6 files changed, 968 insertions, 0 deletions
diff --git a/net/pdns/Makefile b/net/pdns/Makefile
new file mode 100644
index 000000000..bfda6eacc
--- /dev/null
+++ b/net/pdns/Makefile
@@ -0,0 +1,215 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=pdns
+PKG_VERSION:=4.1.8
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE_URL:=https://downloads.powerdns.com/releases/
+PKG_HASH:=94561132f46c08f646399511b680ce8cda150fd2b8e3d38c0b90b4187163e617
+
+PKG_MAINTAINER:=James Taylor <james@jtaylor.id.au>
+PKG_LICENCE:=GPL-2.0-only
+PKG_LICENCE_FILES:=COPYING
+
+PKG_FIXUP:=autoreconf
+
+PKG_INSTALL:=1
+
+PKG_BUILD_PARALLEL:=1
+
+PKG_BUILD_DEPENDS:=unixodbc/host
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/pdns/Default
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=IP Addresses and Names
+  TITLE:=PowerDNS Authoritative Server
+  DEPENDS:=+libatomic
+  URL:=https://www.powerdns.com/auth.html
+endef
+
+define Package/pdns/description
+  PowerDNS is a versatile nameserver which supports a large number
+  of different backends ranging from simple zonefiles to relational
+  databases and load balancing/failover algorithms.
+  PowerDNS tries to emphasize speed and security.
+
+  This is the authoritative nameserver that answers questions about
+  domains that it knows about. You also need at least one backend installed to
+  serve data.
+endef
+
+PDNS_BACKENDS =
+
+define Package/pdns-backends
+$(call Package/pdns/Default)
+  TITLE+= (all backends)
+  DEPENDS+= $(PDNS_DEPENDS)
+  HIDDEN:=1
+endef
+
+define Package/pdns-backends/description
+ This meta package contains only dependencies for PowerDNS backends.
+endef
+
+# Create a meta-package of dependent backends (for ALL)
+define Package/pdns-backends/install
+  true
+endef
+
+define Package/pdns-tools
+  $(call Package/pdns/Default)
+  TITLE:=Tools for DNS debugging by PowerDNS
+  DEPENDS+=+boost +boost-program_options +libopenssl +p11-kit +protobuf
+endef
+
+define Package/pdns-tools/description
+  PowerDNS is a versatile nameserver which supports a large number
+  of different backends ranging from simple zonefiles to relational
+  databases and load balancing/failover algorithms.
+  PowerDNS tries to emphasize speed and security.
+
+  This package contains several tools to debug DNS issues. These tools do not
+  require any part of the PowerDNS server components to work.
+
+    * dnsbulktest: A resolver stress-tester
+    * dnsgram: Show per 5-second statistics to study intermittent resolver issues
+    * dnsreplay: Replay a pcap with DNS queries
+    * dnsscan: Prints the query-type amounts in a pcap
+    * dnsscope: Calculates statistics without replaying traffic
+    * dnstcpbench: Perform TCP benchmarking of DNS servers
+    * dnswasher: Clean a pcap of identifying IP information
+    * ixplore: Explore diffs from IXFRs
+    * nsec3dig: Calculate the correctness of NSEC3 proofs
+    * saxfr: AXFR zones and show extra information
+endef
+
+define Package/pdns
+  $(call Package/pdns/Default)
+  DEPENDS+=+boost +boost-program_options +liblua +libopenssl +libsodium +libsqlite3 +p11-kit
+endef
+
+define Package/pdns/config
+	menu "Select PowerDNS backends"
+		depends on PACKAGE_pdns
+		comment "PowerDNS backends"
+
+		$(foreach backend,$(PDNS_BACKENDS), \
+			config PACKAGE_pdns-backend-$(backend)
+			prompt "$(PDNS_BACKEND_$(backend)_DESC) backend"
+			default m if ALL
+		)
+	endmenu
+endef
+
+
+# 1: short name
+# 2: dependencies on other PowerDNS libraries (short name)
+# 3: dependencies on other packages
+# 4: conditional/inward dependencies
+define DefinePdnsBackend
+  PDNS_DEPENDS+= +pdns-backend-$(1)
+  PKG_CONFIG_DEPENDS+= CONFIG_PACKAGE_pdns-backend$(1)
+
+  PDNS_BACKENDS+= $(1)
+
+  PDNS_BACKEND_$(1)_DESC=$(if $(5),$(5),$(1))
+  PDNS_BACKEND_$(1)_LIB=$(if $(4),$(4),$(1))
+
+  define Package/pdns-backend-$(1)
+    $(call Package/pdns/Default)
+    TITLE+= ($(1))
+    DEPENDS+= pdns $$(foreach backend,$(2),+pdns-backend-$$(backend)) $(3)
+    HIDDEN:=1
+  endef
+
+  define Package/pdns-backend-$(1)/description
+   PowerDNS is a versatile nameserver which supports a large number
+   of different backends ranging from simple zonefiles to relational
+   databases and load balancing/failover algorithms.
