1 # Buildsheet autogenerated by ravenadm tool -- Do not edit.
8 SDESC[standard]= Berkeley Internet Name Domain (Domain Name Server)
9 HOMEPAGE= https://www.isc.org/downloads/bind/
13 SITES[main]= ISC/bind9/9.18.19
14 DISTFILE[1]= bind-9.18.19.tar.xz:main
16 SPKGS[standard]= complete
23 OPTIONS_AVAILABLE= FIXED_RRSET GEOIP LARGE_FILE QUERYTRACE
24 OPTIONS_STANDARD= FIXED_RRSET GEOIP LARGE_FILE QUERYTRACE
26 BUILD_DEPENDS= idnkit:single:standard
28 libnghttp2:dev:standard
31 BUILDRUN_DEPENDS= json-c:primary:standard
32 libuv:primary:standard
34 libnghttp2:primary:standard
35 EXRUN[tools]= idnkit:single:standard
37 USES= cclibs:server,tools cpe iconv pkgconfig ssl readline
38 ncurses:build libtool perl:build
39 GNOME_COMPONENTS= libxml2
41 DISTNAME= bind-9.18.19
44 LICENSE_FILE= MPL:{{WRKSRC}}/COPYRIGHT
48 FPC_EQUIVALENT= dns/bind918
51 CONFIGURE_ARGS= --localstatedir=/var
52 --sysconfdir={{ETCDIR}}
57 --with-openssl={{OPENSSLBASE}}
59 STD_CDEFINES="-DDIG_SIGCHASE=1"
63 INSTALL_REQ_TOOLCHAIN= yes
64 PLIST_SUB= ETCDIR={{BIND_ETCDIR}}
67 SUB_FILES= pkg-message-server
70 [FIXED_RRSET].DESCRIPTION= Enable fixed rrset ordering
71 [FIXED_RRSET].CONFIGURE_ENABLE_BOTH= fixed-rrset
73 [QUERYTRACE].DESCRIPTION= Enable the very verbose query tracelogging
74 [QUERYTRACE].CONFIGURE_ENABLE_BOTH= querytrace
76 [GEOIP].DESCRIPTION= Allow geographically based ACL
77 [GEOIP].BUILDRUN_DEPENDS_ON= GeoIP:single:standard
78 [GEOIP].CONFIGURE_ENABLE_BOTH= geoip
80 [LARGE_FILE].DESCRIPTION= 64-bit file support
81 [LARGE_FILE].CONFIGURE_ENABLE_BOTH= largefile
84 ${REINPLACE_CMD} -e "s|/opt/local|${PREFIX}|g" \
88 ${MKDIR} ${STAGEDIR}${ETCDIR} ${STAGEDIR}${STD_DOCDIR}/arm
89 . for i in dynamic master slave working
90 ${MKDIR} ${STAGEDIR}${ETCDIR}/$i
92 . for l in bind/filter-a bind/filter-aaaa libbind9 libdns libirs libisc libisccc libisccfg libns
93 ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/${l}.so
95 ${INSTALL_DATA} ${WRKDIR}/named.conf \
96 ${STAGEDIR}${ETCDIR}/named.conf.sample
97 ${INSTALL_DATA} ${FILESDIR}/named.root \
99 ${INSTALL_DATA} ${FILESDIR}/empty.db \
100 ${STAGEDIR}${ETCDIR}/master
101 ${INSTALL_DATA} ${FILESDIR}/localhost-forward.db \
102 ${STAGEDIR}${ETCDIR}/master
103 ${INSTALL_DATA} ${FILESDIR}/localhost-reverse.db \
104 ${STAGEDIR}${ETCDIR}/master
105 ${RM} -r ${STAGEDIR}/var
107 ${INSTALL_DATA} ${WRKSRC}/doc/arm/*.rst ${STAGEDIR}${STD_DOCDIR}/arm
108 ${INSTALL_DATA} ${WRKSRC}/CHANGES ${WRKSRC}/README* ${STAGEDIR}${STD_DOCDIR}
110 [FILE:743:descriptions/desc.server]
111 BIND is open source software that enables you to publish your Domain Name
112 System (DNS) information on the Internet, and to resolve DNS queries for
113 your users. The name BIND stands for "Berkeley Internet Name Domain",
114 because the software originated in the early 1980s at the University of
115 California at Berkeley.
117 BIND is by far the most widely used DNS software on the Internet,
118 providing a robust and stable platform on top of which organizations can
119 build distributed computing systems with the knowledge that those systems
120 are fully compliant with published DNS standards.
