Update to 9.9.10, 9.10.5, 9.11.1 and 9.12 to latest snapshot.

While there:

Make it more maintainable by sorting stuff in the Makefile and removing
vestigial pre 10.3 things.

Refresh the root zone hints.

"Fix" the configuration section telling you to get some top level
zones from f.root-servers.net, which does not allow axfr any more. [1]

PR:		218656 [1]
Reported by:	Thomas Steen Rasmussen / Tykling [1]
MFH:		2017Q2
Sponsored by:	Absolight

dns/bind-tools/Makefile

@@ -5,7 +5,6 @@ MASTERDIR=	${.CURDIR}/../../dns/bind911
 
 DESCR=		${.CURDIR}/pkg-descr
 PLIST=		${.CURDIR}/pkg-plist
-PKGINSTALL=	/nonexistent
 
 BIND_TOOLS_SLAVE=	YES
 

dns/bind9-devel/Makefile

@@ -8,7 +8,7 @@ PORTVERSION=	${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/}
 PORTREVISION=	0
 .else
 # dns/bind9xx here
-PORTREVISION=	1
+PORTREVISION=	2
 .endif
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	LOCAL/mat/bind
@@ -28,10 +28,11 @@ COMMENT=	BIND DNS suite with updated DNSSEC and DNS64
 .endif
 
 LICENSE=	MPL
+LICENSE_FILE=	${WRKSRC}/COPYRIGHT
 
 # ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION=	9.12.0a.2017.04.13
-HASH=		19643a1
+ISCVERSION=	9.12.0a.2017.04.20
+HASH=		706c6ac5
 
 USES=	cpe libedit
 
@@ -44,27 +45,34 @@ CPE_UPDATE=	${ISCVERSION:C/.*-//:tl}
 LIB_DEPENDS=	libxml2.so:textproc/libxml2
 
 GNU_CONFIGURE=	yes
-CONFIGURE_ARGS+=	--localstatedir=/var --disable-linux-caps \
+CONFIGURE_ARGS=	--localstatedir=/var --disable-linux-caps \
 		--disable-symtable \
 		--with-randomdev=/dev/random \
 		--with-libxml2=${LOCALBASE} \
 		--with-readline="-L${LOCALBASE}/lib -ledit" \
 		--with-dlopen=yes \
 		--sysconfdir=${ETCDIR}
-.if defined(BIND_TOOLS_SLAVE)
-CONFIGURE_ARGS+=	--disable-shared
-.endif
 ETCDIR=		${PREFIX}/etc/namedb
 
-CONFLICTS+=	bind99 bind910 bind911
+CONFLICTS=	bind99 bind910 bind9-devel
 
-.if !defined(BIND_TOOLS_SLAVE)
-SUB_FILES=	pkg-message
-.endif
+.if defined(BIND_TOOLS_SLAVE)
+CONFIGURE_ARGS+=	--disable-shared
+CONFLICTS+=		bind911
+.else
+USE_RC_SUBR=	named
+SUB_FILES=	pkg-message named.conf
+CONFLICTS+=		bind-tools
+.endif	# BIND_TOOLS_SLAVE
+
+MAKE_JOBS_UNSAFE=	yes
+
+PORTDOCS=	*
 
 OPTIONS_DEFAULT=	SSL THREADS SIGCHASE IDN GSSAPI_NONE JSON
 OPTIONS_DEFINE=		IDN LARGE_FILE PYTHON JSON \
 			FIXED_RRSET SIGCHASE IPV6 THREADS FILTER_AAAA
+
 OPTIONS_RADIO=	CRYPTO GOSTDEF
 OPTIONS_RADIO_CRYPTO=	SSL NATIVE_PKCS11
 OPTIONS_RADIO_GOSTDEF=	GOST GOST_ASN1
@@ -83,151 +91,135 @@ OPTIONS_SINGLE_GSSAPI=	GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE
 
 OPTIONS_SUB=	yes
 
-SSL_DESC=		Build with OpenSSL (Required for DNSSEC)
-LARGE_FILE_DESC=	64-bit file support
-FIXED_RRSET_DESC=	Enable fixed rrset ordering
-SIGCHASE_DESC=		dig/host/nslookup will do DNSSEC validation
-FILTER_AAAA_DESC=	Enable filtering of AAAA records
 CRYPTO_DESC=		Choose which crypto engine to use
-NATIVE_PKCS11_DESC=	Use PKCS\#11 native API (**READ HELP**)
-GEOIP_DESC=		Allow geographically based ACL.
-GOSTDEF_DESC=		Enable GOST ciphers, needs SSL (see help on 8 and 9)
-GOST_DESC=		GOST raw keys (new default)
-GOST_ASN1_DESC=		GOST using ASN.1
-PYTHON_DESC=		Build with Python utilities
-START_LATE_DESC=	Start BIND late in the boot process
-MINCACHE_DESC=		Use the mincachettl patch
-PORTREVISION_DESC=	Show PORTREVISION in the version string
-QUERYTRACE_DESC=	Enable the very verbose query tracelogging
-LMDB_DESC=		Use LMDB for zone management
-DNSTAP_DESC=		Provides fast passive logging of DNS messages
-
-RPZ_NSIP_DESC=		Enable RPZ NSIP trigger rules
-RPZ_NSDNAME_DESC=	Enable RPZ NSDNAME policy records
-DLZ_DESC=		Dynamically Loadable Zones
-DLZ_POSTGRESQL_DESC=	DLZ Postgres driver
-DLZ_MYSQL_DESC=		DLZ MySQL driver (no threading)
 DLZ_BDB_DESC=		DLZ BDB driver
-DLZ_LDAP_DESC=		DLZ LDAP driver
+DLZ_DESC=		Dynamically Loadable Zones
 DLZ_FILESYSTEM_DESC=	DLZ filesystem driver
+DLZ_LDAP_DESC=		DLZ LDAP driver
+DLZ_MYSQL_DESC=		DLZ MySQL driver (no threading)
+DLZ_POSTGRESQL_DESC=	DLZ Postgres driver
 DLZ_STUB_DESC=		DLZ stub driver
+DNSTAP_DESC=		Provides fast passive logging of DNS messages
+FILTER_AAAA_DESC=	Enable filtering of AAAA records
+FIXED_RRSET_DESC=	Enable fixed rrset ordering
+GEOIP_DESC=		Allow geographically based ACL.
+GOSTDEF_DESC=		Enable GOST ciphers, needs SSL
+GOST_ASN1_DESC=		GOST using ASN.1
+GOST_DESC=		GOST raw keys (new default)
 GSSAPI_BASE_DESC=	Using Heimdal in base
 GSSAPI_HEIMDAL_DESC=	Using security/heimdal
 GSSAPI_MIT_DESC=	Using security/krb5
 GSSAPI_NONE_DESC=	Disable
-
-.if defined(BIND_TOOLS_SLAVE)
-CONFLICTS+=		bind9-devel
-.else
-CONFLICTS+=		bind-tools
-.endif	# BIND_TOOLS_SLAVE
-
-SSL_CONFIGURE_ON=	--with-openssl=${OPENSSLBASE}
-SSL_USES=		ssl
-SSL_CONFIGURE_OFF=	--disable-openssl-version-check --without-openssl
-
-LMDB_CONFIGURE_WITH=	lmdb
-LMDB_LIB_DEPENDS=	liblmdb.so:databases/lmdb
-
-IDN_USES=		iconv
-IDN_CONFIGURE_ON=	--with-idn=${LOCALBASE} ${ICONV_CONFIGURE_BASE}
-IDN_LIB_DEPENDS=	libidnkit.so:dns/idnkit
-IDN_CONFIGURE_OFF=	--without-idn
-
-LARGE_FILE_CONFIGURE_ENABLE=	largefile
-
-SIGCHASE_CONFIGURE_ON=	STD_CDEFINES="-DDIG_SIGCHASE=1"
-
-IPV6_CONFIGURE_ENABLE=	ipv6
-
-FILTER_AAAA_CONFIGURE_ENABLE=	filter-aaaa
-
-NATIVE_PKCS11_CONFIGURE_ENABLE=	native-pkcs11
-
-GEOIP_CONFIGURE_WITH=	geoip
-GEOIP_LIB_DEPENDS=	libGeoIP.so:net/GeoIP
-
-JSON_LIB_DEPENDS=	libjson-c.so:devel/json-c
-JSON_CONFIGURE_WITH=	libjson
-
-GOST_CONFIGURE_ON=	--with-gost
-GOST_ASN1_CONFIGURE_ON=	--with-gost=asn1
-
-PYTHON_CONFIGURE_WITH=	python=${PYTHON_CMD}
-PYTHON_USES=	python
-PYTHON_BUILD_DEPENDS=	${PYTHON_PKGNAMEPREFIX}ply>=0:devel/py-ply
-PYTHON_RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}ply>=0:devel/py-ply
-
-DLZ_POSTGRESQL_CONFIGURE_ON=	--with-dlz-postgres=yes
-DLZ_POSTGRESQL_USES=		pgsql
-
-FIXED_RRSET_CONFIGURE_ENABLE=	fixed-rrset
-
-RPZ_NSIP_CONFIGURE_ENABLE=	rpz-nsip
-
-RPZ_NSDNAME_CONFIGURE_ENABLE=	rpz-nsdname
-
-DLZ_MYSQL_CONFIGURE_ON=	--with-dlz-mysql=yes
-DLZ_MYSQL_USES=		mysql
+LARGE_FILE_DESC=	64-bit file support
+LMDB_DESC=		Use LMDB for zone management
+MINCACHE_DESC=		Use the mincachettl patch
+NATIVE_PKCS11_DESC=	Use PKCS\#11 native API (**READ HELP**)
+PORTREVISION_DESC=	Show PORTREVISION in the version string
+PYTHON_DESC=		Build with Python utilities
+QUERYTRACE_DESC=	Enable the very verbose query tracelogging
+RPZ_NSDNAME_DESC=	Enable RPZ NSDNAME policy records
+RPZ_NSIP_DESC=		Enable RPZ NSIP trigger rules
+SIGCHASE_DESC=		dig/host/nslookup will do DNSSEC validation
+SSL_DESC=		Build with OpenSSL (Required for DNSSEC)
+START_LATE_DESC=	Start BIND late in the boot process (see help)
 
 DLZ_BDB_CONFIGURE_ON=	--with-dlz-bdb=yes
 DLZ_BDB_USES=		bdb
 
+DLZ_FILESYSTEM_CONFIGURE_ON=	--with-dlz-filesystem=yes
+
 DLZ_LDAP_CONFIGURE_ON=	--with-dlz-ldap=yes
 DLZ_LDAP_USE=		openldap=yes
 
-DLZ_FILESYSTEM_CONFIGURE_ON=	--with-dlz-filesystem=yes
+DLZ_MYSQL_CONFIGURE_ON=	--with-dlz-mysql=yes
+DLZ_MYSQL_PREVENTS=	THREADS
+DLZ_MYSQL_USES=		mysql
+
+DLZ_POSTGRESQL_CONFIGURE_ON=	--with-dlz-postgres=yes
+DLZ_POSTGRESQL_USES=		pgsql
 
 DLZ_STUB_CONFIGURE_ON=	--with-dlz-stub=yes
 
+DNSTAP_CONFIGURE_ENABLE=	dnstap
+DNSTAP_IMPLIES=		THREADS
+DNSTAP_LIB_DEPENDS=	libfstrm.so:devel/fstrm \
+			libprotobuf-c.so:devel/protobuf-c
+
+FILTER_AAAA_CONFIGURE_ENABLE=	filter-aaaa
+
+FIXED_RRSET_CONFIGURE_ENABLE=	fixed-rrset
+
+GEOIP_CONFIGURE_WITH=	geoip
+GEOIP_LIB_DEPENDS=	libGeoIP.so:net/GeoIP
+
+GOST_ASN1_CONFIGURE_ON=	--with-gost=asn1
+
+GOST_CONFIGURE_ON=	--with-gost
+
+GSSAPI_BASE_CONFIGURE_ON= \
+	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
+GSSAPI_BASE_USES=	gssapi
+
+GSSAPI_HEIMDAL_CONFIGURE_ON= \
+	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
+GSSAPI_HEIMDAL_USES=	gssapi:heimdal
+
+GSSAPI_MIT_CONFIGURE_ON= \
+	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
+GSSAPI_MIT_USES=	gssapi:mit
+
+GSSAPI_NONE_CONFIGURE_ON=	--without-gssapi
+
+IDN_CONFIGURE_OFF=	--without-idn
+IDN_CONFIGURE_ON=	--with-idn=${LOCALBASE} ${ICONV_CONFIGURE_BASE}
+IDN_LIB_DEPENDS=	libidnkit.so:dns/idnkit
+IDN_USES=		iconv
+
+IPV6_CONFIGURE_ENABLE=	ipv6
+
+JSON_CONFIGURE_WITH=	libjson
+JSON_LIB_DEPENDS=	libjson-c.so:devel/json-c
+
+LARGE_FILE_CONFIGURE_ENABLE=	largefile
+
+LMDB_CONFIGURE_WITH=	lmdb
+LMDB_LIB_DEPENDS=	liblmdb.so:databases/lmdb
+
+MINCACHE_EXTRA_PATCHES=	${FILESDIR}/extrapatch-bind-min-override-ttl
+
+NATIVE_PKCS11_CONFIGURE_ENABLE=	native-pkcs11
+NATIVE_PKCS11_IMPLIES=	THREADS
+
+PYTHON_BUILD_DEPENDS=	${PYTHON_PKGNAMEPREFIX}ply>=0:devel/py-ply
+PYTHON_CONFIGURE_WITH=	python=${PYTHON_CMD}
+PYTHON_RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}ply>=0:devel/py-ply
+PYTHON_USES=	python
+
+QUERYTRACE_CONFIGURE_ENABLE=	querytrace
+
+RPZ_NSDNAME_CONFIGURE_ENABLE=	rpz-nsdname
+
+RPZ_NSIP_CONFIGURE_ENABLE=	rpz-nsip
+
+SIGCHASE_CONFIGURE_ON=	STD_CDEFINES="-DDIG_SIGCHASE=1"
+
+SSL_CONFIGURE_OFF=	--disable-openssl-version-check --without-openssl
+SSL_CONFIGURE_ON=	--with-openssl=${OPENSSLBASE}
+SSL_USES=		ssl
+
 START_LATE_SUB_LIST=	NAMED_REQUIRE="SERVERS cleanvar" \
 			NAMED_BEFORE="LOGIN"
 START_LATE_SUB_LIST_OFF=NAMED_REQUIRE="NETWORKING ldconfig syslogd" \
 			NAMED_BEFORE="SERVERS"
 
