7017965 Integrate BIND in to userland consolidation
authorStacey Marshall <Stacey.Marshall@Oracle.COM>
Tue, 10 May 2011 23:37:02 +0100
changeset 224 b0ca638fab1b
parent 223 b9246653129d
child 225 2f3e03a69313
7017965 Integrate BIND in to userland consolidation 7032027 Bind validation issues with initial .com DNSSEC records
components/bind/Makefile
components/bind/Solaris/dns-server.sh
components/bind/Solaris/migration.txt
components/bind/Solaris/server.xml
components/bind/bind.license
components/bind/bind.p5m
components/bind/bindc.p5m
components/meta-packages/history/SUNWbind.p5m
components/meta-packages/history/SUNWbindc.p5m
make-rules/shared-macros.mk
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/bind/Makefile	Tue May 10 23:37:02 2011 +0100
@@ -0,0 +1,159 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+#
+include ../../make-rules/shared-macros.mk
+
+COMPONENT_NAME=		bind
+COMPONENT_VERSION=	9.6-ESV-R4
+IPS_COMPONENT_VERSION=	9.6.3.4
+COMPONENT_SRC=		$(COMPONENT_NAME)-$(COMPONENT_VERSION)
+COMPONENT_ARCHIVE=	$(COMPONENT_SRC).tar.gz
+COMPONENT_PROJECT_URL=	"http://www.isc.org/software/bind"
+
+# hash from: sha1sum $(COMPONENT_ARCHIVE) | sed 's/\(.[^ ]*\).*/sha1:\1/'
+COMPONENT_ARCHIVE_HASH=	sha1:b78c6431caca2ddb9aba1c8f80dc5e3a725a4756
+COMPONENT_ARCHIVE_URL=	\
+	http://ftp.isc.org/isc/bind9/$(COMPONENT_VERSION)/$(COMPONENT_ARCHIVE)
+
+include ../../make-rules/prep.mk
+include ../../make-rules/configure.mk
+include ../../make-rules/ips.mk
+
+# Build.
+#
+# FYI, The configure options are displayed by 'named -V'.  Previously
+# that was overriden by setting CONFIGARGS to hide build server
+# pathnames.
+
+# Traditionally all BIND executables are installed in sbin not bin.
+# DNS libraries are in usr/lib/dns - Override settings from configure.mk
+CONFIGURE_BINDIR.32 =	$(CONFIGURE_PREFIX)/sbin
+CONFIGURE_LIBDIR.32 =	$(CONFIGURE_PREFIX)/lib/dns
+
+CONFIGURE_OPTIONS +=	--with-libtool
+CONFIGURE_OPTIONS +=	--sbindir=$(CONFIGURE_BINDIR.$(BITS))
+CONFIGURE_OPTIONS +=	--sysconfdir=/etc
+CONFIGURE_OPTIONS +=	--localstatedir=/var
+CONFIGURE_OPTIONS +=	--with-openssl
+CONFIGURE_OPTIONS +=	--enable-threads=yes
+CONFIGURE_OPTIONS +=	--enable-devpoll=yes
+CONFIGURE_OPTIONS +=	--disable-openssl-version-check
+CONFIGURE_OPTIONS +=	--enable-fixed-rrset
+CONFIGURE_OPTIONS +=	--disable-getifaddrs
+CONFIGURE_OPTIONS +=	--with-pkcs11
+
+CONFIGURE_OPTIONS +=	CFLAGS="$(CFLAGS)"
+# Configure will add "-mt" to CC which is already set in CFLAGS, so override.
+CONFIGURE_OPTIONS +=	CC="$(CC)"
+
+.PHONY: build
+build:		$(BUILD_32)
+
+include ../../make-rules/shared-targets.mk
+
+# Install.
+#
+# Currently manual pages are distributed from pkg:/system/[email protected]
+# While there are some changes in our manuals, for example section
+# numbering and additions to named(1M) for SMF - that could be fixed
+# by patch.
+#
+# In addition to BIND deliverables we also deliver SMF files and
+# migration notes.  There is no need to install these extras into the
+# prototype directory, they are simply referenced in relevant manifest
+# (p5m) file.
+
+.PHONY: install
+install: $(INSTALL_32)
+
+# Testing.
+#
+# sumarize nawk script; reads ISC output which is of the form:
+# /^T:/ = Start of a test.
+# /^I:/ = Info from a test;  colleced for possible use later.
+# /^A:/ = About: summary of the test - not used here.
+# /^R:/ = Result: If 'PASS' then continue, else print line and collected info.
+# Known issues may then be accounted for.
+# @ EOF = Display count of RESULTS: i.e. R:PASS=124 R:UNTESTED=26 Total=150
+# if not 100% pass rate and issue is not known the word 'issues!' is appended
+# to resulting string.
+summarize=	'\
+		/^T:/ {name=$$0;info="";}\
+		/^I:/ {info=sprintf("%s%s\n", info, $$0);}\
+		/^R:/ {test++; result[$$1]++;}\
+		/^R:PASS/ {next;}\
+		/^R:/ {printf("%s: %s\n%s\n", $$1, name, info);}\
+		/^R:UNTESTED/ && name ~ /^T:dst:2:A/ {known++;}\
+		/^R:UNRESOLVED/ && name ~ /^T:dst:1:A/ {known++;}\
+		END{for (item in result)\
+				printf("%s=%d ", item, result[item]);\
+			printf("(known=%d) Total=%d%s\n", known, test, \
+				((result["R:PASS"] + known) < test)? \
+				" issues!" : "");\
+		}'
+
+isc_ifconfig=	./bin/tests/system/ifconfig.sh
+
+.PHONY: test
+test: build $(TEST_32)
+
+# fulltest requires sufficient privileges to configures IP addresses
+# 10.53.0.1 through 10.53.0.5 as aliases on the loopback interface.
+FULL_TEST_32=	$(TEST_32:%=%_FULL)
+
+.PHONY: fulltest
+fulltest: build $(FULL_TEST_32)
+
+$(FULL_TEST_32):
+	cd $(COMPONENT_SRC) && $(SHELL)  $(isc_ifconfig) up
+	-cd $(@D) && $(MAKE) test 2>&1 | $(TEE) [email protected]
+	cd $(COMPONENT_SRC) && $(SHELL) $(isc_ifconfig) down
+	$(NAWK) $(summarize) [email protected]
+
+$(TEST_32):
+	-cd $(@D) && $(MAKE) test 2>&1 | $(TEE) [email protected]
+	$(NAWK) $(summarize) [email protected]
+
+# test-summary shows summary for targets test and fulltest. Use target
+# test-clean to remove previous tests.
+.PHONY: test-summary
+test-summary:
+	@for file in $(TEST_32)*; do \
+		if [ -f $$file ]; then \
+			echo 'Summary for' $$file;\
+			$(NAWK) $(summarize) $$file;\
+			fi;\
+		done
+
+.PHONY: test-version
+test-version:
+	@echo;echo 32 bit version
+	-LD_LIBRARY_PATH=$(PROTO_DIR)$(CONFIGURE_LIBDIR.32) \
+		$(PROTO_DIR)$(CONFIGURE_BINDIR.32)/named -V
+
+.PHONY: test-clean
+test-clean:
+	$(RM) $(TEST_32) $(FULL_TEST_32)
+
+BUILD_PKG_DEPENDENCIES =	$(BUILD_TOOLS)
+
+include ../../make-rules/depend.mk
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/bind/Solaris/dns-server.sh	Tue May 10 23:37:02 2011 +0100
@@ -0,0 +1,138 @@
+#!/sbin/sh
+
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
+#
+
+# smf_method(5) start/stop script required for server DNS
+
+. /lib/svc/share/smf_include.sh
+
+result=${SMF_EXIT_OK}
+
+# Read command line arguments
+method="$1"		# %m
+instance="$2" 		# %i
+
+# Set defaults; SMF_FMRI should have been set, but just in case.
+if [ -z "$SMF_FMRI" ]; then
+    SMF_FMRI="svc:/network/dns/server:${instance}"
+fi
+server="/usr/sbin/named"
+I=`/usr/bin/basename $0`
+
+case "$method" in
+'start')
+    configuration_file=/etc/named.conf
+    cmdopts=""
+    properties="debug_level ip_interfaces listen_on_port
+	threads chroot_dir configuration_file server"
+
+    for prop in $properties
+    do
+	value=`/usr/bin/svcprop -p options/${prop} ${SMF_FMRI}`
+	if [ -z "${value}" -o "${value}" = '""' ]; then
+	    continue;
+	fi
+
+	case $prop in
+	'debug_level')
+	    if [ ${value} -gt 0 ]; then
+		cmdopts="${cmdopts} -d ${value}"
+	    fi
+	    ;;
+	'ip_interfaces')
+	    case ${value} in
+		'IPv4')
+		    cmdopts="${cmdopts} -4";;
+		'IPv6')
+		    cmdopts="${cmdopts} -6";;
+		'all')
+		    :	# Default is all, therefore ignore.
