                ${STAGEDIR}${PREFIX}/etc/namedb/rndc.conf.sample
        ${RM} -r ${STAGEDIR}/var
        # documentation
        ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${STD_DOCDIR}/arm
        ${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${STD_DOCDIR}
        ${INSTALL_DATA} ${WRKSRC}/CHANGES \
                ${WRKSRC}/HISTORY* ${WRKSRC}/README* ${STAGEDIR}${STD_DOCDIR}

[FILE:743:descriptions/desc.server]
BIND is open source software that enables you to publish your Domain Name 
System (DNS) information on the Internet, and to resolve DNS queries for 
your users.  The name BIND stands for "Berkeley Internet Name Domain", 
because the software originated in the early 1980s at the University of 
California at Berkeley.

BIND is by far the most widely used DNS software on the Internet, 
providing a robust and stable platform on top of which organizations can 
build distributed computing systems with the knowledge that those systems 
are fully compliant with published DNS standards.

The BIND software distribution has three parts:
  1. Domain Name Resolver
  2. Domain Name Authority server
  3. Tools

This package contains parts 1 and 2.


[FILE:357:descriptions/desc.tools]
BIND is open source software that enables you to publish your Domain Name 
System (DNS) information on the Internet, and to resolve DNS queries for 
your users.  The name BIND stands for "Berkeley Internet Name Domain", 
because the software originated in the early 1980s at the University of 
California at Berkeley.

This package contains the BIND tools.


[FILE:97:distinfo]
7f46ad8620f7c3b0ac375d7a5211b15677708fda84ce25d7aeb7222fe2e3c77a      9782180 bind-9.11.2.tar.gz