-GSSAPI_BASE_USES=	gssapi
-GSSAPI_BASE_CONFIGURE_ON= \
-	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
-GSSAPI_HEIMDAL_USES=	gssapi:heimdal
-GSSAPI_HEIMDAL_CONFIGURE_ON= \
-	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
-GSSAPI_MIT_USES=	gssapi:mit
-GSSAPI_MIT_CONFIGURE_ON= \
-	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
-GSSAPI_NONE_CONFIGURE_ON=	--without-gssapi
+THREADS_CONFIGURE_ENABLE=	threads
 
-MINCACHE_EXTRA_PATCHES=	${FILESDIR}/extrapatch-bind-min-override-ttl
-
-QUERYTRACE_CONFIGURE_ENABLE=	querytrace
-
-DNSTAP_CONFIGURE_ENABLE=	dnstap
-DNSTAP_LIB_DEPENDS=	libfstrm.so:devel/fstrm \
-			libprotobuf-c.so:devel/protobuf-c
-DNSTAP_IMPLIES=		THREADS
-
-.include <bsd.port.options.mk>
+.include <bsd.port.pre.mk>
 
 .if !${PORT_OPTIONS:MGOST} && !${PORT_OPTIONS:MGOST_ASN1}
 CONFIGURE_ARGS+=	--without-gost
 .endif
 
-.if ${PORT_OPTIONS:MTHREADS} && !${PORT_OPTIONS:MDLZ_MYSQL}
-CONFIGURE_ARGS+=	--enable-threads
-.else
-CONFIGURE_ARGS+=	--disable-threads
-.endif
-
-.if !defined(BIND_TOOLS_SLAVE)
-USE_RC_SUBR+=	named
-SUB_FILES+=	named.conf
-.endif # !defined(BIND_TOOLS_SLAVE)
-
-MAKE_JOBS_UNSAFE=	yes
-
-PORTDOCS=	*
-
-.include <bsd.port.pre.mk>
-
 .if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && ${SSL_DEFAULT} == base
 BROKEN=	OpenSSL from the base system does not support GOST, add \
 	DEFAULT_VERSIONS+=ssl=openssl to your /etc/make.conf and rebuild everything \
@@ -246,7 +238,7 @@ post-patch:
 		-e 's#.*INSTALL.*isc-config.*##' \
 		-e 's#.*INSTALL.*bind.keys.*##' \
 		${WRKSRC}/Makefile.in
-	@${REINPLACE_CMD} -e 's#^SUBDIRS.*#SUBDIRS = delv dig dnssec nsupdate \\#' \
+	@${REINPLACE_CMD} -e 's#^SUBDIRS.*#SUBDIRS = delv dig dnssec tools nsupdate \\#' \
 		-e 's#^	.*check confgen ##' \
 		${WRKSRC}/bin/Makefile.in
 .else
@@ -260,26 +252,18 @@ post-patch:
 .endif
 
 .if !defined(BIND_TOOLS_SLAVE)
-.if ${PORTREVISION:N0}
+.  if ${PORTREVISION:N0}
 post-patch-PORTREVISION-on:
 	@${REINPLACE_CMD} -e '/EXTENSIONS/s#=$$#=_${PORTREVISION}#' \
 		${WRKSRC}/version
-.endif
+.  endif
 
 post-install:
-.if ${PORT_OPTIONS:MDOCS}
-	${MKDIR} ${STAGEDIR}${DOCSDIR}/arm
-	${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm
-	${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR}
-	${INSTALL_DATA} ${WRKSRC}/CHANGES ${WRKSRC}/COPYRIGHT ${WRKSRC}/FAQ \
-		${WRKSRC}/HISTORY ${WRKSRC}/README ${STAGEDIR}${DOCSDIR}
-.endif
-
 	${MKDIR} ${STAGEDIR}${PREFIX}/etc/mtree
 	${MKDIR} ${STAGEDIR}${ETCDIR}
-.for i in dynamic master slave working
+.  for i in dynamic master slave working
 	@${MKDIR} ${STAGEDIR}${ETCDIR}/$i
-.endfor
+.  endfor
 	${INSTALL_DATA} ${WRKDIR}/named.conf ${STAGEDIR}${ETCDIR}/named.conf.sample
 	${INSTALL_DATA} ${FILESDIR}/named.root ${STAGEDIR}${ETCDIR}
 	${INSTALL_DATA} ${FILESDIR}/empty.db ${STAGEDIR}${ETCDIR}/master
@@ -290,9 +274,16 @@ post-install:
 	${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \
 		${STAGEDIR}${ETCDIR}/rndc.conf.sample
 
+post-install-DOCS-on:
+	${MKDIR} ${STAGEDIR}${DOCSDIR}/arm
+	${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm
+	${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR}
+	${INSTALL_DATA} ${WRKSRC}/CHANGES ${WRKSRC}/FAQ \
+		${WRKSRC}/HISTORY ${WRKSRC}/README ${STAGEDIR}${DOCSDIR}
+.endif	# BIND_TOOLS_SLAVE
+
 # Can't use USE_PYTHON=autoplist
 post-install-PYTHON-on:
 	@${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -type f | ${SED} -e 's|${STAGEDIR}||' >> ${TMPPLIST}
-.endif	# BIND_TOOLS_SLAVE
 
 .include <bsd.port.post.mk>

dns/bind9-devel/distinfo

@@ -1,3 +1,3 @@
-TIMESTAMP = 1492076040
-SHA256 (bind9-19643a1.tar.gz) = c9d7ff5740654e62ce97a7dd2686ac65ab482e11186c5aadc41fa5554df617fe
-SIZE (bind9-19643a1.tar.gz) = 11874582
+TIMESTAMP = 1492693611
+SHA256 (bind9-706c6ac5.tar.gz) = ea2efadf91f26b97fbd4e79a6ce22dfd680440c3f76e2d8219a7208e989b087d
+SIZE (bind9-706c6ac5.tar.gz) = 11874695

dns/bind9-devel/files/extrapatch-bind-min-override-ttl

@@ -1,4 +1,4 @@
---- bin/named/config.c.orig	2017-02-09 21:52:45 UTC
+--- bin/named/config.c.orig	2017-04-20 07:59:45 UTC
 +++ bin/named/config.c
 @@ -158,6 +158,8 @@ options {\n\
  	lame-ttl 600;\n\
@@ -9,9 +9,9 @@
  	max-cache-ttl 604800; /* 1 week */\n\
  	transfer-format many-answers;\n\
  	max-cache-size 90%;\n\
---- bin/named/server.c.orig	2017-02-09 21:52:45 UTC
+--- bin/named/server.c.orig	2017-04-20 07:59:45 UTC
 +++ bin/named/server.c
-@@ -3743,6 +3743,16 @@ configure_view(dns_view_t *view, dns_vie
+@@ -3751,6 +3751,16 @@ configure_view(dns_view_t *view, dns_vie
  	}
  
  	obj = NULL;
@@ -28,7 +28,7 @@
  	result = ns_config_get(maps, "max-cache-ttl", &obj);
  	INSIST(result == ISC_R_SUCCESS);
  	view->maxcachettl = cfg_obj_asuint32(obj);
---- lib/dns/include/dns/view.h.orig	2017-02-09 21:52:45 UTC
+--- lib/dns/include/dns/view.h.orig	2017-04-20 07:59:45 UTC
 +++ lib/dns/include/dns/view.h
 @@ -146,6 +146,8 @@ struct dns_view {
  	isc_boolean_t			requestnsid;
@@ -39,9 +39,9 @@
  	dns_ttl_t			maxncachettl;
  	isc_uint32_t			nta_lifetime;
  	isc_uint32_t			nta_recheck;
---- lib/dns/resolver.c.orig	2017-02-09 21:52:45 UTC
+--- lib/dns/resolver.c.orig	2017-04-20 07:59:45 UTC
 +++ lib/dns/resolver.c
-@@ -5467,6 +5467,18 @@ cache_name(fetchctx_t *fctx, dns_name_t 
+@@ -5468,6 +5468,18 @@ cache_name(fetchctx_t *fctx, dns_name_t 
  		}
  
  		/*
@@ -60,9 +60,9 @@
  		 * Enforce the configure maximum cache TTL.
  		 */
  		if (rdataset->ttl > res->view->maxcachettl)
---- lib/isccfg/namedconf.c.orig	2017-02-09 21:52:45 UTC
+--- lib/isccfg/namedconf.c.orig	2017-04-20 07:59:45 UTC
 +++ lib/isccfg/namedconf.c
-@@ -1864,6 +1864,8 @@ view_clauses[] = {
+@@ -1882,6 +1882,8 @@ view_clauses[] = {
  	{ "nosit-udp-size", &cfg_type_uint32, CFG_CLAUSEFLAG_OBSOLETE },
  	{ "max-acache-size", &cfg_type_sizenodefault, 0 },
  	{ "max-cache-size", &cfg_type_sizeorpercent, 0 },

dns/bind9-devel/files/named.conf.in

@@ -93,7 +93,7 @@ zone "." { type hint; file "%%ETCDIR%%/named.root"; };
 	the hint zone above.
 
 	As documented at http://dns.icann.org/services/axfr/ these zones:
-	"." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and ROOT-SERVERS.NET
+	"." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and a few others
 	are available for AXFR from these servers on IPv4 and IPv6:
 	xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org
 */
@@ -102,7 +102,10 @@ zone "." {
 	type slave;
 	file "%%ETCDIR%%/slave/root.slave";
 	masters {
-		192.5.5.241;	// F.ROOT-SERVERS.NET.
+		192.0.32.132;           // lax.xfr.dns.icann.org
+		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
+		192.0.47.132;           // iad.xfr.dns.icann.org
+		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
 };
@@ -110,10 +113,35 @@ zone "arpa" {
 	type slave;
 	file "%%ETCDIR%%/slave/arpa.slave";
 	masters {
-		192.5.5.241;	// F.ROOT-SERVERS.NET.
+		192.0.32.132;           // lax.xfr.dns.icann.org
+		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
+		192.0.47.132;           // iad.xfr.dns.icann.org
+		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
 };
+zone "in-addr.arpa" {
+	type slave;
+	file "%%ETCDIR%%/slave/in-addr.arpa.slave";
+	masters {
+		192.0.32.132;           // lax.xfr.dns.icann.org
+		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
+		192.0.47.132;           // iad.xfr.dns.icann.org
+		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
+	};
+	notify no;
+}
+zone "ip6.arpa" {
+	type slave;
+	file "%%ETCDIR%%/slave/ip6.arpa.slave";
+	masters {
+		192.0.32.132;           // lax.xfr.dns.icann.org
+		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
+		192.0.47.132;           // iad.xfr.dns.icann.org
+		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
+	};
+	notify no;
+}
 */
 
 /*	Serving the following zones locally will prevent any queries

dns/bind9-devel/files/named.root

@@ -13,8 +13,8 @@
 ;           on server           FTP.INTERNIC.NET
 ;       -OR-                    RS.INTERNIC.NET
 ;
-;       last update:    March 23, 2016
-;       related version of root zone:   2016032301
+;       last update:    April 11, 2017
+;       related version of root zone:   2017041101
 ;
 ; formerly NS.INTERNIC.NET
 ;
@@ -44,6 +44,7 @@ D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
 ;
 .                        3600000      NS    E.ROOT-SERVERS.NET.
 E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+E.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:a8::e
 ;
 ; FORMERLY NS.ISC.ORG
 ;
@@ -55,6 +56,7 @@ F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
 ;
 .                        3600000      NS    G.ROOT-SERVERS.NET.
 G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+G.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:12::d0d
 ;
 ; FORMERLY AOS.ARL.ARMY.MIL
 ;

dns/bind910/Makefile

@@ -3,7 +3,7 @@
 
 PORTNAME=	bind
 PORTVERSION=	${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/}
-PORTREVISION=	1
+PORTREVISION=	0
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	ISC/bind9/${ISCVERSION}
 PKGNAMESUFFIX=	910
@@ -13,9 +13,10 @@ MAINTAINER=	mat@FreeBSD.org
 COMMENT=	BIND DNS suite with updated DNSSEC and DNS64
 
 LICENSE=	ISCL
+LICENSE_FILE=	${WRKSRC}/COPYRIGHT
 
 # ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION=	9.10.4-P8
+ISCVERSION=	9.10.5
 
 USES=	cpe libedit
 
@@ -28,7 +29,7 @@ CPE_UPDATE=	${ISCVERSION:C/.*-//:tl}
 LIB_DEPENDS=	libxml2.so:textproc/libxml2
 