+		    ;;
+		*)
+		    echo "$I: Unrecognised value in service instance property" >&2
+		    echo "$I: options/${prop} : ${value}" >&2
+		    ;;
+	    esac
+	    ;;
+	'listen_on_port')
+	    if [ ${value} -gt 0 ]; then
+		cmdopts="${cmdopts} -p ${value}"
+	    fi
+	    ;;
+	'threads')
+	    if [ ${value} -gt 0 ]; then
+		cmdopts="${cmdopts} -n ${value}"
+	    fi
+	    ;;
+	'chroot_dir')
+	    cmdopts="${cmdopts} -t ${value}"
+	    chroot_dir=${value};
+	    ;;
+	'configuration_file')
+	    cmdopts="${cmdopts} -c ${value}"
+	    configuration_file=${value};
+	    ;;
+	'server')
+	    set -- `echo ${value} | /usr/bin/sed -e  's/\\\\//g'`
+	    [email protected]
+	    ;;
+	esac
+    done
+
+    # If chroot option is set, note zones(5) are preferred, then
+    # configuration file lives under chroot directory.
+    if [ "${chroot_dir}" != "" ]; then
+      configuration_file=${chroot_dir}/${configuration_file}
+    fi
+
+    # Check configuration file exists.
+    if [ ! -f ${configuration_file} ]; then
+      msg="$I : Configuration file ${configuration_file} does not exist!"
+      echo ${msg} >&2
+      /usr/bin/logger -p daemon.error ${msg}
+      # dns-server should be placed in maintenance state.
+      result=${SMF_EXIT_ERR_CONFIG}
+    fi
+
+    if [ ${result} = ${SMF_EXIT_OK} ]; then
+	echo "$I: Executing: ${server} ${cmdopts}"
+	# Execute named(1M) with relevant command line options.  Note
+	# the server forks before reading named.conf(4) and so a
+	# good exit code here does not mean the service is ready.
+	${server} ${cmdopts}
+	result=$?
+	if [ $result -ne 0 ]; then
+	  echo "$I : start failed! Check syslog for further information." >&2
+        fi
+    fi
+    ;;
+'stop')
+	smf_kill_contract ${contract} TERM 1
+	[ $? -ne 0 ] && exit 1
+	;;
+*)
+	echo "Usage: $I [stop|start] <instance>" >&2
+	exit 1
+	;;
+esac
+exit ${result}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/bind/Solaris/migration.txt	Tue May 10 23:37:02 2011 +0100
@@ -0,0 +1,1341 @@
+Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
+See COPYRIGHT in the source root or http://isc.org/copyright.html for
+terms.
+
+		   BIND 8 to BIND 9 Migration Notes
+	      includes BIND 9.2.4 to BIND 9.3.4 changes
+
+
+BIND 9 is designed to be mostly upwards compatible with BIND 8, but
+there is still a number of caveats you should be aware of when
+upgrading an existing BIND 8 installation to use BIND 9.
+
+Introduction
+------------
+
+This document provides information about differences between BIND 8 and
+BIND 9. BIND 9 is upwards compatible with most BIND 8 features. However,
+there are still a number of caveats you should be aware of when upgrading
+an existing BIND 8 installation to use BIND 9. Be sure to read this
+entire document before installing and using BIND 9.
+
+This document contains the following sections:
+	* Section A, 1-7 Overview of Differences Between BIND 8 and BIND 9
+	* Section 8      BIND 9 name server and the Service Management Facility
+	* Appendix I     Implementing rndc
+	* Appendix II    BIND 9 Commands, Options, Files, and Tools
+	* Appendix III   The named.conf Options
+
+Additional information and documentation about BIND 9, including an
+Administrator Reference Manual (ARM) is available on the ISC web site
+at http://www.isc.org
+
+The words "named", "DNS server", "name server" and "BIND 9 server"
+are used interchangeably to denote the Internet Systems Consortium
+BIND version 9 DNS server throughout this document.
+
+Overview of Differences Between BIND 8 and BIND 9
+-------------------------------------------------
+
+Below is a list of changes between BIND 8 and BIND 9, including brief
+descriptions. For more detailed information, see the appropriate
+subsection for each item.
+
+Configuration File Compatibility, 	Section 1.0
+    * unimplemented options warning message	1.1
+    * "transfer-format" option changes		1.1
+    * configuration file errors 		1.2
+    * logging categories have changed		1.3
+    * configuration file startup errors		1.3
+    * "query-source" is deprecated		1.4
+    * multiple classes change			1.5
+
+Zone File Compatibility, 		Section 2.0
+    * stricter rules for TTLs in zone file	2.1
+    * SOA serial number changes			2.2
+    * unbalanced quotes cause errors		2.3
+    * line breaks, syntax change		2.4
+    * use /$ instead of $$ in domain names	2.5
+
+Interoperability Impact of New Protocol
+Features,				Section 3.0
+    * EDNS0 new in BIND 9			3.1
+    * zone transfers default change		3.2
+
+Unrestricted Character Set,		Section 4.0
+    * no restrictions on character set		4.0
+    * security issue, improper naming		4.0
+
+Server Administration Tools, 		Section 5.0
+    * the rndc program replaces ndc		5.1
+    * nsupdate: changes in multiple updates 	5.2
+
+No Information Leakage Between Zones,	Section 6.0
+    * glue NS records handled differently	6.0
+
+Umask Not Modified,			Section 7.0
+    * possible umask permissions issues		7.0
+
+
+
+1. Configuration File Compatibility
+
+1.1. Unimplemented Options and Changed Defaults
+
+The BIND 9 name server supports most, but not all, of the configuration
+options of the BIND 8 name server. For a complete list of implemented
+options, see Appendix III of this document.
+
+If your named.conf file uses an unimplemented option, the BIND 9 name
+server will log a warning message. A message is also logged about each
+option whose default has changed unless the option is set explicitly
+in named.conf.
+
+The default of the "transfer-format" option has changed from
+"one-answer" to "many-answers".  If you have slave servers that do
+not understand the "many-answers" zone transfer format (e.g., BIND
+4.9.5 and older) you need to explicitly specify
+"transfer-format one-answer;" in either the options block or a
+server statement.
+
+1.2. Handling of Configuration File Errors
+
+In BIND 9, named refuses to start if it detects an error in
+named.conf.  Earlier versions would start despite errors, causing
+the server to run with a partial configuration.  Errors detected
+during subsequent reloads do not cause the server to exit.
+
+Errors in master files do not cause the server to exit, but they
+do cause the zone not to load.
+
+1.3. Logging
+
+The set of logging categories in BIND 9 is different from that
+in BIND 8.  If you have customized your logging on a per-category
+basis, you need to modify your logging statement to use the
+new categories.
+
+Another difference is that the "logging" statement only takes effect
+after the entire named.conf file has been read.  This means that when
+the server starts up, any messages about errors in the configuration
+file are always logged to the default destination (syslog) when the
+server first starts up, regardless of the contents of the "logging"
+statement.  In BIND 8, the new logging configuration took effect
+immediately after the "logging" statement was read.
+
+1.4. Notify Messages and Refresh Queries
+
+The source address and port for these is now controlled by
+"notify-source" and "transfer-source", respectively, rather than
+"query-source" as in BIND 8.
+
+1.5. Multiple Classes
+
+Multiple classes have to be put into explicit views for each class.
+
+
+2. Zone File Compatibility
+
+2.1. Strict RFC1035 Interpretation of TTLs in Zone Files
+
+BIND 9 strictly complies with the RFC1035 and RFC2308 rules regarding
+omitted time-to-live (TTL) entries in zone files.  Omitted TTLs are
+replaced by the value specified with the $TTL directive, or by the
+previous explicit TTL if there is no $TTL directive.
+
+If there is no $TTL directive and the first Resource Record (RR) in the
+file does not have an explicit TTL field, the zone file is illegal
+according to RFC1035 since the TTL of the first RR is undefined.
+Unfortunately, BIND 4 and many versions of BIND 8 accept such files
+without warning and use the value of the SOA MINTTL field as a default
+for missing TTL values.
+
+Earlier versions of BIND 9 refused to load such files. However, BIND
+9.2.4 loads the files anyway (provided the SOA is the first record
+in the file), but will issue a TTL warning message.
+
+To avoid problems, we recommend that you use a $TTL directive in each
+zone file.
+
+2.2. Periods in SOA Serial Numbers Deprecated
+
+Some versions of BIND allow SOA serial numbers with an embedded
+period, like "3.002", and convert them into integers in a rather
+unintuitive way.  This feature is not supported by BIND 9; serial
+numbers must be integers.
+
+2.3. Handling of Unbalanced Quotes
+
+TXT records with unbalanced quotes, like 'host TXT "foo', were not
+treated as errors in some versions of BIND.  If your zone files
+contain such records, you will get potentially confusing error
+messages like "unexpected end of file" because BIND 9 will interpret
+everything up to the next quote character as a literal string.
+
+2.4. Handling of Line Breaks
+
+Some versions of BIND accept RRs containing line breaks that are not
+properly quoted with parentheses, like the following SOA:
+
+	@	IN SOA	ns.example. hostmaster.example.
+			( 1 3600 1800 1814400 3600 )
+
+This is not legal master file syntax and will be treated as an error
+by BIND 9. The fix is to move the opening parenthesis to the first
+line.
+
+2.5. Unimplemented BIND 8 Extensions
+
+$GENERATE: The "$$" construct for getting a literal $ into a domain
+name is deprecated.  Use \$ instead.
