diff --git a/dns/Makefile b/dns/Makefile index bb1bcc5070ee..acf599c08636 100644 --- a/dns/Makefile +++ b/dns/Makefile @@ -42,6 +42,7 @@ SUBDIR += dnsproxy SUBDIR += dnsrecon SUBDIR += dnsreflector + SUBDIR += dnssec-rr SUBDIR += dnstable SUBDIR += dnstable-convert SUBDIR += dnstop diff --git a/dns/dnssec-rr/Makefile b/dns/dnssec-rr/Makefile new file mode 100644 index 000000000000..96d05c9969da --- /dev/null +++ b/dns/dnssec-rr/Makefile @@ -0,0 +1,46 @@ +PORTNAME= dnssec-rr +DISTVERSION= 0.2 +CATEGORIES= dns security +MASTER_SITES= https://git.sr.ht/~mcf/dnssec-rr/refs/download/${DISTVERSION}/ + +MAINTAINER= dch@FreeBSD.org +COMMENT= Set of C programs for working with DNSSEC +WWW= https://git.sr.ht/~mcf/dnssec-rr + +LICENSE= ISCL +LICENSE_FILE= ${WRKSRC}/LICENSE + +LIB_DEPENDS= libbearssl.so:security/bearssl + +USES= localbase:ldflags + +PLIST_FILES= bin/dnskey \ + bin/ds \ + bin/nsec \ + bin/rrsig \ + bin/tlsa \ + share/man/man1/dnskey.1.gz \ + share/man/man1/ds.1.gz \ + share/man/man1/nsec.1.gz \ + share/man/man1/rrsig.1.gz \ + share/man/man1/tlsa.1.gz + +PORTDOCS= README.md + +OPTIONS_DEFINE= DOCS + +do-install: + ${MKDIR} ${STAGEDIR}${MANDIRS}/man1 +.for i in dnskey ds nsec rrsig tlsa + ${INSTALL_MAN} ${WRKSRC}/$i.1 \ + ${STAGEDIR}${MANDIRS}/man1 + ${INSTALL_PROGRAM} ${WRKSRC}/$i \ + ${STAGEDIR}${PREFIX}/bin +.endfor + +do-install-DOCS-on: + ${MKDIR} ${STAGEDIR}${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/README.md \ + ${STAGEDIR}${DOCSDIR} + +.include diff --git a/dns/dnssec-rr/distinfo b/dns/dnssec-rr/distinfo new file mode 100644 index 000000000000..871b3d94cb5b --- /dev/null +++ b/dns/dnssec-rr/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1750592067 +SHA256 (dnssec-rr-0.2.tar.gz) = 658699a0c094ae1715c7b6bc2b638dac24f21f25c889aaf4c27359a4cf40bdaf +SIZE (dnssec-rr-0.2.tar.gz) = 19425 diff --git a/dns/dnssec-rr/files/patch-Makefile b/dns/dnssec-rr/files/patch-Makefile new file mode 100644 index 000000000000..94e2a03ba201 --- /dev/null +++ b/dns/dnssec-rr/files/patch-Makefile @@ -0,0 +1,10 @@ +--- Makefile.orig 2025-06-21 08:07:07 UTC ++++ Makefile +@@ -1,7 +1,5 @@ + .PHONY: all install clean + +--include config.mk +- + PREFIX?=/usr/local + BINDIR?=$(PREFIX)/bin + MANDIR?=$(PREFIX)/share/man diff --git a/dns/dnssec-rr/files/patch-zone.c b/dns/dnssec-rr/files/patch-zone.c new file mode 100644 index 000000000000..448e52f8b919 --- /dev/null +++ b/dns/dnssec-rr/files/patch-zone.c @@ -0,0 +1,10 @@ +--- zone.c.orig 2025-06-21 08:09:31 UTC ++++ zone.c +@@ -4,6 +4,7 @@ + #include + #include + #include ++#include + #include "dnssec.h" + + struct input { diff --git a/dns/dnssec-rr/pkg-descr b/dns/dnssec-rr/pkg-descr new file mode 100644 index 000000000000..ff114db05955 --- /dev/null +++ b/dns/dnssec-rr/pkg-descr @@ -0,0 +1,9 @@ +A set of tools for working with DNSSEC, using BearSSL for cryptography. + +- dnskey: generate DNSKEY records from private keys +- ds: generate DS records for parent zones +- nsec: generate NSEC records for zones +- rrsig: sign records in zones, generating RRSIG records +- tlsa: generate DANE TLSA records for certificates + +See also https://mforney.org/blog/2020-05-21-securing-your-zone-with-dnssec-and-dane.html