dns/nsd: Update 4.10.0 → 4.10.1

The fallback parser, used on systems that lack SSE4.2 and AVX2 instruction
sets, contained some bugs with regards to state keeping and under certain
circumstances a use after free bug was encountered in buffer management.

News:
https://nlnetlabs.nl/news/2024/Aug/02/nsd-4.10.1-released/
Changelog:
https://nlnetlabs.nl/projects/nsd/download/#nsd-4-10-1
https://github.com/NLnetLabs/nsd/releases/tag/NSD_4_10_1_REL

While here:
- remove GNU_CONFIGURE_MANPREFIX;
- remove NSDMAX_IPS?=512 - it has not been used for 9 years:
https://cgit.freebsd.org/ports/commit/?id=2aec7160bb627488d8aa78ecfd99d87676b52204

PR:	280589
MFH:	2024Q3

dns/nsd: Update to 4.10.0

ChangeLog: https://nlnetlabs.nl/news/2024/Jun/13/nsd-4.10.0-released/

 * Merge #278: Replace Flex+Bison based zone parser with simdzone.
    Performance of loading zones and IXFRs is greatly improved by using
    the simdzone project by NLnet Labs. The optimized presentation
    format parser leverages SIMD instructions in modern CPUs to improve
    throughput. Right now SSE4.2 and AVX2 instruction sets are
    supported, other instruction sets will use the fallback
    implementation, which still is a decent improvement over the
    Flex+Bison based parser.

BUG FIXES:
 * Fix that when the server truncates the pidfile, it does not follow

dns/nsd: Update version 4.8.0=>4.9.1

Changelog : https://nlnetlabs.nl/news/2024/Apr/04/nsd-4.9.1-released/

PR:		278146
Reported by:	zarychtam@plan-b.pwste.edu.pl
Approved by:	submitter is maintainer

dns/nsd: Moved man to share/man

Approved by:    portmgr (blanket)

dns/nsd: Update to nsd-4.8.0

PR:		275572
Changes:	https://nlnetlabs.nl/news/2023/Dec/06/nsd-4.8.0-released/

dns/nsd: Update to 4.7.0

ChangeLog: https://www.nlnetlabs.nl/news/2023/Jun/07/nsd-4.7.0-released/

4.7.0
================
FEATURES:
- Merge #263: Add bash autocompletion script for nsd-control.
- Fix #267: Allow unencrypted local operation of nsd-control.
- Merge #269 from Fale: Add systemd service unit.
- Fix #271: DNSTAP over TCP, with dnstap-ip: "127.0.0.1@3333".
- dnstap over TLS, default enabled. Configured with the
  options dnstap-tls, dnstap-tls-server-name, dnstap-tls-cert-bundle,
  dnstap-tls-client-key-file and dnstap-tls-client-cert-file.

dns/nsd: Update to 4.6.1

ChangeLog:	https://www.nlnetlabs.nl/news/2022/Nov/10/nsd-4.6.1-released/
PR:		267740
MFH:		2022Q4 (bugfixes)

Remove WWW entries moved into port Makefiles

Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.

This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.

Approved by:		portmgr (tcberner)

Add WWW entries to port Makefiles

It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.

Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.

There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.

dns: remove 'Created by' lines

A big Thank You to the original contributors of these ports:

  *  Aaron Dalton <aaron@FreeBSD.org>
  *  Akinori MUSHA aka knu <knu@idaemons.org>
  *  Alex Samorukov <samm@freebsd.org>
  *  Alexey Dokuchaev <danfe@FreeBSD.org>
  *  Allan Jude <allanjude@freebsd.org>
  *  Amar Takhar <verm@drunkmonk.net>
  *  Anders Nordby <anders@fix.no>
  *  Andrew Greenwood <greenwood.andy@gmail.com>
  *  Anton Berezin <tobez@FreeBSD.org>
  *  Ashish SHUKLA <ashish@FreeBSD.org>
  *  Attila Nagy <bra@fsn.hu>

dns/nsd: update to 4.6.0

Changes: https://www.nlnetlabs.nl/news/2022/Jun/30/nsd-4.6.0-released/

PR:	264961

dns/nsd: Update to 4.5.0

Changes:	https://www.nlnetlabs.nl/news/2022/May/13/nsd-4.5.0-released/

This release fixes a couple of minor bugs and adds IXFR out
functionality. With this functionality NSD can respond to IXFR queries
and serve IXFR transfers downstream.

