DNSSEC patch for BIND

lentferj Jan.Lentfer at web.de
Fri Jan 8 02:41:44 PST 2010


Attached is a patch that *should* enable DNSSEC support in BIND and all
related tools (e.g. dig). According to what I could find out looking at
the
original tarball release from ISC, defining OPENSSL and liking to
libcrypto
should be sufficient, but unfortunatley I have to little knowledge about
DNSSEC that I can actually set up a test environment to check if it is
really working. Maybe someone can jump in here.


Thanks in advance

Jandiff --git a/etc/defaults/make.conf b/etc/defaults/make.conf
index dc8333b..4ede19d 100644
--- a/etc/defaults/make.conf
+++ b/etc/defaults/make.conf
@@ -100,6 +100,7 @@ THREAD_LIB?=	thread_xu
 #
 # To avoid building various parts of the base system:
 #NO_BIND=	true	# do not build BIND
+#NO_BIND_DNSSEC=true	# do not build dnssec support in BIND
 #NO_CRYPT=	true	# do not build crypto code
 #NO_CVS=	true	# do not build CVS
 #NO_GAMES=	true	# do not enter the games subdirectory
diff --git a/lib/libisc/Makefile b/lib/libisc/Makefile
index f75f626..cb23825 100644
--- a/lib/libisc/Makefile
+++ b/lib/libisc/Makefile
@@ -78,6 +78,10 @@ SRCS+=		lwres/context.c lwres/gai_strerror.c lwres/getaddrinfo.c \
 # contrib/bind/include/* must not override any real system includes
 CFLAGS+=	-I${.CURDIR}/../../usr.sbin/named
 CFLAGS+=	-I${.CURDIR}/../../usr.sbin/named/include
+CFLAGS+=	-DUSE_MD5
+.if !defined(NO_CRYPT) && !defined(NO_OPENSSL) && !defined(NO_BIND_DNSSEC)
+CFLAGS+=	-DOPENSSL
+.endif
 
 .if ${MACHINE_ARCH} == "i386"
 CFLAGS+= -I${BIND_DIR}/lib/isc/x86_32/include
diff --git a/share/man/man5/make.conf.5 b/share/man/man5/make.conf.5
index b31a654..2cb0c65 100644
--- a/share/man/man5/make.conf.5
+++ b/share/man/man5/make.conf.5
@@ -344,6 +344,9 @@ Set to build modules with the system instead of the kernel.
 .It Va NO_BIND
 .Pq Vt bool
 Set to not build BIND.
+.It Va NO_BIND_DNSSEC
+.Pq Vt bool
+Set to not build DNSSEC support in BIND.
 .It Va NO_CRYPT
 .Pq Vt bool
 Set to not build crypto code.
diff --git a/usr.bin/dig/Makefile b/usr.bin/dig/Makefile
index a4d1d5c..1cbd0e6 100644
--- a/usr.bin/dig/Makefile
+++ b/usr.bin/dig/Makefile
@@ -17,6 +17,11 @@ CFLAGS+= -I${.CURDIR}/../../usr.sbin/named \
 	-I${BIND_DIR}/lib/bind9/include \
 	-I${BIND_DIR}/bin/dig/include
 
+.if !defined(NO_CRYPT) && !defined(NO_OPENSSL) && !defined(NO_BIND_DNSSEC)
+DPADD+=         ${LIBCRYPTO}
+LDADD+=         -lcrypto
+.endif
+
 .if ${MACHINE_ARCH} == "i386"
 CFLAGS+= -I${BIND_DIR}/lib/isc/x86_32/include
 CFLAGS+= -DISC_PLATFORM_USETHREADS
diff --git a/usr.bin/dnssec-keygen/Makefile b/usr.bin/dnssec-keygen/Makefile
index f6fe1d0..2d69ea6 100644
--- a/usr.bin/dnssec-keygen/Makefile
+++ b/usr.bin/dnssec-keygen/Makefile
@@ -15,4 +15,9 @@ WARNS?=	3
 CFLAGS+= -I${.CURDIR}/../../usr.sbin/named \
 	-I${.CURDIR}/../../usr.sbin/named/include
 