122 The BIND software distribution has three parts:
123 1. Domain Name Resolver
124 2. Domain Name Authority server
127 This package contains parts 1 and 2.
130 [FILE:357:descriptions/desc.tools]
131 BIND is open source software that enables you to publish your Domain Name
132 System (DNS) information on the Internet, and to resolve DNS queries for
133 your users. The name BIND stands for "Berkeley Internet Name Domain",
134 because the software originated in the early 1980s at the University of
135 California at Berkeley.
137 This package contains the BIND tools.
141 115e09c05439bebade1d272eda08fa88eb3b60129edef690588c87a4d27612cc 5508464 bind-9.18.19.tar.xz
144 [FILE:618:manifests/plist.server]
145 @sample %%ETCDIR%%/named.conf.sample
155 libbind9-%%LIBVER%%.so
163 libisccc-%%LIBVER%%.so
165 libisccfg-%%LIBVER%%.so
178 @dir(bind,bind,) %%ETCDIR%%/dynamic
179 @dir(bind,bind,) %%ETCDIR%%/slave
180 @dir(bind,bind,) %%ETCDIR%%/working
183 [FILE:304:manifests/plist.tools]
209 [FILE:624:manifests/plist.man]
215 dnssec-dsfromkey.1.gz
216 dnssec-importkey.1.gz
217 dnssec-keyfromlabel.1.gz
227 named-compilezone.1.gz
228 named-journalprint.1.gz
247 [FILE:2355:manifests/plist.dev]
351 include/irs/resconf.h
483 [FILE:148:files/empty.db]
485 @ SOA @ nobody.localhost. 42 1d 12h 1w 3h
486 ; Serial, Refresh, Retry, Expire, Neg. cache TTL
490 ; Silence a BIND warning
494 [FILE:158:files/localhost-forward.db]
496 localhost. SOA localhost. nobody.localhost. 42 1d 12h 1w 3h
497 ; Serial, Refresh, Retry, Expire, Neg. cache TTL
505 [FILE:226:files/localhost-reverse.db]
507 @ SOA localhost. nobody.localhost. 42 1d 12h 1w 3h
508 ; Serial, Refresh, Retry, Expire, Neg. cache TTL
514 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR localhost.
518 [FILE:19802:files/named.conf.in]
519 // Refer to the named.conf(5) and named(8) man pages, and the documentation
520 // in /usr/local/share/doc/bind for more details.
522 // If you are going to set up an authoritative server, make sure you
523 // understand the hairy details of how DNS works. Even with
524 // simple mistakes, you can break connectivity for affected parties,
525 // or cause huge amounts of useless Internet traffic.
528 // All file and path names are relative to the chroot directory,
529 // if any, and should be fully qualified.
530 directory "%%ETCDIR%%/working";
531 pid-file "/var/run/named/pid";
532 dump-file "/var/dump/named_dump.db";
533 statistics-file "/var/stats/named.stats";
535 // If named is being used only as a local resolver, this is a safe default.
536 // For named to be accessible to the network, comment this option, specify
537 // the proper IP address, or delete this option.
538 listen-on { 127.0.0.1; };
540 // If you have IPv6 enabled on this system, uncomment this option for
541 // use as a local resolver. To give access to the network, specify
542 // an IPv6 address, or the keyword "any".
543 // listen-on-v6 { ::1; };
545 // These zones are already covered by the empty zones listed below.
546 // If you remove the related empty zones below, comment these lines out.
547 disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
548 disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
549 disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
551 // If you've got a DNS server around at your upstream provider, enter
552 // its IP address here, and enable the line below. This will make you
553 // benefit from its cache, thus reduce overall DNS traffic in the Internet.
560 // If the 'forwarders' clause is not empty the default is to 'forward first'
561 // which will fall back to sending a query from your local server if the name
562 // servers in 'forwarders' do not have the answer. Alternatively you can
563 // force your name server to never initiate queries of its own by enabling the
567 // If you wish to have forwarding configured automatically based on
568 // the entries in /etc/resolv.conf, uncomment the following line and
569 // set named_auto_forward=yes in /etc/rc.conf. You can also enable
570 // named_auto_forward_only (the effect of which is described above).
