10 files changed, 701 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind-9.16.5/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind-9.16.5/0001-avoid-start-failure-with-bind-user.patch
new file mode 100644
index 0000000000..8db96ec049
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.16.5/0001-avoid-start-failure-with-bind-user.patch
@@ -0,0 +1,27 @@
+From 31dde3562f287429eea94b77250d184818b49063 Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Mon, 15 Oct 2018 16:55:09 +0800
+Subject: [PATCH] avoid start failure with bind user
+Upstream-Status: Pending
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ init.d | 1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/init.d b/init.d
+index b2eec60..6e03936 100644
+--- a/init.d
+++ b/init.d
+@@ -57,6 +57,7 @@ case "$1" in
+        modprobe capability >/dev/null 2>&1 || true
+        if [ ! -f /etc/bind/rndc.key ]; then
+            /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
+           chown root:bind /etc/bind/rndc.key >/dev/null 2>&1 || true
+            chmod 0640 /etc/bind/rndc.key
+        fi
+        if [ -f /var/run/named/named.pid ]; then
+-- 
+2.7.4
diff --git a/meta/recipes-connectivity/bind/bind-9.16.5/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.16.5/0001-named-lwresd-V-and-start-log-hide-build-options.patch
new file mode 100644
index 0000000000..5bcc16c9b2
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.16.5/0001-named-lwresd-V-and-start-log-hide-build-options.patch
@@ -0,0 +1,35 @@
+From a3af4a405baf5ff582e82aaba392dd9667d94bdc Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Mon, 27 Aug 2018 21:24:20 +0800
+Subject: [PATCH] `named/lwresd -V' and start log hide build options
+The build options expose build path directories, so hide them.
+[snip]
+$ named -V
+|built by make with *** (options are hidden)
+[snip]
+Upstream-Status: Inappropriate [oe-core specific]
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+Refreshed for 9.16.0
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ bin/named/include/named/globals.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+Index: bind-9.16.0/bin/named/include/named/globals.h
+===================================================================
+--- bind-9.16.0.orig/bin/named/include/named/globals.h
+++ bind-9.16.0/bin/named/include/named/globals.h
+@@ -69,7 +69,7 @@ EXTERN const char *named_g_version     I
+ EXTERN const char *named_g_product     INIT(PRODUCT);
+ EXTERN const char *named_g_description INIT(DESCRIPTION);
+ EXTERN const char *named_g_srcid       INIT(SRCID);
+-EXTERN const char *named_g_configargs  INIT(CONFIGARGS);
+EXTERN const char *named_g_configargs  INIT("*** (options are hidden)");
+ EXTERN const char *named_g_builder     INIT(BUILDER);
+ EXTERN in_port_t named_g_port         INIT(0);
+ EXTERN isc_dscp_t named_g_dscp        INIT(-1);
diff --git a/meta/recipes-connectivity/bind/bind-9.16.5/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind-9.16.5/bind-ensure-searching-for-json-headers-searches-sysr.patch
new file mode 100644
index 0000000000..f9cdc7ca4d
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.16.5/bind-ensure-searching-for-json-headers-searches-sysr.patch
@@ -0,0 +1,47 @@
+From edda20fb5a6e88548f85e39d34d6c074306e15bc Mon Sep 17 00:00:00 2001
+From: Paul Gortmaker <paul.gortmaker@windriver.com>
+Date: Tue, 9 Jun 2015 11:22:00 -0400
+Subject: [PATCH] bind: ensure searching for json headers searches sysroot
+Bind can fail configure by detecting headers w/o libs[1], or
+it can fail the host contamination check as per below:
+ERROR: This autoconf log indicates errors, it looked at host include and/or library paths while determining system capabilities.
+Rerun configure task after fixing this. The path was 'build/tmp/work/core2-64-poky-linux/bind/9.10.2-r1/build'
+ERROR: Function failed: do_qa_configure
+ERROR: Logfile of failure stored in: build/tmp/work/core2-64-poky-linux/bind/9.10.2-r1/temp/log.do_configure.5242
+ERROR: Task 5 (meta/recipes-connectivity/bind/bind_9.10.2.bb, do_configure) failed with exit code '1'
+NOTE: Tasks Summary: Attempted 773 tasks of which 768 didn't need to be rerun and 1 failed.