 GNU_CONFIGURE=	yes
-CONFIGURE_ARGS+=	--localstatedir=/var --disable-linux-caps \
+CONFIGURE_ARGS=	--localstatedir=/var --disable-linux-caps \
 		--disable-symtable \
 		--with-randomdev=/dev/random \
 		--with-libxml2=${LOCALBASE} \
@@ -37,9 +38,14 @@ CONFIGURE_ARGS+=	--localstatedir=/var --disable-linux-caps \
 		--sysconfdir=${ETCDIR}
 ETCDIR=		${PREFIX}/etc/namedb
 
-CONFLICTS+=	bind-tools bind99 bind911 bind9-devel
+CONFLICTS=	bind-tools bind99 bind911 bind9-devel
 
 SUB_FILES=	pkg-message named.conf
+USE_RC_SUBR=	named
+
+MAKE_JOBS_UNSAFE=	yes
+
+PORTDOCS=	*
 
 OPTIONS_DEFAULT=	SSL THREADS SIGCHASE IDN GSSAPI_NONE JSON \
 			DLZ_FILESYSTEM RPZ_NSIP RPZ_NSDNAME
@@ -48,6 +54,7 @@ OPTIONS_DEFINE=		IDN LARGE_FILE PYTHON JSON \
 			RPZ_NSIP RPZ_NSDNAME DOCS GEOIP \
 			MINCACHE PORTREVISION FETCHLIMIT QUERYTRACE \
 			START_LATE
+
 OPTIONS_RADIO=	CRYPTO GOSTDEF
 OPTIONS_RADIO_CRYPTO=	SSL NATIVE_PKCS11
 OPTIONS_RADIO_GOSTDEF=	GOST GOST_ASN1
@@ -60,130 +67,126 @@ OPTIONS_SINGLE_GSSAPI=	GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE
 
 OPTIONS_SUB=	yes
 
-SSL_DESC=		Build with OpenSSL (Required for DNSSEC)
-LARGE_FILE_DESC=	64-bit file support
-FIXED_RRSET_DESC=	Enable fixed rrset ordering
-SIGCHASE_DESC=		dig/host/nslookup will do DNSSEC validation
-FILTER_AAAA_DESC=	Enable filtering of AAAA records
 CRYPTO_DESC=		Choose which crypto engine to use
-NATIVE_PKCS11_DESC=	Use PKCS\#11 native API (**READ HELP**)
-GEOIP_DESC=		Allow geographically based ACL.
-GOSTDEF_DESC=		Enable GOST ciphers, needs SSL (see help on 8 and 9)
-GOST_DESC=		GOST raw keys (new default)
-GOST_ASN1_DESC=		GOST using ASN.1
-PYTHON_DESC=		Build with Python utilities
-START_LATE_DESC=	Start BIND late in the boot process
-MINCACHE_DESC=		Use the mincachettl patch
-PORTREVISION_DESC=	Show PORTREVISION in the version string
-FETCHLIMIT_DESC=	Enable the query quotas for resolvers
-QUERYTRACE_DESC=	Enable the very verbose query tracelogging
-
-RPZ_NSIP_DESC=		Enable RPZ NSIP trigger rules
-RPZ_NSDNAME_DESC=	Enable RPZ NSDNAME policy records
-DLZ_DESC=		Dynamically Loadable Zones
-DLZ_POSTGRESQL_DESC=	DLZ Postgres driver
-DLZ_MYSQL_DESC=		DLZ MySQL driver (no threading)
 DLZ_BDB_DESC=		DLZ BDB driver
-DLZ_LDAP_DESC=		DLZ LDAP driver
+DLZ_DESC=		Dynamically Loadable Zones
 DLZ_FILESYSTEM_DESC=	DLZ filesystem driver
+DLZ_LDAP_DESC=		DLZ LDAP driver
+DLZ_MYSQL_DESC=		DLZ MySQL driver (no threading)
+DLZ_POSTGRESQL_DESC=	DLZ Postgres driver
 DLZ_STUB_DESC=		DLZ stub driver
+FETCHLIMIT_DESC=	Enable the query quotas for resolvers
+FILTER_AAAA_DESC=	Enable filtering of AAAA records
+FIXED_RRSET_DESC=	Enable fixed rrset ordering
+GEOIP_DESC=		Allow geographically based ACL.
+GOSTDEF_DESC=		Enable GOST ciphers, needs SSL
+GOST_ASN1_DESC=		GOST using ASN.1
+GOST_DESC=		GOST raw keys (new default)
 GSSAPI_BASE_DESC=	Using Heimdal in base
 GSSAPI_HEIMDAL_DESC=	Using security/heimdal
 GSSAPI_MIT_DESC=	Using security/krb5
 GSSAPI_NONE_DESC=	Disable
-MINCACHE_EXTRA_PATCHES=	${FILESDIR}/extrapatch-bind-min-override-ttl
-FETCHLIMIT_CONFIGURE_ENABLE=	fetchlimit
-QUERYTRACE_CONFIGURE_ENABLE=	querytrace
-
-SSL_CONFIGURE_ON=	--with-openssl=${OPENSSLBASE}
-SSL_USES=		ssl
-SSL_CONFIGURE_OFF=	--disable-openssl-version-check --without-openssl
-
-IDN_USES=		iconv
-IDN_CONFIGURE_ON=	--with-idn=${LOCALBASE} ${ICONV_CONFIGURE_BASE}
-IDN_LIB_DEPENDS=	libidnkit.so:dns/idnkit
-IDN_CONFIGURE_OFF=	--without-idn
-
-LARGE_FILE_CONFIGURE_ENABLE=	largefile
-
-SIGCHASE_CONFIGURE_ON=	STD_CDEFINES="-DDIG_SIGCHASE=1"
-
-IPV6_CONFIGURE_ENABLE=	ipv6
-
-FILTER_AAAA_CONFIGURE_ENABLE=	filter-aaaa
-
-NATIVE_PKCS11_CONFIGURE_ENABLE=	native-pkcs11
-
-GEOIP_CONFIGURE_WITH=	geoip
-GEOIP_LIB_DEPENDS=	libGeoIP.so:net/GeoIP
-
-JSON_LIB_DEPENDS=	libjson-c.so:devel/json-c
-JSON_CONFIGURE_WITH=	libjson
-
-GOST_CONFIGURE_ON=	--with-gost
-GOST_ASN1_CONFIGURE_ON=	--with-gost=asn1
-
-PYTHON_CONFIGURE_WITH=	python
-PYTHON_USES=	python
-
-DLZ_POSTGRESQL_CONFIGURE_ON=	--with-dlz-postgres=yes
-DLZ_POSTGRESQL_USES=		pgsql
-
-FIXED_RRSET_CONFIGURE_ENABLE=	fixed-rrset
-
-RPZ_NSIP_CONFIGURE_ENABLE=	rpz-nsip
-
-RPZ_NSDNAME_CONFIGURE_ENABLE=	rpz-nsdname
-
-DLZ_MYSQL_CONFIGURE_ON=	--with-dlz-mysql=yes
-DLZ_MYSQL_USES=		mysql
+LARGE_FILE_DESC=	64-bit file support
+MINCACHE_DESC=		Use the mincachettl patch
+NATIVE_PKCS11_DESC=	Use PKCS\#11 native API (**READ HELP**)
+PORTREVISION_DESC=	Show PORTREVISION in the version string
+PYTHON_DESC=		Build with Python utilities
+QUERYTRACE_DESC=	Enable the very verbose query tracelogging
+RPZ_NSDNAME_DESC=	Enable RPZ NSDNAME policy records
+RPZ_NSIP_DESC=		Enable RPZ NSIP trigger rules
+SIGCHASE_DESC=		dig/host/nslookup will do DNSSEC validation
+SSL_DESC=		Build with OpenSSL (Required for DNSSEC)
+START_LATE_DESC=	Start BIND late in the boot process (see help)
 
 DLZ_BDB_CONFIGURE_ON=	--with-dlz-bdb=yes
 DLZ_BDB_USES=		bdb
 
+DLZ_FILESYSTEM_CONFIGURE_ON=	--with-dlz-filesystem=yes
+
 DLZ_LDAP_CONFIGURE_ON=	--with-dlz-ldap=yes
 DLZ_LDAP_USE=		openldap=yes
 
-DLZ_FILESYSTEM_CONFIGURE_ON=	--with-dlz-filesystem=yes
+DLZ_MYSQL_CONFIGURE_ON=	--with-dlz-mysql=yes
+DLZ_MYSQL_PREVENTS=	THREADS
+DLZ_MYSQL_USES=		mysql
+
+DLZ_POSTGRESQL_CONFIGURE_ON=	--with-dlz-postgres=yes
+DLZ_POSTGRESQL_USES=		pgsql
 
 DLZ_STUB_CONFIGURE_ON=	--with-dlz-stub=yes
 
+FETCHLIMIT_CONFIGURE_ENABLE=	fetchlimit
+
+FILTER_AAAA_CONFIGURE_ENABLE=	filter-aaaa
+
+FIXED_RRSET_CONFIGURE_ENABLE=	fixed-rrset
+
+GEOIP_CONFIGURE_WITH=	geoip
+GEOIP_LIB_DEPENDS=	libGeoIP.so:net/GeoIP
+
+GOST_ASN1_CONFIGURE_ON=	--with-gost=asn1
+
+GOST_CONFIGURE_ON=	--with-gost
+
+GSSAPI_BASE_CONFIGURE_ON= \
+	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
+GSSAPI_BASE_USES=	gssapi
+
+GSSAPI_HEIMDAL_CONFIGURE_ON= \
+	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
+GSSAPI_HEIMDAL_USES=	gssapi:heimdal
+
+GSSAPI_MIT_CONFIGURE_ON= \
+	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
+GSSAPI_MIT_USES=	gssapi:mit
+
+GSSAPI_NONE_CONFIGURE_ON=	--without-gssapi
+
+IDN_CONFIGURE_OFF=	--without-idn
+IDN_CONFIGURE_ON=	--with-idn=${LOCALBASE} ${ICONV_CONFIGURE_BASE}
+IDN_LIB_DEPENDS=	libidnkit.so:dns/idnkit
+IDN_USES=		iconv
+
+IPV6_CONFIGURE_ENABLE=	ipv6
+
+JSON_CONFIGURE_WITH=	libjson
+JSON_LIB_DEPENDS=	libjson-c.so:devel/json-c
+
+LARGE_FILE_CONFIGURE_ENABLE=	largefile
+
+MINCACHE_EXTRA_PATCHES=	${FILESDIR}/extrapatch-bind-min-override-ttl
+
+NATIVE_PKCS11_CONFIGURE_ENABLE=	native-pkcs11
+NATIVE_PKCS11_IMPLIES=	THREADS
+
+PYTHON_CONFIGURE_WITH=	python=${PYTHON_CMD}
+PYTHON_USES=	python
+
+QUERYTRACE_CONFIGURE_ENABLE=	querytrace
+
+RPZ_NSDNAME_CONFIGURE_ENABLE=	rpz-nsdname
+
+RPZ_NSIP_CONFIGURE_ENABLE=	rpz-nsip
+
+SIGCHASE_CONFIGURE_ON=	STD_CDEFINES="-DDIG_SIGCHASE=1"
+
+SSL_CONFIGURE_OFF=	--disable-openssl-version-check --without-openssl
+SSL_CONFIGURE_ON=	--with-openssl=${OPENSSLBASE}
+SSL_USES=		ssl
+
 START_LATE_SUB_LIST=	NAMED_REQUIRE="SERVERS cleanvar" \
 			NAMED_BEFORE="LOGIN"
 START_LATE_SUB_LIST_OFF=NAMED_REQUIRE="NETWORKING ldconfig syslogd" \
 			NAMED_BEFORE="SERVERS"
 
-GSSAPI_BASE_USES=	gssapi
-GSSAPI_BASE_CONFIGURE_ON= \
-	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
-GSSAPI_HEIMDAL_USES=	gssapi:heimdal
-GSSAPI_HEIMDAL_CONFIGURE_ON= \
-	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
-GSSAPI_MIT_USES=	gssapi:mit
-GSSAPI_MIT_CONFIGURE_ON= \
-	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
-GSSAPI_NONE_CONFIGURE_ON=	--without-gssapi
+THREADS_CONFIGURE_ENABLE=	threads
 
-.include <bsd.port.options.mk>
+.include <bsd.port.pre.mk>
 
 .if !${PORT_OPTIONS:MGOST} && !${PORT_OPTIONS:MGOST_ASN1}
 CONFIGURE_ARGS+=	--without-gost
 .endif
 
-.if ${PORT_OPTIONS:MTHREADS} && !${PORT_OPTIONS:MDLZ_MYSQL}
-CONFIGURE_ARGS+=	--enable-threads
-.else
-CONFIGURE_ARGS+=	--disable-threads
-.endif
-
-USE_RC_SUBR=	named
-
-MAKE_JOBS_UNSAFE=	yes
-
-PORTDOCS=	*
-
-.include <bsd.port.pre.mk>
-
 .if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && ${SSL_DEFAULT} == base
 BROKEN=	OpenSSL from the base system does not support GOST, add \
 	DEFAULT_VERSIONS+=ssl=openssl to your /etc/make.conf and rebuild everything \
@@ -191,9 +194,6 @@ BROKEN=	OpenSSL from the base system does not support GOST, add \
 .endif
 
 post-patch:
-	@${REINPLACE_CMD} -e 's|readline/readline.h|editline/readline.h|; \
-		s|readline/history.h|histedit.h|' \
-		${WRKSRC}/bin/dig/nslookup.c ${WRKSRC}/bin/nsupdate/nsupdate.c
 .for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.1 \
 	rndc/rndc.8
 	@${REINPLACE_CMD} -e 's#/etc/named.conf#${ETCDIR}/named.conf#g' \
@@ -209,15 +209,6 @@ post-patch-PORTREVISION-on:
 .endif
 
 post-install:
-.if ${PORT_OPTIONS:MDOCS}
-	${MKDIR} ${STAGEDIR}${DOCSDIR}/arm
-	${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm
-	${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR}
-	${INSTALL_DATA} ${WRKSRC}/CHANGES ${WRKSRC}/COPYRIGHT ${WRKSRC}/FAQ \
-		${WRKSRC}/HISTORY ${WRKSRC}/README ${STAGEDIR}${DOCSDIR}
-.endif
-
-.if ${OPSYS} == DragonFly || (${OPSYS} == FreeBSD && ${OSVERSION} >= 1000100)
 	${MKDIR} ${STAGEDIR}${PREFIX}/etc/mtree
 	${MKDIR} ${STAGEDIR}${ETCDIR}
 .for i in dynamic master slave working
@@ -230,8 +221,18 @@ post-install:
 	${INSTALL_DATA} ${FILESDIR}/localhost-reverse.db ${STAGEDIR}${ETCDIR}/master
 	${INSTALL_DATA} ${FILESDIR}/BIND.chroot.dist ${STAGEDIR}${PREFIX}/etc/mtree
 	${INSTALL_DATA} ${FILESDIR}/BIND.chroot.local.dist ${STAGEDIR}${PREFIX}/etc/mtree
-.endif
 	${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \
 		${STAGEDIR}${ETCDIR}/rndc.conf.sample
 
