Fix the location of the default pid file in named.8

Problem pointed out in the PR

PR:             conf/155006
Submitted by:   Helmut Schneider <jumper99@gmx.de>

Update to versions 9.8.0-P4, 9.7.3-P3, and 9.6-ESV-R4-P3.

ALL BIND USERS ENCOURAGED TO UPGRADE IMMEDIATELY

This update addresses the following vulnerabilities:

CVE-2011-2464
=============
Severity:       High
Exploitable:    Remotely

Description:

A defect in the affected BIND 9 versions allows an attacker to remotely
cause the "named" process to exit using a specially crafted packet. This

Upgrade to 9.8.0-P2, which addresses the following issues:

1. Very large RRSIG RRsets included in a negative cache can trigger
an assertion failure that will crash named (BIND 9 DNS) due to an
off-by-one error in a buffer size check.

This bug affects all resolving name servers, whether DNSSEC validation
is enabled or not, on all BIND versions prior to today. There is a
possibility of malicious exploitation of this bug by remote users.

2. Named could fail to validate zones listed in a DLV that validated
insecure without using DLV and had DS records in the parent zone.

Add a patch provided by ru@ and confirmed by ISC to fix a crash at
shutdown time when a SIG(0) key is being used.

Add a patch from ISC that will be in 9.8.1 to handle intermittent
failure of recursive queries involving CNAMEs and previously cached
responses.

Upgrade to version 9.8.0-P1:

Certain response policy zone configurations could trigger an INSIST
when receiving a query of type RRSIG.

https://www.isc.org/CVE-2011-1907

This vulnerability is only possible if you have enable the new RPZ feature.

This is 9.8.0, the first release version in the 9.8 series.

New features versus previous release candidates include:

* There is a new option in dig, +onesoa, that allows the final SOA
  record in an AXFR response to be suppressed. [RT #20929
* There is additional information displayed in the recursing log
  (qtype, qclass, qid and whether we are following the original
  name). [RT #22043]
* Added option 'resolver-query-timeout' in named.conf (max query
  timeout in seconds) to set a different value than the default (30
  seconds). A value of 0 means 'use the compiled in default';
  anything longer than 30 will be silently set to 30. [RT #22852]
* For Mac OS X, you can now have the test interfaces used during
  "make test" stay beyond reboot. See bin/tests/system/README for
  details.

There are also numerous bug fixes and enhancements. See
http://ftp.isc.org/isc/bind9/9.8.0/RELEASE-NOTES-BIND-9.8.html
for more information.

Update to 9.8.0rc1, the latest from ISC:

 * The ADB hash table stores informations about which authoritative
   servers to query about particular domains. Previous versions of
   BIND had the hash table size as a fixed value. On a busy recursive
   server, this could lead to hash table collisions in the ADB cache,
   resulting in degraded response time to queries. Bind 9.8 now has a
   dynamically scalable ADB hash table, which helps a busy server to
   avoid hash table collisions and maintain a consistent query
   response time.

Update to 9.8.0b1, which in addition to DNS64 support also has
the following new features:

* BIND now supports a new zone type, static-stub. This allows the
administrator of a recursive nameserver to force queries for a
particular zone to go to IP addresses of the administrator's choosing,
on a per zone basis, both globally or per view.

* BIND now supports Response Policy Zones, a way of expressing
"reputation" in real time via specially constructed DNS zones. See the
draft specification here:
http://ftp.isc.org/isc/dnsrpz/isc-tn-2010-1.txt

* Dynamically Loadable Zones (DLZ) now support dynamic updates.
Contributed by Andrew Tridgell of the Samba Project.

We need _all_ the fixes from ../bind97

We need the fixes from bind97 for the perl problem here, not bind96

Add a -devel port for 9.8.0a1, which will allow people to experiment
with DNS64. Once 9.8.0 is released officially the -devel tag will be
removed.

BIND version 9 is a major rewrite of nearly all aspects of the underlying BIND
architecture.  Some of the important features of BIND 9 are:

DNS Security: DNSSEC (signed zones), TSIG (signed DNS requests)
IP version 6: Answers DNS queries on IPv6 sockets, IPv6 resource records (AAAA)
     Experimental IPv6 Resolver Library
DNS Protocol Enhancements: IXFR, DDNS, Notify, EDNS0
     Improved standards conformance
Views: One server process can provide multiple "views" of the DNS namespace,
     e.g. an "inside" view to certain clients, and an "outside" view to others.
Multiprocessor Support

BIND 9.8 includes a number of changes from BIND 9.7 and earlier releases,
including:
        Preliminary DNS64 support (AAAA synthesis only initially)

See the CHANGES file for more information on features.

WWW: https://www.isc.org/software/bind