+   PowerDNS tries to emphasize speed and security.
+
+   This package contains the $(if $(5),$(5),$(1)) backend for the PowerDNS nameserver.
+  endef
+endef
+
+$(eval $(call DefinePdnsBackend,mysql,,libmysqlclient,gmysql,MySQL))
+$(eval $(call DefinePdnsBackend,odbc,,unixodbc,godbc,ODBC))
+$(eval $(call DefinePdnsBackend,pgsql,,libpq,gpgsql,PostgreSQL))
+$(eval $(call DefinePdnsBackend,sqlite3,,libsqlite3,gsqlite3,SQLite 3))
+$(eval $(call DefinePdnsBackend,ldap,,libopenldap krb5-libs,,OpenLDAP))
+$(eval $(call DefinePdnsBackend,lua,,lua liblua,,Lua))
+$(eval $(call DefinePdnsBackend,mydns,,libmysqlclient,,MyDNS))
+$(eval $(call DefinePdnsBackend,pipe,,,,Pipe))
+$(eval $(call DefinePdnsBackend,remote,,,,Remote))
+
+define Package/pdns/conffiles
+/etc/powerdns/pdns.conf
+/etc/init.d/pdns
+endef
+
+CONFIGURE_ARGS+= \
+	--sysconfdir=/etc/powerdns \
+	--libdir=/usr/lib/powerdns  \
+	--with-dynmodules="$(foreach backend,$(PDNS_BACKENDS),$(if $(CONFIG_PACKAGE_pdns-backend-$(backend)),$(PDNS_BACKEND_$(backend)_LIB),))" \
+	--with-modules="bind random" \
+	--with-mysql-lib=$(STAGING_DIR)/usr \
+	--with-mysql-includes=$(STAGING_DIR)/usr \
+	$(if $(CONFIG_PACKAGE_pdns-tools),--enable-tools,) \
+	--with-protobuf \
+	--enable-libsodium \
+	--enable-experimental-pkcs11
+
+define Package/pdns/install
+	$(INSTALL_DIR) $(1)/etc/powerdns
+	$(INSTALL_CONF) ./files/pdns.conf-dist $(1)/etc/powerdns/pdns.conf-dist
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/pdns.init $(1)/etc/init.d/pdns
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/pdns_control $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/pdnsutil $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/zone2sql $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/zone2json $(1)/usr/bin/
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/pdns_server $(1)/usr/sbin/
+endef
+
+define Package/pdns/Default/install
+	$(INSTALL_DIR) $(1)/usr/lib/powerdns/pdns
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/powerdns/pdns/lib$(PDNS_BACKEND_$(2)_LIB)backend.so $(1)/usr/lib/powerdns/pdns/
+endef
+
+define Package/pdns-tools/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/calidns $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/dnsbulktest $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/dnsgram $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/dnspcap2protobuf $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/dnsreplay $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/dnsscan $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/dnsscope $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/dnstcpbench $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/dnswasher $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/dumresp $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/ixplore $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/nproxy $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/nsec3dig $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/pdns_notify $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/saxfr $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/sdig $(1)/usr/bin/
+endef
+
+define BuildPdnsBackend
+  define Package/pdns-backend-$(1)/install