[FILE:5760:manifests/plist.server]
@dir(bind,bind,) %%ETCDIR%%/dynamic
@dir(bind,bind,) %%ETCDIR%%/slave
@dir(bind,bind,) %%ETCDIR%%/working
bin/
 bind9-config
 isc-config.sh
%%ETCDIR%%/
 bind.keys
%%ETCDIR%%/master/
 empty.db
 localhost-forward.db
 localhost-reverse.db
@sample %%ETCDIR%%/named.conf.sample
%%ETCDIR%%/
 named.root
 rndc.conf.sample
include/bind9/
 check.h
 getaddresses.h
 version.h
include/dns/
 acache.h
 acl.h
 adb.h
 badcache.h
 bit.h
 byaddr.h
 cache.h
 callbacks.h
 catz.h
 cert.h
 client.h
 clientinfo.h
 compress.h
 db.h
 dbiterator.h
 dbtable.h
 diff.h
 dispatch.h
 dlz.h
 dlz_dlopen.h
 dns64.h
 dnssec.h
 dnstap.h
 ds.h
 dsdigest.h
 dyndb.h
 ecdb.h
 edns.h
 enumclass.h
 enumtype.h
 events.h
 fixedname.h
 forward.h
 geoip.h
 ipkeylist.h
 iptable.h
 journal.h
 keydata.h
 keyflags.h
 keytable.h
 keyvalues.h
 lib.h
 log.h
 lookup.h
 master.h
 masterdump.h
 message.h
 name.h
 ncache.h
 nsec.h
 nsec3.h
 nta.h
 opcode.h
 order.h
 peer.h
 portlist.h
 private.h
 rbt.h
 rcode.h
 rdata.h
 rdataclass.h
 rdatalist.h
 rdataset.h
 rdatasetiter.h
 rdataslab.h
 rdatastruct.h
 rdatatype.h
 request.h
 resolver.h
 result.h
 rootns.h
 rpz.h
 rriterator.h
 rrl.h
 sdb.h
 sdlz.h
 secalg.h
 secproto.h
 soa.h
 ssu.h
 stats.h
 tcpmsg.h
 time.h
 timer.h
 tkey.h
 tsec.h
 tsig.h
 ttl.h
 types.h
 update.h
 validator.h
 version.h
 view.h
 xfrin.h
 zone.h
 zonekey.h
 zt.h
include/dst/
 dst.h
 gssapi.h
 lib.h
 result.h
include/irs/
 context.h
 dnsconf.h
 netdb.h
 platform.h
 resconf.h
 types.h
 version.h
include/isc/
 aes.h
 app.h
 assertions.h
 atomic.h
 backtrace.h
 base32.h
 base64.h
 bind9.h
 boolean.h
 buffer.h
 bufferlist.h
 commandline.h
 condition.h
 counter.h
 crc64.h
 dir.h
 entropy.h
 errno.h
 error.h
 event.h
 eventclass.h
 file.h
 formatcheck.h
 fsaccess.h
 hash.h
 heap.h
 hex.h
 hmacmd5.h
 hmacsha.h
 ht.h
 httpd.h
 int.h
 interfaceiter.h
 iterated_hash.h
 json.h
 keyboard.h
 lang.h
 lex.h
 lfsr.h
 lib.h
 list.h
 log.h
 magic.h
 md5.h
 mem.h
 meminfo.h
 msgcat.h
 msgs.h
 mutex.h
 mutexblock.h
 net.h
 netaddr.h
 netdb.h
 netscope.h
 offset.h
 once.h
 ondestroy.h
 os.h
 parseint.h
 platform.h
 pool.h
 portset.h
 print.h
 queue.h
 quota.h
 radix.h
 random.h
 ratelimiter.h
 refcount.h
 regex.h
 region.h
 resource.h
 result.h
 resultclass.h
 rwlock.h
 safe.h
 serial.h
 sha1.h
 sha2.h
 sockaddr.h
 socket.h
 stat.h
 stats.h
 stdio.h
 stdlib.h
 stdtime.h
 strerror.h
 string.h
 symtab.h
 syslog.h
 task.h
 taskpool.h
 thread.h
 time.h
 timer.h
 tm.h
 types.h
 util.h
 version.h
 xml.h
include/isccc/
 alist.h
 base64.h
 cc.h
 ccmsg.h
 events.h
 lib.h
 result.h
 sexpr.h
 symtab.h
 symtype.h
 types.h
 util.h
 version.h
include/isccfg/
 aclconf.h
 cfg.h
 dnsconf.h
 grammar.h
 log.h
 namedconf.h
 version.h
include/lwres/
 context.h
 int.h
 ipv6.h
 lang.h
 list.h
 lwbuffer.h
 lwpacket.h
 lwres.h
 net.h
 netdb.h
 platform.h
 result.h
 stdlib.h
 string.h
 version.h
include/pk11/
 constants.h
 internal.h
 pk11.h
 result.h
 site.h
include/pkcs11/
 cryptoki.h
 pkcs11.h
 pkcs11f.h
 pkcs11t.h
lib/
 libbind9.a
 libdns.a
 libirs.a
 libisc.a
 libisccc.a
 libisccfg.a
 liblwres.a
share/man/man1/
 bind9-config.1.gz
 isc-config.sh.1.gz
share/man/man3/
 lwres.3.gz
 lwres_addr_parse.3.gz
 lwres_buffer.3.gz
 lwres_buffer_add.3.gz
 lwres_buffer_back.3.gz
 lwres_buffer_clear.3.gz
 lwres_buffer_first.3.gz
 lwres_buffer_forward.3.gz
 lwres_buffer_getmem.3.gz
 lwres_buffer_getuint16.3.gz
 lwres_buffer_getuint32.3.gz
 lwres_buffer_getuint8.3.gz
 lwres_buffer_init.3.gz
 lwres_buffer_invalidate.3.gz
 lwres_buffer_putmem.3.gz
 lwres_buffer_putuint16.3.gz
 lwres_buffer_putuint32.3.gz
 lwres_buffer_putuint8.3.gz
 lwres_buffer_subtract.3.gz
 lwres_conf_clear.3.gz
 lwres_conf_get.3.gz
 lwres_conf_init.3.gz
 lwres_conf_parse.3.gz
 lwres_conf_print.3.gz
 lwres_config.3.gz
 lwres_context.3.gz
 lwres_context_allocmem.3.gz
 lwres_context_create.3.gz
 lwres_context_destroy.3.gz
 lwres_context_freemem.3.gz
 lwres_context_initserial.3.gz
 lwres_context_nextserial.3.gz
 lwres_context_sendrecv.3.gz
 lwres_endhostent.3.gz
 lwres_endhostent_r.3.gz
 lwres_freeaddrinfo.3.gz
 lwres_freehostent.3.gz
 lwres_gabn.3.gz
 lwres_gabnrequest_free.3.gz
 lwres_gabnrequest_parse.3.gz
 lwres_gabnrequest_render.3.gz
 lwres_gabnresponse_free.3.gz
 lwres_gabnresponse_parse.3.gz
 lwres_gabnresponse_render.3.gz
 lwres_gai_strerror.3.gz
 lwres_getaddrinfo.3.gz
 lwres_getaddrsbyname.3.gz
 lwres_gethostbyaddr.3.gz
 lwres_gethostbyaddr_r.3.gz
 lwres_gethostbyname.3.gz
 lwres_gethostbyname2.3.gz
 lwres_gethostbyname_r.3.gz
 lwres_gethostent.3.gz
 lwres_gethostent_r.3.gz
 lwres_getipnode.3.gz
 lwres_getipnodebyaddr.3.gz
 lwres_getipnodebyname.3.gz
 lwres_getnamebyaddr.3.gz
 lwres_getnameinfo.3.gz
 lwres_getrrsetbyname.3.gz
 lwres_gnba.3.gz
 lwres_gnbarequest_free.3.gz
 lwres_gnbarequest_parse.3.gz
 lwres_gnbarequest_render.3.gz
 lwres_gnbaresponse_free.3.gz
 lwres_gnbaresponse_parse.3.gz
 lwres_gnbaresponse_render.3.gz
 lwres_herror.3.gz
 lwres_hstrerror.3.gz
 lwres_inetntop.3.gz
 lwres_lwpacket_parseheader.3.gz
 lwres_lwpacket_renderheader.3.gz
 lwres_net_ntop.3.gz
 lwres_noop.3.gz
 lwres_nooprequest_free.3.gz
 lwres_nooprequest_parse.3.gz
 lwres_nooprequest_render.3.gz
 lwres_noopresponse_free.3.gz
 lwres_noopresponse_parse.3.gz
 lwres_noopresponse_render.3.gz
 lwres_packet.3.gz
 lwres_resutil.3.gz
 lwres_sethostent.3.gz
 lwres_sethostent_r.3.gz
 lwres_string_parse.3.gz
share/man/man5/
 named.conf.5.gz
 rndc.conf.5.gz
share/man/man8/
 ddns-confgen.8.gz
 lwresd.8.gz
 named-checkconf.8.gz
 named-checkzone.8.gz
 named-compilezone.8.gz
 named-journalprint.8.gz
 named-nzd2nzf.8.gz
 named.8.gz
 rndc-confgen.8.gz
 rndc.8.gz
 tsig-keygen.8.gz
sbin/
 ddns-confgen
 lwresd
 named
 named-checkconf
 named-checkzone
 named-compilezone
 named-nzd2nzf
 rndc
 rndc-confgen
 tsig-keygen