+No currently running tasks (773 of 781)
+Summary: 1 task failed:
+  /meta/recipes-connectivity/bind/bind_9.10.2.bb, do_configure
+One way to fix it would be to unconditionally disable json in bind
+configure[2] but here we fix it by using the path to where we would
+put the header if we had json in the sysroot, in case someone wants
+to make use of the combination some day.
+[1] https://trac.macports.org/ticket/45305
+[2] https://trac.macports.org/changeset/126406
+Upstream-Status: Inappropriate [OE Specific]
+Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+Index: bind-9.16.4/configure.ac
+===================================================================
+--- bind-9.16.4.orig/configure.ac
+++ bind-9.16.4/configure.ac
+@@ -1232,7 +1232,7 @@ case "$use_lmdb" in
+                LMDB_LIBS=""
+                ;;
+        auto|yes)
+-               for d in /usr /usr/local /opt/local
+               for d in "${STAGING_INCDIR}"
+                do
+                        if test -f "${d}/include/lmdb.h"
+                        then
diff --git a/meta/recipes-connectivity/bind/bind-9.16.5/bind9 b/meta/recipes-connectivity/bind/bind-9.16.5/bind9
new file mode 100644
index 0000000000..968679ff7f
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.16.5/bind9
@@ -0,0 +1,2 @@
+# startup options for the server
+OPTIONS="-u bind"
diff --git a/meta/recipes-connectivity/bind/bind-9.16.5/conf.patch b/meta/recipes-connectivity/bind/bind-9.16.5/conf.patch
new file mode 100644
index 0000000000..aad345f9fc
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.16.5/conf.patch
@@ -0,0 +1,330 @@
+Upstream-Status: Inappropriate [configuration]
+the patch is imported from openembedded project
+11/30/2010 - Qing He <qing.he@intel.com>
+diff -urN bind-9.3.1.orig/conf/db.0 bind-9.3.1/conf/db.0
+--- bind-9.3.1.orig/conf/db.0   1970-01-01 01:00:00.000000000 +0100
+++ bind-9.3.1/conf/db.0        2005-07-10 22:14:00.000000000 +0200
+@@ -0,0 +1,12 @@
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL   604800
+@      IN      SOA     localhost. root.localhost. (
+                             1         ; Serial
+                        604800         ; Refresh
+                         86400         ; Retry
+                       2419200         ; Expire
+                        604800 )       ; Negative Cache TTL
+;
+@      IN      NS      localhost.
+diff -urN bind-9.3.1.orig/conf/db.127 bind-9.3.1/conf/db.127
+--- bind-9.3.1.orig/conf/db.127 1970-01-01 01:00:00.000000000 +0100
+++ bind-9.3.1/conf/db.127      2005-07-10 22:14:00.000000000 +0200
+@@ -0,0 +1,13 @@
+;
+; BIND reverse data file for local loopback interface
+;
+$TTL   604800
+@      IN      SOA     localhost. root.localhost. (
+                             1         ; Serial
+                        604800         ; Refresh
+                         86400         ; Retry
+                       2419200         ; Expire
+                        604800 )       ; Negative Cache TTL
+;
+@      IN      NS      localhost.
+1.0.0  IN      PTR     localhost.
+diff -urN bind-9.3.1.orig/conf/db.empty bind-9.3.1/conf/db.empty
+--- bind-9.3.1.orig/conf/db.empty       1970-01-01 01:00:00.000000000 +0100
+++ bind-9.3.1/conf/db.empty    2005-07-10 22:14:00.000000000 +0200
+@@ -0,0 +1,14 @@
+; BIND reverse data file for empty rfc1918 zone
+;
+; DO NOT EDIT THIS FILE - it is used for multiple zones.
+; Instead, copy it, edit named.conf, and use that copy.
+;
+$TTL   86400
+@      IN      SOA     localhost. root.localhost. (
+                             1         ; Serial
+                        604800         ; Refresh
+                         86400         ; Retry
+                       2419200         ; Expire
+                         86400 )       ; Negative Cache TTL
+;
+@      IN      NS      localhost.
+diff -urN bind-9.3.1.orig/conf/db.255 bind-9.3.1/conf/db.255
+--- bind-9.3.1.orig/conf/db.255 1970-01-01 01:00:00.000000000 +0100
+++ bind-9.3.1/conf/db.255      2005-07-10 22:14:00.000000000 +0200
+@@ -0,0 +1,12 @@
+;
+; BIND reserve data file for broadcast zone
+;
+$TTL   604800
+@      IN      SOA     localhost. root.localhost. (
+                             1         ; Serial
+                        604800         ; Refresh
+                         86400         ; Retry
+                       2419200         ; Expire
+                        604800 )       ; Negative Cache TTL
+;
+@      IN      NS      localhost.