+
+2.6. TXT records are no longer automatically split.
+
+Some versions of BIND accepted strings TXT RDATA that contained more
+than 255 characters and silently split them in to multiple RDATA
+records to comply with protocol.  This feature has been removed, and
+the following error is produced upon reading these records:
+        "dns_rdata_fromtext: local.db:119: ran out of space"
+To address split the string in the zone data file at or before the 255
+character in to two or more TXT records.
+
+3. Interoperability Impact of New Protocol Features
+
+3.1. EDNS0
+
+BIND 9 uses EDNS0 (RFC2671) to advertise its receive buffer size.  It
+also sets an EDNS flag bit in queries to indicate that it wishes to
+receive DNSSEC responses; this flag bit usage is not yet standardised,
+but we hope it will be.
+
+Most older servers that do not support EDNS0, including prior versions
+of BIND, will send a FORMERR or NOTIMP response to these queries.
+When this happens, BIND 9 will automatically retry the query without
+EDNS0.
+
+Unfortunately, there exists at least one non-BIND name server
+implementation that silently ignores these queries instead of sending
+an error response.  Resolving names in zones where all or most
+authoritative servers use this server will be very slow or fail
+completely. The manufacturer of the name server is working on a
+solution.
+
+When BIND 9 communicates with a server that does support EDNS0, such
+as another BIND 9 server, responses of up to 4096 bytes may be
+transmitted as a single UDP datagram which is subject to fragmentation
+at the IP level.  If a firewall incorrectly drops IP fragments, it can
+cause resolution to slow down dramatically or fail.
+
+3.2. Zone Transfers
+
+Outgoing zone transfers now use the "many-answers" format by default.
+This format is not understood by certain old versions of BIND 4.
+You can work around this problem using the option "transfer-format
+one-answer;", but since these old versions all have known security
+problems, the correct fix is to upgrade the slave servers.
+
+Zone transfers to Windows 2000 DNS servers sometimes fail due to a
+bug in the Windows 2000 DNS server where DNS messages larger than
+16K are not handled properly.  Obtain the latest service pack for
+Windows 2000 from Microsoft to address this issue.  In the meantime,
+the problem can be worked around by setting "transfer-format
+one-answer;".
+http://support.microsoft.com/default.aspx?scid=kb;en-us;297936
+
+4. Unrestricted Character Set
+
+BIND 9 does not restrict the character set of domain names; it is
+fully 8-bit clean in accordance with RFC2181 section 11.
+
+It is strongly recommended that hostnames published in the DNS follow
+the RFC952 rules, but BIND 9.2.4 and above will not enforce this
+restriction.
+
+Historically, some applications have suffered from security flaws
+where data originating from the network, such as names returned by
+gethostbyaddr(), are used with insufficient checking and may cause a
+breach of security when containing unexpected characters; see
+<http://www.cert.org/advisories/CA-96.04.corrupt_info_from_servers.html>
+for details.  Some earlier versions of BIND attempt to protect these
+flawed applications from attack by discarding data containing
+characters deemed inappropriate in host names or mail addresses, under
+the control of the "check-names" option in named.conf and/or "options
+no-check-names" in resolv.conf.  BIND 9.2.4 provided no such
+protection; advice was that applications with these flaws should be
+upgraded. Subsequently however, BIND 9.3.x implements 'check-names'.
+
+
+5. Server Administration Tools
+
+5.1 ndc Replaced by rndc
+
+The "ndc" program has been replaced by "rndc", which is capable of
+remote operation.  Unlike ndc, rndc requires a configuration file.
+The easiest way to generate a configuration file is to run
+"rndc-confgen -a"; see the man pages for rndc(1M), rndc-confgen(1M),
+and rndc.conf(5) for details. While upgrading from previous Solaris
+releases to Solaris 10, the upgrade process will detect if a
+/etc/rndc.key or /etc/rndc.conf file exists. If neither file is
+found, it runs "rndc-confgen -a" and generates /etc/rndc.key
+so that rndc can be run with a local DNS name server without
+further user intervention.
+
+More information about rndc is available in "Implementing rndc",
+later in this document.
+
+
+
+5.2. nsupdate Differences
+
+The BIND 8 implementation of nsupdate had an undocumented feature
+where an update request would be broken down into multiple requests
+based upon the discovered zones that contained the records.  This
+behaviour has not been implemented in BIND 9.  Each update request
+must pertain to a single zone, but it is still possible to do
+multiple updates in a single invocation of nsupdate by terminating
+each update with an empty line or a "send" command.
+
+
+6. No Information Leakage Between Zones
+
+BIND 9 stores the authoritative data for each zone in a separate data
+structure, as recommended in RFC1035 and as required by DNSSEC and
+IXFR.  When a BIND 9 server is authoritative for both a child zone
+and its parent, it will have two distinct sets of NS records at the
+delegation point: the authoritative NS records at the child's apex,
+and a set of glue NS records in the parent.
+
+BIND 8 was unable to properly distinguish between these two sets of
+NS records and would "leak" the child's NS records into the parent,
+effectively causing the parent zone to be silently modified: responses
+and zone transfers from the parent contained the child's NS records
+rather than the glue configured into the parent (if any).  In the
+case of children of type "stub", this behaviour was documented as a
+feature, allowing the glue NS records to be omitted from the parent
+configuration.
+
+Sites that were relying on this BIND 8 behaviour need to add any
+omitted glue NS records, and any necessary glue A records, to the
+parent zone.
+
+Although stub zones can no longer be used as a mechanism for
+injecting NS records into their parent zones, they are still useful
+as a way of directing queries for a given domain to a particular
+set of name servers.
+
+
+7. Umask Not Modified
+
+The BIND 8 named unconditionally sets the umask to 022.  BIND 9 does
+not; the umask inherited from the parent process remains in effect.
+This may cause files created by named, such as journal files, to be
+created with different file permissions than they did in BIND 8.  If
+necessary, the umask should be set explicitly in the script used to
+start the named process.
+
+8. BIND 9 name server and the Service Management Facility
+
+The DNS BIND 9 named(1M) service can be managed by using the Service
+Management Facility (SMF). For more information, see the smf(5) man
+page. The SUNWbindr package provides the BIND 9 service manifest
+and must be installed.
+
+When you use SMF, the following items apply.
+
+- Administrative actions on this service, such as enabling, disabling,
+or restarting, can be performed by using the svcadm(1M) command.
+
+- The default Fault Managed Resource Identifier (FMRI) for the BIND 9
+DNS server is svc:/network/dns/server. The FMRI for the DNS client is
+svc:/network/dns/client.
+
+- You can query the state of the BIND 9 DNS service by using svcs(1).
+  For example:
+
+	# svcs svc:network/dns/server:default
+	STATE          STIME    FMRI
+	online         16:24:04 svc:/network/dns/server:default
+
+The upgrade to Solaris 10 will detect an existing /etc/named.conf file
+and enable the BIND 9 service to startup after the upgrade is completed
+and the system is rebooted.
+
+To start the BIND 9 DNS service on a Solaris 10 system:
+
+a. Create/Copy a valid /etc/named.conf file.
+b. Verify that the SUNWbind and SUNWbindr packages, including any
+   required packages are installed correctly.
+c. Enable the default service instance using svcadm(1M). For example:
+	# svcadm enable svc:network/dns/server:default
+
+While it is recommended that you use svcadm(1M) to administer the server,
+you can use rndc(1M) as well. SMF is aware of the state change of the BIND
+9 named service, whether administered by using svcadm(1M) or rndc(1M).
+
+NOTE: smf(5) will not be aware of the BIND 9 named(1M) service
+if the service is manually executed from the command line.
+
+NOTE: rndc(1M) is not able to stop the service when used in a chroot(2)
+environment under smf(1M) control.
+
+8.1 Name Server SMF Properties
+
+Relevant named(1M) options for use with smf(1) may be applied using
+service application properties:
+
+ - options/configuration_file
+
+	Specifies  the configuration file   to be used instead of
+	the  default /etc/named.conf.   To ensure  that reloading
+	the configuration file continues to work after the server
+	has  changed its working directory due  to  to a possible
+	directory  option    in   the  configuration   file,  the
+	configuration file should be  an absolute  pathname.  The
+	configuration  pathname should not include the chroot_dir
+	pathname.  This property is synonymous to the -c option.
+
+ - options/ip_interfaces
+
+	specifies  which  IP  transport  BIND  will transmit  on.
+	Possible values are 'IPv4' or  'IPv6'.  Any other setting
+	assumes 'all',  the default.  This property is synonymous
+	to command line option '-4' or '-6'
+
+ - options/listen_on_port
+
+	Specifies the default UDP and TCP port which will be used
+	to listen for  DNS requests.  This property is synonymous
+	to command line option '-p port'.
+
+
+ - options/debug_level
+
+	Specifies the default debug  level.  The default is 0; no
+	debugging. The  Higher the number  the more verbose debug
+	information becomes.  Synonymous  to command  line option
+	'-d debug-level'.
+
+ - options/threads
+
+	 Specifies  the number of cpu  worker  threads to create.
+	 The default of  0 causes named to  try and determine the
+	 number  of CPUs  present    and create one   thread  per
+	 CPU. Synonymous to command line option '-n #cpus'.