[FILE:644:manifests/plist.tools]
bin/
 arpaname
 delv
 dig
 host
 mdig
 named-rrchecker
 nslookup
 nsupdate
share/man/man1/
 arpaname.1.gz
 delv.1.gz
 dig.1.gz
 host.1.gz
 mdig.1.gz
 named-rrchecker.1.gz
 nslookup.1.gz
 nsupdate.1.gz
share/man/man8/
 dnssec-dsfromkey.8.gz
 dnssec-importkey.8.gz
 dnssec-keyfromlabel.8.gz
 dnssec-keygen.8.gz
 dnssec-revoke.8.gz
 dnssec-settime.8.gz
 dnssec-signzone.8.gz
 dnssec-verify.8.gz
 genrandom.8.gz
 isc-hmac-fixup.8.gz
 nsec3hash.8.gz
sbin/
 dnssec-dsfromkey
 dnssec-importkey
 dnssec-keyfromlabel
 dnssec-keygen
 dnssec-revoke
 dnssec-settime
 dnssec-signzone
 dnssec-verify
 genrandom
 isc-hmac-fixup
 named-journalprint
 nsec3hash


[FILE:3084:patches/patch-configure]
--- configure.orig      2017-07-24 05:36:50 UTC
+++ configure
@@ -14402,27 +14402,9 @@ done
                # problems start to show up.
                saved_libs="$LIBS"
                for TRY_LIBS in \
-                   "-lgssapi_krb5" \
-                   "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" \
-                   "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lresolv" \
-                   "-lgssapi" \
-                   "-lgssapi -lkrb5 -ldes -lcrypt -lasn1 -lroken -lcom_err" \
-                   "-lgssapi -lkrb5 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \
-                   "-lgssapi -lkrb5 -lgssapi_krb5 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \
-                   "-lgssapi -lkrb5 -lhx509 -lcrypto -lcrypt -lasn1 -lroken -lcom_err" \
-                   "-lgss -lkrb5"
+                   "$($KRB5CONFIG gssapi --libs)"; \
                do
-                   # Note that this does not include $saved_libs, because
-                   # on FreeBSD machines this configure script has added
-                   # -L/usr/local/lib to LIBS, which can make the
-                   # -lgssapi_krb5 test succeed with shared libraries even
-                   # when you are trying to build with KTH in /usr/lib.
-                   if test "/usr" = "$use_gssapi"
-                   then
-                           LIBS="$TRY_LIBS"
-                   else
-                           LIBS="-L$use_gssapi/lib $TRY_LIBS"
-                   fi
+                   LIBS="$TRY_LIBS"
                    { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5
 $as_echo_n "checking linking as $TRY_LIBS... " >&6; }
                    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -14465,47 +14447,7 @@ $as_echo "no" >&6; } ;;
                no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;;
                esac
 
-               #
-               # XXXDCL Major kludge.  Tries to cope with KTH in /usr/lib
-               # but MIT in /usr/local/lib and trying to build with KTH.
-               # /usr/local/lib can end up earlier on the link lines.
-               # Like most kludges, this one is not only inelegant it
-               # is also likely to be the wrong thing to do at least as
-               # many times as it is the right thing.  Something better
-               # needs to be done.
-               #
-               if test "/usr" = "$use_gssapi" -a \
-                       -f /usr/local/lib/libkrb5.a; then
-                   FIX_KTH_VS_MIT=yes
-               fi
-
-               case "$FIX_KTH_VS_MIT" in
-               yes)
-                   case "$enable_static_linking" in
-                   yes) gssapi_lib_suffix=".a"  ;;
-                   *)   gssapi_lib_suffix=".so" ;;
-                   esac
-
-                   for lib in $LIBS; do
-                       case $lib in
-                       -L*)
-                           ;;
-                       -l*)
-                           new_lib=`echo $lib |
-                                    sed -e s%^-l%$use_gssapi/lib/lib% \
-                                        -e s%$%$gssapi_lib_suffix%`
-                           NEW_LIBS="$NEW_LIBS $new_lib"
-                           ;;
-                       *)
-                          as_fn_error $? "KTH vs MIT Kerberos confusion!" "$LINENO" 5
-                           ;;
-                       esac
-                   done
-                   LIBS="$NEW_LIBS"
-                   ;;
-               esac
-
-               DST_GSSAPI_INC="-I$use_gssapi/include"
+               DST_GSSAPI_INC="$($KRB5CONFIG gssapi --cflags)"
                DNS_GSSAPI_LIBS="$LIBS"
 
                { $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5
@@ -22825,7 +22767,7 @@ $as_echo "" >&6; }
                        # Check other locations for includes.
                        # Order is important (sigh).
 
-                       bdb_incdirs="/db53 /db51 /db48 /db47 /db46 /db45 /db44 /db43 /db42 /db41 /db4 /db"
+                       bdb_incdirs="/db6 /db5 /db48"
                        # include a blank element first
                        for d in "" $bdb_incdirs
                        do


[FILE:148:files/empty.db]
$TTL 3h
@ SOA @ nobody.localhost. 42 1d 12h 1w 3h
        ; Serial, Refresh, Retry, Expire, Neg. cache TTL

@       NS      @

; Silence a BIND warning
@       A       127.0.0.1


[FILE:158:files/localhost-forward.db]
$TTL 3h
localhost. SOA localhost. nobody.localhost. 42 1d 12h 1w 3h
        ; Serial, Refresh, Retry, Expire, Neg. cache TTL

        NS      localhost.

        A       127.0.0.1
        AAAA    ::1


[FILE:226:files/localhost-reverse.db]
$TTL 3h
@ SOA localhost. nobody.localhost. 42 1d 12h 1w 3h
        ; Serial, Refresh, Retry, Expire, Neg. cache TTL

        NS      localhost.

1.0.0   PTR     localhost.

1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR localhost.