+diff -urN bind-9.3.1.orig/conf/db.local bind-9.3.1/conf/db.local
+--- bind-9.3.1.orig/conf/db.local       1970-01-01 01:00:00.000000000 +0100
+++ bind-9.3.1/conf/db.local    2005-07-10 22:14:00.000000000 +0200
+@@ -0,0 +1,13 @@
+;
+; BIND data file for local loopback interface
+;
+$TTL   604800
+@      IN      SOA     localhost. root.localhost. (
+                             1         ; Serial
+                        604800         ; Refresh
+                         86400         ; Retry
+                       2419200         ; Expire
+                        604800 )       ; Negative Cache TTL
+;
+@      IN      NS      localhost.
+@      IN      A       127.0.0.1
+diff -urN bind-9.3.1.orig/conf/db.root bind-9.3.1/conf/db.root
+--- bind-9.3.1.orig/conf/db.root        1970-01-01 01:00:00.000000000 +0100
+++ bind-9.3.1/conf/db.root     2005-07-10 22:14:00.000000000 +0200
+@@ -0,0 +1,45 @@
+
+; <<>> DiG 9.2.3 <<>> ns . @a.root-servers.net.
+;; global options:  printcmd
+;; Got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18944
+;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
+
+;; QUESTION SECTION:
+;.                             IN      NS
+
+;; ANSWER SECTION:
+.                      518400  IN      NS      A.ROOT-SERVERS.NET.
+.                      518400  IN      NS      B.ROOT-SERVERS.NET.
+.                      518400  IN      NS      C.ROOT-SERVERS.NET.
+.                      518400  IN      NS      D.ROOT-SERVERS.NET.
+.                      518400  IN      NS      E.ROOT-SERVERS.NET.
+.                      518400  IN      NS      F.ROOT-SERVERS.NET.
+.                      518400  IN      NS      G.ROOT-SERVERS.NET.
+.                      518400  IN      NS      H.ROOT-SERVERS.NET.
+.                      518400  IN      NS      I.ROOT-SERVERS.NET.
+.                      518400  IN      NS      J.ROOT-SERVERS.NET.
+.                      518400  IN      NS      K.ROOT-SERVERS.NET.
+.                      518400  IN      NS      L.ROOT-SERVERS.NET.
+.                      518400  IN      NS      M.ROOT-SERVERS.NET.
+
+;; ADDITIONAL SECTION:
+A.ROOT-SERVERS.NET.    3600000 IN      A       198.41.0.4
+B.ROOT-SERVERS.NET.    3600000 IN      A       192.228.79.201
+C.ROOT-SERVERS.NET.    3600000 IN      A       192.33.4.12
+D.ROOT-SERVERS.NET.    3600000 IN      A       128.8.10.90
+E.ROOT-SERVERS.NET.    3600000 IN      A       192.203.230.10
+F.ROOT-SERVERS.NET.    3600000 IN      A       192.5.5.241
+G.ROOT-SERVERS.NET.    3600000 IN      A       192.112.36.4
+H.ROOT-SERVERS.NET.    3600000 IN      A       128.63.2.53
+I.ROOT-SERVERS.NET.    3600000 IN      A       192.36.148.17
+J.ROOT-SERVERS.NET.    3600000 IN      A       192.58.128.30
+K.ROOT-SERVERS.NET.    3600000 IN      A       193.0.14.129
+L.ROOT-SERVERS.NET.    3600000 IN      A       198.32.64.12
+M.ROOT-SERVERS.NET.    3600000 IN      A       202.12.27.33
+
+;; Query time: 81 msec
+;; SERVER: 198.41.0.4#53(a.root-servers.net.)