+
+ - options/chroot_dir
+
+	Specifies the directory to be  used as the root directory
+	after processing SMF   properties and  the  command  line
+	arguments but before reading the configuration file.  Use
+	this   property  when  using   a   chroot(2) environment.
+	Synonymous to command line option '-t <pathname>'.
+
+	When using chroot(2) named is unable  to disable its self
+	when receiving rndc(1M) stop or halt commands and you must
+	instead use the svcadm(1M) disable command.
+
+- options/server
+
+	Specifies an alternative execution path.  If unset then the
+	default server /usr/sbin/named is assumed.
+
+The following examples show how the application properties may be used:
+
+  Example 1: Configuring named(1m) in future to only transmit
+             over IPv4 networks:
+
+	# svccfg -s svc:network/dns/server:default setprop \
+	options/ip_interfaces=IPv4
+	# svcadm refresh svc:network/dns/server:default
+	# scvadm restart svc:network/dns/server:default
+
+  Example 2: List current configuration file and change to
+             an alternative file:
+
+	# svcprop -p options/configuration_file dns/server:default
+	""
+	# svccfg -s dns/server:default setprop \
+	options/configuration_file=/var/named/named.conf
+	# svcadm refresh dns/server:default
+	# svcprop -p options/configuration_file dns/server:default
+	/var/named/named.conf
+	# scvadm restart svc:network/dns/server:default
+
+The dns/server smf_method(5) script converts the application properties
+to the relevant command line option.
+
+Changing the "start method" property of the BIND 9 service is no longer
+recommended as was stated here previously.
+
+For more information about the Service Management Facility, refer to
+"Managing Services (Overview)" in System Administration Guide: Basic
+Administration, available on http://docs.sun.com. Also refer to smf(5),
+svcs(1), svcadm(1M), svccfg(1M) man pages and the BIND 9 name service
+manifest server.xml in /lib/svc/manifest/network/dns.
+
+
+		*************************************
+
+
+			    APPENDICES I-III
+
+
+Appendix I. Implementing rndc
+            -----------------
+
+The BIND 8 ndc(1M) and BIND 9 rndc(1M) name server control tools are
+NOT backward compatible: rndc can't talk to the BIND 8 name server
+and ndc can't talk to the BIND 9 name server. Features, options,
+default modes of operation, and configuration file requirements
+have changed.
+
+
+Ia. The rndc.conf Configuration File
+    --------------------------------
+
+The most significant difference between ndc in BIND 8 and rndc in BIND 9
+is that rndc needs its own configuration file, rndc.conf. This file can
+be generated by rndc-confgen(1M) commands. The rndc.conf file specifies
+which server controls and what algorithm the server should use. Note that
+the /etc/rndc.conf and matching /etc/named.conf information is only needed
+when using rndc to manage a remote BIND 9 name server. If rndc is only
+used to manage a local BIND 9 name server, the /etc/rndc.key is sufficient.
+
+     Sample rndc.conf File
+     ---------------------
+
+     options {
+             default-server localhost;
+             default-key "rndc-key";
+     };
+
+     key "rndc-key" {
+             algorithm hmac-md5;
+             secret "qPWZ3Ndl81aBRY9AmJhVtU==";
+     };
+
+
+     Sample named.conf File Entry for rndc
+     -------------------------------------
+
+     controls {
+             inet * allow { any; } keys { "rndc-key"; };
+     };
+
+     key "rndc-key" {
+             algorithm hmac-md5;
+             secret "qPWZ3Ndl81aBRY9AmJhVtU==";
+     };
+
+
+
+Ib. Differences in the Control Channels
+    -----------------------------------
+
+Both the ndc(1M) and the rndc(1M) utilities use a control channel to
+send commands to and retrieve information from a name server. However,
+there are differences between the utilities.
+
+  * In BIND 8, ndc can use AF_UNIX domain sockets (UNIX control
+    channel) or TCP/IP sockets (inet control channel). By default, ndc
+    does not need any support in /etc/named.conf, because BIND 8
+    servers use a UNIX domain socket with a path (/var/run/ndc.d/ndc)
+    compiled into in.named.
+
+In BIND 9, rndc uses an authenticated TCP/IP inet control channel,
+by default and is not backward compatible with BIND 8.
+
+  * When using rndc, you need to specify a 'key' clause to communicate
+    with the name server. It is mandatory that the BIND 9 server and
+    the rndc client share the same key. Using the BIND 8 controls
+    entry in BIND 9 will result in an error message.
+
+  * Some command options have changed from the ndc to the rndc
+    implementation. This includes the "-c" option, which has a
+    different syntax in BIND 9. Therefore, to specify the control
+    channel in BIND 9, use "rndc -s <server> -p <port>".
+
+
+Ic. Commands of BIND 9.3 rndc
+    ---------------------------
+  reload			 Reload configuration file and zones.
+  reload zone [class [view]]	 Reload a single zone.
+  refresh zone [class [view]] 	 Schedule immediate maintenance
+				  for a zone.
+  retransfer zone [class [view]] Retransfer a single zone without
+                                  checking serial number.
+  freeze zone [class [view]]**   Suspend updates to a dynamic zone.
+  thaw zone [class [view]]**     Enable updates to a frozen dynamic
+                                  zone and reload it.
+  reconfig      		 Reload configuration file and new
+				  zones only.
+  stats 			 Write server statistics to the
+				  statistics file.
+  querylog      		 Toggle query logging.
+  dumpdb [-all|-cache|-zones] [view ...]**
+  			         Dump cache(s) to the dump file
+				  (named_dump.db).
+  stop [-p]**		         Save pending updates to master files
+				  and stop the server; report process
+				  number if -p provided.
+  halt [-p]**                    Stop the server without saving
+				  pending updates; report process
+				  number if -p provided
+  trace				 Increment debugging level by one.
+  trace level			 Change the debugging level.
+  notrace			 Set debugging level to 0.
+  flush				 Flushes all of the server's caches.
+  flush [view]			 Flushes the server's cache for a view.
+  status			 Display status of the server.
+  recursing**		         Dump the queries that are currently
+				  recursing (named.recursing)
+  restart*			 Restart the server.
+
+  *  = not yet implemented
+  ** = New command or option in bind 9.3.
+
+
+Appendix II        BIND 9 Commands, Files, Tools, and Options
+                   ------------------------------------------
+
+IIa. Comparison of BIND 8 and BIND 9 Commands and Files
+     --------------------------------------------------
+
+The table below compares BIND 8 and BIND 9 commands and
+configuration files. BIND 9 man pages install in /usr/man.
+
+    -------------------------------------------------
+    |   BIND 8 Command     | BIND 9.3 replacement   |
+    -------------------------------------------------
+    |   dnskeygen(1M)      |   dnssec-keygen(1M)    |
+    |   ndc(1M)            |   rndc(1M)             |
+    |   named-bootconf(1M) |   NONE NEEDED          |
+    |   nsupdate(1M)       |   nsupdate(1M)         |
+    |   nslookup(1M)       |   nslookup(1M)         |
+    |   named-xfer(1M)     |   NONE NEEDED          |
+    |   in.named(1M)       |   named(1M)            |
+    |   named.conf(4)      |   named.conf*          |
+    |   dig(1M)            |   dig(1M)              |
+    -------------------------------------------------
+
+* A detailed named.conf man page was not included with BIND 9 originally.
+Appendix III includes a summary of the named.conf options that are
+supported in BIND 9.3.x at this time.
+
+
+ IIb. BIND 9 Tools and Configuration Files
+      ------------------------------------
+
+The following BIND 9.3 tools are available in the SUNWbind
+package and installed in /usr/sbin:
+
+  named
+  nsupdate
+  rndc
+  dnssec-keygen
+  nslookup
+  dig
+  dnssec-signzone
+  named-checkconf
+  named-checkzone
+  rndc-confgen
+  host
+
+The following BIND 9.3 configuration files are supported.
+
+  /etc/rndc.conf
+
+
+IIc. Descriptions of Command and Option Changes from 8.x to 9.x
+     ----------------------------------------------------------
+
+Listed below are BIND 8 features/interfaces that are not supported in
+the equivalent BIND 9 binary. This is not intended to be an exhaustive
+list of the options, command line options or features for any BIND 9.x
+command.
+
+1. in.named(1M): DNS Name server in.named command line options.
+
+   In the BIND 9.3 name server, the "-g group_name", "-q", "-r" and "-w
+   directory" options are not supported, and "-c config_file" replaces
+   the BIND 8.x "-b config_file". See the named man page for further
+   details.
+
+2. dnssec-keygen: dnskeygen(1M) in BIND 8.x and dnssec-keygen from BIND
+   9.2.x and above, have no common options. See the dnssec-keygen man
+   page or further details.
+
+3. rndc(1M): See Appendix I in this document.
+
+4. nsupdate(1M): in BIND 9.2.x and above, the syntax of the "-k" option
+   changes in nsupdate. Instead of "-k keydir::keyname" the syntax is now
+   "-k keyfile". The only other difference is that whereas a blank line was
+   used to signal sending the input to the server, an explicit "send"
+   sub-command is now used to do the same. See the nsupdate man page for
+   further details.
+
+5. nslookup(1M): the following options are unsupported in the
+   BIND 9.2.x and above version.