571 // include "%%ETCDIR%%/auto_forward.conf";
574 Modern versions of BIND use a random UDP port for each outgoing
575 query by default in order to dramatically reduce the possibility
576 of cache poisoning. All users are strongly encouraged to utilize
577 this feature, and to configure their firewalls to accommodate it.
579 AS A LAST RESORT in order to get around a restrictive firewall
580 policy you can try enabling the option below. Use of this option
581 will significantly reduce your ability to withstand cache poisoning
582 attacks, and should be avoided if at all possible.
584 Replace NNNNN in the example with a number between 49160 and 65530.
586 // query-source address * port NNNNN;
589 // If you enable a local name server, don't forget to enter 127.0.0.1
590 // first in your /etc/resolv.conf so this server will be queried.
591 // Also, make sure to enable it in /etc/rc.conf.
593 // The traditional root hints mechanism. Use this, OR the slave zones below.
594 zone "." { type hint; file "%%ETCDIR%%/named.root"; };
596 /* Slaving the following zones from the root name servers has some
597 significant advantages:
598 1. Faster local resolution for your users
599 2. No spurious traffic will be sent from your network to the roots
600 3. Greater resilience to any potential root server failure/DDoS
602 On the other hand, this method requires more monitoring than the
603 hints file to be sure that an unexpected failure mode has not
604 incapacitated your server. Name servers that are serving a lot
605 of clients will benefit more from this approach than individual
606 hosts. Use with caution.
608 To use this mechanism, uncomment the entries below, and comment
611 As documented at http://dns.icann.org/services/axfr/ these zones:
612 "." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and a few others
613 are available for AXFR from these servers on IPv4 and IPv6:
614 xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org
619 file "%%ETCDIR%%/slave/root.slave";
621 192.0.32.132; // lax.xfr.dns.icann.org
622 2620:0:2d0:202::132; // lax.xfr.dns.icann.org
623 192.0.47.132; // iad.xfr.dns.icann.org
624 2620:0:2830:202::132; // iad.xfr.dns.icann.org
630 file "%%ETCDIR%%/slave/arpa.slave";
632 192.0.32.132; // lax.xfr.dns.icann.org
633 2620:0:2d0:202::132; // lax.xfr.dns.icann.org
634 192.0.47.132; // iad.xfr.dns.icann.org
635 2620:0:2830:202::132; // iad.xfr.dns.icann.org
639 zone "in-addr.arpa" {
641 file "%%ETCDIR%%/slave/in-addr.arpa.slave";
643 192.0.32.132; // lax.xfr.dns.icann.org
644 2620:0:2d0:202::132; // lax.xfr.dns.icann.org
645 192.0.47.132; // iad.xfr.dns.icann.org
646 2620:0:2830:202::132; // iad.xfr.dns.icann.org
652 file "%%ETCDIR%%/slave/ip6.arpa.slave";
654 192.0.32.132; // lax.xfr.dns.icann.org
655 2620:0:2d0:202::132; // lax.xfr.dns.icann.org
656 192.0.47.132; // iad.xfr.dns.icann.org
657 2620:0:2830:202::132; // iad.xfr.dns.icann.org
663 /* Serving the following zones locally will prevent any queries
664 for these zones leaving your network and going to the root
665 name servers. This has two significant advantages:
666 1. Faster local resolution for your users
667 2. No spurious traffic will be sent from your network to the roots
669 // RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)
670 zone "localhost" { type master; file "%%ETCDIR%%/master/localhost-forward.db"; };
671 zone "127.in-addr.arpa" { type master; file "%%ETCDIR%%/master/localhost-reverse.db"; };
672 zone "255.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
674 // RFC 1912-style zone for IPv6 localhost address (RFC 6303)
675 zone "0.ip6.arpa" { type master; file "%%ETCDIR%%/master/localhost-reverse.db"; };
677 // "This" Network (RFCs 1912, 5735 and 6303)
678 zone "0.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
680 // Private Use Networks (RFCs 1918, 5735 and 6303)
681 zone "10.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
682 zone "16.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
683 zone "17.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
684 zone "18.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
685 zone "19.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
686 zone "20.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
687 zone "21.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
688 zone "22.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
689 zone "23.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
690 zone "24.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
691 zone "25.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
692 zone "26.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
693 zone "27.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
694 zone "28.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
695 zone "29.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
696 zone "30.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
697 zone "31.172.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
698 zone "168.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
700 // Shared Address Space (RFC 6598)
701 zone "64.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
702 zone "65.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
703 zone "66.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
704 zone "67.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
705 zone "68.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
706 zone "69.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
707 zone "70.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
708 zone "71.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
709 zone "72.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
710 zone "73.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
711 zone "74.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
712 zone "75.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
713 zone "76.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
714 zone "77.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
715 zone "78.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
716 zone "79.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
717 zone "80.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
718 zone "81.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
719 zone "82.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
720 zone "83.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
721 zone "84.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
722 zone "85.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
723 zone "86.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
724 zone "87.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
725 zone "88.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
726 zone "89.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
727 zone "90.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
728 zone "91.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
729 zone "92.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
730 zone "93.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
731 zone "94.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
732 zone "95.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
733 zone "96.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
734 zone "97.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
735 zone "98.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
736 zone "99.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
737 zone "100.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
738 zone "101.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
739 zone "102.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