+post-install-DOCS-on:
+	${MKDIR} ${STAGEDIR}${DOCSDIR}/arm
+	${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm
+	${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR}
+	${INSTALL_DATA} ${WRKSRC}/CHANGES ${WRKSRC}/FAQ \
+		${WRKSRC}/HISTORY ${WRKSRC}/README ${STAGEDIR}${DOCSDIR}
+
+# Can't use USE_PYTHON=autoplist
+post-install-PYTHON-on:
+	@${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -type f | ${SED} -e 's|${STAGEDIR}||' >> ${TMPPLIST}
+
 .include <bsd.port.post.mk>

dns/bind910/distinfo

@@ -1,3 +1,3 @@
-TIMESTAMP = 1492054917
-SHA256 (bind-9.10.4-P8.tar.gz) = 7dd356ab466ead8124d645f83719e620686998c81ce1d4eb0c52daffca7566eb
-SIZE (bind-9.10.4-P8.tar.gz) = 9323291
+TIMESTAMP = 1492690349
+SHA256 (bind-9.10.5.tar.gz) = 71688d2e134e42205075eef93cc1b78b42a140a2d61bf8263afc9c92fc872b0e
+SIZE (bind-9.10.5.tar.gz) = 9431916

dns/bind910/files/extrapatch-bind-min-override-ttl

@@ -1,6 +1,6 @@
---- bin/named/config.c.orig	2016-10-21 05:10:54 UTC
+--- bin/named/config.c.orig	2017-04-14 03:54:11 UTC
 +++ bin/named/config.c
-@@ -151,6 +151,8 @@ options {\n\
+@@ -154,6 +154,8 @@ options {\n\
  	min-roots 2;\n\
  	lame-ttl 600;\n\
  	max-ncache-ttl 10800; /* 3 hours */\n\
@@ -9,9 +9,9 @@
  	max-cache-ttl 604800; /* 1 week */\n\
  	transfer-format many-answers;\n\
  	max-cache-size 0;\n\
---- bin/named/server.c.orig	2016-10-21 05:10:54 UTC
+--- bin/named/server.c.orig	2017-04-14 03:54:11 UTC
 +++ bin/named/server.c
-@@ -2802,6 +2802,16 @@ configure_view(dns_view_t *view, dns_vie
+@@ -2890,6 +2890,16 @@ configure_view(dns_view_t *view, dns_vie
  	}
  
  	obj = NULL;
@@ -28,9 +28,9 @@
  	result = ns_config_get(maps, "max-cache-ttl", &obj);
  	INSIST(result == ISC_R_SUCCESS);
  	view->maxcachettl = cfg_obj_asuint32(obj);
---- lib/dns/include/dns/view.h.orig	2016-10-21 05:10:54 UTC
+--- lib/dns/include/dns/view.h.orig	2017-04-14 03:54:11 UTC
 +++ lib/dns/include/dns/view.h
-@@ -150,6 +150,8 @@ struct dns_view {
+@@ -151,6 +151,8 @@ struct dns_view {
  	isc_boolean_t			requestnsid;
  	isc_boolean_t			requestsit;
  	dns_ttl_t			maxcachettl;
@@ -39,9 +39,9 @@
  	dns_ttl_t			maxncachettl;
  	dns_ttl_t			prefetch_trigger;
  	dns_ttl_t			prefetch_eligible;
---- lib/dns/resolver.c.orig	2016-10-21 05:10:54 UTC
+--- lib/dns/resolver.c.orig	2017-04-14 03:54:11 UTC
 +++ lib/dns/resolver.c
-@@ -5373,6 +5373,18 @@ cache_name(fetchctx_t *fctx, dns_name_t 
+@@ -5378,6 +5378,18 @@ cache_name(fetchctx_t *fctx, dns_name_t 
  		}
  
  		/*
@@ -60,9 +60,9 @@
  		 * Enforce the configure maximum cache TTL.
  		 */
  		if (rdataset->ttl > res->view->maxcachettl)
---- lib/isccfg/namedconf.c.orig	2016-10-21 05:10:54 UTC
+--- lib/isccfg/namedconf.c.orig	2017-04-14 03:54:11 UTC
 +++ lib/isccfg/namedconf.c
-@@ -1572,6 +1572,8 @@ view_clauses[] = {
+@@ -1591,6 +1591,8 @@ view_clauses[] = {
  #endif
  	{ "max-acache-size", &cfg_type_sizenodefault, 0 },
  	{ "max-cache-size", &cfg_type_sizenodefault, 0 },

dns/bind910/files/named.conf.in

@@ -93,7 +93,7 @@ zone "." { type hint; file "%%ETCDIR%%/named.root"; };
 	the hint zone above.
 
 	As documented at http://dns.icann.org/services/axfr/ these zones:
-	"." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and ROOT-SERVERS.NET
+	"." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and a few others
 	are available for AXFR from these servers on IPv4 and IPv6:
 	xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org
 */
@@ -102,7 +102,10 @@ zone "." {
 	type slave;
 	file "%%ETCDIR%%/slave/root.slave";
 	masters {
-		192.5.5.241;	// F.ROOT-SERVERS.NET.
+		192.0.32.132;           // lax.xfr.dns.icann.org
+		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
+		192.0.47.132;           // iad.xfr.dns.icann.org
+		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
 };
@@ -110,10 +113,35 @@ zone "arpa" {
 	type slave;
 	file "%%ETCDIR%%/slave/arpa.slave";
 	masters {
-		192.5.5.241;	// F.ROOT-SERVERS.NET.
+		192.0.32.132;           // lax.xfr.dns.icann.org
+		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
+		192.0.47.132;           // iad.xfr.dns.icann.org
+		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
 };
+zone "in-addr.arpa" {
+	type slave;
+	file "%%ETCDIR%%/slave/in-addr.arpa.slave";
+	masters {
+		192.0.32.132;           // lax.xfr.dns.icann.org
+		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
+		192.0.47.132;           // iad.xfr.dns.icann.org
+		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
+	};
+	notify no;
+}
+zone "ip6.arpa" {
+	type slave;
+	file "%%ETCDIR%%/slave/ip6.arpa.slave";
+	masters {
+		192.0.32.132;           // lax.xfr.dns.icann.org
+		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
+		192.0.47.132;           // iad.xfr.dns.icann.org
+		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
+	};
+	notify no;
+}
 */
 
 /*	Serving the following zones locally will prevent any queries

dns/bind910/files/named.root

@@ -13,8 +13,8 @@
 ;           on server           FTP.INTERNIC.NET
 ;       -OR-                    RS.INTERNIC.NET
 ;
-;       last update:    March 23, 2016
-;       related version of root zone:   2016032301
+;       last update:    April 11, 2017
+;       related version of root zone:   2017041101
 ;
 ; formerly NS.INTERNIC.NET
 ;
@@ -44,6 +44,7 @@ D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
 ;
 .                        3600000      NS    E.ROOT-SERVERS.NET.
 E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+E.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:a8::e
 ;
 ; FORMERLY NS.ISC.ORG
 ;
@@ -55,6 +56,7 @@ F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
 ;
 .                        3600000      NS    G.ROOT-SERVERS.NET.
 G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+G.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:12::d0d
 ;
 ; FORMERLY AOS.ARL.ARMY.MIL
 ;

dns/bind910/files/patch-bin_tests_system_dlzexternal_Makefile.in

@@ -1,11 +1,11 @@
---- bin/tests/system/dlzexternal/Makefile.in.orig	2016-04-20 20:11:20 UTC
+--- bin/tests/system/dlzexternal/Makefile.in.orig	2017-04-14 03:54:11 UTC
 +++ bin/tests/system/dlzexternal/Makefile.in
-@@ -43,7 +43,7 @@ OBJS =          ${DLOPENOBJS}
+@@ -39,7 +39,7 @@ OBJS =
  @BIND9_MAKE_RULES@
  
  CFLAGS =	@CFLAGS@ @SO_CFLAGS@
 -SO_LDFLAGS =	@LDFLAGS@ @SO_LDFLAGS@
 +SO_LDFLAGS =	@SO_LDFLAGS@
  
- dlopen@EXEEXT@: ${DLOPENOBJS}
- 	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} \
+ driver.@SO@: ${SO_OBJS}
+ 	${LIBTOOL_MODE_LINK} @SO_LD@ ${SO_LDFLAGS} -o $@ driver.@O@

dns/bind910/files/patch-configure

@@ -1,6 +1,6 @@
---- configure.orig	2016-04-20 20:11:20 UTC
+--- configure.orig	2017-04-14 03:54:11 UTC
 +++ configure
-@@ -14142,27 +14142,9 @@ done
+@@ -14347,27 +14347,9 @@ done
  		# problems start to show up.
  		saved_libs="$LIBS"
  		for TRY_LIBS in \
@@ -20,7 +20,7 @@
 -		    # -L/usr/local/lib to LIBS, which can make the
 -		    # -lgssapi_krb5 test succeed with shared libraries even
 -		    # when you are trying to build with KTH in /usr/lib.
--		    if test "$use_gssapi" = "/usr"
+-		    if test "/usr" = "$use_gssapi"
 -		    then
 -			    LIBS="$TRY_LIBS"
 -		    else
@@ -30,7 +30,7 @@
  		    { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5
  $as_echo_n "checking linking as $TRY_LIBS... " >&6; }
  		    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-@@ -14205,47 +14187,7 @@ $as_echo "no" >&6; } ;;
+@@ -14410,47 +14392,7 @@ $as_echo "no" >&6; } ;;
  		no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;;
  		esac
  
@@ -43,7 +43,7 @@
 -		# many times as it is the right thing.  Something better
 -		# needs to be done.
 -		#
--		if test "$use_gssapi" = "/usr" -a \
+-		if test "/usr" = "$use_gssapi" -a \
 -			-f /usr/local/lib/libkrb5.a; then
 -		    FIX_KTH_VS_MIT=yes
 -		fi
@@ -79,7 +79,7 @@
  		DNS_GSSAPI_LIBS="$LIBS"
  
  		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5
-@@ -21602,7 +21544,7 @@ $as_echo "" >&6; }
+@@ -21960,7 +21902,7 @@ $as_echo "" >&6; }
  			# Check other locations for includes.
  			# Order is important (sigh).
  

dns/bind910/pkg-help

@@ -14,16 +14,6 @@ Additionally, the HSM might not support all of the PKCS#11
 API functions needed for signature verification.
 
 
-                            GOST
-If using a chrooted instance of BIND on FreeBSD 8.x and 9.x,
-the OpenSSL engines MUST be accessible from within the chroot.
-If BIND is chrooted in /var/named, this can be achieved by
-either copying content of /usr/local/lib/engines into
-/var/named/usr/local/lib/engines, or by creating that directory
-and adding this line to /etc/fstab:
-/usr/local/lib/engines  /var/named/usr/local/lib/engines nullfs ro 0 0
-
-
                          START_LATE
 Most of the time, BIND needs to start early in the boot
 process.  Enable this if BIND starts too early for you and

dns/bind910/pkg-plist

@@ -1,8 +1,10 @@
+bin/arpaname
 bin/bind9-config
 bin/delv
 bin/dig
 bin/host
 bin/isc-config.sh
+bin/named-rrchecker
 bin/nslookup
 bin/nsupdate
 etc/mtree/BIND.chroot.dist
@@ -135,6 +137,7 @@ include/isc/counter.h
 include/isc/crc64.h
 include/isc/dir.h
 include/isc/entropy.h
+include/isc/errno.h
 include/isc/error.h
 include/isc/event.h
 include/isc/eventclass.h
@@ -254,6 +257,7 @@ include/pk11/constants.h
 include/pk11/internal.h
 include/pk11/pk11.h
 include/pk11/result.h
+include/pk11/site.h
 include/pkcs11/cryptoki.h
 include/pkcs11/pkcs11.h
 include/pkcs11/pkcs11f.h
@@ -388,7 +392,6 @@ man/man8/nsec3hash.8.gz
 man/man8/rndc-confgen.8.gz
 man/man8/rndc.8.gz
 man/man8/tsig-keygen.8.gz
-sbin/arpaname
 sbin/ddns-confgen
 %%PYTHON%%sbin/dnssec-checkds
 %%PYTHON%%sbin/dnssec-coverage
@@ -408,7 +411,6 @@ sbin/named-checkconf
 sbin/named-checkzone
 sbin/named-compilezone
 sbin/named-journalprint
-sbin/named-rrchecker
 sbin/nsec3hash
 %%NATIVE_PKCS11%%sbin/pkcs11-destroy
 %%NATIVE_PKCS11%%sbin/pkcs11-keygen

dns/bind911/Makefile

@@ -8,7 +8,7 @@ PORTVERSION=	${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/}
 PORTREVISION=	0
 .else
 # dns/bind9xx here
-PORTREVISION=	1
+PORTREVISION=	0
 .endif
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	ISC/bind9/${ISCVERSION}
@@ -27,9 +27,10 @@ COMMENT=	BIND DNS suite with updated DNSSEC and DNS64
 .endif
 