+
+   help, host server, set ignoretc, set noignoretc,
+   set srch[list]=N1[/N2/.../N6], set ro[ot]=host, root,
+   finger [USER], ls [opt] DOMAIN [> FILE].
+
+6. named.conf: several options are unsupported, not implemented or
+   have changed defaults. For a list of the option changes and a
+   summary of all named.conf options, see Appendix III.
+
+IId. Differences in BIND 9.3 from BIND 9.2
+     -------------------------------------
+
+BIND 9.3 provides several changes from BIND 9.2, including but
+not limited to:
+
+1. DNSSEC tools provided by BIND 9.2.4 are not compatible with BIND 9.3.4
+   and are replaced where applicable.  Specifically, DNSSEC-bis
+   functionality removes the need for dnssec-signkey(1M) and
+   dnssec-makekeyset(1M); dnssec-keygen(1M) and dnssec-signzone(1M) now
+   provide alternative functionality.
+
+2. dig(1M) and nslookup(1M) now report "Not Implemented" as NOTIMP rather
+   than NOTIMPL. This will have impact on scripts that are looking for
+   NOTIMPL.
+
+3. named(1M): BIND server process includes new command line options to
+   overcome certain operating environment issues; CR 6320428.  These
+   options are:
+
+     * '-4' specifies to only send queries on IPv4 interfaces
+     * '-6' specifies to only send queries on IPv6 interfaces.
+
+   named(1M) by default will reject master zone files where hostnames
+   or mail domain names have invalid syntax or characters. The rules
+   for legal hostnames / mail domains are derived from RFC 952 and RFC
+   821 as modified by RFC 1123.
+
+     * Corrective action should be to change the host names with
+       illegal syntax or characters, such as underscore (_)
+       characters.  Use "named-checkconf -z /etc/named.conf" to check
+       validity of the named configuration file and any zone files
+       referenced by it.
+
+       To aid migration the default functionality may be
+       overridden using the check-names option of named.conf.  For
+       example to allow zones with name failures to load but log
+       warning messages (as is the default for slave (secondary)
+       zones) modify or add an option statement to named.conf:
+
+        	options {
+			check-names master warn;
+		};
+
+   named(1M) no longer provides the following functionality:
+
+   * Inverse IPv6 queries to the obsolete ip6.int domain.  The
+     ip6.arpa domain is obsoleted by the ip6.int domain.  See RFC
+     3596.
+
+   * IPv6 does not forward A6 lookups, deprecated by RFC 3363
+
+   * IPv6 "bitstring" not supported, primary will refuse to load zone
+     files with binary labels.  Deprecated by rfc3363.
+
+   * Zones containing MD (Mail Destination) and MF (Mail Forwarder)
+     will now be rejected.  The MD and MF resource record (RR) types
+     were originally introduced in RFC 882 and subsequently obsoleted
+     in RFC 1035 by the MX RR.
+
+4. named.conf: Has additional options:
+
+     * allow-update-forwarding
+     * alt-transfer-source
+     * alt-transfer-source-v6
+     * avoid-v4-udp-ports
+     * avoid-v6-udp-ports
+     * check-names: Validate names in zones (from BIND 8).
+     * disable-algorithms
+     * dnssec-enable
+     * dnssec-lookaside
+     * dnssec-must-be-secure
+     * dual-stack-servers: provides IPv4/IPv6 transition support.
+     * edns-udp-size: Set advertised EDNS UDP size.
+     * flush-zones-on-shutdown
+     * hostname (chaos)'
+     * ixfr-from-differences: use IXFR deltas when loading master files.
+     * masters: define masters for a zone.
+     * max-journal-size: specify the size of a journal
+     * multi-master
+     * querylog
+     * server-id (chaos)
+     * Server statement grammar includes:
+       * transfer-source
+       * transfer-source-v6
+     * tcp-listen-queue
+     * use-alt-transfer-source
+     * zone statement grammar:
+       * multi-master
+       * key-directory
+
+   named.conf removed options:
+
+     * allow-v6-synthesis: Obsolete. Caused named to translate ip6.int
+       requests to ip6.arpa requests.  As the ip6.int domain is now
+       obsolete this option has been removed.
+
+     * zone-statistics has been removed from the 'view' statement.
+
+5. dig(1M) has new command line options:
+    -4: use IPv4 query transport only
+    -6: use IPv6 query transport only
+    +[no]aaflag: Set AA flag in query (+[no]aaflag)
+    +[no]cl: Control display of class in records
+    +[no]ttlid: Control display of ttls in records
+    +tries=#: Set number of UDP attempts [3]
+    +retry=#: Set number of UDP retries [2]
+
+6. named.checkconf(1M) has new options:
+    -z: Perform a check load of the master zone files found in named.conf.
+    -j: When loading a  zonefile read the journal if it exists.
+
+7. named-checkzone(1M) has new options:
+    -k mode: Perform "check-name" checks with the specified failure mode.
+    -n mode: Check NS records are addresses, mode is warn, fail or ignore.
+    -o filename: Write zone output to filename.
+    -t directory: chroot to directory, useful for include statements.
+    -w directory: chdir to directory, useful for include statements.
+    -D: Dump zone file in canonical format.
+
+8. rndc(1M) has several new subcommands including:
+   freeze,  thaw, flushname and  recursing (see above).
+   Several subcommands have new options namely stop, halt and dumpdb.
+
+9. nsupdate(1M) generates SIG(0) signed messages.
+
+
+Appendix III   The named.conf Options
+               ----------------------
+
+IIIa.   Changes in the Options Section
+        ------------------------------
+
+The following list compares the named.conf options between BIND 8
+and BIND 9. It also provides a brief description of the change.
+"OK" denotes the option works unchanged for the BIND 9 named.
+
+   options {
+     [ version version_string; ]		  OK
+     [ directory path_name; ]			  OK
+     [ named-xfer path_name; ] 			  Obsolete (*1)
+     [ dump-file path_name; ] 			  OK
+     [ memstatistics-file path_name; ] 		  Not Implemented
+     [ pid-file path_name; ] 			  OK
+     [ statistics-file path_name; ]		  OK
+     [ auth-nxdomain yes_or_no; ] 		  OK (*2)
+     [ dialup yes_or_no; ]			  OK
+     [ fake-iquery yes_or_no; ] 		  Obsolete
+     [ fetch-glue yes_or_no; ]			  Obsolete
+     [ has-old-clients yes_or_no; ]		  Obsolete
+     [ host-statistics yes_or_no; ]		  Not Implemented
+     [ host-statistics-max number; ]		  Not Implemented
+     [ multiple-cnames yes_or_no; ]		  Obsolete
+     [ notify yes_or_no | explicit; ]		  OK
+     [ recursion yes_or_no; ]			  OK
+     [ rfc2308-type1 yes_or_no; ]		  Not Implemented
+     [ use-id-pool yes_or_no; ]			  Obsolete
+     [ treat-cr-as-space yes_or_no; ]		  Obsolete
+     [ also-notify yes_or_no; ] 		  Syntax Changed (*3)
+     [ forward ( only | first ); ] 		  OK (*4)
+     [ forwarders { in_addr ; \
+       [ in_addr ; ... ] }; ] 			  OK (*5)
+     [ check-names ( master | slave | \
+       response ) ( warn | fail | ignore); ] 	  OK (*8)
+     [ allow-query { address_match_list }; ]	  OK
+     [ allow-recursion { address_match_list }; ]  OK
+     [ allow-transfer { address_match_list }; ]	  OK
+     [ blackhole { address_match_list }; ]	  OK
+     [ listen-on [ port ip_port ] \
+       { address_match_list }; ]		  OK
+     [ query-source [ address ( ip_addr | * ) ]	\
+       [ port ( ip_port | * ) ] ; ]	 	  OK
+     [ lame-ttl number; ]			  OK
+     [ max-transfer-time-in number; ]		  OK
+     [ max-ncache-ttl number; ]			  OK
+     [ min-roots number; ]			  Not Implemented
+     [ transfer-format ( one-answer | \
+       many-answers ); ] 			  OK (*6)
+     [ transfers-in  number; ]			  OK
+     [ transfers-out number; ]			  OK
+     [ transfers-per-ns number; ]		  OK
+     [ transfer-source ip_addr; ]		  OK
+     [ maintain-ixfr-base yes_or_no; ]		  Obsolete
+     [ max-ixfr-log-size number; ]		  Obsolete (*7)
+     [ coresize size_spec ; ]			  OK
+     [ datasize size_spec ; ]			  OK
+     [ files size_spec ; ]			  OK
+     [ stacksize size_spec ; ]			  OK
+     [ cleaning-interval number; ]		  OK
+     [ heartbeat-interval number; ]		  OK
+     [ interface-interval number; ]		  OK
+     [ statistics-interval number; ]		  Not Implemented
+     [ topology { address_match_list }; ]	  Not Implemented
+     [ sortlist { address_match_list }; ]	  OK
+     [ rrset-order { order_spec ; \
+     [ order_spec ; ... ] }; ]			  Not Implemented
+     };
+
+(*1) Obsolete due to architectural differences.
+(*2) Default set to yes in BIND 8, no in BIND 9.
+(*3) Needs an IP address for "yes".