+	$(call Package/pdns/Default/install,$$(1),$(1))
+  endef
+
+  $$(eval $$(call BuildPackage,pdns-backend-$(1)))
+endef
+
+$(foreach backend,$(PDNS_BACKENDS),$(eval $(call BuildPdnsBackend,$(backend))))
+$(eval $(call BuildPackage,pdns))
+$(eval $(call BuildPackage,pdns-tools))
diff --git a/net/pdns/files/pdns.conf-dist b/net/pdns/files/pdns.conf-dist
new file mode 100644
index 000000000..e208c1b34
--- /dev/null
+++ b/net/pdns/files/pdns.conf-dist
@@ -0,0 +1,620 @@
+# Autogenerated configuration file template
+#################################
+# 8bit-dns	Allow 8bit dns queries
+#
+# 8bit-dns=no
+
+#################################
+# allow-axfr-ips	Allow zonetransfers only to these subnets
+#
+# allow-axfr-ips=127.0.0.0/8,::1
+
+#################################
+# allow-dnsupdate-from	A global setting to allow DNS updates from these IP ranges.
+#
+# allow-dnsupdate-from=127.0.0.0/8,::1
+
+#################################
+# allow-notify-from	Allow AXFR NOTIFY from these IP ranges. If empty, drop all incoming notifies.
+#
+# allow-notify-from=0.0.0.0/0,::/0
+
+#################################
+# allow-unsigned-notify	Allow unsigned notifications for TSIG secured domains
+#
+# allow-unsigned-notify=yes
+
+#################################
+# allow-unsigned-supermaster	Allow supermasters to create zones without TSIG signed NOTIFY
+#
+# allow-unsigned-supermaster=yes
+
+#################################
+# also-notify	When notifying a domain, also notify these nameservers
+#
+# also-notify=
+
+#################################
+# any-to-tcp	Answer ANY queries with tc=1, shunting to TCP
+#
+# any-to-tcp=yes
+
+#################################
+# api	Enable/disable the REST API (including HTTP listener)
+#
+# api=no
+
+#################################
+# api-key	Static pre-shared authentication key for access to the REST API
+#
+# api-key=
+
+#################################
+# api-logfile	Location of the server logfile (used by the REST API)
+#
+# api-logfile=/var/log/pdns.log
+
+#################################
+# api-readonly	Disallow data modification through the REST API when set
+#
+# api-readonly=no
+
+#################################
+# axfr-lower-serial	Also AXFR a zone from a master with a lower serial
+#
+# axfr-lower-serial=no
+
+#################################
+# cache-ttl	Seconds to store packets in the PacketCache
+#
+# cache-ttl=20
+
+#################################
+# carbon-interval	Number of seconds between carbon (graphite) updates
+#
+# carbon-interval=30
+
+#################################
+# carbon-ourname	If set, overrides our reported hostname for carbon stats
+#
+# carbon-ourname=
+
+#################################
+# carbon-server	If set, send metrics in carbon (graphite) format to this server IP address
+#
+# carbon-server=
+
+#################################
+# chroot	If set, chroot to this directory for more security
+#
+# chroot=
+
+#################################
+# config-dir	Location of configuration directory (pdns.conf)
+#
+# config-dir=/usr/local/etc
+
+#################################
+# config-name	Name of this virtual configuration - will rename the binary image
+#
+# config-name=
+
+#################################
+# control-console	Debugging switch - don't use
+#