+.if !defined(NO_CRYPT) && !defined(NO_OPENSSL) && !defined(NO_BIND_DNSSEC)
+DPADD+=         ${LIBCRYPTO}
+LDADD+=         -lcrypto
+.endif
+
 .include <bsd.prog.mk>
diff --git a/usr.bin/dnssec-signzone/Makefile b/usr.bin/dnssec-signzone/Makefile
index 06e7529..c141bdf 100644
--- a/usr.bin/dnssec-signzone/Makefile
+++ b/usr.bin/dnssec-signzone/Makefile
@@ -15,4 +15,9 @@ WARNS?=	3
 CFLAGS+= -I${.CURDIR}/../../usr.sbin/named \
 	-I${.CURDIR}/../../usr.sbin/named/include
 
+.if !defined(NO_CRYPT) && !defined(NO_OPENSSL) && !defined(NO_BIND_DNSSEC)
+DPADD+=         ${LIBCRYPTO}
+LDADD+=         -lcrypto
+.endif
+
 .include <bsd.prog.mk>
diff --git a/usr.bin/host/Makefile b/usr.bin/host/Makefile
index e95002e..fbf11a4 100644
--- a/usr.bin/host/Makefile
+++ b/usr.bin/host/Makefile
@@ -18,6 +18,11 @@ CFLAGS+= -I${.CURDIR}/../../usr.sbin/named \
 	-I${BIND_DIR}/lib/bind9/include \
 	-I${BIND_DIR}/bin/dig/include
 
+.if !defined(NO_CRYPT) && !defined(NO_OPENSSL) && !defined(NO_BIND_DNSSEC)
+DPADD+=         ${LIBCRYPTO}
+LDADD+=         -lcrypto
+.endif
+
 .if ${MACHINE_ARCH} == "i386"
 CFLAGS+= -I${BIND_DIR}/lib/isc/x86_32/include
 CFLAGS+= -DISC_PLATFORM_USETHREADS
diff --git a/usr.sbin/named-checkconf/Makefile b/usr.sbin/named-checkconf/Makefile
index 2025a74..ff73bd6 100644
--- a/usr.sbin/named-checkconf/Makefile
+++ b/usr.sbin/named-checkconf/Makefile
@@ -18,4 +18,9 @@ CFLAGS+= -I${.CURDIR}/../../usr.sbin/named \
 	-I${BIND_DIR}/bin/check \
 	-DNAMED_CONFFILE=\"${DESTETC}/named.conf\"
 
+.if !defined(NO_CRYPT) && !defined(NO_OPENSSL) && !defined(NO_BIND_DNSSEC)
+DPADD+=         ${LIBCRYPTO}
+LDADD+=         -lcrypto
+.endif
+
 .include <bsd.prog.mk>
diff --git a/usr.sbin/named-checkzone/Makefile b/usr.sbin/named-checkzone/Makefile
index 0a05af3..67e702f 100644
--- a/usr.sbin/named-checkzone/Makefile
+++ b/usr.sbin/named-checkzone/Makefile
@@ -16,4 +16,9 @@ CFLAGS+= -I${.CURDIR}/../../usr.sbin/named \
 	-I${BIND_DIR}/bin/check \
 	-DNAMED_CONFFILE=\"${DESTETC}/named.conf\"
 
+.if !defined(NO_CRYPT) && !defined(NO_OPENSSL) && !defined(NO_BIND_DNSSEC)
+DPADD+=         ${LIBCRYPTO}
+LDADD+=         -lcrypto
+.endif
+
 .include <bsd.prog.mk>
diff --git a/usr.sbin/named/Makefile b/usr.sbin/named/Makefile
index 681fd06..1e4e286 100644
--- a/usr.sbin/named/Makefile
+++ b/usr.sbin/named/Makefile
@@ -51,6 +51,10 @@ LIBISC:=       ${LIBISCDIR}/libisc.a
 