+(*4) Doesn't work if no forwarder specified; Gives an error of "no
+     matching 'forwarders' statement" in that case.
+(*5) See [ forward ] clause
+(*6) Default set to one-answer in BIND 8 and many-answers in BIND 9.
+(*7) No need for this option as BIND 9 trims the size of its
+     log file automatically.
+(*8) Implemented in BIND 9.3.4
+
+
+IIIb.	Statements in BIND 9
+        --------------------
+
+The Controls Statement
+----------------------
+  Syntax
+     controls {
+       [ inet ip_addr
+         port ip_port
+         allow { address_match_list; }; ]	OK
+       [ unix path_name
+         perm number
+         owner number
+         group number; ]			Not Implemented
+     };
+
+  Note: "unix" is the default for ndc(1M) and all of the arguments
+  are compiled in.
+
+  "inet" is the only option for rndc and nothing is compiled in.
+
+  Logging syntax has changed significantly. See section IIIc for a
+  list of named.conf options.
+
+
+The Zone Statement
+------------------
+  The syntax for the zone statement in the BIND 8 named.conf man page
+  is mostly supported for BIND 9 except for the following:
+
+  [ pubkey number number number string; ]	Obsolete
+
+
+The ACL Statement
+-----------------
+  Syntax
+     acl name {
+       address_match_list
+     };
+
+  Works unchanged in BIND 9.
+
+
+The Key Statement
+-----------------
+  Syntax
+     key key_id {
+       algorithm algorithm_id;
+       secret secret_string;
+     };
+
+  Works unchanged in BIND 9.
+
+
+The Trusted-Keys Statement
+--------------------------
+  Syntax
+     trusted-keys {
+       [ domain_name flags protocol algorithm key; ]
+     };
+
+  Works unchanged, however the code to use this
+  statement has been turned off in BIND 9.2.4.
+
+
+The Server Statement
+--------------------
+  Syntax
+     server ip_addr {
+       [ bogus yes_or_no; ]
+       [ transfers number; ]
+       [ transfer-format ( one-answer | many-answers ); ]
+       [ keys { key_id [ key_id ... ] }; ]
+       [ edns yes_or_no; ]
+     };
+
+  "support-ixfr" is obsolete, however all of the above options work
+  unchanged in BIND 9. Note the default for transfer-format has changed.
+
+
+The Include Statement
+---------------------
+  Syntax
+     include path_name;
+
+  Works unchanged in BIND 9.
+
+
+
+
+IIIc.	Summary of the named.conf Options
+	---------------------------------
+
+A detailed named.conf man page was not included with BIND 9 originally.
+Following is a summary of the named.conf options that are
+supported in BIND 9.3.6
+
+acl string { address_match_element; ... };
+
+key domain_name {
+     algorithm string;
+     secret string;
+};
+
+masters string [ port integer ] {
+     ( masters | ipv4_address [port integer] |
+     ipv6_address [port integer] ) [ key string ]; ...
+};
+
+server ( ipv4_address | ipv6_address ) {
+     bogus boolean;
+     edns boolean;
+     provide-ixfr boolean;
+     request-ixfr boolean;
+     keys server_key;
+     transfers integer;
+     transfer-format ( many-answers | one-answer );
+     transfer-source ( ipv4_address | * )
+          [ port ( integer | * ) ];
+     transfer-source-v6 ( ipv6_address | * )
+          [ port ( integer | * ) ];
+     support-ixfr boolean; // obsolete
+};
+
+trusted-keys {
+     domain_name flags protocol algorithm key; ...
+};
+
+controls {
+     inet ( ipv4_address | ipv6_address | * )
+          [ port ( integer | * ) ]
+          allow { address_match_element; ... }
+          [ keys { string; ... } ];
+     unix unsupported; // not implemented
+};
+
+logging {
+     channel string {
+          file log_file;
+          syslog optional_facility;
+          null;
+          stderr;
+          severity log_severity;
+          print-time boolean;
+          print-severity boolean;
+          print-category boolean;
+     };
+     category string { string; ... };
+};
+
+options {
+     avoid-v4-udp-ports { port; ... };
+     avoid-v6-udp-ports { port; ... };
+     blackhole { address_match_element; ... };
+     coresize size;
+     datasize size;
+     directory quoted_string;
+     cache-file quoted_string; // test option
+     dump-file quoted_string;
+     files size;
+     heartbeat-interval integer;
+     host-statistics boolean; // not implemented
+     host-statistics-max number; // not implemented
+     hostname ( quoted_string | none );
+     interface-interval integer;
+     listen-on [ port integer ] { address_match_element; ... };
+     listen-on-v6 [ port integer ] { address_match_element; ... };
+     match-mapped-addresses boolean;
+     memstatistics-file quoted_string;
+     pid-file ( quoted_string | none );
+     port integer;
+     querylog boolean;
+     recursing-file quoted_string;
+     reserved-sockets integer;
+     random-device quoted_string;
+     recursive-clients integer;
+     serial-query-rate integer;
+     server-id ( quoted_string | none );
+     stacksize size;
+     statistics-file quoted_string;
+     statistics-interval integer; // not yet implemented
+     tcp-clients integer;
+     tcp-listen-queue integer;
+     tkey-dhkey quoted_string integer;
+     tkey-gssapi-credential quoted_string;
+     tkey-domain quoted_string;
+     transfers-per-ns integer;
+     transfers-in integer;
+     transfers-out integer;
+     use-ixfr boolean;
+     version ( quoted_string | none );
+     allow-recursion { address_match_element; ... };
+     sortlist { address_match_element; ... };
+     topology { address_match_element; ... }; // not implemented
+     auth-nxdomain boolean; // default changed
+     minimal-responses boolean;
+     recursion boolean;
+     rrset-order {
+          [ class string ] [ type string ]
+          [ name quoted_string ] string string; ...
+     };
+     provide-ixfr boolean;
+     request-ixfr boolean;
+     rfc2308-type1 boolean; // not yet implemented
+     additional-from-auth boolean;
+     additional-from-cache boolean;
+     query-source [ address ( ipv4_address | * ) ] [ port ( integer | * ) ];
+     query-source-v6 [ address ( ipv6_address | * ) ] [ port ( integer | * ) ];
+     cleaning-interval integer;
+     min-roots integer; // not implemented
+     lame-ttl integer;
+     max-ncache-ttl integer;
+     max-cache-ttl integer;
+     transfer-format ( many-answers | one-answer );
+     max-cache-size size_no_default;
+     check-names ( master | slave | response )
+          ( fail | warn | ignore );
+     cache-file quoted_string;
+     suppress-initial-notify boolean; // not yet implemented
+     preferred-glue string;
+     dual-stack-servers [ port integer ] {
+          ( quoted_string [port integer] |
+          ipv4_address [port integer] |
+          ipv6_address [port integer] ); ...
+     }
+     edns-udp-size integer;
+     root-delegation-only [ exclude { quoted_string; ... } ];
+     disable-algorithms string { string; ... };
+     dnssec-enable boolean;
+     dnssec-lookaside string trust-anchor string;
+     dnssec-must-be-secure string boolean;
+     dialup dialuptype;
+     ixfr-from-differences ixfrdiff;
+     allow-query { address_match_element; ... };
+     allow-transfer { address_match_element; ... };
+     allow-update-forwarding { address_match_element; ... };
+     notify notifytype;
+     notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
+     notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
+     also-notify [ port integer ] { ( ipv4_address | ipv6_address )
+          [ port integer ]; ... };
+     allow-notify { address_match_element; ... };
+     forward ( first | only );
+     forwarders [ port integer ] {
+          ( ipv4_address | ipv6_address ) [ port integer ]; ...
+     };
+     max-journal-size size_no_default;
+     max-transfer-time-in integer;
+     max-transfer-time-out integer;
+     max-transfer-idle-in integer;
+     max-transfer-idle-out integer;
+     max-retry-time integer;
+     min-retry-time integer;
+     max-refresh-time integer;
+     min-refresh-time integer;
+     multi-master boolean;
+     sig-validity-interval integer;
+     transfer-source ( ipv4_address | * )
+          [ port ( integer | * ) ];
+     transfer-source-v6 ( ipv6_address | * )
+          [ port ( integer | * ) ];
+     alt-transfer-source ( ipv4_address | * )
+          [ port ( integer | * ) ];
+     alt-transfer-source-v6 ( ipv6_address | * )
+          [ port ( integer | * ) ];
+     use-alt-transfer-source boolean;
+     zone-statistics boolean;
+     key-directory quoted_string;
+     allow-v6-synthesis { address_match_element; ... }; // obsolete
+     deallocate-on-exit boolean; // obsolete
+     fake-iquery boolean; // obsolete
+     fetch-glue boolean; // obsolete
+     has-old-clients boolean; // obsolete
+     maintain-ixfr-base boolean; // obsolete
+     max-ixfr-log-size size; // obsolete
+     multiple-cnames boolean; // obsolete
+     named-xfer quoted_string; // obsolete
+     serial-queries integer; // obsolete
+     treat-cr-as-space boolean; // obsolete
+     use-id-pool boolean; // obsolete
+};
+
+view string optional_class {
+     match-clients { address_match_element; ... };
+     match-destinations { address_match_element; ... };
+     match-recursive-only boolean;
+     key string {
+          algorithm string;
+          secret string;
+     };
+     zone string optional_class {
+          ...