[FILE:19802:files/named.conf.in]
// Refer to the named.conf(5) and named(8) man pages, and the documentation
// in /usr/local/share/doc/bind for more details.
//
// If you are going to set up an authoritative server, make sure you
// understand the hairy details of how DNS works.  Even with
// simple mistakes, you can break connectivity for affected parties,
// or cause huge amounts of useless Internet traffic.

options {
        // All file and path names are relative to the chroot directory,
        // if any, and should be fully qualified.
        directory       "%%ETCDIR%%/working";
        pid-file        "/var/run/named/pid";
        dump-file       "/var/dump/named_dump.db";
        statistics-file "/var/stats/named.stats";

// If named is being used only as a local resolver, this is a safe default.
// For named to be accessible to the network, comment this option, specify
// the proper IP address, or delete this option.
        listen-on       { 127.0.0.1; };

// If you have IPv6 enabled on this system, uncomment this option for
// use as a local resolver.  To give access to the network, specify
// an IPv6 address, or the keyword "any".
//      listen-on-v6    { ::1; };

// These zones are already covered by the empty zones listed below.
// If you remove the related empty zones below, comment these lines out.
        disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
        disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
        disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";

// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below.  This will make you
// benefit from its cache, thus reduce overall DNS traffic in the Internet.
/*
        forwarders {
                127.0.0.1;
        };
*/

// If the 'forwarders' clause is not empty the default is to 'forward first'
// which will fall back to sending a query from your local server if the name
// servers in 'forwarders' do not have the answer.  Alternatively you can
// force your name server to never initiate queries of its own by enabling the
// following line:
//      forward only;

// If you wish to have forwarding configured automatically based on
// the entries in /etc/resolv.conf, uncomment the following line and
// set named_auto_forward=yes in /etc/rc.conf.  You can also enable
// named_auto_forward_only (the effect of which is described above).
//      include "%%ETCDIR%%/auto_forward.conf";

        /*
           Modern versions of BIND use a random UDP port for each outgoing
           query by default in order to dramatically reduce the possibility
           of cache poisoning.  All users are strongly encouraged to utilize
           this feature, and to configure their firewalls to accommodate it.

           AS A LAST RESORT in order to get around a restrictive firewall
           policy you can try enabling the option below.  Use of this option
           will significantly reduce your ability to withstand cache poisoning
           attacks, and should be avoided if at all possible.

           Replace NNNNN in the example with a number between 49160 and 65530.
        */
        // query-source address * port NNNNN;
};

// If you enable a local name server, don't forget to enter 127.0.0.1
// first in your /etc/resolv.conf so this server will be queried.
// Also, make sure to enable it in /etc/rc.conf.

// The traditional root hints mechanism. Use this, OR the slave zones below.
zone "." { type hint; file "%%ETCDIR%%/named.root"; };

/*      Slaving the following zones from the root name servers has some
        significant advantages:
        1. Faster local resolution for your users
        2. No spurious traffic will be sent from your network to the roots
        3. Greater resilience to any potential root server failure/DDoS

        On the other hand, this method requires more monitoring than the
        hints file to be sure that an unexpected failure mode has not
        incapacitated your server.  Name servers that are serving a lot
        of clients will benefit more from this approach than individual
        hosts.  Use with caution.

        To use this mechanism, uncomment the entries below, and comment
        the hint zone above.

        As documented at http://dns.icann.org/services/axfr/ these zones:
        "." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and a few others
        are available for AXFR from these servers on IPv4 and IPv6:
        xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org
*/
/*
zone "." {
        type slave;
        file "%%ETCDIR%%/slave/root.slave";
        masters {
                192.0.32.132;           // lax.xfr.dns.icann.org
                2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
                192.0.47.132;           // iad.xfr.dns.icann.org
                2620:0:2830:202::132;   // iad.xfr.dns.icann.org
        };
        notify no;
};
zone "arpa" {
        type slave;
        file "%%ETCDIR%%/slave/arpa.slave";
        masters {
                192.0.32.132;           // lax.xfr.dns.icann.org
                2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
                192.0.47.132;           // iad.xfr.dns.icann.org
                2620:0:2830:202::132;   // iad.xfr.dns.icann.org
        };
        notify no;
};
zone "in-addr.arpa" {
        type slave;
        file "%%ETCDIR%%/slave/in-addr.arpa.slave";
        masters {
                192.0.32.132;           // lax.xfr.dns.icann.org
                2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
                192.0.47.132;           // iad.xfr.dns.icann.org
                2620:0:2830:202::132;   // iad.xfr.dns.icann.org
        };
        notify no;
};
zone "ip6.arpa" {
        type slave;
        file "%%ETCDIR%%/slave/ip6.arpa.slave";
        masters {
                192.0.32.132;           // lax.xfr.dns.icann.org
                2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
                192.0.47.132;           // iad.xfr.dns.icann.org
                2620:0:2830:202::132;   // iad.xfr.dns.icann.org
        };
        notify no;
};
*/

/*      Serving the following zones locally will prevent any queries
        for these zones leaving your network and going to the root
        name servers.  This has two significant advantages:
        1. Faster local resolution for your users
        2. No spurious traffic will be sent from your network to the roots
*/
// RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)
zone "localhost"        { type master; file "%%ETCDIR%%/master/localhost-forward.db"; };
zone "127.in-addr.arpa" { type master; file "%%ETCDIR%%/master/localhost-reverse.db"; };
zone "255.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };

// RFC 1912-style zone for IPv6 localhost address (RFC 6303)
zone "0.ip6.arpa"       { type master; file "%%ETCDIR%%/master/localhost-reverse.db"; };

// "This" Network (RFCs 1912, 5735 and 6303)
zone "0.in-addr.arpa"   { type master; file "%%ETCDIR%%/master/empty.db"; };