It is default disabled, that means it does not store IXFR contents for
zones by default. The response on the wire is different, also with IXFR
disabled, because it is now supported, and thus also for those zones a
reply is served, that no differential data is available.

FEATURES:
- Merge PR #209: IXFR out

dns/nsd: Update version 4.3.9=>4.4.0

- Pet portclippy

This release changes the memory allocation for outgoing zonetransfers,
and this reduces the memory footprint. The defaults for the amounts are
the same as before, but there are config options to configure the memory
usage. There are also bug fixes.

4.4.0
================
FEATURES:
- Merge #193: Lower memory usage of the XFRD process by default.
  Instead of preallocating all elements, they are allocated when used.
  There are options for managing the memory usage, defaults are the

dns/nsd: Update to 4.3.9

Changes: https://www.nlnetlabs.nl/news/2021/Dec/09/nsd-4.3.9-released/

PR:	260362

dns/nsd: Update to 4.3.8

Changes: https://www.nlnetlabs.nl/news/2021/Oct/12/nsd-4.3.8-released/

PR:	259098

dns/nsd: Update to 4.3.7

Changes: https://www.nlnetlabs.nl/news/2021/Jul/22/nsd-4.3.7-released/

PR:	257413

dns/nsd: Fix build without IPv6

PR:		254874
Reported by:	r00t@kaba1ah.org
Tested by:	r00t@kaba1ah.org

dns/nsd: Update to 4.3.6

Changelog https://nlnetlabs.nl/news/2021/Apr/06/nsd-4.3.6-released/

PR:		254850
Reviewed by:	daniel.engberg.lists@pyret.net
Approved by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

all: Remove all other $FreeBSD keywords.

Remove # $FreeBSD$ from Makefiles.

dns/nsd: Update 4.3.4 -> 4.3.5

This release fixes a number of bugs.  It fixes a number of corner
case differences for the output more similar to Bind.  The configure
sources are compatible with the new autoconf 2.70.

PR:		253026
Submitted by:	jaap@NLnetLabs.nl (maintainer)

dns/nsd: Security update to 4.3.4

PR:		251530
Submitted by:	Jaap Akkerhuis <jaap nlnetlabs nl> (maintainer)
Approved by:	maintainer (implicit)
MFH:		2020Q4
Security:	388ebb5b-3c95-11eb-929d-d4c9ef517024

dns/nsd: update 4.3.2 -> 4.3.3

This release contains the DNS Flag Day 2020 fixes.  This sets the
default EDNS buffer size to 1232, that should reduce fragmentation.
https://dnsflagday.net/2020/

There is a new feature where it is possible to list an interface by
name.  This pulls in the IP addresses associated with the interface
at server start.

FEATURES:
- Follow DNS flag day 2020 advice and
  set default EDNS message size to 1232.
- Merged PR #113 with fixes.  Instead of listing an IP-address to
  listen on, an interface name can be specified in nsd.conf, with

dns/nsd: Upgrade to version 4.3.2

PR:		247973
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

dns/nsd: update 4.3.0 -> 4.3.1

BUG FIXES:
- Fix #70: error: 'fd_set' undeclared.
- Fix #71: error: 'for' loop initial declaration used outside C99
  mode.
- Fix to move declarations out of for loops in event test too.
- Fix #76: cpuid typedef for Hurd, DragonflyBSD compile.
- Fix #75: configure test for sched_setaffinity, and use
  cpuset_setaffinity otherwise.  Also test for presence of sysconf.
- Fix #74: GNU Hurd fix cast from pointer to integer of different size.
- Fix for #74, #75: cpuset test for header contents and provide code.
- Fix #78: Fix SO_SETFIB error on FreeBSD.
- Merge PR #83 from noloader: Fix GNU HURD sched_setaffinity compile.
- Fix #80: NetBSD and implicit declaration of reallocarray.

dns/nsd: fix startup

- see also: https://github.com/NLnetLabs/nsd/issues/78

PR:		244904
Submitted by:	ume
Approved by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

dns/nsd: upgrade 4.2.4 -> 4.3.0

This port incorporates also the proposed bug fix at bug #242367

Major changes:

This release adds cpu affinity.  By pinning a server process to a
specific cpu, having a separate network card also for that cpu, and
an interface address also for that server process, the throughput is
increased.  This increases performance of the nameserver.