 LICENSE=	MPL
+LICENSE_FILE=	${WRKSRC}/COPYRIGHT
 
 # ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION=	9.11.0-P5
+ISCVERSION=	9.11.1
 
 USES=	cpe libedit
 
@@ -42,27 +43,34 @@ CPE_UPDATE=	${ISCVERSION:C/.*-//:tl}
 LIB_DEPENDS=	libxml2.so:textproc/libxml2
 
 GNU_CONFIGURE=	yes
-CONFIGURE_ARGS+=	--localstatedir=/var --disable-linux-caps \
+CONFIGURE_ARGS=	--localstatedir=/var --disable-linux-caps \
 		--disable-symtable \
 		--with-randomdev=/dev/random \
 		--with-libxml2=${LOCALBASE} \
 		--with-readline="-L${LOCALBASE}/lib -ledit" \
 		--with-dlopen=yes \
 		--sysconfdir=${ETCDIR}
-.if defined(BIND_TOOLS_SLAVE)
-CONFIGURE_ARGS+=	--disable-shared
-.endif
 ETCDIR=		${PREFIX}/etc/namedb
 
-CONFLICTS+=	bind99 bind910 bind9-devel
+CONFLICTS=	bind99 bind910 bind9-devel
 
-.if !defined(BIND_TOOLS_SLAVE)
-SUB_FILES=	pkg-message
-.endif
+.if defined(BIND_TOOLS_SLAVE)
+CONFIGURE_ARGS+=	--disable-shared
+CONFLICTS+=		bind911
+.else
+USE_RC_SUBR=	named
+SUB_FILES=	pkg-message named.conf
+CONFLICTS+=		bind-tools
+.endif	# BIND_TOOLS_SLAVE
+
+MAKE_JOBS_UNSAFE=	yes
+
+PORTDOCS=	*
 
 OPTIONS_DEFAULT=	SSL THREADS SIGCHASE IDN GSSAPI_NONE JSON
 OPTIONS_DEFINE=		IDN LARGE_FILE PYTHON JSON \
 			FIXED_RRSET SIGCHASE IPV6 THREADS FILTER_AAAA
+
 OPTIONS_RADIO=	CRYPTO GOSTDEF
 OPTIONS_RADIO_CRYPTO=	SSL NATIVE_PKCS11
 OPTIONS_RADIO_GOSTDEF=	GOST GOST_ASN1
@@ -81,150 +89,135 @@ OPTIONS_SINGLE_GSSAPI=	GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE
 
 OPTIONS_SUB=	yes
 
-SSL_DESC=		Build with OpenSSL (Required for DNSSEC)
-LARGE_FILE_DESC=	64-bit file support
-FIXED_RRSET_DESC=	Enable fixed rrset ordering
-SIGCHASE_DESC=		dig/host/nslookup will do DNSSEC validation
-FILTER_AAAA_DESC=	Enable filtering of AAAA records
 CRYPTO_DESC=		Choose which crypto engine to use
-NATIVE_PKCS11_DESC=	Use PKCS\#11 native API (**READ HELP**)
-GEOIP_DESC=		Allow geographically based ACL.
-GOSTDEF_DESC=		Enable GOST ciphers, needs SSL (see help on 8 and 9)
-GOST_DESC=		GOST raw keys (new default)
-GOST_ASN1_DESC=		GOST using ASN.1
-PYTHON_DESC=		Build with Python utilities
-START_LATE_DESC=	Start BIND late in the boot process
-MINCACHE_DESC=		Use the mincachettl patch
-PORTREVISION_DESC=	Show PORTREVISION in the version string
-QUERYTRACE_DESC=	Enable the very verbose query tracelogging
-LMDB_DESC=		Use LMDB for zone management
-DNSTAP_DESC=		Provides fast passive logging of DNS messages
-
-RPZ_NSIP_DESC=		Enable RPZ NSIP trigger rules
-RPZ_NSDNAME_DESC=	Enable RPZ NSDNAME policy records
-DLZ_DESC=		Dynamically Loadable Zones
-DLZ_POSTGRESQL_DESC=	DLZ Postgres driver
-DLZ_MYSQL_DESC=		DLZ MySQL driver (no threading)
 DLZ_BDB_DESC=		DLZ BDB driver
-DLZ_LDAP_DESC=		DLZ LDAP driver
+DLZ_DESC=		Dynamically Loadable Zones
 DLZ_FILESYSTEM_DESC=	DLZ filesystem driver
+DLZ_LDAP_DESC=		DLZ LDAP driver
+DLZ_MYSQL_DESC=		DLZ MySQL driver (no threading)
+DLZ_POSTGRESQL_DESC=	DLZ Postgres driver
 DLZ_STUB_DESC=		DLZ stub driver
+DNSTAP_DESC=		Provides fast passive logging of DNS messages
+FILTER_AAAA_DESC=	Enable filtering of AAAA records
+FIXED_RRSET_DESC=	Enable fixed rrset ordering
+GEOIP_DESC=		Allow geographically based ACL.
+GOSTDEF_DESC=		Enable GOST ciphers, needs SSL
+GOST_ASN1_DESC=		GOST using ASN.1
+GOST_DESC=		GOST raw keys (new default)
 GSSAPI_BASE_DESC=	Using Heimdal in base
 GSSAPI_HEIMDAL_DESC=	Using security/heimdal
 GSSAPI_MIT_DESC=	Using security/krb5
 GSSAPI_NONE_DESC=	Disable
-
-.if defined(BIND_TOOLS_SLAVE)
-CONFLICTS+=		bind911
-.else
-CONFLICTS+=		bind-tools
-.endif	# BIND_TOOLS_SLAVE
-
-SSL_CONFIGURE_ON=	--with-openssl=${OPENSSLBASE}
-SSL_USES=		ssl
-SSL_CONFIGURE_OFF=	--disable-openssl-version-check --without-openssl
-
-LMDB_CONFIGURE_WITH=	lmdb
-LMDB_LIB_DEPENDS=	liblmdb.so:databases/lmdb
-
-IDN_USES=		iconv
-IDN_CONFIGURE_ON=	--with-idn=${LOCALBASE} ${ICONV_CONFIGURE_BASE}
-IDN_LIB_DEPENDS=	libidnkit.so:dns/idnkit
-IDN_CONFIGURE_OFF=	--without-idn
-
-LARGE_FILE_CONFIGURE_ENABLE=	largefile
-
-SIGCHASE_CONFIGURE_ON=	STD_CDEFINES="-DDIG_SIGCHASE=1"
-
-IPV6_CONFIGURE_ENABLE=	ipv6
-
-FILTER_AAAA_CONFIGURE_ENABLE=	filter-aaaa
-
-NATIVE_PKCS11_CONFIGURE_ENABLE=	native-pkcs11
-
-GEOIP_CONFIGURE_WITH=	geoip
-GEOIP_LIB_DEPENDS=	libGeoIP.so:net/GeoIP
-
-JSON_LIB_DEPENDS=	libjson-c.so:devel/json-c
-JSON_CONFIGURE_WITH=	libjson
-
-GOST_CONFIGURE_ON=	--with-gost
-GOST_ASN1_CONFIGURE_ON=	--with-gost=asn1
-
-PYTHON_CONFIGURE_WITH=	python=${PYTHON_CMD}
-PYTHON_USES=	python
-PYTHON_BUILD_DEPENDS=	${PYTHON_PKGNAMEPREFIX}ply>=0:devel/py-ply
-PYTHON_RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}ply>=0:devel/py-ply
-
-DLZ_POSTGRESQL_CONFIGURE_ON=	--with-dlz-postgres=yes
-DLZ_POSTGRESQL_USES=		pgsql
-
-FIXED_RRSET_CONFIGURE_ENABLE=	fixed-rrset
-
-RPZ_NSIP_CONFIGURE_ENABLE=	rpz-nsip
-
-RPZ_NSDNAME_CONFIGURE_ENABLE=	rpz-nsdname
-
-DLZ_MYSQL_CONFIGURE_ON=	--with-dlz-mysql=yes
-DLZ_MYSQL_USES=		mysql
+LARGE_FILE_DESC=	64-bit file support
+LMDB_DESC=		Use LMDB for zone management
+MINCACHE_DESC=		Use the mincachettl patch
+NATIVE_PKCS11_DESC=	Use PKCS\#11 native API (**READ HELP**)
+PORTREVISION_DESC=	Show PORTREVISION in the version string
+PYTHON_DESC=		Build with Python utilities
+QUERYTRACE_DESC=	Enable the very verbose query tracelogging
+RPZ_NSDNAME_DESC=	Enable RPZ NSDNAME policy records
+RPZ_NSIP_DESC=		Enable RPZ NSIP trigger rules
+SIGCHASE_DESC=		dig/host/nslookup will do DNSSEC validation
+SSL_DESC=		Build with OpenSSL (Required for DNSSEC)
+START_LATE_DESC=	Start BIND late in the boot process (see help)
 
 DLZ_BDB_CONFIGURE_ON=	--with-dlz-bdb=yes
 DLZ_BDB_USES=		bdb
 
+DLZ_FILESYSTEM_CONFIGURE_ON=	--with-dlz-filesystem=yes
+
 DLZ_LDAP_CONFIGURE_ON=	--with-dlz-ldap=yes
 DLZ_LDAP_USE=		openldap=yes
 
-DLZ_FILESYSTEM_CONFIGURE_ON=	--with-dlz-filesystem=yes
+DLZ_MYSQL_CONFIGURE_ON=	--with-dlz-mysql=yes
+DLZ_MYSQL_PREVENTS=	THREADS
+DLZ_MYSQL_USES=		mysql
+
+DLZ_POSTGRESQL_CONFIGURE_ON=	--with-dlz-postgres=yes
+DLZ_POSTGRESQL_USES=		pgsql
 
 DLZ_STUB_CONFIGURE_ON=	--with-dlz-stub=yes
 
+DNSTAP_CONFIGURE_ENABLE=	dnstap
+DNSTAP_IMPLIES=		THREADS
+DNSTAP_LIB_DEPENDS=	libfstrm.so:devel/fstrm \
+			libprotobuf-c.so:devel/protobuf-c
+
+FILTER_AAAA_CONFIGURE_ENABLE=	filter-aaaa
+
+FIXED_RRSET_CONFIGURE_ENABLE=	fixed-rrset
+
+GEOIP_CONFIGURE_WITH=	geoip
+GEOIP_LIB_DEPENDS=	libGeoIP.so:net/GeoIP
+
+GOST_ASN1_CONFIGURE_ON=	--with-gost=asn1
+
+GOST_CONFIGURE_ON=	--with-gost
+
+GSSAPI_BASE_CONFIGURE_ON= \
+	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
+GSSAPI_BASE_USES=	gssapi
+
+GSSAPI_HEIMDAL_CONFIGURE_ON= \
+	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
+GSSAPI_HEIMDAL_USES=	gssapi:heimdal
+
+GSSAPI_MIT_CONFIGURE_ON= \
+	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
+GSSAPI_MIT_USES=	gssapi:mit
+
+GSSAPI_NONE_CONFIGURE_ON=	--without-gssapi
+
+IDN_CONFIGURE_OFF=	--without-idn
+IDN_CONFIGURE_ON=	--with-idn=${LOCALBASE} ${ICONV_CONFIGURE_BASE}
+IDN_LIB_DEPENDS=	libidnkit.so:dns/idnkit
+IDN_USES=		iconv
+
+IPV6_CONFIGURE_ENABLE=	ipv6
+
+JSON_CONFIGURE_WITH=	libjson
+JSON_LIB_DEPENDS=	libjson-c.so:devel/json-c
+
+LARGE_FILE_CONFIGURE_ENABLE=	largefile
+
+LMDB_CONFIGURE_WITH=	lmdb
+LMDB_LIB_DEPENDS=	liblmdb.so:databases/lmdb
+
+MINCACHE_EXTRA_PATCHES=	${FILESDIR}/extrapatch-bind-min-override-ttl
+
+NATIVE_PKCS11_CONFIGURE_ENABLE=	native-pkcs11
+NATIVE_PKCS11_IMPLIES=	THREADS
+
+PYTHON_BUILD_DEPENDS=	${PYTHON_PKGNAMEPREFIX}ply>=0:devel/py-ply
+PYTHON_CONFIGURE_WITH=	python=${PYTHON_CMD}
+PYTHON_RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}ply>=0:devel/py-ply
+PYTHON_USES=	python
+
+QUERYTRACE_CONFIGURE_ENABLE=	querytrace
+
+RPZ_NSDNAME_CONFIGURE_ENABLE=	rpz-nsdname
+
+RPZ_NSIP_CONFIGURE_ENABLE=	rpz-nsip
+
+SIGCHASE_CONFIGURE_ON=	STD_CDEFINES="-DDIG_SIGCHASE=1"
+
+SSL_CONFIGURE_OFF=	--disable-openssl-version-check --without-openssl
+SSL_CONFIGURE_ON=	--with-openssl=${OPENSSLBASE}
+SSL_USES=		ssl
+
 START_LATE_SUB_LIST=	NAMED_REQUIRE="SERVERS cleanvar" \
 			NAMED_BEFORE="LOGIN"
 START_LATE_SUB_LIST_OFF=NAMED_REQUIRE="NETWORKING ldconfig syslogd" \
 			NAMED_BEFORE="SERVERS"
 