+# control-console=no
+
+#################################
+# daemon	Operate as a daemon
+#
+# daemon=no
+
+#################################
+# default-ksk-algorithm	Default KSK algorithm
+#
+# default-ksk-algorithm=ecdsa256
+
+#################################
+# default-ksk-size	Default KSK size (0 means default)
+#
+# default-ksk-size=0
+
+#################################
+# default-soa-edit	Default SOA-EDIT value
+#
+# default-soa-edit=
+
+#################################
+# default-soa-edit-signed	Default SOA-EDIT value for signed zones
+#
+# default-soa-edit-signed=
+
+#################################
+# default-soa-mail	mail address to insert in the SOA record if none set in the backend
+#
+# default-soa-mail=
+
+#################################
+# default-soa-name	name to insert in the SOA record if none set in the backend
+#
+# default-soa-name=a.misconfigured.powerdns.server
+
+#################################
+# default-ttl	Seconds a result is valid if not set otherwise
+#
+# default-ttl=3600
+
+#################################
+# default-zsk-algorithm	Default ZSK algorithm
+#
+# default-zsk-algorithm=
+
+#################################
+# default-zsk-size	Default ZSK size (0 means default)
+#
+# default-zsk-size=0
+
+#################################
+# direct-dnskey	Fetch DNSKEY RRs from backend during DNSKEY synthesis
+#
+# direct-dnskey=no
+
+#################################
+# disable-axfr	Disable zonetransfers but do allow TCP queries
+#
+# disable-axfr=no
+
+#################################
+# disable-axfr-rectify	Disable the rectify step during an outgoing AXFR. Only required for regression testing.
+#
+# disable-axfr-rectify=no
+
+#################################
+# disable-syslog	Disable logging to syslog, useful when running inside a supervisor that logs stdout
+#
+# disable-syslog=no
+
+#################################
+# disable-tcp	Do not listen to TCP queries
+#
+# disable-tcp=no
+
+#################################
+# distributor-threads	Default number of Distributor (backend) threads to start
+#
+# distributor-threads=3
+
+#################################
+# dname-processing	If we should support DNAME records
+#
+# dname-processing=no
+
+#################################
+# dnssec-key-cache-ttl	Seconds to cache DNSSEC keys from the database
+#
+# dnssec-key-cache-ttl=30
+
+#################################
+# dnsupdate	Enable/Disable DNS update (RFC2136) support. Default is no.
+#
+# dnsupdate=no
+
+#################################
+# do-ipv6-additional-processing	Do AAAA additional processing
+#
+# do-ipv6-additional-processing=yes
+
+#################################
+# domain-metadata-cache-ttl	Seconds to cache domain metadata from the database
+#
+# domain-metadata-cache-ttl=60
+
+#################################
+# edns-subnet-processing	If we should act on EDNS Subnet options
+#
+# edns-subnet-processing=no
+
+#################################
+# entropy-source	If set, read entropy from this file
+#
+# entropy-source=/dev/urandom
+
+#################################
+# expand-alias	Expand ALIAS records
+#
+# expand-alias=no
+
+#################################
+# forward-dnsupdate	A global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master.