Sparse TSIG signing support is removed, to comply with the latest tsig
standard update draft.

There is a feature to drop update queries, with opcode UPDATE,

dns/nsd: Update to 4.2.4

PR:		242545
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl>  (maintainer)

Update to 4.2.3

PR:		242102
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by:	Netzkommune GmbH

Drop the ipv6 virtual category for d* category as it is not relevant anymore

Update to 4.2.2

Changelog: https://github.com/NLnetLabs/nsd/releases/tag/NSD_4_2_2_REL

PR:		239964
Reported by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
MFH:		2019Q3
Security:	56778a31-c2a1-11e9-9051-4c72b94353b5
Sponsored by:	Netzkommune GmbH

Convert to UCL & cleanup pkg-message (categories d)

devel/libevent2: update to 2.1.11

Changes:	https://github.com/libevent/libevent/releases/tag/release-2.1.11-stable
ABI:		https://abi-laboratory.pro/tracker/timeline/libevent/
PR:		239599
Reported by:	GitHub (watch releases)
Approved by:	zeising (maintainer)
MFH:		2019Q3 (maybe security, partially restores 2.1.8 ABI)
Differential Revision:	https://reviews.freebsd.org/D21133

dns/nsd: Upgrade to version 4.2.1

PR:		239069
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

dns/nsd: update to 4.2.0

PR:		238498
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

dns/nsd: Update to 4.1.27

PR:		236785
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl>
MFH:		2019Q2

dns/nsd: Fix build with DNSTAP option enabled

PR:		233890
Submitted by:	jaap@NLnetLabs.nl (maintainer)
Reported by:	r00t@kaba1ah.org

dns/nsd: Update to 4.1.26

While here, pet portlint

PR:		233797
Submitted by:	jaap@NLnetLabs.nl (maintainer)

- Update to 4.1.25

PR:		231878
Submitted by:	jaap@NLnetLabs.nl(maintainer)

dns/nsd: Update to 4.1.24

PR:		230591
Submitted by:	jaap@NLnetLabs.nl (maintainer)

dns/nsd upgrade to version 4.1.23

PR:		230182
Submitted by:	jaap@NLnetLabs.nl (maintainer)

dns/nsd: upgrade to version 4.1.22

PR:		228883
Submitted by:	jaap@NLnetLabs.nl (maintainer)

Update to 4.1.21

PR:		228272
Submitted by:	maintainer

dns/nsd: Update to 4.1.20

This release fixes memory leaks when reading zonefiles
and processing zone transfers.

4.1.20
================
BUG FIXES:
- Fix memory leak in zone file read of unknown rr formatted RRs.
- Fix memory leak when rehashing nsec3 after axfr or zonefile read,
  in the selectively allocated precompiled nsec3 hashes.

Also changed to DISTVERSION

Submitted by:	jaap@NLnetLabs.nl (maintainer)
Approved by:	tcberner (mentor, implicit)

dns/nsd: Update to 4.1.19

PR:		224243
Submitted by:	jaap@NLnetLabs.nl (maintainer)

dns/nsd: update 4.1.17 -> 4.1.18

This release has features for saving memory and faster notification.
With --enable-packed, 33% memory savings could be had, or something
along that size.  Notification of secondary servers happens in parallel,
and has faster timeouts.  More sockets are used for zone transfers.
This speeds up communication with a larger set of servers.  Additionally
a bug is fixed for dual-loaded parent-and-child zone configured at the
same time, when one of the zones has not loaded properly.

FEATURES:
- xfr-inspect, it is not installed, it prints xfr files from /tmp
  made with 'make xfr-inspect' in the source dir.
- retry timeout between sending notifies dropped from 15 to 3 sec.
- NSD sends 16 notifies simultaneously.

dns/nsd: Update to 4.1.17

Features:
- zone parser parses type AVC (it has TXT format).
- Fix #1272: use writev to put tcp length field with data for outgoing
  zone transfer requests.