 DPADD+=         ${LIBISC}
 LDADD+=         ${LIBISC}
+.if !defined(NO_CRYPT) && !defined(NO_OPENSSL) && !defined(NO_BIND_DNSSEC)
+DPADD+=		${LIBCRYPTO}
+LDADD+=		-lcrypto
+.endif
 
 #HTMLS=	acl.html address_list.html comments.html config.html controls.html \
 #	docdef.html example.html include.html index.html key.html \
diff --git a/usr.sbin/nslookup/Makefile b/usr.sbin/nslookup/Makefile
index 4530e42..ca6cf17 100644
--- a/usr.sbin/nslookup/Makefile
+++ b/usr.sbin/nslookup/Makefile
@@ -19,6 +19,11 @@ CFLAGS+= -I${.CURDIR}/../../usr.sbin/named \
 	-I${BIND_DIR}/lib/bind9/include \
 	-I${BIND_DIR}/bin/dig/include
 
+.if !defined(NO_CRYPT) && !defined(NO_OPENSSL) && !defined(NO_BIND_DNSSEC)
+DPADD+=         ${LIBCRYPTO}
+LDADD+=         -lcrypto
+.endif
+
 .if ${MACHINE_ARCH} == "i386"
 CFLAGS+= -I${BIND_DIR}/lib/isc/x86_32/include
 CFLAGS+= -DISC_PLATFORM_USETHREADS
diff --git a/usr.sbin/nsupdate/Makefile b/usr.sbin/nsupdate/Makefile
index e80b9d1..cb62890 100644
--- a/usr.sbin/nsupdate/Makefile
+++ b/usr.sbin/nsupdate/Makefile
@@ -16,6 +16,11 @@ CFLAGS+= -I${.CURDIR}/../../usr.sbin/named \
 	-I${.CURDIR}/../../usr.sbin/named/include \
 	-I${BIND_DIR}/lib/bind9/include 
 
+.if !defined(NO_CRYPT) && !defined(NO_OPENSSL) && !defined(NO_BIND_DNSSEC)
+DPADD+=         ${LIBCRYPTO}
+LDADD+=         -lcrypto
+.endif
+
 .if ${MACHINE_ARCH} == "i386"
 CFLAGS+= -I${BIND_DIR}/lib/isc/x86_32/include
 CFLAGS+= -DISC_PLATFORM_USETHREADS
diff --git a/usr.sbin/rndc-confgen/Makefile b/usr.sbin/rndc-confgen/Makefile
index 77abe71..a7a1abc 100644
--- a/usr.sbin/rndc-confgen/Makefile
+++ b/usr.sbin/rndc-confgen/Makefile
@@ -19,4 +19,9 @@ CFLAGS+= -I${.CURDIR}/../../usr.sbin/named \
 	-DRNDC_CONFFILE=\"${DESTETC}/rndc.conf\" \
 	-DRNDC_KEYFILE=\"${DESTETC}/rndc.key\"
 
+.if !defined(NO_CRYPT) && !defined(NO_OPENSSL) && !defined(NO_BIND_DNSSEC)
+DPADD+=         ${LIBCRYPTO}
+LDADD+=         -lcrypto
+.endif
+
 .include <bsd.prog.mk>
diff --git a/usr.sbin/rndc/Makefile b/usr.sbin/rndc/Makefile
index a854df7..c46352d 100644
--- a/usr.sbin/rndc/Makefile
+++ b/usr.sbin/rndc/Makefile
@@ -21,4 +21,9 @@ CFLAGS+= -I${.CURDIR}/../../usr.sbin/named \
 	-DRNDC_CONFFILE=\"${DESTETC}/rndc.conf\" \
 	-DRNDC_KEYFILE=\"${DESTETC}/rndc.key\"
 
+.if !defined(NO_CRYPT) && !defined(NO_OPENSSL) && !defined(NO_BIND_DNSSEC)
+DPADD+=         ${LIBCRYPTO}
+LDADD+=         -lcrypto
+.endif
+
 .include <bsd.prog.mk>




More information about the Submit mailing list