740 zone "103.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
741 zone "104.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
742 zone "105.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
743 zone "106.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
744 zone "107.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
745 zone "108.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
746 zone "109.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
747 zone "110.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
748 zone "111.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
749 zone "112.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
750 zone "113.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
751 zone "114.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
752 zone "115.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
753 zone "116.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
754 zone "117.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
755 zone "118.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
756 zone "119.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
757 zone "120.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
758 zone "121.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
759 zone "122.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
760 zone "123.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
761 zone "124.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
762 zone "125.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
763 zone "126.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
764 zone "127.100.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
766 // Link-local/APIPA (RFCs 3927, 5735 and 6303)
767 zone "254.169.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
769 // IETF protocol assignments (RFCs 5735 and 5736)
770 zone "0.0.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
772 // TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303)
773 zone "2.0.192.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
774 zone "100.51.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
775 zone "113.0.203.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
777 // IPv6 Example Range for Documentation (RFCs 3849 and 6303)
778 zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
780 // Router Benchmark Testing (RFCs 2544 and 5735)
781 zone "18.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
782 zone "19.198.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
784 // IANA Reserved - Old Class E Space (RFC 5735)
785 zone "240.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
786 zone "241.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
787 zone "242.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
788 zone "243.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
789 zone "244.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
790 zone "245.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
791 zone "246.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
792 zone "247.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
793 zone "248.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
794 zone "249.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
795 zone "250.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
796 zone "251.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
797 zone "252.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
798 zone "253.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
799 zone "254.in-addr.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
801 // IPv6 Unassigned Addresses (RFC 4291)
802 zone "1.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
803 zone "3.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
804 zone "4.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
805 zone "5.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
806 zone "6.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
807 zone "7.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
808 zone "8.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
809 zone "9.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
810 zone "a.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
811 zone "b.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
812 zone "c.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
813 zone "d.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
814 zone "e.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
815 zone "0.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
816 zone "1.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
817 zone "2.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
818 zone "3.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
819 zone "4.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
820 zone "5.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
821 zone "6.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
822 zone "7.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
823 zone "8.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
824 zone "9.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
825 zone "a.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
826 zone "b.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
827 zone "0.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
828 zone "1.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
829 zone "2.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
830 zone "3.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
831 zone "4.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
832 zone "5.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
833 zone "6.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
834 zone "7.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
836 // IPv6 ULA (RFCs 4193 and 6303)
837 zone "c.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
838 zone "d.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
840 // IPv6 Link Local (RFCs 4291 and 6303)
841 zone "8.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
842 zone "9.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
843 zone "a.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
844 zone "b.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
846 // IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303)
847 zone "c.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
848 zone "d.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
849 zone "e.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
850 zone "f.e.f.ip6.arpa" { type master; file "%%ETCDIR%%/master/empty.db"; };
852 // IP6.INT is Deprecated (RFC 4159)
853 zone "ip6.int" { type master; file "%%ETCDIR%%/master/empty.db"; };
855 // NB: Do not use the IP addresses below, they are faked, and only
856 // serve demonstration/documentation purposes!
858 // Example slave zone config entries. It can be convenient to become
859 // a slave at least for the zone your own domain is in. Ask
860 // your network administrator for the IP address of the responsible
861 // master name server.
863 // Do not forget to include the reverse lookup zone!
864 // This is named after the first bytes of the IP address, in reverse
865 // order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6.
867 // Before starting to set up a master zone, make sure you fully
868 // understand how DNS and BIND work. There are sometimes
869 // non-obvious pitfalls. Setting up a slave zone is usually simpler.
871 // NB: Don't blindly enable the examples below. :-) Use actual names
872 // and addresses instead.