Bugfixes:
- Fix potential null pointer in nsec3 adjustment tree.
- Fix text format of deletes for CDS and CDNSKEY, single 0 to represent
  empty base64 or hex string.

PR:		220939
Submitted by:	jaap@NLnetLabs.nl (maintainer)

dns/nsd: update 4.1.15 -> 4.1.16

features:
- zone parser can parse acronyms for algorithms ED25519 and ED448.
- Fix 1243: Option to make NSD emit really minimal responses,
  minimal-responses: yes in nsd.conf.

bug fixes:
- Calculate new udb index after growing the array, fix from
  Chaofeng Liu.
- Fix missing _t to _type conversion for disable-radix-tree option.
- Printout serial error with hint it may be too big.
- Fix 1228: OpenSSL include is not guarded with HAVE_SSL
- Patch for expire state in multi-master when masters includes
  broken master, from Manabu Sonoda.
- minor manpage fix.

PR:		218873
Submitted by:	jaap@NLnetLabs.nl (maintainer)

dns/nsd: Fix missing _t to _type conversion for disable-radix-tree option

- Noting NSD changelog, recent update renamed _t typedefs because POSIX
  reserves them. The 4.1.15 update missed a few conversion.
- Unbreak RADIXTREE. No PORTREVISION change as port would not have built.

PR:		217640
Reported by:	Max Kostikov <max@kostikov.co>
Submitted by:	w.schwarzenfeld@utanet.at (the suggested diff)
		jaap@NLnetLabs.nl (maintainer - the port patch)
Obtained from:	nsd svn r4741

dns/nsd: update 4.1.14 -> 4.1.15

PR:		217537
Submitted by:	jaap@NLnetLabs.nl (maintainer)

devel/libevent2: drop historical suffix after r362796

PR:		216777
Approved by:	mm (maintainer)

devel/libevent2: update to 2.1.8 and cleanup

- DEFAULT_VERSIONS += ssl=openssl-devel is now supported
- devel/py-event and devel/p5-Event-Lib are marked BROKEN

Changes:	https://github.com/libevent/libevent/raw/release-2.1.8-stable/whatsnew-2.1.txt
Changes:	https://github.com/libevent/libevent/raw/release-2.1.8-stable/ChangeLog
PR:		216527
Exp-run by:	antoine
Approved by:	mm (maintainer)

Update to 4.1.14

PR:		215144
Submitted by:	jaap@NLnetLabs.nl (maintainer)

Update to version 4.1.13

SUMMARY:
Some features, such as multi master check option that does not upgrade
from the first master that answers, but picks the best one.
Additional section handling for type SRV. And bug fixes.

FEATURES:
- multi-master-check: yes can be used to check all masters for the
  last version, using the higher version from the configured masters,
  from Manabu Sonoda.
- Support RR type OPENPGPKEY from RFC 7929.
- Can config key algorithms with the digest name, eg. 'sha256'.
- configure --disable-radix-tree for about 15% lower memory usage.
- for type SRV add A/AAAA to the additional section (if possible),

Update to 4.12.

Release note:
  Fix malformed edns query assertion failure, reported
  by Michal Kepien (NASK)

PR:		ports/212327
Submitted by:	maintainer (jaap NLnetLabs nl)
MFH:		2016Q3

 Add profiles to nsd init script.

PR:		211883
Submitted by:	lev
Approved by:	jaap@NLnetLabs.nl

dns/nsd: update 4.1.10 -> 4.1.11

- Restore configurable IPV6 option. Upstream integrated fix for issue.

- FEATURES:
* When tcp is more than half full, use short timeout for tcp session.
* Patch for {max,min}-{refresh,retry}-time from YAMAGUCHI Takanori.
* Fix #790: size-limit-xfr can stop NSD from downloading infinite zone transfer
  data size, from Toshifumi Sakaguchi.
  Fixes CVE-2016-6173 JVN#63359718 JPCERT#91251865.
- BUGFIXES:
* Fix build without IPv6, patch from Zdenek Kaspar.
* Fix #783: Trying to run a root server without having configured it silently
  gives wrong answers.
* Fix #782: Serve DS record but parent zone has no NS record.
* Fix nsec3 missing for nsec3 signed parent and child for DS at zonecut.