+     };
+     server ( ipv4_address | ipv6_address ) {
+          ...
+     };
+     trusted-keys {
+          string integer integer integer quoted_string; ...
+     };
+     allow-recursion { address_match_element; ... };
+     sortlist { address_match_element; ... };
+     topology { address_match_element; ... }; // not implemented
+     auth-nxdomain boolean; // default changed
+     minimal-responses boolean;
+     recursion boolean;
+     rrset-order {
+          [ class string ] [ type string ]
+          [ name quoted_string ] string string; ...
+     };
+     provide-ixfr boolean;
+     request-ixfr boolean;
+     rfc2308-type1 boolean; // not yet implemented
+     additional-from-auth boolean;
+     additional-from-cache boolean;
+     query-source [ address ( ipv4_address | * ) ] [ port ( integer | * ) ];
+     query-source-v6 [ address ( ipv6_address | * ) ] [ port ( integer | * ) ];
+     cleaning-interval integer;
+     min-roots integer; // not implemented
+     lame-ttl integer;
+     max-ncache-ttl integer;
+     max-cache-ttl integer;
+     transfer-format ( many-answers | one-answer );
+     max-cache-size size_no_default;
+     check-names ( master | slave | response )
+          ( fail | warn | ignore );
+     cache-file quoted_string;
+     suppress-initial-notify boolean; // not yet implemented
+     preferred-glue string;
+     dual-stack-servers [ port integer ] {
+          ( quoted_string [port integer] |
+          ipv4_address [port integer] |
+          ipv6_address [port integer] ); ...
+     };
+     edns-udp-size integer;
+     root-delegation-only [ exclude { quoted_string; ... } ];
+     disable-algorithms string { string; ... };
+     dnssec-enable boolean;
+     dnssec-lookaside string trust-anchor string;
+     dnssec-must-be-secure string boolean;
+     dialup dialuptype;
+     ixfr-from-differences ixfrdiff;
+     allow-query { address_match_element; ... };
+     allow-transfer { address_match_element; ... };
+     allow-update-forwarding { address_match_element; ... };
+     notify notifytype;
+     notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
+     notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
+     also-notify [ port integer ] { ( ipv4_address | ipv6_address )
+          [ port integer ]; ... };
+     allow-notify { address_match_element; ... };
+     forward ( first | only );
+     forwarders [ port integer ] {
+          ( ipv4_address | ipv6_address ) [ port integer ]; ...
+     };
+     max-journal-size size_no_default;
+     max-transfer-time-in integer;
+     max-transfer-time-out integer;
+     max-transfer-idle-in integer;
+     max-transfer-idle-out integer;
+     max-retry-time integer;
+     min-retry-time integer;
+     max-refresh-time integer;
+     min-refresh-time integer;
+     multi-master boolean;
+     sig-validity-interval integer;
+     transfer-source ( ipv4_address | * )
+          [ port ( integer | * ) ];
+     transfer-source-v6 ( ipv6_address | * )
+          [ port ( integer | * ) ];
+     alt-transfer-source ( ipv4_address | * )
+          [ port ( integer | * ) ];
+     alt-transfer-source-v6 ( ipv6_address | * )
+          [ port ( integer | * ) ];
+     use-alt-transfer-source boolean;
+     zone-statistics boolean;
+     key-directory quoted_string;
+     allow-v6-synthesis { address_match_element; ... }; // obsolete
+     fetch-glue boolean; // obsolete
+     maintain-ixfr-base boolean; // obsolete
+     max-ixfr-log-size size; // obsolete
+};
+
+zone string optional_class {
+     type ( master | slave | stub | hint |
+          forward | delegation-only );
+     file quoted_string;
+     masters [ port integer ] {
+          ( masters |
+          ipv4_address [port integer] |
+          ipv6_address [ port integer ] ) [ key string ]; ...
+     };
+     database string;
+     delegation-only boolean;
+     check-names ( fail | warn | ignore );
+     dialup dialuptype;
+     ixfr-from-differences boolean;
+     allow-query { address_match_element; ... };
+     allow-transfer { address_match_element; ... };
+     allow-update { address_match_element; ... };
+     allow-update-forwarding { address_match_element; ... };
+     update-policy {
+          ( grant | deny ) string
+          ( name | subdomain | wildcard | self ) string
+          rrtypelist; ...
+     };
+     notify notifytype;
+     notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
+     notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
+     also-notify [ port integer ] { ( ipv4_address | ipv6_address )
+          [ port integer ]; ... };
+     allow-notify { address_match_element; ... };
+     forward ( first | only );
+     forwarders [ port integer ] {
+          ( ipv4_address | ipv6_address ) [ port integer ]; ...
+     };
+     max-journal-size size_no_default;
+     max-transfer-time-in integer;
+     max-transfer-time-out integer;
+     max-transfer-idle-in integer;
+     max-transfer-idle-out integer;
+     max-retry-time integer;
+     min-retry-time integer;
+     max-refresh-time integer;
+     min-refresh-time integer;
+     multi-master boolean;
+     sig-validity-interval integer;
+     transfer-source ( ipv4_address | * )
+          [ port ( integer | * ) ];
+     transfer-source-v6 ( ipv6_address | * )
+          [ port ( integer | * ) ];
+     alt-transfer-source ( ipv4_address | * )
+          [ port ( integer | * ) ];
+     alt-transfer-source-v6 ( ipv6_address | * )
+          [ port ( integer | * ) ];
+     use-alt-transfer-source boolean;
+     zone-statistics boolean;
+     key-directory quoted_string;
+     ixfr-base quoted_string; // obsolete
+     ixfr-tmp-file quoted_string; // obsolete
+     maintain-ixfr-base boolean; // obsolete
+     max-ixfr-log-size size; // obsolete
+     pubkey integer integer integer quoted_string; // obsolete
+};
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/bind/Solaris/server.xml	Tue May 10 23:37:02 2011 +0100
@@ -0,0 +1,195 @@
+<?xml version="1.0"?>
+<!--
+
+CDDL HEADER START
+
+The contents of this file are subject to the terms of the
+Common Development and Distribution License (the "License").
+You may not use this file except in compliance with the License.
+
+You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+or http://www.opensolaris.org/os/licensing.
+See the License for the specific language governing permissions
+and limitations under the License.
+
+When distributing Covered Code, include this CDDL HEADER in each
+file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+If applicable, add the following below this CDDL HEADER, with the
+fields enclosed by brackets "[]" replaced with your own identifying
+information: Portions Copyright [yyyy] [name of copyright owner]
+
+CDDL HEADER END
+-->
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+<!--
+Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
+-->
+
+<!-- Portions Copyright 2007 Vedran Bender -->
+
+<service_bundle type='manifest' name='SUNWbindr:dns-server'>
+
+<service
+  name='network/dns/server'
+  type='service'
+  version='1'>
+
+    <dependency
+      name='filesystem_minimal'
+      grouping='require_all'
+      restart_on='none'
+      type='service'>
+      <service_fmri value='svc:/system/filesystem/local' />
+    </dependency>
+
+    <dependency
+      name='loopback'
+      grouping='require_any'
+      restart_on='error'
+      type='service'>
+      <service_fmri value='svc:/network/loopback' />
+    </dependency>
+
+    <dependency
+      name='network'
+      grouping='optional_all'
+      restart_on='error'
+      type='service'>
+      <service_fmri value='svc:/milestone/network' />
+    </dependency>
+
+    <exec_method
+      type='method'
+      name='stop'
+      exec=':kill'
+      timeout_seconds='60' />
+
+    <!--
+      	In order to run multiple named(1M) processes with their own
+      	configuration file or properties each must have a unique
+      	instance.
+    -->
+    <instance name='default' enabled='false' >
+
+      <exec_method
+	type='method'
+	name='start'
+	exec='/lib/svc/method/dns-server %m %i'
+	timeout_seconds='60' >
+	<method_context>
+	  <!--
+	  	privileges: (see privileges(5) and /etc/security/priv_names)
+		file_dac_read, file_dac_search:
+	  		Necessary for reading the configuration file
+			even it is restricted by the file permission.
+	  	net_privaddr:
+	  		Bind to a privileged port number.
+  		sys_resource:
+	  		Permit the setting of resource limits (eg. stack
+	  		size).
+		proc_chroot:
+	  		Permit use of chroot(2).
+	  -->
+	  <method_credential
+	    user='root'
+	    group='root'
+	    privileges='basic,!proc_session,!proc_info,!file_link_any,net_privaddr,file_dac_read,file_dac_search,sys_resource,proc_chroot' />
+	</method_context>
+      </exec_method>
+
+      <!--
+	      SIGHUP causes named to reread its configuration file, but not any
+	      of the properties below.
+      -->
+      <exec_method
+	type='method'
+	name='refresh'
+	exec=':kill -HUP'
+	timeout_seconds='60'>
+	<method_context/>
+      </exec_method>
+
+      <property_group name='general' type='framework'>
+	<!-- manage DNS server state -->
+	<propval name='action_authorization' type='astring'
+	  value='solaris.smf.manage.bind' />
+	<propval name='value_authorization' type='astring'
+	  value='solaris.smf.manage.bind' />
+      </property_group>
+
+      <!-- Default property settings for named(1M) instance. -->
+      <property_group name='options' type='application'>
+
+	<!--
+		server: specifies an alternative server command.  If
+		not specified the default /usr/sbin/named is used.