874 /* An example dynamic zone
875 key "exampleorgkey" {
877 secret "sf87HJqjkqh8ac87a02lla==";
884 file "%%ETCDIR%%/dynamic/example.org";
888 /* Example of a slave reverse zone
889 zone "1.168.192.in-addr.arpa" {
891 file "%%ETCDIR%%/slave/1.168.192.in-addr.arpa";
899 [FILE:11622:files/named.in]
904 # REQUIRE: %%NAMED_REQUIRE%%
905 # BEFORE: %%NAMED_BEFORE%%
909 # Add the following lines to /etc/rc.conf to enable BIND:
910 # named_enable (bool): Run named, the DNS server (or NO).
911 # named_program (str): Path to named, if you want a different one.
912 # named_conf (str): Path to the configuration file
913 # named_flags (str): Use this for flags OTHER than -u and -c
914 # named_uid (str): User to run named as
915 # named_chrootdir (str): Chroot directory (or "" not to auto-chroot it)
916 # Historically, was /var/named
917 # named_chroot_autoupdate (bool): Automatically install/update chrooted
918 # components of named.
919 # named_symlink_enable (bool): Symlink the chrooted pid file
920 # named_wait (bool): Wait for working name service before exiting
921 # named_wait_host (str): Hostname to check if named_wait is enabled
922 # named_auto_forward (str): Set up forwarders from /etc/resolv.conf
923 # named_auto_forward_only (str): Do "forward only" instead of "forward first"
929 desc="named BIND startup script"
932 load_rc_config ${name}
934 extra_commands=reload
936 start_precmd=named_prestart
937 start_postcmd=named_poststart
938 reload_cmd=named_reload
940 stop_postcmd=named_poststop
942 named_enable=${named_enable:-"NO"}
943 named_program=${named_program:-"%%PREFIX%%/sbin/named"}
944 named_conf=${named_conf:-"%%ETCDIR%%/named.conf"}
945 named_flags=${named_flags:-""}
946 named_uid=${named_uid:-"bind"}
947 named_chrootdir=${named_chrootdir:-""}
948 named_chroot_autoupdate=${named_chroot_autoupdate:-"YES"}
949 named_symlink_enable=${named_symlink_enable:-"YES"}
950 named_wait=${named_wait:-"NO"}
951 named_wait_host=${named_wait_host:-"localhost"}
952 named_auto_forward=${named_auto_forward:-"NO"}
953 named_auto_forward_only=${named_auto_forward_only:-"NO"}
955 # Not configuration variables but having them here keeps rclint happy
956 required_dirs="${named_chrootdir}"
957 _named_confdirroot="${named_conf%/*}"
958 _named_confdir="${named_chrootdir}${_named_confdirroot}"
959 _named_program_root="${named_program%/sbin/named}"
960 _openssl_engines="%%LOCALBASE%%/lib/engines"
962 # Needed if named.conf and rndc.conf are moved or if rndc.conf is used
963 rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"}
964 rndc_key=${rndc_key:-"$_named_confdir/rndc.key"}
966 # If running in a chroot cage, ensure that the appropriate files
967 # exist inside the cage, as well as helper symlinks into the cage
970 # As this is called after the is_running and required_dir checks
971 # are made in run_rc_command(), we can safely assume ${named_chrootdir}
972 # exists and named isn't running at this point (unless forcestart
979 # If it's the first time around, fiddle with things and move the
980 # current configuration to the chroot.
981 if [ -d ${_named_confdirroot} -a ! -d ${_named_confdir} ]; then
982 warn "named chroot: Moving current configuration in the chroot!"
983 install -d ${_named_confdir%/*}
984 mv ${_named_confdirroot} ${_named_confdir}
987 # Create (or update) the chroot directory structure
989 if [ -r %%PREFIX%%/etc/mtree/BIND.chroot.dist ]; then
990 mtree -deU -f %%PREFIX%%/etc/mtree/BIND.chroot.dist \
991 -p ${named_chrootdir}
993 warn "%%PREFIX%%/etc/mtree/BIND.chroot.dist missing,"
994 warn "${named_chrootdir} directory structure not updated"
996 if [ -r %%PREFIX%%/etc/mtree/BIND.chroot.local.dist ]; then
997 mkdir -p ${named_chrootdir}%%PREFIX%%
998 mtree -deU -f %%PREFIX%%/etc/mtree/BIND.chroot.local.dist \
999 -p ${named_chrootdir}%%PREFIX%%
1001 warn "%%PREFIX%%/etc/mtree/BIND.chroot.local.dist missing,"
1002 warn "${named_chrootdir}%%PREFIX%% directory structure not updated"
1005 # Create (or update) the configuration directory symlink
1007 if [ ! -L "${_named_confdirroot}" ]; then
1008 if [ -d "${_named_confdirroot}" ]; then
1009 warn "named chroot: ${_named_confdirroot} is a directory!"