// Private Use Networks (RFCs 1918, 5735 and 6303)
zone "10.in-addr.arpa"     { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "16.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "17.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "18.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "19.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "20.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "21.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "22.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "23.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "24.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "25.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "26.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "27.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "28.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "29.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "30.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "31.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "168.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };

// Shared Address Space (RFC 6598)
zone "64.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "65.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "66.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "67.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "68.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "69.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "70.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "71.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "72.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "73.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "74.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "75.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "76.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "77.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "78.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "79.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "80.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "81.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "82.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "83.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "84.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "85.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "86.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "87.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "88.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "89.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "90.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "91.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "92.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "93.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "94.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "95.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "96.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "97.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "98.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "99.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "100.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "101.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "102.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "103.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "104.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "105.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "106.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "107.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "108.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "109.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "110.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "111.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "112.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "113.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "114.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "115.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "116.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "117.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "118.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "119.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "120.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "121.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "122.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "123.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "124.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "125.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "126.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "127.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };

// Link-local/APIPA (RFCs 3927, 5735 and 6303)
zone "254.169.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };

// IETF protocol assignments (RFCs 5735 and 5736)
zone "0.0.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };

// TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303)
zone "2.0.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "100.51.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "113.0.203.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };

// IPv6 Example Range for Documentation (RFCs 3849 and 6303)
zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };

// Router Benchmark Testing (RFCs 2544 and 5735)
zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "19.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };

// IANA Reserved - Old Class E Space (RFC 5735)
zone "240.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "241.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "242.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "243.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "244.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "245.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "246.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "247.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "248.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "249.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "250.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "251.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "252.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "253.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "254.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };

// IPv6 Unassigned Addresses (RFC 4291)
zone "1.ip6.arpa"       { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "3.ip6.arpa"       { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "4.ip6.arpa"       { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "5.ip6.arpa"       { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "6.ip6.arpa"       { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "7.ip6.arpa"       { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "8.ip6.arpa"       { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "9.ip6.arpa"       { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "a.ip6.arpa"       { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "b.ip6.arpa"       { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "c.ip6.arpa"       { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "d.ip6.arpa"       { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "e.ip6.arpa"       { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "0.f.ip6.arpa"     { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "1.f.ip6.arpa"     { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "2.f.ip6.arpa"     { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "3.f.ip6.arpa"     { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "4.f.ip6.arpa"     { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "5.f.ip6.arpa"     { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "6.f.ip6.arpa"     { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "7.f.ip6.arpa"     { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "8.f.ip6.arpa"     { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "9.f.ip6.arpa"     { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "a.f.ip6.arpa"     { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "b.f.ip6.arpa"     { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "0.e.f.ip6.arpa"   { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "1.e.f.ip6.arpa"   { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "2.e.f.ip6.arpa"   { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "3.e.f.ip6.arpa"   { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "4.e.f.ip6.arpa"   { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "5.e.f.ip6.arpa"   { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "6.e.f.ip6.arpa"   { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "7.e.f.ip6.arpa"   { type master; file "%%ETCDIR%%/master/empty.db"; };

// IPv6 ULA (RFCs 4193 and 6303)
zone "c.f.ip6.arpa"     { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "d.f.ip6.arpa"     { type master; file "%%ETCDIR%%/master/empty.db"; };

// IPv6 Link Local (RFCs 4291 and 6303)
zone "8.e.f.ip6.arpa"   { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "9.e.f.ip6.arpa"   { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "a.e.f.ip6.arpa"   { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "b.e.f.ip6.arpa"   { type master; file "%%ETCDIR%%/master/empty.db"; };

// IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303)
zone "c.e.f.ip6.arpa"   { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "d.e.f.ip6.arpa"   { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "e.e.f.ip6.arpa"   { type master; file "%%ETCDIR%%/master/empty.db"; };
zone "f.e.f.ip6.arpa"   { type master; file "%%ETCDIR%%/master/empty.db"; };

// IP6.INT is Deprecated (RFC 4159)
zone "ip6.int"          { type master; file "%%ETCDIR%%/master/empty.db"; };

// NB: Do not use the IP addresses below, they are faked, and only
// serve demonstration/documentation purposes!
//
// Example slave zone config entries.  It can be convenient to become
// a slave at least for the zone your own domain is in.  Ask
// your network administrator for the IP address of the responsible
// master name server.
//
// Do not forget to include the reverse lookup zone!
// This is named after the first bytes of the IP address, in reverse
// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6.
//
// Before starting to set up a master zone, make sure you fully
// understand how DNS and BIND work.  There are sometimes
// non-obvious pitfalls.  Setting up a slave zone is usually simpler.
//
// NB: Don't blindly enable the examples below. :-)  Use actual names
// and addresses instead.

/* An example dynamic zone
key "exampleorgkey" {
        algorithm hmac-md5;
        secret "sf87HJqjkqh8ac87a02lla==";
};
zone "example.org" {
        type master;
        allow-update {
                key "exampleorgkey";
        };
        file "%%ETCDIR%%/dynamic/example.org";
};
*/

/* Example of a slave reverse zone
zone "1.168.192.in-addr.arpa" {
        type slave;
        file "%%ETCDIR%%/slave/1.168.192.in-addr.arpa";
        masters {
                192.168.1.1;
        };
};
*/