+#
+# forward-dnsupdate=yes
+
+#################################
+# forward-notify	IP addresses to forward received notifications to regardless of master or slave settings
+#
+# forward-notify=
+
+#################################
+# guardian	Run within a guardian process
+#
+# guardian=no
+
+#################################
+# include-dir	Include *.conf files from this directory
+#
+# include-dir=
+
+#################################
+# launch	Which backends to launch and order to query them in
+#
+# launch=
+
+#################################
+# load-modules	Load this module - supply absolute or relative path
+#
+# load-modules=
+
+#################################
+# local-address	Local IP addresses to which we bind
+#
+# local-address=0.0.0.0
+
+#################################
+# local-address-nonexist-fail	Fail to start if one or more of the local-address's do not exist on this server
+#
+# local-address-nonexist-fail=yes
+
+#################################
+# local-ipv6	Local IP address to which we bind
+#
+# local-ipv6=::
+
+#################################
+# local-ipv6-nonexist-fail	Fail to start if one or more of the local-ipv6 addresses do not exist on this server
+#
+# local-ipv6-nonexist-fail=yes
+
+#################################
+# local-port	The port on which we listen
+#
+# local-port=53
+
+#################################
+# log-dns-details	If PDNS should log DNS non-erroneous details
+#
+# log-dns-details=no
+
+#################################
+# log-dns-queries	If PDNS should log all incoming DNS queries
+#
+# log-dns-queries=no
+
+#################################
+# log-timestamp	Print timestamps in log lines
+#
+# log-timestamp=yes
+
+#################################
+# logging-facility	Log under a specific facility
+#
+# logging-facility=
+
+#################################
+# loglevel	Amount of logging. Higher is more. Do not set below 3
+#
+# loglevel=4
+
+#################################
+# lua-axfr-script	Script to be used to edit incoming AXFRs
+#
+# lua-axfr-script=
+
+#################################
+# lua-dnsupdate-policy-script	Lua script with DNS update policy handler
+#
+# lua-dnsupdate-policy-script=
+
+#################################
+# lua-prequery-script	Lua script with prequery handler (DO NOT USE)
+#
+# lua-prequery-script=
+
+#################################
+# master	Act as a master
+#
+# master=no
+
+#################################
+# max-cache-entries	Maximum number of entries in the query cache
+#
+# max-cache-entries=1000000
+
+#################################
+# max-ent-entries	Maximum number of empty non-terminals in a zone
+#
+# max-ent-entries=100000
+
+#################################
+# max-nsec3-iterations	Limit the number of NSEC3 hash iterations
+#
+# max-nsec3-iterations=500
+
+#################################
+# max-packet-cache-entries	Maximum number of entries in the packet cache
+#
+# max-packet-cache-entries=1000000
+
+#################################
+# max-queue-length	Maximum queuelength before considering situation lost
+#
+# max-queue-length=5000
+
+#################################
+# max-signature-cache-entries	Maximum number of signatures cache entries
+#
+# max-signature-cache-entries=
+
+#################################
+# max-tcp-connection-duration	Maximum time in seconds that a TCP DNS connection is allowed to stay open.
+#
+# max-tcp-connection-duration=0
+
+#################################
+# max-tcp-connections	Maximum number of TCP connections
+#
+# max-tcp-connections=20
+
+#################################
+# max-tcp-connections-per-client	Maximum number of simultaneous TCP connections per client
+#
+# max-tcp-connections-per-client=0
+