+;; WHEN: Sun Feb  1 11:27:14 2004
+;; MSG SIZE  rcvd: 436
+
+diff -urN bind-9.3.1.orig/conf/named.conf bind-9.3.1/conf/named.conf
+--- bind-9.3.1.orig/conf/named.conf     1970-01-01 01:00:00.000000000 +0100
+++ bind-9.3.1/conf/named.conf  2005-07-10 22:33:46.000000000 +0200
+@@ -0,0 +1,49 @@
+// This is the primary configuration file for the BIND DNS server named.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+
+// prime the server with knowledge of the root servers
+zone "." {
+       type hint;
+       file "/etc/bind/db.root";
+};
+
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+       type master;
+       file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+       type master;
+       file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+       type master;
+       file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+       type master;
+       file "/etc/bind/db.255";
+};
+
+// zone "com" { type delegation-only; };
+// zone "net" { type delegation-only; };
+
+// From the release notes:
+//  Because many of our users are uncomfortable receiving undelegated answers
+//  from root or top level domains, other than a few for whom that behaviour
+//  has been trusted and expected for quite some length of time, we have now
+//  introduced the "root-delegations-only" feature which applies delegation-only
+//  logic to all top level domains, and to the root domain.  An exception list
+//  should be specified, including "MUSEUM" and "DE", and any other top level
+//  domains from whom undelegated responses are expected and trusted.
+// root-delegation-only exclude { "DE"; "MUSEUM"; };
+
+include "/etc/bind/named.conf.local";
+diff -urN bind-9.3.1.orig/conf/named.conf.local bind-9.3.1/conf/named.conf.local
+--- bind-9.3.1.orig/conf/named.conf.local       1970-01-01 01:00:00.000000000 +0100
+++ bind-9.3.1/conf/named.conf.local    2005-07-10 22:14:06.000000000 +0200
+@@ -0,0 +1,8 @@
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+diff -urN bind-9.3.1.orig/conf/named.conf.options bind-9.3.1/conf/named.conf.options
+--- bind-9.3.1.orig/conf/named.conf.options     1970-01-01 01:00:00.000000000 +0100
+++ bind-9.3.1/conf/named.conf.options  2005-07-10 22:14:06.000000000 +0200
+@@ -0,0 +1,24 @@
+options {
+       directory "/var/cache/bind";
+
+       // If there is a firewall between you and nameservers you want
+       // to talk to, you might need to uncomment the query-source
+       // directive below.  Previous versions of BIND always asked
+       // questions using port 53, but BIND 8.1 and later use an unprivileged
+       // port by default.
+
+       // query-source address * port 53;
+
+       // If your ISP provided one or more IP addresses for stable 
+       // nameservers, you probably want to use them as forwarders.  
+       // Uncomment the following block, and insert the addresses replacing 
+       // the all-0's placeholder.
+
+       // forwarders {
+       //      0.0.0.0;
+       // };
+
+       auth-nxdomain no;    # conform to RFC1035
+
+};
+
+diff -urN bind-9.3.1.orig/conf/zones.rfc1918 bind-9.3.1/conf/zones.rfc1918
+--- bind-9.3.1.orig/conf/zones.rfc1918  1970-01-01 01:00:00.000000000 +0100
+++ bind-9.3.1/conf/zones.rfc1918       2005-07-10 22:14:10.000000000 +0200
+@@ -0,0 +1,20 @@
+zone "10.in-addr.arpa"      { type master; file "/etc/bind/db.empty"; };
+ 
+zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "23.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
+
+zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+diff -urN bind-9.3.1.orig/init.d bind-9.3.1/init.d
+--- bind-9.3.1.orig/init.d      1970-01-01 01:00:00.000000000 +0100
+++ bind-9.3.1/init.d   2005-07-10 23:09:58.000000000 +0200
+@@ -0,0 +1,70 @@
+#!/bin/sh
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+
+# for a chrooted server: "-u bind -t /var/lib/named"
+# Don't modify this line, change or create /etc/default/bind9.
+OPTIONS=""
+
+test -f /etc/default/bind9 && . /etc/default/bind9
+
+test -x /usr/sbin/rndc || exit 0
+
+case "$1" in
+    start)
+       echo -n "Starting domain name service: named"
+
+       modprobe capability >/dev/null 2>&1 || true
+       if [ ! -f /etc/bind/rndc.key ]; then
+           /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
+           chmod 0640 /etc/bind/rndc.key
+       fi
+       if [ -f /var/run/named/named.pid ]; then
+           ps `cat /var/run/named/named.pid` > /dev/null && exit 1
+       fi
+
+       # dirs under /var/run can go away on reboots.
+       mkdir -p /var/run/named
+       mkdir -p /var/cache/bind
+       chmod 775 /var/run/named
+       chown root:bind /var/run/named >/dev/null 2>&1 || true
+
+       if [ ! -x /usr/sbin/named ]; then
+           echo "named binary missing - not starting"
+           exit 1
+       fi
+       if start-stop-daemon --start --quiet --exec /usr/sbin/named \
+               --pidfile /var/run/named/named.pid -- $OPTIONS; then
+           if [ -x /sbin/resolvconf ] ; then
+               echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo
+           fi
+       fi
+       echo "."        