[FILE:12389:files/named.in]
#!/bin/sh
#

# PROVIDE: named
# REQUIRE: %%NAMED_REQUIRE%%
# BEFORE: %%NAMED_BEFORE%%
# KEYWORD: shutdown

#
# Add the following lines to /etc/rc.conf to enable BIND:
# named_enable (bool):              Run named, the DNS server (or NO).
# named_program (str):              Path to named, if you want a different one.
# named_conf (str):                 Path to the configuration file
# named_flags (str):                Use this for flags OTHER than -u and -c
# named_uid (str):                  User to run named as
# named_chrootdir (str):            Chroot directory (or "" not to auto-chroot it)
#                                   Historically, was /var/named
# named_chroot_autoupdate (bool):   Automatically install/update chrooted
#                                   components of named.
# named_symlink_enable (bool):      Symlink the chrooted pid file
# named_wait (bool):                Wait for working name service before exiting
# named_wait_host (str):            Hostname to check if named_wait is enabled
# named_auto_forward (str):         Set up forwarders from /etc/resolv.conf
# named_auto_forward_only (str):    Do "forward only" instead of "forward first"
%%NATIVE_PKCS11%%# named_pkcs11_engine (str):       Path to the PKCS#11 library to use.
#

. /etc/rc.subr

name=named
desc="named BIND startup script"
rcvar=named_enable

load_rc_config ${name}

extra_commands=reload

start_precmd=named_prestart
start_postcmd=named_poststart
reload_cmd=named_reload
stop_cmd=named_stop
stop_postcmd=named_poststop

named_enable=${named_enable:-"NO"}
named_program=${named_program:-"%%PREFIX%%/sbin/named"}
named_conf=${named_conf:-"%%ETCDIR%%/named.conf"}
named_flags=${named_flags:-""}
named_uid=${named_uid:-"bind"}
named_chrootdir=${named_chrootdir:-""}
named_chroot_autoupdate=${named_chroot_autoupdate:-"YES"}
named_symlink_enable=${named_symlink_enable:-"YES"}
named_wait=${named_wait:-"NO"}
named_wait_host=${named_wait_host:-"localhost"}
named_auto_forward=${named_auto_forward:-"NO"}
named_auto_forward_only=${named_auto_forward_only:-"NO"}
%%NATIVE_PKCS11%%named_pkcs11_engine=${named_pkcs11_engine:-""}

# Not configuration variables but having them here keeps rclint happy
required_dirs="${named_chrootdir}"
_named_confdirroot="${named_conf%/*}"
_named_confdir="${named_chrootdir}${_named_confdirroot}"
_named_program_root="${named_program%/sbin/named}"
_openssl_engines="%%LOCALBASE%%/lib/engines"

# Needed if named.conf and rndc.conf are moved or if rndc.conf is used
rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"}
rndc_key=${rndc_key:-"$_named_confdir/rndc.key"}

# If running in a chroot cage, ensure that the appropriate files
# exist inside the cage, as well as helper symlinks into the cage
# from outside.
#
# As this is called after the is_running and required_dir checks
# are made in run_rc_command(), we can safely assume ${named_chrootdir}
# exists and named isn't running at this point (unless forcestart
# is used).
#
chroot_autoupdate()
{
        local file

        # If it's the first time around, fiddle with things and move the
        # current configuration to the chroot.
        if [ -d ${_named_confdirroot} -a ! -d ${_named_confdir} ]; then
                warn "named chroot: Moving current configuration in the chroot!"
                install -d ${_named_confdir%/*}
                mv ${_named_confdirroot} ${_named_confdir}
        fi

        # Create (or update) the chroot directory structure
        #
        if [ -r %%PREFIX%%/etc/mtree/BIND.chroot.dist ]; then
                mtree -deU -f %%PREFIX%%/etc/mtree/BIND.chroot.dist \
                    -p ${named_chrootdir}
        else
                warn "%%PREFIX%%/etc/mtree/BIND.chroot.dist missing,"
                warn "${named_chrootdir} directory structure not updated"
        fi
        if [ -r %%PREFIX%%/etc/mtree/BIND.chroot.local.dist ]; then
                mkdir -p ${named_chrootdir}%%PREFIX%%
                mtree -deU -f %%PREFIX%%/etc/mtree/BIND.chroot.local.dist \
                    -p ${named_chrootdir}%%PREFIX%%
        else
                warn "%%PREFIX%%/etc/mtree/BIND.chroot.local.dist missing,"
                warn "${named_chrootdir}%%PREFIX%% directory structure not updated"
        fi

        # Create (or update) the configuration directory symlink
        #
        if [ ! -L "${_named_confdirroot}" ]; then
                if [ -d "${_named_confdirroot}" ]; then
                        warn "named chroot: ${_named_confdirroot} is a directory!"
                elif [ -e "${_named_confdirroot}" ]; then
                        warn "named chroot: ${_named_confdirroot} exists!"
                else
                        ln -s ${_named_confdir} ${_named_confdirroot}
                fi
        else
                # Make sure it points to the right place.
                ln -shf ${_named_confdir} ${_named_confdirroot}
        fi

        # Mount a devfs in the chroot directory if needed
        #
        if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
                umount ${named_chrootdir}/dev 2>/dev/null
                devfs_domount ${named_chrootdir}/dev devfsrules_hide_all
                devfs -m ${named_chrootdir}/dev rule apply path null unhide
                devfs -m ${named_chrootdir}/dev rule apply path random unhide
        else
                if [ -c ${named_chrootdir}/dev/null -a \
                    -c ${named_chrootdir}/dev/random ]; then
                        info "named chroot: using pre-mounted devfs."
                else
                        err 1 "named chroot: devfs cannot be mounted from " \
                                "within a jail. Thus a chrooted named cannot " \
                                "be run from within a jail.  Either mount the " \
                                "devfs with null and random from the host, or " \
                                "run named without chrooting it, set " \
                                "named_chrootdir=\"\" in /etc/rc.conf."
                fi
        fi