PR:		211693
Submitted by:	jaap@NLnetLabs.nl (maintainer)
Security:	CVE-2016-6173
Security:	https://vuxml.FreeBSD.org/freebsd/7d08e608-5e95-11e6-b334-002590263bf5.html
MFH:		2016Q3

dns/nsd: Remove IPv6 option, fixes build

Remove the IPv6 option that is causing builds to fail when it is
disabled. The issue does not affect package users, as it was a default
option.

The issue has been fixed upstream [1] and will be included/renabled
in the next version update.

While I'm here:

* Switch to USES=ssl
* Add --enable-ipv6 in CONNFIGURE_ARGS to ensure it's explicitly enabled

[1] https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=800

PR:		211303
Reported by:	<vfx9as gmail com>
Approved by:	maintainer <jaap NLnetLabs nl>
MFH:		2016Q3

dns/nsd: update to 4.1.10

- turn on IPV6 option by default

PR:		210276
Submitted by:	jaap@NLnetLabs.nl (maintainer)

Remove NLS, DOCS, EXAMPLES and IPV6 from OPTIONS_DEFAULT, they are enabled by
default anyway and don't need to be listed

Approved by:	portmgr blanket

- Fix trailing whitespace in pkg-messages

Approved by:	portmgr blanket

Remove ${PORTSDIR}/ from dependencies, categories d, e, f, and g.

With hat:	portmgr
Sponsored by:	Absolight

- update to 4.1.9

BUG FIXES:
- Change the nsd.db file version because of nanosecond precision fix.

Approved by:    jaap@NLnetLabs.nl (maintainer)
PR:             208043
MFH:            2016Q1

- update to 4.1.8
- add ability to build agains openssl or libressl from ports
- add MUNIN_PLUGIN_IMPLIES= BIND8_STATS
- use @sample macro in pkg-plist for nsd.conf
- s/exec/postexec/ pkg-plist

FEATURES:
- #732: tcp-mss, outgoing-tcp-mss options for nsd.conf, patch
  from Daisuke Higashi.
- #739: zonefile changes when mtime is small are detected on reload,
  if filesystem supports precision mtime values.
- RR type CSYNC (RFC7477) syntax is supported.

BUG FIXES:
- take advantage of arc4random_uniform if available, patch from
  Loganaden Velvindron.
- Fix flto check for OSX clang.
- Define _DEFAULT_SOURCE with _BSD_SOURCE for glibc 2.20 on Linux.
- Fix #736: segfault during zone transfer.
- Fix #744: Fix that NSD replies for configured but unloaded zone
  with SERVFAIL, not REFUSED.

PR:		207951
Submitted by:	jaap@NLnetLabs.nl (maintainer)
MFH:		2016Q1

- Fix a typo

PR:		205373
Submitted by:	TEUBEL Gyorgy
Approved by:	mat (mentor), maintainer
Differential Revision:	D4604

- Update to 4.1.7
- Switch to options helper

PR:		205292
Submitted by:	maintainer
Approved by:	mat (mentor)
Differential Revision:	D4579

Update to 4.1.6

Major Bug Bug Fixes:
- This release fixes segfault after start when many interfaces are in use.
- This version returns the EDNS bad version response with the AD flag
  unset for improved conformance.

Minor Buf Fixes:
- Fix #701: Fix that AD=1 set in a BADVERS response.
- Fix typo in zonec.c inside error message.
- Fix #711: Document that debug-mode yes is used for staying
  attached to the supervisor console.
- Document verbosity 3 prints more information.
- nsd-checkconf warns for master zones with no zonefile statement.
- Fix start failure when many file descriptors are in use.
- The servfail rcode is not printed with a space in the middle.
- print failed token for config syntax error or parse error.

PR:		204533
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by:	DK Hostmaster A/S

Upgrade from 4.1.3 to version to 4.1.5 (includes up 4.1.4)

FEATURES:
- RFC7553 RR Type URI support.
- removed hardcoded interface limit, --with-max-ips removed.
- Admitted axfrs are logged at verbosity 1. Refused at verbosity 2.

Major BUG FIXES:
- Fix NSID response for short edns sizes.
- Fix that for expired zones NSD performs an AXFR and accepts newer
  and older serial numbers.