+	-->
+	<propval name='server' type='astring' value='' />
+
+	<!--
+		configuration_file: specifies an alternative
+		configuration file to be used. The property is similar
+		to named(1M) command line option '-c'
+	-->
+	<propval name='configuration_file' type='astring' value='' />
+	<!--
+		ip_interfaces: specifies which IP transport BIND will
+		transmit on. Possible values are 'IPv4' or 'IPv6'. Any
+		other setting assumes 'all', the default.
+		Equivalent command line option '-4' or '-6'.
+	-->
+	<propval name='ip_interfaces' type='astring' value='all' />
+
+	<!--
+		listen_on_port: Specifies the default UDP and TCP port
+		which will be used to listen for DNS requests.
+		Equivalent command line option '-p <integer>'.
+	-->
+	<propval name='listen_on_port' type='integer' value='0' />
+
+	<!--
+		debug_level: Specifies the default debug level.  The
+		default is 0; no debugging. The Higher the number the
+		more verbose debug information becomes.
+		Equivalent command line option '-d <integer>'.
+	-->
+	<propval name='debug_level' type='integer' value='0' />
+
+	<!--
+		threads: Specifies the number of cpu worker threads to
+		create.  The default of 0 causes named to try and
+		determine the number of CPUs present and create one
+		thread per CPU.
+		Equivalent command line option '-n <integer>'.
+	-->
+	<propval name='threads' type='integer' value='0' />
+
+	<!--
+		chroot_dir: Change the root directory using chroot(2)
+		to directory after processing the command line
+		arguments, but before reading the configuration file.
+		Equivalent command line option '-t <pathname>'.
+	-->
+	<propval name='chroot_dir' type='astring' value='' />
+
+      </property_group>
+
+	</instance>
+
+	<stability value='Unstable' />
+
+	<template>
+		<common_name>
+			<loctext xml:lang='C'>
+				BIND DNS server
+			</loctext>
+		</common_name>
+		<documentation>
+			<manpage title='named' section='1M'
+			    manpath='/usr/man' />
+		</documentation>
+	</template>
+
+</service>
+
+</service_bundle>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/bind/bind.license	Tue May 10 23:37:02 2011 +0100
@@ -0,0 +1,30 @@
+Copyright (C) 2004-2011  Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 1996-2003  Internet Software Consortium.
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+PERFORMANCE OF THIS SOFTWARE.
+
+$Id: COPYRIGHT,v 1.14.176.3 2011-01-04 23:45:42 tbox Exp $
+
+Portions Copyright (C) 1996-2001  Nominum, Inc.
+
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND NOMINUM DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NOMINUM BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
+OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/bind/bind.p5m	Tue May 10 23:37:02 2011 +0100
@@ -0,0 +1,72 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+#
+
+set name=pkg.fmri \
+    value=pkg:/service/network/dns/[email protected]$(IPS_COMPONENT_VERSION),$(BUILD_VERSION)
+set name=pkg.description \
+    value="BIND is open source software that implements the Domain Name System (DNS) protocols for the Internet.  This package contains the DNS server 'named' and tools used to setup and validate configuration."
+set name=pkg.summary \
+    value="BIND DNS Name server and configuration tools."
+set name=info.classification \
+    value="org.opensolaris.category.2008:System/Services"
+set name=info.upstream_url value="http://www.isc.org/"
+set name=info.source_url value=$(COMPONENT_ARCHIVE_URL)
+set name=opensolaris.arc_url \
+	value=http://arc.opensolaris.org/caselog/PSARC/2009/308
+set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
+
+dir path=lib
+dir path=lib/svc
+dir path=lib/svc/manifest group=sys
+dir path=lib/svc/manifest/network group=sys
+dir path=lib/svc/manifest/network/dns group=sys
+dir path=lib/svc/method/
+dir path=usr
+dir path=usr/sbin
+dir path=usr/share
+dir path=usr/share/doc
+dir path=usr/share/doc/bind
+
+# Solaris additions
+file Solaris/server.xml path=lib/svc/manifest/network/dns/server.xml
+file Solaris/dns-server.sh path=lib/svc/method/dns-server mode=0555
+file Solaris/migration.txt path=usr/share/doc/bind/migration.txt
+
+file path=usr/sbin/dnssec-dsfromkey
+file path=usr/sbin/dnssec-keyfromlabel
+file path=usr/sbin/dnssec-keygen
+file path=usr/sbin/dnssec-signzone
+file path=usr/sbin/named
+file path=usr/sbin/named-checkconf
+file path=usr/sbin/named-checkzone
+link path=usr/sbin/named-compilezone target=named-checkzone
+
+legacy pkg=SUNWbind \
+       name="BIND DNS Name server" \
+       desc="BIND DNS Name server"
+
+legacy pkg=SUNWbindr \
+       name="BIND Name server Manifest" \
+       desc="BIND Name server Manifest"
+
+license bind.license license="ISC license"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/bind/bindc.p5m	Tue May 10 23:37:02 2011 +0100
@@ -0,0 +1,71 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+#
+
+set name=pkg.fmri \
+    value=pkg:/network/dns/[email protected]$(IPS_COMPONENT_VERSION),$(BUILD_VERSION)
+set name=pkg.summary value="BIND DNS tools"
+set name=info.classification \
+    value="org.opensolaris.category.2008:Applications/Internet"
+set name=pkg.description value="DNS tools and related libraries."
+set name=info.upstream_url value=$(COMPONENT_PROJECT_URL)
+set name=info.source_url value=$(COMPONENT_ARCHIVE_URL)
+set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
+set name=opensolaris.arc_url \
+	value=http://arc.opensolaris.org/caselog/PSARC/2009/308
+
+license bind.license license="ISC license"
+
+dir path=usr
+dir path=usr/lib
+dir path=usr/lib/dns
+dir path=usr/sbin
+
+file path=usr/lib/dns/libbind9.so.50.0.4
+file path=usr/lib/dns/libdns.so.58.1.2
+file path=usr/lib/dns/libisc.so.50.4.1
+file path=usr/lib/dns/libisccc.so.50.0.1
+file path=usr/lib/dns/libisccfg.so.50.0.3
+file path=usr/lib/dns/liblwres.so.50.0.3
+file path=usr/sbin/dig
+file path=usr/sbin/host
+file path=usr/sbin/nslookup
+file path=usr/sbin/nsupdate
+file path=usr/sbin/rndc
+file path=usr/sbin/rndc-confgen
+
+link path=usr/lib/dns/libbind9.so target=libbind9.so.50.0.4
+link path=usr/lib/dns/libbind9.so.50 target=libbind9.so.50.0.4
+link path=usr/lib/dns/libdns.so target=libdns.so.58.1.2
+link path=usr/lib/dns/libdns.so.58 target=libdns.so.58.1.2
+link path=usr/lib/dns/libisc.so target=libisc.so.50.4.1
+link path=usr/lib/dns/libisc.so.50 target=libisc.so.50.4.1
+link path=usr/lib/dns/libisccc.so target=libisccc.so.50.0.1
+link path=usr/lib/dns/libisccc.so.50 target=libisccc.so.50.0.1
+link path=usr/lib/dns/libisccfg.so target=libisccfg.so.50.0.3
+link path=usr/lib/dns/libisccfg.so.50 target=libisccfg.so.50.0.3
+link path=usr/lib/dns/liblwres.so target=liblwres.so.50.0.3
+link path=usr/lib/dns/liblwres.so.50 target=liblwres.so.50.0.3
+
+legacy pkg=SUNWbindc \
+       name="BIND DNS tools" \
+       desc="BIND DNS tools"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/meta-packages/history/SUNWbind.p5m	Tue May 10 23:37:02 2011 +0100
@@ -0,0 +1,33 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+#
+
+#
+# Legacy package information for renamed SUNWbind package
+#
+
+set name=pkg.fmri value=pkg:/[email protected],5.11-0.133
+set name=pkg.renamed value=true
+
+set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
+
+depend fmri=service/network/dns/[email protected] type=require
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/meta-packages/history/SUNWbindc.p5m	Tue May 10 23:37:02 2011 +0100
@@ -0,0 +1,33 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+#
+
+#
+# Legacy package information for renamed SUNWbind package
+#
+
+set name=pkg.fmri value=pkg:/[email protected],5.11-0.133
+set name=pkg.renamed value=true
+
+set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
+
+depend fmri=network/dns/[email protected] type=require
--- a/make-rules/shared-macros.mk	Tue May 10 13:07:04 2011 -0700
+++ b/make-rules/shared-macros.mk	Tue May 10 23:37:02 2011 +0100
@@ -262,6 +262,8 @@
 ENV =		/usr/bin/env
 INSTALL =	/usr/bin/ginstall
 CHMOD =		/usr/bin/chmod
+NAWK =		/usr/bin/nawk
+TEE =		/usr/bin/tee
 
 INS.dir=        $(INSTALL) -d [email protected]
 INS.file=       $(INSTALL) -m 444 $< $(@D)