1010 elif [ -e "${_named_confdirroot}" ]; then
1011 warn "named chroot: ${_named_confdirroot} exists!"
1013 ln -s ${_named_confdir} ${_named_confdirroot}
1016 # Make sure it points to the right place.
1017 ln -shf ${_named_confdir} ${_named_confdirroot}
1020 # Mount a devfs in the chroot directory if needed
1022 if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
1023 umount ${named_chrootdir}/dev 2>/dev/null
1024 devfs_domount ${named_chrootdir}/dev devfsrules_hide_all
1025 devfs -m ${named_chrootdir}/dev rule apply path null unhide
1026 devfs -m ${named_chrootdir}/dev rule apply path random unhide
1028 if [ -c ${named_chrootdir}/dev/null -a \
1029 -c ${named_chrootdir}/dev/random ]; then
1030 info "named chroot: using pre-mounted devfs."
1032 err 1 "named chroot: devfs cannot be mounted from " \
1033 "within a jail. Thus a chrooted named cannot " \
1034 "be run from within a jail. Either mount the " \
1035 "devfs with null and random from the host, or " \
1036 "run named without chrooting it, set " \
1037 "named_chrootdir=\"\" in /etc/rc.conf."
1041 # If OpenSSL from ports, then the engines should be present in the
1042 # chroot, named loads them after chrooting.
1043 if [ -d ${_openssl_engines} ]; then
1044 # FIXME when 8.4 is gone see if
1045 # security.jail.param.allow.mount.nullfs can be used.
1046 if [ `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ]; then
1047 mkdir -p ${named_chrootdir}${_openssl_engines}
1048 mount -t nullfs ${_openssl_engines} ${named_chrootdir}${_openssl_engines}
1050 warn "named chroot: cannot nullfs mount OpenSSL" \
1051 "engines into the chroot, will copy the shared" \
1052 "libraries instead."
1053 mkdir -p ${named_chrootdir}${_openssl_engines}
1054 cp -f ${_openssl_engines}/*.so ${named_chrootdir}${_openssl_engines}
1058 # Copy and/or update key files to the chroot /etc
1060 for file in localtime protocols services; do
1061 if [ -r /etc/${file} ] && \
1062 ! cmp -s /etc/${file} "${named_chrootdir}/etc/${file}"; then
1063 cp -p /etc/${file} "${named_chrootdir}/etc/${file}"
1068 # Make symlinks to the correct pid file
1072 checkyesno named_symlink_enable &&
1073 ln -fs "${named_chrootdir}${pidfile}" ${pidfile}
1080 if checkyesno named_wait; then
1081 until ${_named_program_root}/bin/host ${named_wait_host} >/dev/null 2>&1; do
1082 echo " Waiting for nameserver to resolve ${named_wait_host}"
1090 # This is a one line function, but ${named_program} is not defined early
1091 # enough to be there when the reload_cmd variable is defined up there.
1097 if get_pidfile_from_conf pid-file ${named_conf}; then
1098 pidfile="${_pidfile_from_conf}"
1100 pidfile="/var/run/named/pid"
1108 # This duplicates an undesirably large amount of code from the stop
1109 # routine in rc.subr in order to use rndc to shut down the process,
1110 # and to give it a second chance in case rndc fails.
1111 rc_pid=$(check_pidfile ${pidfile} ${command})
1112 if [ -z "${rc_pid}" ]; then
1113 [ -n "${rc_fast}" ] && return 0
1117 echo 'Stopping named.'
1119 wait_for_pids ${rc_pid}
1121 echo -n 'rndc failed, trying kill: '
1122 kill -TERM ${rc_pid}
1123 wait_for_pids ${rc_pid}
1129 if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
1130 # if using OpenSSL from ports, unmount OpenSSL engines, if they
1131 # were not mounted but only copied, do nothing.