PR:		203231
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by:	DK Hostmaster A/S

Update to 4.1.3

PR:		201261
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by:	DK Hostmaster A/S

- Add option to install Munun plugin

PR:		199798
Submitted by:	tgyurci@gmail.com
Approved by:	maintainer timeout

- Add CPE info

Approved by:	portmgr blanket

Update to 4.1.2
- Logging improvements
- Zone parser bug fixes
- Integer overflow bug fixes

PR:		199462
Submitted by:	Jaap Akkerhuis <jaap@nlnetlabs.nl> (maintainer)

update to 4.1.1

Major Features:

- RFC 7344: CDS and CDNSKEY (read record types).
- per zone statistics with --enable-zone-stats
- Disabled use of SSLv3 in nsd-control.
- Synthesize CNAMEs with same TTL as DNAME.
- nsd-checkconf -f prints out full name of pidfile (with dir). [1]

PR:		197291,
		196449 [1]
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl>,
		Adam Zaleski <adam@zaleski.org> [1]

- use new @dir macros to create empty folders

Cleanup plist

Chase r369850 for updated nsd user information

- Update to 4.1.0
- Use nsd instead of bind user

This release has new features and bugfixes.  In nsd.conf you can
configure database: "" this makes NSD not use the large mmapped nsd.db
file, but instead read and write the zonefiles in text format, which
saves about 50% of the memory usage.  Also zonefile reading and
writing has been optimised to be faster, as well as processing time
for zone transfers.  NSD writes the (changed) zonefiles every hour.

The new nsd-checkzone tool reports if a zonefile parses so you can check
it before reading it into the daemon.

A bug is fixed where NSD 4 causes rising load average and memory
consumption on Linux systems, which is caused by a bug in Linux that
slowly deteriorates system performance by repeated recursive forks.

Full release notes:
http://open.nlnetlabs.nl/pipermail/nsd-users/2014-September/002007.html

PR:		193332
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Sponsored by:	DK Hostmaster A/S

Only use libevent2

Remove libevent as libevent2 is providing a good compatibility interface as well
as providing better performances.
Remove custom patches from libevent2 and install libevent2 the regular way
Mark ports abusing private fields of the libevent1 API as broken
Import a patch from fedora to have honeyd working with libevent2
Remove most of the patches necessary to find the custom installation we used to
have for libevent2

With hat:	portmgr

- Update to 4.0.3

PR:		ports/187596
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

- remove pre-patch delay
- remove PKG-INSTALL from post-install (not used with staging)
- move pkg-install and pkg-deinstall into pkg-plist

Approved by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer, per PM)

Prefer CONFIGURE_ENABLE over CONFIGURE_ON/OFF

Suggested by:	mat@

- Fix man installation after port was stagified [1]
- Convert LIB_DEPENDS to new format [1]
- Remove leading article from COMMENT
- Switch to options helpers
- Conditional installation of docs is not needed with stage
- Don't show pkg-message twice

PR:		ports/186693 [1]
Submitted by:	Denis Generalov <gd.workbox@gmail.com>
Approved by:	maintainer

There was a wrong rc script in the port preventing the daemon to run.

Added STAGING support

Added LICENSE (NSD3CLAUSE) statement

Other small changes to make portlint more happy

PR:		186631
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

- Update to 4.0.1
- Cleanup rc script

FEATURES:
- recognizes ip-address and interface as synonyms for convenience.
- Support for EUI48 and EUI64 RR types enabled by default (RFC 7043).
- Support for CAA RRtype (RFC 6844).
- NSID can be set with "ascii_somestring" in ascii.

BUG FIXES:
- Fix xfrd when zone transfer TCP contains zero length packets.
- Fix for NSEC3 zones where parent zone is co-hosted, also NSEC3,
because AXFRs overwrote nsec3 administration in the child zone.
- Fix that bad IXFR updates do not result in double SOA records,
and that an AXFR is started (attempted) when the zone state seems

Please welcome NSD 4.0.0

For all new features, see
http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_0_0_REL/doc/NSD-4-features

This version replaces the nsdc control program with nsd-control.
This requires some manual setup with nsd-control-setup and editing
of the config files. nsd-control is incompatible with nsdc so when
that is used in scripts, these should be adapted.

NSD 3 is still supported as dns/nsd3.