-GSSAPI_BASE_USES=	gssapi
-GSSAPI_BASE_CONFIGURE_ON= \
-	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
-GSSAPI_HEIMDAL_USES=	gssapi:heimdal
-GSSAPI_HEIMDAL_CONFIGURE_ON= \
-	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
-GSSAPI_MIT_USES=	gssapi:mit
-GSSAPI_MIT_CONFIGURE_ON= \
-	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
-GSSAPI_NONE_CONFIGURE_ON=	--without-gssapi
+THREADS_CONFIGURE_ENABLE=	threads
 
-MINCACHE_EXTRA_PATCHES=	${FILESDIR}/extrapatch-bind-min-override-ttl
-
-QUERYTRACE_CONFIGURE_ENABLE=	querytrace
-
-DNSTAP_CONFIGURE_ENABLE=	dnstap
-DNSTAP_LIB_DEPENDS=	libfstrm.so:devel/fstrm \
-			libprotobuf-c.so:devel/protobuf-c
-
-.include <bsd.port.options.mk>
+.include <bsd.port.pre.mk>
 
 .if !${PORT_OPTIONS:MGOST} && !${PORT_OPTIONS:MGOST_ASN1}
 CONFIGURE_ARGS+=	--without-gost
 .endif
 
-.if ${PORT_OPTIONS:MTHREADS} && !${PORT_OPTIONS:MDLZ_MYSQL}
-CONFIGURE_ARGS+=	--enable-threads
-.else
-CONFIGURE_ARGS+=	--disable-threads
-.endif
-
-.if !defined(BIND_TOOLS_SLAVE)
-USE_RC_SUBR+=	named
-SUB_FILES+=	named.conf
-.endif
-
-MAKE_JOBS_UNSAFE=	yes
-
-PORTDOCS=	*
-
-.include <bsd.port.pre.mk>
-
 .if ( ${PORT_OPTIONS:MGOST} || ${PORT_OPTIONS:MGOST_ASN1} ) && ${SSL_DEFAULT} == base
 BROKEN=	OpenSSL from the base system does not support GOST, add \
 	DEFAULT_VERSIONS+=ssl=openssl to your /etc/make.conf and rebuild everything \
@@ -232,16 +225,13 @@ BROKEN=	OpenSSL from the base system does not support GOST, add \
 .endif
 
 post-patch:
-	@${REINPLACE_CMD} -e 's|readline/readline.h|editline/readline.h|; \
-		s|readline/history.h|histedit.h|' \
-		${WRKSRC}/bin/dig/nslookup.c ${WRKSRC}/bin/nsupdate/nsupdate.c
 .if defined(BIND_TOOLS_SLAVE)
 	@${REINPLACE_CMD} -e 's#^SUBDIRS.*#SUBDIRS = lib bin#' \
 		-e 's#isc-config.sh installdirs#installdirs#' \
 		-e 's#.*INSTALL.*isc-config.*##' \
 		-e 's#.*INSTALL.*bind.keys.*##' \
 		${WRKSRC}/Makefile.in
-	@${REINPLACE_CMD} -e 's#^SUBDIRS.*#SUBDIRS = dig delv dnssec tools nsupdate \\#' \
+	@${REINPLACE_CMD} -e 's#^SUBDIRS.*#SUBDIRS = delv dig dnssec tools nsupdate \\#' \
 		-e 's#^	.*check confgen ##' \
 		${WRKSRC}/bin/Makefile.in
 .else
@@ -255,27 +245,18 @@ post-patch:
 .endif
 
 .if !defined(BIND_TOOLS_SLAVE)
-.if ${PORTREVISION:N0}
+.  if ${PORTREVISION:N0}
 post-patch-PORTREVISION-on:
 	@${REINPLACE_CMD} -e '/EXTENSIONS/s#=$$#=_${PORTREVISION}#' \
 		${WRKSRC}/version
-.endif
+.  endif
 
 post-install:
-.if ${PORT_OPTIONS:MDOCS}
-	${MKDIR} ${STAGEDIR}${DOCSDIR}/arm
-	${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm
-	${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR}
-	${INSTALL_DATA} ${WRKSRC}/CHANGES ${WRKSRC}/COPYRIGHT ${WRKSRC}/FAQ \
-		${WRKSRC}/HISTORY ${WRKSRC}/README ${STAGEDIR}${DOCSDIR}
-.endif
-
-.if ${OPSYS} == DragonFly || (${OPSYS} == FreeBSD && ${OSVERSION} >= 1000100)
 	${MKDIR} ${STAGEDIR}${PREFIX}/etc/mtree
 	${MKDIR} ${STAGEDIR}${ETCDIR}
-.for i in dynamic master slave working
+.  for i in dynamic master slave working
 	@${MKDIR} ${STAGEDIR}${ETCDIR}/$i
-.endfor
+.  endfor
 	${INSTALL_DATA} ${WRKDIR}/named.conf ${STAGEDIR}${ETCDIR}/named.conf.sample
 	${INSTALL_DATA} ${FILESDIR}/named.root ${STAGEDIR}${ETCDIR}
 	${INSTALL_DATA} ${FILESDIR}/empty.db ${STAGEDIR}${ETCDIR}/master
@@ -283,9 +264,15 @@ post-install:
 	${INSTALL_DATA} ${FILESDIR}/localhost-reverse.db ${STAGEDIR}${ETCDIR}/master
 	${INSTALL_DATA} ${FILESDIR}/BIND.chroot.dist ${STAGEDIR}${PREFIX}/etc/mtree
 	${INSTALL_DATA} ${FILESDIR}/BIND.chroot.local.dist ${STAGEDIR}${PREFIX}/etc/mtree
-.endif
 	${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \
 		${STAGEDIR}${ETCDIR}/rndc.conf.sample
+
+post-install-DOCS-on:
+	${MKDIR} ${STAGEDIR}${DOCSDIR}/arm
+	${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm
+	${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR}
+	${INSTALL_DATA} ${WRKSRC}/CHANGES ${WRKSRC}/FAQ \
+		${WRKSRC}/HISTORY ${WRKSRC}/README ${STAGEDIR}${DOCSDIR}
 .endif	# BIND_TOOLS_SLAVE
 
 # Can't use USE_PYTHON=autoplist

dns/bind911/distinfo

@@ -1,3 +1,3 @@
-TIMESTAMP = 1492054601
-SHA256 (bind-9.11.0-P5.tar.gz) = 1e283f0567b484687dfd7b936e26c9af4f64043daf73cbd8f3eb1122c9fb71f5
-SIZE (bind-9.11.0-P5.tar.gz) = 9698446
+TIMESTAMP = 1492691449
+SHA256 (bind-9.11.1.tar.gz) = 22050095f5c82a1385cc4174190ac60392670bbc5d63d592ecae52a214bc10b2
+SIZE (bind-9.11.1.tar.gz) = 9762743

dns/bind911/files/extrapatch-bind-min-override-ttl

@@ -1,4 +1,4 @@
---- bin/named/config.c.orig	2016-10-21 05:13:38 UTC
+--- bin/named/config.c.orig	2017-04-14 03:58:25 UTC
 +++ bin/named/config.c
 @@ -154,6 +154,8 @@ options {\n\
  	lame-ttl 600;\n\
@@ -9,9 +9,9 @@
  	max-cache-ttl 604800; /* 1 week */\n\
  	transfer-format many-answers;\n\
  	max-cache-size 90%;\n\
---- bin/named/server.c.orig	2016-10-21 05:13:38 UTC
+--- bin/named/server.c.orig	2017-04-14 03:58:25 UTC
 +++ bin/named/server.c
-@@ -3638,6 +3638,16 @@ configure_view(dns_view_t *view, dns_vie
+@@ -3693,6 +3693,16 @@ configure_view(dns_view_t *view, dns_vie
  	}
  
  	obj = NULL;
@@ -28,7 +28,7 @@
  	result = ns_config_get(maps, "max-cache-ttl", &obj);
  	INSIST(result == ISC_R_SUCCESS);
  	view->maxcachettl = cfg_obj_asuint32(obj);
---- lib/dns/include/dns/view.h.orig	2016-10-21 05:13:38 UTC
+--- lib/dns/include/dns/view.h.orig	2017-04-14 03:58:25 UTC
 +++ lib/dns/include/dns/view.h
 @@ -146,6 +146,8 @@ struct dns_view {
  	isc_boolean_t			requestnsid;
@@ -39,9 +39,9 @@
  	dns_ttl_t			maxncachettl;
  	isc_uint32_t			nta_lifetime;
  	isc_uint32_t			nta_recheck;
---- lib/dns/resolver.c.orig	2016-10-21 05:13:38 UTC
+--- lib/dns/resolver.c.orig	2017-04-14 03:58:25 UTC
 +++ lib/dns/resolver.c
-@@ -5433,6 +5433,18 @@ cache_name(fetchctx_t *fctx, dns_name_t 
+@@ -5439,6 +5439,18 @@ cache_name(fetchctx_t *fctx, dns_name_t 
  		}
  
  		/*
@@ -60,9 +60,9 @@
  		 * Enforce the configure maximum cache TTL.
  		 */
  		if (rdataset->ttl > res->view->maxcachettl)
---- lib/isccfg/namedconf.c.orig	2016-10-21 05:13:38 UTC
+--- lib/isccfg/namedconf.c.orig	2017-04-14 03:58:25 UTC
 +++ lib/isccfg/namedconf.c
-@@ -1735,6 +1735,8 @@ view_clauses[] = {
+@@ -1759,6 +1759,8 @@ view_clauses[] = {
  	{ "nosit-udp-size", &cfg_type_uint32, CFG_CLAUSEFLAG_OBSOLETE },
  	{ "max-acache-size", &cfg_type_sizenodefault, 0 },
  	{ "max-cache-size", &cfg_type_sizeorpercent, 0 },

dns/bind911/files/named.conf.in

@@ -93,7 +93,7 @@ zone "." { type hint; file "%%ETCDIR%%/named.root"; };
 	the hint zone above.
 
 	As documented at http://dns.icann.org/services/axfr/ these zones:
-	"." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and ROOT-SERVERS.NET
+	"." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and a few others
 	are available for AXFR from these servers on IPv4 and IPv6:
 	xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org
 */
@@ -102,7 +102,10 @@ zone "." {
 	type slave;
 	file "%%ETCDIR%%/slave/root.slave";
 	masters {
-		192.5.5.241;	// F.ROOT-SERVERS.NET.
+		192.0.32.132;           // lax.xfr.dns.icann.org
+		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
+		192.0.47.132;           // iad.xfr.dns.icann.org
+		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
 };
@@ -110,10 +113,35 @@ zone "arpa" {
 	type slave;
 	file "%%ETCDIR%%/slave/arpa.slave";
 	masters {
-		192.5.5.241;	// F.ROOT-SERVERS.NET.
+		192.0.32.132;           // lax.xfr.dns.icann.org
+		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
+		192.0.47.132;           // iad.xfr.dns.icann.org
+		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
 };
+zone "in-addr.arpa" {
+	type slave;
+	file "%%ETCDIR%%/slave/in-addr.arpa.slave";
+	masters {
+		192.0.32.132;           // lax.xfr.dns.icann.org
+		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
+		192.0.47.132;           // iad.xfr.dns.icann.org
+		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
+	};
+	notify no;
+}
+zone "ip6.arpa" {
+	type slave;
+	file "%%ETCDIR%%/slave/ip6.arpa.slave";
+	masters {
+		192.0.32.132;           // lax.xfr.dns.icann.org
+		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
+		192.0.47.132;           // iad.xfr.dns.icann.org
+		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
+	};
+	notify no;
+}
 */
 
 /*	Serving the following zones locally will prevent any queries

dns/bind911/files/named.root

@@ -13,8 +13,8 @@
 ;           on server           FTP.INTERNIC.NET
 ;       -OR-                    RS.INTERNIC.NET
 ;
-;       last update:    March 23, 2016
-;       related version of root zone:   2016032301
+;       last update:    April 11, 2017
+;       related version of root zone:   2017041101
 ;
 ; formerly NS.INTERNIC.NET
 ;
@@ -44,6 +44,7 @@ D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
 ;
 .                        3600000      NS    E.ROOT-SERVERS.NET.
 E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+E.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:a8::e
 ;
 ; FORMERLY NS.ISC.ORG
 ;
@@ -55,6 +56,7 @@ F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
 ;
 .                        3600000      NS    G.ROOT-SERVERS.NET.
 G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+G.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:12::d0d
 ;
 ; FORMERLY AOS.ARL.ARMY.MIL
 ;

dns/bind911/files/patch-bin_tests_system_dlzexternal_Makefile.in

@@ -1,11 +1,11 @@
---- bin/tests/system/dlzexternal/Makefile.in.orig	2016-07-28 12:26:36 UTC
+--- bin/tests/system/dlzexternal/Makefile.in.orig	2017-04-14 03:58:25 UTC
 +++ bin/tests/system/dlzexternal/Makefile.in
-@@ -35,7 +35,7 @@ OBJS =          ${DLOPENOBJS}
+@@ -31,7 +31,7 @@ OBJS =
  @BIND9_MAKE_RULES@
  