1132 if [ -d ${_openssl_engines} -a \( `${SYSCTL_N} security.jail.jailed` -eq 0 -o `${SYSCTL_N} security.jail.mount_allowed` -eq 1 \) ]; then
1133 umount ${named_chrootdir}${_openssl_engines}
1136 if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
1137 umount ${named_chrootdir}/dev 2>/dev/null || true
1139 warn "named chroot:" \
1140 "cannot unmount devfs from inside jail!"
1147 if [ -e "$1" ]; then
1150 install -o root -g wheel -m 0644 /dev/null $1
1155 if [ -z "${rndc_flags}" ]; then
1156 if [ -s "${rndc_conf}" ] ; then
1157 rndc_flags="-c ${rndc_conf}"
1158 elif [ -s "${rndc_key}" ] ; then
1159 rndc_flags="-k ${rndc_key}"
1165 ${_named_program_root}/sbin/rndc ${rndc_flags} "$@"
1172 if [ -n "${named_pidfile}" ]; then
1173 warn 'named_pidfile: now determined from the conf file'
1176 piddir=`/usr/bin/dirname ${pidfile}`
1177 if [ ! -d ${piddir} ]; then
1178 install -d -o ${named_uid} -g ${named_uid} ${piddir}
1181 command_args="-u ${named_uid:=root} -c ${named_conf} ${command_args}"
1183 local line nsip firstns
1185 # Is the user using a sandbox?
1187 if [ -n "${named_chrootdir}" ]; then
1188 rc_flags="${rc_flags} -t ${named_chrootdir}"
1189 checkyesno named_chroot_autoupdate && chroot_autoupdate
1191 named_symlink_enable=NO
1194 # Create an rndc.key file for the user if none exists
1196 confgen_command="${_named_program_root}/sbin/rndc-confgen -a -b256 -u ${named_uid} \
1197 -c ${_named_confdir}/rndc.key"
1198 if [ -s "${_named_confdir}/rndc.conf" ]; then
1199 unset confgen_command
1201 if [ -s "${_named_confdir}/rndc.key" ]; then
1202 case `stat -f%Su ${_named_confdir}/rndc.key` in
1203 root|${named_uid}) ;;
1204 *) ${confgen_command} ;;
1212 checkconf="${_named_program_root}/bin/named-checkconf"
1213 if ! checkyesno named_chroot_autoupdate && [ -n "${named_chrootdir}" ]; then
1214 checkconf="${checkconf} -t ${named_chrootdir}"
1217 # Create a forwarder configuration based on /etc/resolv.conf
1218 if checkyesno named_auto_forward; then
1219 if [ ! -s /etc/resolv.conf ]; then
1220 warn "named_auto_forward enabled, but no /etc/resolv.conf"
1222 # Empty the file in case it is included in named.conf
1223 [ -s "${_named_confdir}/auto_forward.conf" ] &&
1224 create_file ${_named_confdir}/auto_forward.conf
1226 ${checkconf} ${named_conf} ||
1227 err 3 'named-checkconf for ${named_conf} failed'
1231 create_file /var/run/naf-resolv.conf
1232 create_file /var/run/auto_forward.conf
1234 echo ' forwarders {' > /var/run/auto_forward.conf
1238 'nameserver '*|'nameserver '*)
1239 nsip=${line##nameserver[ ]}
1241 if [ -z "${firstns}" ]; then
1242 if [ ! "${nsip}" = '127.0.0.1' ]; then
1243 echo 'nameserver 127.0.0.1'
1244 echo " ${nsip};" >> /var/run/auto_forward.conf
1249 [ "${nsip}" = '127.0.0.1' ] && continue
1250 echo " ${nsip};" >> /var/run/auto_forward.conf
1256 done < /etc/resolv.conf > /var/run/naf-resolv.conf
1258 echo ' };' >> /var/run/auto_forward.conf
1259 echo '' >> /var/run/auto_forward.conf
1260 if checkyesno named_auto_forward_only; then
1261 echo " forward only;" >> /var/run/auto_forward.conf
1263 echo " forward first;" >> /var/run/auto_forward.conf
1266 if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then
1267 unlink /var/run/naf-resolv.conf
1269 [ -e /etc/resolv.conf ] && unlink /etc/resolv.conf
1270 mv /var/run/naf-resolv.conf /etc/resolv.conf
1273 if cmp -s ${_named_confdir}/auto_forward.conf \
1274 /var/run/auto_forward.conf; then
1275 unlink /var/run/auto_forward.conf
1277 [ -e "${_named_confdir}/auto_forward.conf" ] &&
1278 unlink ${_named_confdir}/auto_forward.conf
1279 mv /var/run/auto_forward.conf \
1280 ${_named_confdir}/auto_forward.conf
1283 # Empty the file in case it is included in named.conf
1284 [ -s "${_named_confdir}/auto_forward.conf" ] &&
1285 create_file ${_named_confdir}/auto_forward.conf
1288 ${checkconf} ${named_conf} || err 3 "named-checkconf for ${named_conf} failed"
1294 [FILE:3289:files/named.root]
1295 ; This file holds the information on root name servers needed to
1296 ; initialize cache of Internet domain name servers
1297 ; (e.g. reference this file in the "cache . <file>"
1298 ; configuration file of BIND domain name servers).