PR:		183888
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl>

Add NO_STAGE all over the place in preparation for the staging support (cat:
dns)

- Update to version 3.2.16
- Add EUI_RRTYPES option

While here:
- Remove leading article from COMMENT
- Convert tab to space in WWW: line

PR:		ports/180741
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

- Add multi-instance support

PR:		ports/176156
Submitted by:	Darren Pilgrim <darren.pilgrim@gmail.com>
Approved by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

- Update to 3.2.15

Features
* Support for ILNP RR types: NID, L32, L64, LP (RFC6742).
* RRL, --enable-ratelimit at configure time and config options.
* TSIG initialization only fails when there is no digest found at all.
Bugfixes
* Bugfix #478: Declaration after statement (for gcc 2.95).
* Bugfix #483: Better error message in case of TSIG error.
* Bugfix #485: TTL should not be greater than 2^31 - 1.
* Fix RCODE when CNAME loop final answer does not exist,
should return NXDOMAIN as stated by RFC 6604.
* Fix --disable-full-prehash bug, where after multiple incoming IXFRs,
NSEC3 can be removed unjustified.

PR:		175837
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

- Update to 3.2.14
- Trim header

Changes:
  * Bugfixes
  * New Feature: Use of writev, to improve TCP response time

PR:		ports/173261
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Feature safe:	yes

Fix typo in options handling.

PR:		ports/170794
Submitted by:	Artis Caune <Artis.Caune@gmail.com>
Approved by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Approved by:	eadler (mentor)

- Update to 3.2.13
- Cleanup whitespace
- Document vulnerability in dns/nsd (CVE-2012-29789)

PR:		ports/170208
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Security:	17f369dc-d7e7-11e1-90a2-000c299b62e1

Update to 3.2.12

BUG FIXES:
- Fix for VU#624931 CVE-2012-2978: NSD denial of service
vulnerability from non-standard DNS packet from any host
on the internet.

PR:		ports/170001
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Security:	CVE-2012-2978

- Fix LARGEFILE option typo that resulted in largefile support being
  constantly disabled.

PR:		ports/169952
Spotted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Approved by:	flo (mentor)

- Update to 3.2.11 [1]
- Convert to optionsNG, add DOCS option
- Replace bsd.port.{pre,post}.mk includes
- Remove non-existent DNSSEC, TSIG, NSID options
- Fix typo in NSEC3PREHASH option CONFIGURE_ARGS
- Replace hardcoded ETCDIR in pkg-plist

PR:		ports/169731 [1]
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Approved by:	flo (mentor)

- Update to 3.2.10

PR:             ports/165185
Submitted by:   Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)

In the rc.d scripts, change assignments to rcvar to use the
literal name_enable wherever possible, and ${name}_enable
when it's not, to prepare for the demise of set_rcvar().

In cases where I had to hand-edit unusual instances also
modify formatting slightly to be more uniform (and in
some cases, correct). This includes adding some $FreeBSD$
tags, and most importantly moving rcvar= to right after
name= so it's clear that one is derived from the other.

- Remove post-install check to conditionally run 'nsdc patch'

Submitted by:   me
Approved by:    Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Feature safe:   yes

- Update to 3.2.9

PR:             162782
Submitted by:   Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Feature safe:   yes

 - update to version 3.2.8

 Bugfixes:
    Do setusercontext before chroot, otherwise login.conf etc. are required
inside chroot.
    Bugfix #216: Fix leak of compressiontable when the domain table increases in
size.
    Bugfix #348: Don't include header/library path if OpenSSL is in /usr.
    Bugfix #350: Refused notifies should log client ip.
    Bugfix #352: Fix hard coded paths in man pages.
    Bugfix #354: The realclean target deletes a bit too much.
    Bugfix #357, make xfrd quit with many zones.
    Bugfix #362: outgoing-interface and v4 vs. v6 leads to spurious warning
messages.
    Bugfix #363: nsd-checkconf -v does not print outgoing-interface ok.
    Bugfix: nsd-checkconf -o outgoing-interface omits NOKEY.
    Undo Bugfix #235: Don't skip dname compression, messes up packets that do
need compression.

PR:             ports/155785
Submitted by:   Jaap Akkerhuis <jaap _at_ nlnetlabs.nl> (maintainer)