+    ;;
+
+    stop)
+       echo -n "Stopping domain name service: named"
+       if [ -x /sbin/resolvconf ]; then
+           /sbin/resolvconf -d lo
+       fi
+       /usr/sbin/rndc stop >/dev/null 2>&1
+       echo "."        
+    ;;
+
+    reload)
+       /usr/sbin/rndc reload
+    ;;
+
+    restart|force-reload)
+       $0 stop
+       sleep 2
+       $0 start
+    ;;
+    
+    *)
+       echo "Usage: /etc/init.d/bind {start|stop|reload|restart|force-reload}" >&2
+       exit 1
+    ;;
+esac
+
+exit 0
diff --git a/meta/recipes-connectivity/bind/bind-9.16.5/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind-9.16.5/generate-rndc-key.sh
new file mode 100644
index 0000000000..ef915c0ae5
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.16.5/generate-rndc-key.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+if [ ! -s /etc/bind/rndc.key ]; then
+    echo -n "Generating /etc/bind/rndc.key:"
+    /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
+    chown root:bind /etc/bind/rndc.key
+    chmod 0640 /etc/bind/rndc.key
+fi
diff --git a/meta/recipes-connectivity/bind/bind-9.16.5/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind-9.16.5/init.d-add-support-for-read-only-rootfs.patch
new file mode 100644
index 0000000000..11db95ede1
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.16.5/init.d-add-support-for-read-only-rootfs.patch
@@ -0,0 +1,65 @@
+Subject: init.d: add support for read-only rootfs
+Upstream-Status: Inappropriate [oe specific]
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ init.d |   40 ++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 40 insertions(+)
+diff --git a/init.d b/init.d
+index 0111ed4..24677c8 100644
+--- a/init.d
+++ b/init.d
+@@ -6,8 +6,48 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin
+ # Don't modify this line, change or create /etc/default/bind9.
+ OPTIONS=""
+ 
+test -f /etc/default/rcS && . /etc/default/rcS
+ test -f /etc/default/bind9 && . /etc/default/bind9
+ 
+# This function is here because it's possible that /var and / are on different partitions.
+is_on_read_only_partition () {
+    DIRECTORY=$1
+    dir=`readlink -f $DIRECTORY`
+    while true; do
+       if [ ! -d "$dir" ]; then
+           echo "ERROR: $dir is not a directory"
+           exit 1
+       else
+           for flag in `awk -v dir=$dir '{ if ($2 == dir) { print "FOUND"; split($4,FLAGS,",") } }; \
+               END { for (f in FLAGS) print FLAGS[f] }' < /proc/mounts`; do
+               [ "$flag" = "FOUND" ] && partition="read-write"
+               [ "$flag" = "ro" ] && { partition="read-only"; break; }
+           done
+           if [ "$dir" = "/" -o -n "$partition" ]; then
+               break
+           else
+               dir=`dirname $dir`
+           fi
+       fi
+    done
+    [ "$partition" = "read-only" ] && echo "yes" || echo "no"
+}
+
+bind_mount () {
+    olddir=$1
+    newdir=$2
+    mkdir -p $olddir
+    cp -a $newdir/* $olddir
+    mount --bind $olddir $newdir
+}
+
+# Deal with read-only rootfs
+if [ "$ROOTFS_READ_ONLY" = "yes" ]; then
+    [ "$VERBOSE" != "no" ] && echo "WARN: start bind service in read-only rootfs"
+    [ `is_on_read_only_partition /etc/bind` = "yes" ] && bind_mount /var/volatile/bind/etc /etc/bind
+    [ `is_on_read_only_partition /var/named` = "yes" ] && bind_mount /var/volatile/bind/named /var/named
+fi
+
+ test -x /usr/sbin/rndc || exit 0
+ 
+ case "$1" in
+-- 
+1.7.9.5
diff --git a/meta/recipes-connectivity/bind/bind-9.16.5/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind-9.16.5/make-etc-initd-bind-stop-work.patch
new file mode 100644
index 0000000000..146f3e35db
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.16.5/make-etc-initd-bind-stop-work.patch
@@ -0,0 +1,42 @@
+bind: make "/etc/init.d/bind stop" work
+Upstream-Status: Inappropriate [configuration]
+Add some configurations, make rndc command be able to controls
+the named daemon.