1300 ; This file is made available by InterNIC
1301 ; under anonymous FTP as
1302 ; file /domain/named.cache
1303 ; on server FTP.INTERNIC.NET
1304 ; -OR- RS.INTERNIC.NET
1306 ; last update: April 11, 2017
1307 ; related version of root zone: 2017041101
1309 ; formerly NS.INTERNIC.NET
1311 . 3600000 NS A.ROOT-SERVERS.NET.
1312 A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
1313 A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
1315 ; FORMERLY NS1.ISI.EDU
1317 . 3600000 NS B.ROOT-SERVERS.NET.
1318 B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
1319 B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::b
1321 ; FORMERLY C.PSI.NET
1323 . 3600000 NS C.ROOT-SERVERS.NET.
1324 C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
1325 C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
1327 ; FORMERLY TERP.UMD.EDU
1329 . 3600000 NS D.ROOT-SERVERS.NET.
1330 D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
1331 D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
1333 ; FORMERLY NS.NASA.GOV
1335 . 3600000 NS E.ROOT-SERVERS.NET.
1336 E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
1337 E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e
1339 ; FORMERLY NS.ISC.ORG
1341 . 3600000 NS F.ROOT-SERVERS.NET.
1342 F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
1343 F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
1345 ; FORMERLY NS.NIC.DDN.MIL
1347 . 3600000 NS G.ROOT-SERVERS.NET.
1348 G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
1349 G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d
1351 ; FORMERLY AOS.ARL.ARMY.MIL
1353 . 3600000 NS H.ROOT-SERVERS.NET.
1354 H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53
1355 H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53
1357 ; FORMERLY NIC.NORDU.NET
1359 . 3600000 NS I.ROOT-SERVERS.NET.
1360 I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
1361 I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
1363 ; OPERATED BY VERISIGN, INC.
1365 . 3600000 NS J.ROOT-SERVERS.NET.
1366 J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
1367 J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
1369 ; OPERATED BY RIPE NCC
1371 . 3600000 NS K.ROOT-SERVERS.NET.
1372 K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
1373 K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
1377 . 3600000 NS L.ROOT-SERVERS.NET.
1378 L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
1379 L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42
1383 . 3600000 NS M.ROOT-SERVERS.NET.
1384 M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
1385 M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
1389 [FILE:1637:files/pkg-message-server.in]
1390 **********************************************************************
1391 * _ _____ _____ _____ _ _ _____ ___ ___ _ _ *
1392 * / \|_ _|_ _| ____| \ | |_ _|_ _/ _ \| \ | | *
1393 * / _ \ | | | | | _| | \| | | | | | | | | \| | *
1394 * / ___ \| | | | | |___| |\ | | | | | |_| | |\ | *
1395 * /_/ \_\_| |_| |_____|_| \_| |_| |___\___/|_| \_| *
1397 * BIND requires configuration of rndc, including a "secret" key. *
1398 * The easiest, and most secure way to configure rndc is to run *
1399 * 'rndc-confgen -a' to generate the proper conf file, with a new *
1400 * random key, and appropriate file permissions. *
1402 * The %%PREFIX%%/etc/rc.d/named script will do that for you. *
1404 * If using syslog to log the BIND9 activity, and using a *
1405 * chroot'ed installation, you will need to tell syslog to *
1406 * install a log socket in the BIND9 chroot by running: *
1408 * # sysrc altlog_proglist+=named *
1410 * And then restarting syslogd with: service syslogd restart *
1412 **********************************************************************
1415 [FILE:59:files/special.mk]
1416 BIND_ETCDIR?= etc/namedb
1417 ETCDIR= ${PREFIX}/${BIND_ETCDIR}