+#################################
+# max-tcp-transactions-per-conn	Maximum number of subsequent queries per TCP connection
+#
+# max-tcp-transactions-per-conn=0
+
+#################################
+# module-dir	Default directory for modules
+#
+# module-dir=/usr/local/lib/pdns
+
+#################################
+# negquery-cache-ttl	Seconds to store negative query results in the QueryCache
+#
+# negquery-cache-ttl=60
+
+#################################
+# no-shuffle	Set this to prevent random shuffling of answers - for regression testing
+#
+# no-shuffle=off
+
+#################################
+# non-local-bind	Enable binding to non-local addresses by using FREEBIND / BINDANY socket options
+#
+# non-local-bind=no
+
+#################################
+# only-notify	Only send AXFR NOTIFY to these IP addresses or netmasks
+#
+# only-notify=0.0.0.0/0,::/0
+
+#################################
+# out-of-zone-additional-processing	Do out of zone additional processing
+#
+# out-of-zone-additional-processing=yes
+
+#################################
+# outgoing-axfr-expand-alias	Expand ALIAS records during outgoing AXFR
+#
+# outgoing-axfr-expand-alias=no
+
+#################################
+# overload-queue-length	Maximum queuelength moving to packetcache only
+#
+# overload-queue-length=0
+
+#################################
+# prevent-self-notification	Don't send notifications to what we think is ourself
+#
+# prevent-self-notification=yes
+
+#################################
+# query-cache-ttl	Seconds to store query results in the QueryCache
+#
+# query-cache-ttl=20
+
+#################################
+# query-local-address	Source IP address for sending queries
+#
+# query-local-address=0.0.0.0
+
+#################################
+# query-local-address6	Source IPv6 address for sending queries
+#
+# query-local-address6=::
+
+#################################
+# query-logging	Hint backends that queries should be logged
+#
+# query-logging=no
+
+#################################
+# queue-limit	Maximum number of milliseconds to queue a query
+#
+# queue-limit=1500
+
+#################################
+# receiver-threads	Default number of receiver threads to start
+#
+# receiver-threads=1
+
+#################################
+# resolver	Use this resolver for ALIAS and the internal stub resolver
+#
+# resolver=no
+
+#################################
+# retrieval-threads	Number of AXFR-retrieval threads for slave operation
+#
+# retrieval-threads=2
+
+#################################
+# reuseport	Enable higher performance on compliant kernels by using SO_REUSEPORT allowing each receiver thread to open its own socket
+#
+# reuseport=no
+
+#################################
+# security-poll-suffix	Domain name from which to query security update notifications
+#
+# security-poll-suffix=secpoll.powerdns.com.
+
+#################################
+# server-id	Returned when queried for 'id.server' TXT or NSID, defaults to hostname - disabled or custom
+#
+# server-id=
+
+#################################
+# setgid	If set, change group id to this gid for more security
+#
+# setgid=
+
+#################################
+# setuid	If set, change user id to this uid for more security
+#
+# setuid=
+
+#################################
+# signing-threads	Default number of signer threads to start
+#
+# signing-threads=3
+
+#################################
+# slave	Act as a slave
+#
+# slave=no
+
+#################################
+# slave-cycle-interval	Schedule slave freshness checks once every .. seconds
+#
+# slave-cycle-interval=60
+
+#################################
+# slave-renotify	If we should send out notifications for slaved updates
+#
+# slave-renotify=no
+