  CFLAGS =	@CFLAGS@ @SO_CFLAGS@
 -SO_LDFLAGS =	@LDFLAGS@ @SO_LDFLAGS@
 +SO_LDFLAGS =	@SO_LDFLAGS@
  
- dlopen@EXEEXT@: ${DLOPENOBJS}
- 	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} \
+ driver.@SO@: ${SO_OBJS}
+ 	${LIBTOOL_MODE_LINK} @SO_LD@ ${SO_LDFLAGS} -o $@ driver.@O@

dns/bind911/files/patch-configure

@@ -1,6 +1,6 @@
---- configure.orig	2016-08-30 11:01:49 UTC
+--- configure.orig	2017-04-14 03:58:25 UTC
 +++ configure
-@@ -14341,27 +14341,9 @@ done
+@@ -14401,27 +14401,9 @@ done
  		# problems start to show up.
  		saved_libs="$LIBS"
  		for TRY_LIBS in \
@@ -20,7 +20,7 @@
 -		    # -L/usr/local/lib to LIBS, which can make the
 -		    # -lgssapi_krb5 test succeed with shared libraries even
 -		    # when you are trying to build with KTH in /usr/lib.
--		    if test "$use_gssapi" = "/usr"
+-		    if test "/usr" = "$use_gssapi"
 -		    then
 -			    LIBS="$TRY_LIBS"
 -		    else
@@ -30,7 +30,7 @@
  		    { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5
  $as_echo_n "checking linking as $TRY_LIBS... " >&6; }
  		    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-@@ -14404,47 +14386,7 @@ $as_echo "no" >&6; } ;;
+@@ -14464,47 +14446,7 @@ $as_echo "no" >&6; } ;;
  		no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;;
  		esac
  
@@ -43,7 +43,7 @@
 -		# many times as it is the right thing.  Something better
 -		# needs to be done.
 -		#
--		if test "$use_gssapi" = "/usr" -a \
+-		if test "/usr" = "$use_gssapi" -a \
 -			-f /usr/local/lib/libkrb5.a; then
 -		    FIX_KTH_VS_MIT=yes
 -		fi
@@ -79,7 +79,7 @@
  		DNS_GSSAPI_LIBS="$LIBS"
  
  		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5
-@@ -22563,7 +22505,7 @@ $as_echo "" >&6; }
+@@ -22666,7 +22608,7 @@ $as_echo "" >&6; }
  			# Check other locations for includes.
  			# Order is important (sigh).
  

dns/bind911/pkg-help

@@ -14,16 +14,6 @@ Additionally, the HSM might not support all of the PKCS#11
 API functions needed for signature verification.
 
 
-                            GOST
-If using a chrooted instance of BIND on FreeBSD 8.x and 9.x,
-the OpenSSL engines MUST be accessible from within the chroot.
-If BIND is chrooted in /var/named, this can be achieved by
-either copying content of /usr/local/lib/engines into
-/var/named/usr/local/lib/engines, or by creating that directory
-and adding this line to /etc/fstab:
-/usr/local/lib/engines  /var/named/usr/local/lib/engines nullfs ro 0 0
-
-
                          START_LATE
 Most of the time, BIND needs to start early in the boot
 process.  Enable this if BIND starts too early for you and

dns/bind99/Makefile

@@ -3,7 +3,7 @@
 
 PORTNAME=	bind
 PORTVERSION=	${ISCVERSION:S/-P/P/:S/b/.b/:S/a/.a/:S/rc/.rc/}
-PORTREVISION=	1
+PORTREVISION=	0
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	ISC/bind9/${ISCVERSION}
 PKGNAMESUFFIX=	99
@@ -13,9 +13,10 @@ MAINTAINER=	mat@FreeBSD.org
 COMMENT=	BIND DNS suite with updated DNSSEC and DNS64
 
 LICENSE=	ISCL
+LICENSE_FILE=	${WRKSRC}/COPYRIGHT
 
 # ISC releases things like 9.8.0-P1, which our versioning doesn't like
-ISCVERSION=	9.9.9-P8
+ISCVERSION=	9.9.10
 
 USES=	cpe libedit
 
@@ -40,6 +41,11 @@ ETCDIR=		${PREFIX}/etc/namedb
 CONFLICTS=	bind-tools bind9-devel bind910 bind911
 
 SUB_FILES=	pkg-message named.conf
+USE_RC_SUBR=	named
+
+MAKE_JOBS_UNSAFE=	yes
+
+PORTDOCS=	*
 
 OPTIONS_DEFAULT=	SSL THREADS SIGCHASE IDN GSSAPI_NONE RRL DLZ_FILESYSTEM \
 			RPZ_NSIP RPZ_NSDNAME
@@ -55,115 +61,109 @@ OPTIONS_SINGLE_GSSAPI=	GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE
 
 OPTIONS_SUB=	yes
 
-SSL_DESC=		Build with OpenSSL (Required for DNSSEC)
-LARGE_FILE_DESC=	64-bit file support
-FIXED_RRSET_DESC=	Enable fixed rrset ordering
-SIGCHASE_DESC=		dig/host/nslookup will do DNSSEC validation
-FILTER_AAAA_DESC=	Enable filtering of AAAA records
-GOST_DESC=		Enable GOST ciphers, needs SSL (see help on 8 and 9)
-PYTHON_DESC=		Build with Python utilities
-START_LATE_DESC=	Start BIND late in the boot process
-MINCACHE_DESC=		Use the mincachettl patch
-PORTREVISION_DESC=	Show PORTREVISION in the version string
-FETCHLIMIT_DESC=	Enable the query quotas for resolvers
-QUERYTRACE_DESC=	Enable the very verbose query tracelogging
-
-NEWSTATS_DESC=		Enable alternate xml statistics channel format
-RPZ_NSIP_DESC=		Enable RPZ NSIP trigger rules
-RPZ_NSDNAME_DESC=	Enable RPZ NSDNAME policy records
-RRL_DESC=		Response Rate Limiting
-DLZ_DESC=		Dynamically Loadable Zones
-DLZ_POSTGRESQL_DESC=	DLZ Postgres driver
-DLZ_MYSQL_DESC=		DLZ MySQL driver (no threading)
 DLZ_BDB_DESC=		DLZ BDB driver
-DLZ_LDAP_DESC=		DLZ LDAP driver
+DLZ_DESC=		Dynamically Loadable Zones
 DLZ_FILESYSTEM_DESC=	DLZ filesystem driver
+DLZ_LDAP_DESC=		DLZ LDAP driver
+DLZ_MYSQL_DESC=		DLZ MySQL driver (no threading)
+DLZ_POSTGRESQL_DESC=	DLZ Postgres driver
 DLZ_STUB_DESC=		DLZ stub driver
+FETCHLIMIT_DESC=	Enable the query quotas for resolvers
+FILTER_AAAA_DESC=	Enable filtering of AAAA records
+FIXED_RRSET_DESC=	Enable fixed rrset ordering
+GOST_DESC=		Enable GOST ciphers, needs SSL
 GSSAPI_BASE_DESC=	${GSSAPI_DESC} (Heimdal in base)
 GSSAPI_HEIMDAL_DESC=	${GSSAPI_DESC} (security/heimdal)
 GSSAPI_MIT_DESC=	${GSSAPI_DESC} (security/krb5)
 GSSAPI_NONE_DESC=	No ${GSSAPI_DESC}
-MINCACHE_EXTRA_PATCHES=	${FILESDIR}/extrapatch-bind-min-override-ttl
-FETCHLIMIT_CONFIGURE_ENABLE=	fetchlimit
-QUERYTRACE_CONFIGURE_ENABLE=	querytrace
-
-SSL_CONFIGURE_ON=	--with-openssl=${OPENSSLBASE}
-SSL_USES=		ssl
-SSL_CONFIGURE_OFF=	--disable-openssl-version-check --without-openssl
-
-NEWSTATS_CONFIGURE_ENABLE=	newstats
-
-IDN_USES=		iconv
-IDN_CONFIGURE_ON=	--with-idn=${LOCALBASE} ${ICONV_CONFIGURE_BASE}
-IDN_LIB_DEPENDS=	libidnkit.so:dns/idnkit
-IDN_CONFIGURE_OFF=	--without-idn
-
-LARGE_FILE_CONFIGURE_ENABLE=	largefile
-
-SIGCHASE_CONFIGURE_ON=	STD_CDEFINES="-DDIG_SIGCHASE=1"
-
-IPV6_CONFIGURE_ENABLE=	ipv6
-
-FILTER_AAAA_CONFIGURE_ENABLE=	filter-aaaa
-
-GOST_CONFIGURE_WITH=	gost
-
-PYTHON_CONFIGURE_WITH=	python
-PYTHON_USES=	python
-
-DLZ_POSTGRESQL_CONFIGURE_ON=	--with-dlz-postgres=yes
-DLZ_POSTGRESQL_USES=		pgsql
-
-FIXED_RRSET_CONFIGURE_ENABLE=	fixed-rrset
-
-RPZ_NSIP_CONFIGURE_ENABLE=	rpz-nsip
-
-RPZ_NSDNAME_CONFIGURE_ENABLE=	rpz-nsdname
-
-RRL_CONFIGURE_ENABLE=	rrl
-
-DLZ_MYSQL_CONFIGURE_ON=	--with-dlz-mysql=yes
-DLZ_MYSQL_USES=		mysql
+LARGE_FILE_DESC=	64-bit file support
+MINCACHE_DESC=		Use the mincachettl patch
+NEWSTATS_DESC=		Enable alternate xml statistics channel format
+PORTREVISION_DESC=	Show PORTREVISION in the version string
+PYTHON_DESC=		Build with Python utilities
+QUERYTRACE_DESC=	Enable the very verbose query tracelogging
+RPZ_NSDNAME_DESC=	Enable RPZ NSDNAME policy records
+RPZ_NSIP_DESC=		Enable RPZ NSIP trigger rules
+RRL_DESC=		Response Rate Limiting
+SIGCHASE_DESC=		dig/host/nslookup will do DNSSEC validation
+SSL_DESC=		Build with OpenSSL (Required for DNSSEC)
+START_LATE_DESC=	Start BIND late in the boot process (see help)
 
 DLZ_BDB_CONFIGURE_ON=	--with-dlz-bdb=yes
 DLZ_BDB_USES=		bdb
 
+DLZ_FILESYSTEM_CONFIGURE_ON=	--with-dlz-filesystem=yes
+
 DLZ_LDAP_CONFIGURE_ON=	--with-dlz-ldap=yes
 DLZ_LDAP_USE=		openldap=yes
 
-DLZ_FILESYSTEM_CONFIGURE_ON=	--with-dlz-filesystem=yes
+DLZ_MYSQL_CONFIGURE_ON=	--with-dlz-mysql=yes
+DLZ_MYSQL_PREVENTS=	THREADS
+DLZ_MYSQL_USES=		mysql
+
+DLZ_POSTGRESQL_CONFIGURE_ON=	--with-dlz-postgres=yes
+DLZ_POSTGRESQL_USES=		pgsql
 
 DLZ_STUB_CONFIGURE_ON=	--with-dlz-stub=yes
 
+FETCHLIMIT_CONFIGURE_ENABLE=	fetchlimit
+
+FILTER_AAAA_CONFIGURE_ENABLE=	filter-aaaa
+
+FIXED_RRSET_CONFIGURE_ENABLE=	fixed-rrset
+
+GOST_CONFIGURE_WITH=	gost
+
+GSSAPI_BASE_CONFIGURE_ON= \
+	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
+GSSAPI_BASE_USES=	gssapi
+
+GSSAPI_HEIMDAL_CONFIGURE_ON= \
+	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
+GSSAPI_HEIMDAL_USES=	gssapi:heimdal
+
+GSSAPI_MIT_CONFIGURE_ON= \
+	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
+GSSAPI_MIT_USES=	gssapi:mit
+
+GSSAPI_NONE_CONFIGURE_ON=	--without-gssapi
+
+IDN_CONFIGURE_OFF=	--without-idn
+IDN_CONFIGURE_ON=	--with-idn=${LOCALBASE} ${ICONV_CONFIGURE_BASE}
+IDN_LIB_DEPENDS=	libidnkit.so:dns/idnkit
+IDN_USES=		iconv
+
+IPV6_CONFIGURE_ENABLE=	ipv6
+
+LARGE_FILE_CONFIGURE_ENABLE=	largefile
+
+MINCACHE_EXTRA_PATCHES=	${FILESDIR}/extrapatch-bind-min-override-ttl
+
+NEWSTATS_CONFIGURE_ENABLE=	newstats
+
+PYTHON_CONFIGURE_WITH=	python=${PYTHON_CMD}
+PYTHON_USES=	python
+
+QUERYTRACE_CONFIGURE_ENABLE=	querytrace
+
+RPZ_NSDNAME_CONFIGURE_ENABLE=	rpz-nsdname
+
+RPZ_NSIP_CONFIGURE_ENABLE=	rpz-nsip
+
+RRL_CONFIGURE_ENABLE=	rrl
+
+SIGCHASE_CONFIGURE_ON=	STD_CDEFINES="-DDIG_SIGCHASE=1"
+
+SSL_CONFIGURE_OFF=	--disable-openssl-version-check --without-openssl
+SSL_CONFIGURE_ON=	--with-openssl=${OPENSSLBASE}
+SSL_USES=		ssl
+
 START_LATE_SUB_LIST=	NAMED_REQUIRE="SERVERS cleanvar" \
 			NAMED_BEFORE="LOGIN"
 START_LATE_SUB_LIST_OFF=NAMED_REQUIRE="NETWORKING ldconfig syslogd" \
 			NAMED_BEFORE="SERVERS"
 
-GSSAPI_BASE_USES=	gssapi
-GSSAPI_BASE_CONFIGURE_ON= \
-	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
-GSSAPI_HEIMDAL_USES=	gssapi:heimdal
-GSSAPI_HEIMDAL_CONFIGURE_ON= \
-	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
-GSSAPI_MIT_USES=	gssapi:mit
-GSSAPI_MIT_CONFIGURE_ON= \
-	--with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}"
-GSSAPI_NONE_CONFIGURE_ON=	--without-gssapi
-
-.include <bsd.port.options.mk>
-
-.if ${PORT_OPTIONS:MTHREADS} && !${PORT_OPTIONS:MDLZ_MYSQL}
-CONFIGURE_ARGS+=	--enable-threads
-.else
-CONFIGURE_ARGS+=	--disable-threads
-.endif
-
-USE_RC_SUBR=	named
-
-MAKE_JOBS_UNSAFE=	yes
-
-PORTDOCS=	*
+THREADS_CONFIGURE_ENABLE=	threads
 