        # If OpenSSL from ports, then the engines should be present in the
        # chroot, named loads them after chrooting.
        if [ -d ${_openssl_engines} ]; then
                # FIXME when 8.4 is gone see if
                # security.jail.param.allow.mount.nullfs can be used.
                if [ `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ]; then
                        mkdir -p ${named_chrootdir}${_openssl_engines}
                        mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
                else
                        warn "named chroot: cannot nullfs mount OpenSSL" \
                                "engines into the chroot, will copy the shared" \
                                "libraries instead."
                        mkdir -p ${named_chrootdir}${_openssl_engines}
                        cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
                fi
        fi

        # Copy and/or update key files to the chroot /etc
        #
        for file in localtime protocols services; do
                if [ -r /etc/${file} ] && \
                        ! cmp -s /etc/${file} "${named_chrootdir}/etc/${file}"; then
                        cp -p /etc/${file} "${named_chrootdir}/etc/${file}"
                fi
        done
}

# Make symlinks to the correct pid file
#
make_symlinks()
{
        checkyesno named_symlink_enable &&
            ln -fs "${named_chrootdir}${pidfile}" ${pidfile}
}

named_poststart()
{
        make_symlinks

        if checkyesno named_wait; then
                until ${_named_program_root}/bin/host ${named_wait_host} >/dev/null 2>&1; do
                        echo "  Waiting for nameserver to resolve ${named_wait_host}"
                        sleep 1
                done
        fi
}

named_reload()
{
        # This is a one line function, but ${named_program} is not defined early
        # enough to be there when the reload_cmd variable is defined up there.
        rndc reload
}

find_pidfile()
{
        if get_pidfile_from_conf pid-file ${named_conf}; then
                pidfile="${_pidfile_from_conf}"
        else
                pidfile="/var/run/named/pid"
        fi
}

named_stop()
{
        find_pidfile

        # This duplicates an undesirably large amount of code from the stop
        # routine in rc.subr in order to use rndc to shut down the process,
        # and to give it a second chance in case rndc fails.
        rc_pid=$(check_pidfile ${pidfile} ${command})
        if [ -z "${rc_pid}" ]; then
                [ -n "${rc_fast}" ] && return 0
                _run_rc_notrunning
                return 1
        fi
        echo 'Stopping named.'
        if rndc stop; then
                wait_for_pids ${rc_pid}
        else
                echo -n 'rndc failed, trying kill: '
                kill -TERM ${rc_pid}
                wait_for_pids ${rc_pid}
        fi
}

named_poststop()
{
        if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
                # if using OpenSSL from ports, unmount OpenSSL engines, if they
                # were not mounted but only copied, do nothing.
                if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then
                  umount ${named_chrootdir}${_openssl_engines}
                fi
                # unmount /dev
                if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
                        umount ${named_chrootdir}/dev 2>/dev/null || true
                else
                        warn "named chroot:" \
                            "cannot unmount devfs from inside jail!"
                fi
        fi
}

create_file()
{
        if [ -e "$1" ]; then
                unlink $1
        fi
        install -o root -g wheel -m 0644 /dev/null $1
}

rndc()
{
        if [ -z "${rndc_flags}" ]; then
                if [ -s "${rndc_conf}" ] ; then
                        rndc_flags="-c ${rndc_conf}"
                elif [ -s "${rndc_key}" ] ; then
                        rndc_flags="-k ${rndc_key}"
                else
                        rndc_flags=""
                fi
        fi

        ${_named_program_root}/sbin/rndc ${rndc_flags} "$@"
}

named_prestart()
{
        find_pidfile

        if [ -n "${named_pidfile}" ]; then
                warn 'named_pidfile: now determined from the conf file'
        fi

        piddir=`/usr/bin/dirname ${pidfile}`
        if [ ! -d ${piddir} ]; then
                install -d -o ${named_uid} -g ${named_uid} ${piddir}
        fi

        command_args="-u ${named_uid:=root} -c ${named_conf} ${command_args}"

%%NATIVE_PKCS11%%       if [ -z "${named_pkcs11_engine}"]; then
%%NATIVE_PKCS11%%               err 3 "named_pkcs11_engine has to be set to the PKCS#11 engine's library you want to use"
%%NATIVE_PKCS11%%       elif [ ! -f ${named_pkcs11_engine} ]; then
%%NATIVE_PKCS11%%               err 3 "named_pkcs11_engine the PKCS#11 engine's library you want to use doesn't exist"
%%NATIVE_PKCS11%%       else
%%NATIVE_PKCS11%%               mkdir -p ${named_chrootdir}${named_pkcs11_engine%/*}
%%NATIVE_PKCS11%%               cp -p ${named_pkcs11_engine} ${named_chrootdir}${named_pkcs11_engine}
%%NATIVE_PKCS11%%               command_args="-E ${named_pkcs11_engine} ${command_args}"
%%NATIVE_PKCS11%%       fi

        local line nsip firstns

        # Is the user using a sandbox?
        #
        if [ -n "${named_chrootdir}" ]; then
                rc_flags="${rc_flags} -t ${named_chrootdir}"
                checkyesno named_chroot_autoupdate && chroot_autoupdate
        else
                named_symlink_enable=NO
        fi

        # Create an rndc.key file for the user if none exists
        #
        confgen_command="${_named_program_root}/sbin/rndc-confgen -a -b256 -u ${named_uid} \
            -c ${_named_confdir}/rndc.key"
        if [ -s "${_named_confdir}/rndc.conf" ]; then
                unset confgen_command
        fi
        if [ -s "${_named_confdir}/rndc.key" ]; then
                case `stat -f%Su ${_named_confdir}/rndc.key` in
                root|${named_uid}) ;;
                *) ${confgen_command} ;;
                esac
        else
                ${confgen_command}
        fi

        local checkconf

        checkconf="${_named_program_root}/sbin/named-checkconf"
        if ! checkyesno named_chroot_autoupdate && [ -n "${named_chrootdir}" ]; then
                checkconf="${checkconf} -t ${named_chrootdir}"
        fi