+#################################
+# soa-expire-default	Default SOA expire
+#
+# soa-expire-default=604800
+
+#################################
+# soa-minimum-ttl	Default SOA minimum ttl
+#
+# soa-minimum-ttl=3600
+
+#################################
+# soa-refresh-default	Default SOA refresh
+#
+# soa-refresh-default=10800
+
+#################################
+# soa-retry-default	Default SOA retry
+#
+# soa-retry-default=3600
+
+#################################
+# socket-dir	Where the controlsocket will live, /var/run when unset and not chrooted
+#
+# socket-dir=
+
+#################################
+# tcp-control-address	If set, PowerDNS can be controlled over TCP on this address
+#
+# tcp-control-address=
+
+#################################
+# tcp-control-port	If set, PowerDNS can be controlled over TCP on this address
+#
+# tcp-control-port=53000
+
+#################################
+# tcp-control-range	If set, remote control of PowerDNS is possible over these networks only
+#
+# tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10
+
+#################################
+# tcp-control-secret	If set, PowerDNS can be controlled over TCP after passing this secret
+#
+# tcp-control-secret=
+
+#################################
+# tcp-fast-open	Enable TCP Fast Open support on the listening sockets, using the supplied numerical value as the queue size
+#
+# tcp-fast-open=0
+
+#################################
+# tcp-idle-timeout	Maximum time in seconds that a TCP DNS connection is allowed to stay open while being idle
+#
+# tcp-idle-timeout=5
+
+#################################
+# traceback-handler	Enable the traceback handler (Linux only)
+#
+# traceback-handler=yes
+
+#################################
+# trusted-notification-proxy	IP address of incoming notification proxy
+#
+# trusted-notification-proxy=
+
+#################################
+# udp-truncation-threshold	Maximum UDP response size before we truncate
+#
+# udp-truncation-threshold=1680
+
+#################################
+# version-string	PowerDNS version in packets - full, anonymous, powerdns or custom
+#
+# version-string=full
+
+#################################
+# webserver	Start a webserver for monitoring (api=yes also enables the HTTP listener)
+#
+# webserver=no
+
+#################################
+# webserver-address	IP Address of webserver/API to listen on
+#
+# webserver-address=127.0.0.1
+
+#################################
+# webserver-allow-from	Webserver/API access is only allowed from these subnets
+#
+# webserver-allow-from=127.0.0.1,::1
+
+#################################
+# webserver-password	Password required for accessing the webserver
+#
+# webserver-password=
+
+#################################
+# webserver-port	Port of webserver/API to listen on
+#
+# webserver-port=8081
+
+#################################
+# webserver-print-arguments	If the webserver should print arguments
+#
+# webserver-print-arguments=no
+
+#################################
+# write-pid	Write a PID file
+#
+# write-pid=yes
+
+#################################
+# xfr-max-received-mbytes	Maximum number of megabytes received from an incoming XFR
+#
+# xfr-max-received-mbytes=100
diff --git a/net/pdns/files/pdns.init b/net/pdns/files/pdns.init
new file mode 100644
index 000000000..85a14cdf3
--- /dev/null
+++ b/net/pdns/files/pdns.init
@@ -0,0 +1,14 @@
+#!/bin/sh /etc/rc.common
+START=99
+
+USE_PROCD=1
+
+start_service() {
+	[ -e /etc/powerdns/pdns.conf ] || return 1
+
+	procd_open_instance
+	procd_set_param command /usr/sbin/pdns_server --daemon=no --guardian=no
+	procd_set_param file /etc/powerdns/pdns.conf
+	procd_set_param respawn
+	procd_close_instance
+}