 .include <bsd.port.pre.mk>
 
@@ -174,9 +174,6 @@ BROKEN=	OpenSSL from the base system does not support GOST, add \
 .endif
 
 post-patch:
-	@${REINPLACE_CMD} -e 's|readline/readline.h|editline/readline.h|; \
-		s|readline/history.h|histedit.h|' \
-		${WRKSRC}/bin/dig/nslookup.c ${WRKSRC}/bin/nsupdate/nsupdate.c
 .for FILE in check/named-checkconf.8 named/named.8 nsupdate/nsupdate.1 \
 	rndc/rndc.8
 	@${REINPLACE_CMD} -e 's#/etc/named.conf#${ETCDIR}/named.conf#g' \
@@ -195,15 +192,6 @@ post-configure:
 	@${REINPLACE_CMD} -e '/^SO_LDFLAGS/s/-Wl,-rpath,/-rpath /' ${WRKSRC}/bin/tests/system/dlzexternal/Makefile
 
 post-install:
-.if ${PORT_OPTIONS:MDOCS}
-	${MKDIR} ${STAGEDIR}${DOCSDIR}/arm
-	${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm
-	${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR}
-	${INSTALL_DATA} ${WRKSRC}/CHANGES ${WRKSRC}/COPYRIGHT ${WRKSRC}/FAQ \
-		${WRKSRC}/HISTORY ${WRKSRC}/README ${STAGEDIR}${DOCSDIR}
-.endif
-
-.if ${OPSYS} == DragonFly || (${OPSYS} == FreeBSD && ${OSVERSION} >= 1000100)
 	${MKDIR} ${STAGEDIR}${PREFIX}/etc/mtree
 	${MKDIR} ${STAGEDIR}${ETCDIR}
 .for i in dynamic master slave working
@@ -216,8 +204,18 @@ post-install:
 	${INSTALL_DATA} ${FILESDIR}/localhost-reverse.db ${STAGEDIR}${ETCDIR}/master
 	${INSTALL_DATA} ${FILESDIR}/BIND.chroot.dist ${STAGEDIR}${PREFIX}/etc/mtree
 	${INSTALL_DATA} ${FILESDIR}/BIND.chroot.local.dist ${STAGEDIR}${PREFIX}/etc/mtree
-.endif
 	${INSTALL_DATA} ${WRKSRC}/bin/rndc/rndc.conf \
 		${STAGEDIR}${ETCDIR}/rndc.conf.sample
 
+post-install-DOCS-on:
+	${MKDIR} ${STAGEDIR}${DOCSDIR}/arm
+	${INSTALL_DATA} ${WRKSRC}/doc/arm/*.html ${STAGEDIR}${DOCSDIR}/arm
+	${INSTALL_DATA} ${WRKSRC}/doc/arm/Bv9ARM.pdf ${STAGEDIR}${DOCSDIR}
+	${INSTALL_DATA} ${WRKSRC}/CHANGES ${WRKSRC}/FAQ \
+		${WRKSRC}/HISTORY ${WRKSRC}/README ${STAGEDIR}${DOCSDIR}
+
+# Can't use USE_PYTHON=autoplist
+post-install-PYTHON-on:
+	@${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -type f | ${SED} -e 's|${STAGEDIR}||' >> ${TMPPLIST}
+
 .include <bsd.port.post.mk>

dns/bind99/distinfo

@@ -1,3 +1,3 @@
-TIMESTAMP = 1492055014
-SHA256 (bind-9.9.9-P8.tar.gz) = ffddfcad820200d287b6063694116f88bb48838b250fe383f135136f1c31b1b8
-SIZE (bind-9.9.9-P8.tar.gz) = 8790853
+TIMESTAMP = 1492688489
+SHA256 (bind-9.9.10.tar.gz) = 7deabe932b11149ebce7bf96abe114479c3c52e0081a29d00877125f55ae562a
+SIZE (bind-9.9.10.tar.gz) = 8857543

dns/bind99/files/extrapatch-bind-min-override-ttl

@@ -1,4 +1,4 @@
---- bin/named/config.c.orig	2016-12-11 22:02:39 UTC
+--- bin/named/config.c.orig	2017-04-14 03:50:56 UTC
 +++ bin/named/config.c
 @@ -141,6 +141,8 @@ options {\n\
  	min-roots 2;\n\
@@ -9,9 +9,9 @@
  	max-cache-ttl 604800; /* 1 week */\n\
  	transfer-format many-answers;\n\
  	max-cache-size 0;\n\
---- bin/named/server.c.orig	2017-01-11 11:22:46 UTC
+--- bin/named/server.c.orig	2017-04-14 03:50:56 UTC
 +++ bin/named/server.c
-@@ -2683,6 +2683,16 @@ configure_view(dns_view_t *view, cfg_obj
+@@ -2647,6 +2647,16 @@ configure_view(dns_view_t *view, cfg_obj
  	}
  
  	obj = NULL;
@@ -28,7 +28,7 @@
  	result = ns_config_get(maps, "max-cache-ttl", &obj);
  	INSIST(result == ISC_R_SUCCESS);
  	view->maxcachettl = cfg_obj_asuint32(obj);
---- lib/dns/include/dns/view.h.orig	2017-01-11 11:22:46 UTC
+--- lib/dns/include/dns/view.h.orig	2017-04-14 03:50:56 UTC
 +++ lib/dns/include/dns/view.h
 @@ -148,6 +148,8 @@ struct dns_view {
  	isc_boolean_t			provideixfr;
@@ -39,9 +39,9 @@
  	dns_ttl_t			maxncachettl;
  	in_port_t			dstport;
  	dns_aclenv_t			aclenv;
---- lib/dns/resolver.c.orig	2016-12-11 22:02:39 UTC
+--- lib/dns/resolver.c.orig	2017-04-14 03:50:56 UTC
 +++ lib/dns/resolver.c
-@@ -5116,6 +5116,18 @@ cache_name(fetchctx_t *fctx, dns_name_t 
+@@ -5117,6 +5117,18 @@ cache_name(fetchctx_t *fctx, dns_name_t 
  		}
  
  		/*
@@ -60,9 +60,9 @@
  		 * Enforce the configure maximum cache TTL.
  		 */
  		if (rdataset->ttl > res->view->maxcachettl)
---- lib/isccfg/namedconf.c.orig	2017-01-11 11:22:46 UTC
+--- lib/isccfg/namedconf.c.orig	2017-04-14 03:50:56 UTC
 +++ lib/isccfg/namedconf.c
-@@ -1464,6 +1464,8 @@ view_clauses[] = {
+@@ -1475,6 +1475,8 @@ view_clauses[] = {
  	{ "lame-ttl", &cfg_type_uint32, 0 },
  	{ "max-acache-size", &cfg_type_sizenodefault, 0 },
  	{ "max-cache-size", &cfg_type_sizenodefault, 0 },

dns/bind99/files/named.conf.in

@@ -93,7 +93,7 @@ zone "." { type hint; file "%%ETCDIR%%/named.root"; };
 	the hint zone above.
 
 	As documented at http://dns.icann.org/services/axfr/ these zones:
-	"." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and ROOT-SERVERS.NET
+	"." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and a few others
 	are available for AXFR from these servers on IPv4 and IPv6:
 	xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org
 */
@@ -102,7 +102,10 @@ zone "." {
 	type slave;
 	file "%%ETCDIR%%/slave/root.slave";
 	masters {
-		192.5.5.241;	// F.ROOT-SERVERS.NET.
+		192.0.32.132;           // lax.xfr.dns.icann.org
+		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
+		192.0.47.132;           // iad.xfr.dns.icann.org
+		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
 };
@@ -110,10 +113,35 @@ zone "arpa" {
 	type slave;
 	file "%%ETCDIR%%/slave/arpa.slave";
 	masters {
-		192.5.5.241;	// F.ROOT-SERVERS.NET.
+		192.0.32.132;           // lax.xfr.dns.icann.org
+		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
+		192.0.47.132;           // iad.xfr.dns.icann.org
+		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
 	};
 	notify no;
 };
+zone "in-addr.arpa" {
+	type slave;
+	file "%%ETCDIR%%/slave/in-addr.arpa.slave";
+	masters {
+		192.0.32.132;           // lax.xfr.dns.icann.org
+		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
+		192.0.47.132;           // iad.xfr.dns.icann.org
+		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
+	};
+	notify no;
+}
+zone "ip6.arpa" {
+	type slave;
+	file "%%ETCDIR%%/slave/ip6.arpa.slave";
+	masters {
+		192.0.32.132;           // lax.xfr.dns.icann.org
+		2620:0:2d0:202::132;    // lax.xfr.dns.icann.org
+		192.0.47.132;           // iad.xfr.dns.icann.org
+		2620:0:2830:202::132;   // iad.xfr.dns.icann.org
+	};
+	notify no;
+}
 */
 
 /*	Serving the following zones locally will prevent any queries

dns/bind99/files/named.root

@@ -13,8 +13,8 @@
 ;           on server           FTP.INTERNIC.NET
 ;       -OR-                    RS.INTERNIC.NET
 ;
-;       last update:    March 23, 2016
-;       related version of root zone:   2016032301
+;       last update:    April 11, 2017
+;       related version of root zone:   2017041101
 ;
 ; formerly NS.INTERNIC.NET
 ;
@@ -44,6 +44,7 @@ D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
 ;
 .                        3600000      NS    E.ROOT-SERVERS.NET.
 E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+E.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:a8::e
 ;
 ; FORMERLY NS.ISC.ORG
 ;
@@ -55,6 +56,7 @@ F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
 ;
 .                        3600000      NS    G.ROOT-SERVERS.NET.
 G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+G.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:12::d0d
 ;
 ; FORMERLY AOS.ARL.ARMY.MIL
 ;

dns/bind99/files/patch-configure

@@ -1,6 +1,6 @@
---- configure.orig	2016-04-20 20:11:30 UTC
+--- configure.orig	2017-04-14 03:50:56 UTC
 +++ configure
-@@ -14329,27 +14329,9 @@ done
+@@ -14508,27 +14508,9 @@ done
  		# problems start to show up.
  		saved_libs="$LIBS"
  		for TRY_LIBS in \
@@ -20,7 +20,7 @@
 -		    # -L/usr/local/lib to LIBS, which can make the
 -		    # -lgssapi_krb5 test succeed with shared libraries even
 -		    # when you are trying to build with KTH in /usr/lib.
--		    if test "$use_gssapi" = "/usr"
+-		    if test "/usr" = "$use_gssapi"
 -		    then
 -			    LIBS="$TRY_LIBS"
 -		    else
@@ -30,7 +30,7 @@
  		    { $as_echo "$as_me:${as_lineno-$LINENO}: checking linking as $TRY_LIBS" >&5
  $as_echo_n "checking linking as $TRY_LIBS... " >&6; }
  		    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-@@ -14392,47 +14374,7 @@ $as_echo "no" >&6; } ;;
+@@ -14571,47 +14553,7 @@ $as_echo "no" >&6; } ;;
  		no) as_fn_error $? "could not determine proper GSSAPI linkage" "$LINENO" 5 ;;
  		esac
  
@@ -43,7 +43,7 @@
 -		# many times as it is the right thing.  Something better
 -		# needs to be done.
 -		#
--		if test "$use_gssapi" = "/usr" -a \
+-		if test "/usr" = "$use_gssapi" -a \
 -			-f /usr/local/lib/libkrb5.a; then
 -		    FIX_KTH_VS_MIT=yes
 -		fi
@@ -79,7 +79,7 @@
  		DNS_GSSAPI_LIBS="$LIBS"
  
  		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using GSSAPI from $use_gssapi/lib and $use_gssapi/include" >&5
-@@ -20477,7 +20419,7 @@ $as_echo "" >&6; }
+@@ -20735,7 +20677,7 @@ $as_echo "" >&6; }
  			# Check other locations for includes.
  			# Order is important (sigh).
  

dns/bind99/pkg-help

@@ -1,13 +1,3 @@
-                            GOST
-If using a chrooted instance of BIND on FreeBSD 8.x and 9.x,
-the OpenSSL engines MUST be accessible from within the chroot.
-If BIND is chrooted in /var/named, this can be achieved by
-either copying content of /usr/local/lib/engines into
-/var/named/usr/local/lib/engines, or by creating that directory
-and adding this line to /etc/fstab:
-/usr/local/lib/engines  /var/named/usr/local/lib/engines nullfs ro 0 0
-
-
                          START_LATE
 Most of the time, BIND needs to start early in the boot
 process.  Enable this if BIND starts too early for you and

dns/bind99/pkg-plist

@@ -1,3 +1,4 @@
+bin/arpaname
 bin/bind9-config
 bin/dig
 bin/host
@@ -124,6 +125,7 @@ include/isc/condition.h
 include/isc/counter.h
 include/isc/dir.h
 include/isc/entropy.h
+include/isc/errno.h
 include/isc/error.h
 include/isc/event.h
 include/isc/eventclass.h
@@ -361,7 +363,6 @@ man/man8/named.8.gz
 man/man8/nsec3hash.8.gz
 man/man8/rndc-confgen.8.gz
 man/man8/rndc.8.gz
-sbin/arpaname
 sbin/ddns-confgen
 %%PYTHON%%sbin/dnssec-checkds
 %%PYTHON%%sbin/dnssec-coverage