        # Create a forwarder configuration based on /etc/resolv.conf
        if checkyesno named_auto_forward; then
                if [ ! -s /etc/resolv.conf ]; then
                        warn "named_auto_forward enabled, but no /etc/resolv.conf"

                        # Empty the file in case it is included in named.conf
                        [ -s "${_named_confdir}/auto_forward.conf" ] &&
                            create_file ${_named_confdir}/auto_forward.conf

                        ${checkconf} ${named_conf} ||
                            err 3 'named-checkconf for ${named_conf} failed'
                        return
                fi

                create_file /var/run/naf-resolv.conf
                create_file /var/run/auto_forward.conf

                echo '  forwarders {' > /var/run/auto_forward.conf

                while read line; do
                        case "${line}" in
                        'nameserver '*|'nameserver      '*)
                                nsip=${line##nameserver[         ]}

                                if [ -z "${firstns}" ]; then
                                        if [ ! "${nsip}" = '127.0.0.1' ]; then
                                                echo 'nameserver 127.0.0.1'
                                                echo "          ${nsip};" >> /var/run/auto_forward.conf
                                        fi

                                        firstns=1
                                else
                                        [ "${nsip}" = '127.0.0.1' ] && continue
                                        echo "          ${nsip};" >> /var/run/auto_forward.conf
                                fi
                                ;;
                        esac

                        echo ${line}
                done < /etc/resolv.conf > /var/run/naf-resolv.conf

                echo '  };' >> /var/run/auto_forward.conf
                echo '' >> /var/run/auto_forward.conf
                if checkyesno named_auto_forward_only; then
                        echo "  forward only;" >> /var/run/auto_forward.conf
                else
                        echo "  forward first;" >> /var/run/auto_forward.conf
                fi

                if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then
                        unlink /var/run/naf-resolv.conf
                else
                        [ -e /etc/resolv.conf ] && unlink /etc/resolv.conf
                        mv /var/run/naf-resolv.conf /etc/resolv.conf
                fi

                if cmp -s ${_named_confdir}/auto_forward.conf \
                    /var/run/auto_forward.conf; then
                        unlink /var/run/auto_forward.conf
                else
                        [ -e "${_named_confdir}/auto_forward.conf" ] &&
                            unlink ${_named_confdir}/auto_forward.conf
                        mv /var/run/auto_forward.conf \
                            ${_named_confdir}/auto_forward.conf
                fi
        else
                # Empty the file in case it is included in named.conf
                [ -s "${_named_confdir}/auto_forward.conf" ] &&
                    create_file ${_named_confdir}/auto_forward.conf
        fi

        ${checkconf} ${named_conf} || err 3 "named-checkconf for ${named_conf} failed"
}

run_rc_command "$1"


[FILE:3289:files/named.root]
;       This file holds the information on root name servers needed to
;       initialize cache of Internet domain name servers
;       (e.g. reference this file in the "cache  .  <file>"
;       configuration file of BIND domain name servers).
;
;       This file is made available by InterNIC 
;       under anonymous FTP as
;           file                /domain/named.cache
;           on server           FTP.INTERNIC.NET
;       -OR-                    RS.INTERNIC.NET
;
;       last update:    April 11, 2017
;       related version of root zone:   2017041101
;
; formerly NS.INTERNIC.NET
;
.                        3600000      NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
;
; FORMERLY NS1.ISI.EDU
;
.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:84::b
;
; FORMERLY C.PSI.NET
;
.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
;
; FORMERLY TERP.UMD.EDU
;
.                        3600000      NS    D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
;
; FORMERLY NS.NASA.GOV
;
.                        3600000      NS    E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
E.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:a8::e
;
; FORMERLY NS.ISC.ORG
;
.                        3600000      NS    F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
;
; FORMERLY NS.NIC.DDN.MIL
;
.                        3600000      NS    G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
G.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:12::d0d
;
; FORMERLY AOS.ARL.ARMY.MIL
;
.                        3600000      NS    H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53
;
; FORMERLY NIC.NORDU.NET
;
.                        3600000      NS    I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
;
; OPERATED BY VERISIGN, INC.
;
.                        3600000      NS    J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
;
; OPERATED BY RIPE NCC
;
.                        3600000      NS    K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
;
; OPERATED BY ICANN
;
.                        3600000      NS    L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:9f::42
;
; OPERATED BY WIDE
;
.                        3600000      NS    M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
; End of file


[FILE:1633:files/pkg-message-server.in]
**********************************************************************
*            _  _____ _____ _____ _   _ _____ ___ ___  _   _         *
*           / \|_   _|_   _| ____| \ | |_   _|_ _/ _ \| \ | |        *
*          / _ \ | |   | | |  _| |  \| | | |  | | | | |  \| |        *
*         / ___ \| |   | | | |___| |\  | | |  | | |_| | |\  |        *
*        /_/   \_\_|   |_| |_____|_| \_| |_| |___\___/|_| \_|        *
*                                                                    *
*   BIND requires configuration of rndc, including a "secret" key.   *
*    The easiest, and most secure way to configure rndc is to run    *
*   'rndc-confgen -a' to generate the proper conf file, with a new   *
*            random key, and appropriate file permissions.           *
*                                                                    *
*     The %%PREFIX%%/etc/rc.d/named script will do that for you.     *
*                                                                    *
*      If using syslog to log the BIND9 activity, and using a        *
*     chroot'ed installation, you will need to tell syslog to        *
*       install a log socket in the BIND9 chroot by running:         *
*                                                                    *
*            # sysrc altlog_proglist+=named                          *
*                                                                    *
*    And then restarting syslogd with: service syslogd restart       *
*                                                                    *
**********************************************************************