diff --git a/net/pdns/patches/100-lua-hpp.patch b/net/pdns/patches/100-lua-hpp.patch
new file mode 100644
index 000000000..fa8ac1dad
--- /dev/null
+++ b/net/pdns/patches/100-lua-hpp.patch
@@ -0,0 +1,60 @@
+--- a/pdns/Makefile.am
++++ b/pdns/Makefile.am
+@@ -54,7 +54,8 @@
+ 	bindparser.h \
+ 	named.conf.parsertest \
+ 	delaypipe.hh delaypipe.cc \
+-	pdns.service.in
++	pdns.service.in \
++	lua_hpp.mk
+ 
+ BUILT_SOURCES = \
+ 	bind-dnssec.schema.sqlite3.sql.h \
+@@ -109,6 +108,12 @@
+ 
+ endif
+ 
++if !HAVE_LUA_HPP
++BUILT_SOURCES += lua.hpp
++nodist_pdns_server_SOURCES = lua.hpp
++CLEANFILES += lua.hpp
++endif
++
+ EXTRA_PROGRAMS = \
+ 	calidns \
+ 	comfun \
+@@ -1303,3 +1305,7 @@
+ 	pdns.service \
+ 	pdns@.service
+ endif
++
++if !HAVE_LUA_HPP
++include lua_hpp.mk
++endif
+--- /dev/null
++++ b/pdns/lua_hpp.mk
+@@ -0,0 +1,6 @@
++lua.hpp:
++	$(AM_V_GEN)echo 'extern "C" {' > $@
++	@echo '#include "lua.h"' >> $@
++	@echo '#include "lualib.h"' >> $@
++	@echo '#include "lauxlib.h"' >> $@
++	@echo '}' >> $@
+--- a/modules/luabackend/Makefile.am
++++ b/modules/luabackend/Makefile.am
+@@ -15,5 +15,15 @@
+ 	slave.cc \
+ 	supermaster.cc
+ 
++if !HAVE_LUA_HPP
++BUILT_SOURCES = lua.hpp
++nodist_libluabackend_la_SOURCES = lua.hpp
++CLEANFILES = lua.hpp
++endif
++
+ libluabackend_la_LDFLAGS = -module -avoid-version
+ libluabackend_la_LIBADD = $(LUA_LIBS)
++
++if !HAVE_LUA_HPP
++include ../../pdns/lua_hpp.mk
++endif
diff --git a/net/pdns/patches/200-pdns-disable-pdns.conf-dist.patch b/net/pdns/patches/200-pdns-disable-pdns.conf-dist.patch
new file mode 100644
index 000000000..015efd7d7
--- /dev/null
+++ b/net/pdns/patches/200-pdns-disable-pdns.conf-dist.patch
@@ -0,0 +1,25 @@
+--- a/pdns/Makefile.am
++++ b/pdns/Makefile.am
+@@ -68,11 +68,9 @@
+ 	backends/gsql/gsqlbackend.gcda \
+ 	backends/gsql/gsqlbackend.gcno \
+ 	backends/gsql/gsqlbackend.gcov \
+-	dnsmessage.pb.cc dnsmessage.pb.h \
+-	pdns.conf-dist
++	dnsmessage.pb.cc dnsmessage.pb.h
+
+ noinst_SCRIPTS = pdns.init
+-sysconf_DATA = pdns.conf-dist
+
+ sbin_PROGRAMS = pdns_server
+ bin_PROGRAMS = \
+@@ -1124,9 +1122,6 @@
+ endif
+ endif
+
+-pdns.conf-dist: pdns_server
+-	$(AM_V_GEN)./pdns_server --no-config --config 2>/dev/null > $@
+-
+ testrunner_SOURCES = \
+ 	arguments.cc \
+ 	auth-caches.cc auth-caches.hh \
diff --git a/net/pdns/patches/300-libatomic-detect.patch b/net/pdns/patches/300-libatomic-detect.patch
new file mode 100644
index 000000000..29881cc4f
--- /dev/null
+++ b/net/pdns/patches/300-libatomic-detect.patch
@@ -0,0 +1,34 @@
+--- a/m4/pdns_check_os.m4
++++ b/m4/pdns_check_os.m4
+@@ -35,16 +35,21 @@
+   AM_CONDITIONAL([HAVE_LINUX], [test "x$have_linux" = "xyes"])
+   AM_CONDITIONAL([HAVE_SOLARIS], [test "x$have_solaris" = "xyes"])
+
+-  case "$host" in
+-  mips* | powerpc-* )
+-    AC_MSG_CHECKING([whether the linker accepts -latomic])
+-    LDFLAGS="-latomic $LDFLAGS"
+-    AC_LINK_IFELSE([m4_default([],[AC_LANG_PROGRAM()])],
+-      [AC_MSG_RESULT([yes])],
+-      [AC_MSG_ERROR([Unable to link against libatomic, cannot continue])]
+-    )
+-    ;;
+-  esac
++  AC_MSG_CHECKING([whether -latomic is needed for __atomic builtins])
++  AC_LINK_IFELSE(
++    [AC_LANG_PROGRAM([[#include <stdint.h>]],
++       [[uint64_t val = 0; __atomic_add_fetch(&val, 1, __ATOMIC_RELAXED);]]
++    )],
++    [AC_MSG_RESULT([no])],
++    [LIBS="$LIBS -latomic"
++     AC_LINK_IFELSE(
++       [AC_LANG_PROGRAM([[#include <stdint.h>]],
++               [[uint64_t val = 0; __atomic_add_fetch(&val, 1, __ATOMIC_RELAXED);]]
++       )],
++       [AC_MSG_RESULT([yes])],
++       [AC_MSG_FAILURE([libatomic needed, but linking with -latomic failed, cannot continue])]
++    )]
++  )
+
+   AC_SUBST(THREADFLAGS)
+   AC_SUBST([DYNLINKFLAGS], [-export-dynamic])