+Signed-off-by: Roy Li <rongqing.li@windriver.com>
+---
+ conf/named.conf |    5 +++++
+ conf/rndc.conf  |    5 +++++
+ 2 files changed, 10 insertions(+), 0 deletions(-)
+ create mode 100644 conf/rndc.conf
+diff --git a/conf/named.conf b/conf/named.conf
+index 95829cf..c8899e7 100644
+--- a/conf/named.conf
+++ b/conf/named.conf
+@@ -47,3 +47,8 @@ zone "255.in-addr.arpa" {
+ // root-delegation-only exclude { "DE"; "MUSEUM"; };
+ 
+ include "/etc/bind/named.conf.local";
+include "/etc/bind/rndc.key" ;
+controls {
+       inet 127.0.0.1 allow { localhost; }
+       keys { rndc-key; };
+};
+diff --git a/conf/rndc.conf b/conf/rndc.conf
+new file mode 100644
+index 0000000..a0b481d
+--- /dev/null
+++ b/conf/rndc.conf
+@@ -0,0 +1,5 @@
+include "/etc/bind/rndc.key";
+options {
+       default-server  localhost;
+       default-key     rndc-key;
+};
+-- 
+1.7.5.4
diff --git a/meta/recipes-connectivity/bind/bind-9.16.5/named.service b/meta/recipes-connectivity/bind/bind-9.16.5/named.service
new file mode 100644
index 0000000000..cda56ef015
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.16.5/named.service
@@ -0,0 +1,22 @@
+[Unit]
+Description=Berkeley Internet Name Domain (DNS)
+Wants=nss-lookup.target
+Before=nss-lookup.target
+After=network.target
+[Service]
+Type=forking
+EnvironmentFile=-/etc/default/bind9
+PIDFile=/run/named/named.pid
+ExecStartPre=@SBINDIR@/generate-rndc-key.sh
+ExecStart=@SBINDIR@/named $OPTIONS
+ExecReload=@BASE_BINDIR@/sh -c '@SBINDIR@/rndc reload > /dev/null 2>&1 || @BASE_BINDIR@/kill -HUP $MAINPID'
+ExecStop=@BASE_BINDIR@/sh -c '@SBINDIR@/rndc stop > /dev/null 2>&1 || @BASE_BINDIR@/kill -TERM $MAINPID'
+PrivateTmp=true
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/bind/bind_9.16.5.bb b/meta/recipes-connectivity/bind/bind_9.16.5.bb
new file mode 100644
index 0000000000..07efafde70
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind_9.16.5.bb
@@ -0,0 +1,123 @@
+SUMMARY = "ISC Internet Domain Name Server"
+HOMEPAGE = "http://www.isc.org/sw/bind/"
+SECTION = "console/network"
+LICENSE = "MPL-2.0"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=188b8d0644bd6835df43b84e3f180be1"
+DEPENDS = "openssl libcap zlib libuv"
+SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
+           file://conf.patch \
+           file://named.service \
+           file://bind9 \
+           file://generate-rndc-key.sh \
+           file://make-etc-initd-bind-stop-work.patch \
+           file://init.d-add-support-for-read-only-rootfs.patch \
+           file://bind-ensure-searching-for-json-headers-searches-sysr.patch \
+           file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
+           file://0001-avoid-start-failure-with-bind-user.patch \
+           "
+SRC_URI[sha256sum] = "6378b3e51fef11a8be4794dc48e8111ba92d211c0dfd129a0c296ed06a3dc075"
+UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
+# stay at 9.16 follow the ESV versions divisible by 4
+UPSTREAM_CHECK_REGEX = "(?P<pver>9.(16|20|24|28)(\.\d+)+(-P\d+)*)/"
+inherit autotools update-rc.d systemd useradd pkgconfig multilib_header
+# PACKAGECONFIGs readline and libedit should NOT be set at same time
+PACKAGECONFIG ?= "readline"
+PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2"
+PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline"
+PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit"
+PACKAGECONFIG[python3] = "--with-python=yes --with-python-install-dir=${PYTHON_SITEPACKAGES_DIR} , --without-python, python3-ply-native,"
+EXTRA_OECONF = " --with-libtool --disable-devpoll --enable-epoll \
+                 --with-gssapi=no --with-lmdb=no --with-zlib \
+                 --sysconfdir=${sysconfdir}/bind \
+                 --with-openssl=${STAGING_DIR_HOST}${prefix} \
+               "
+LDFLAGS_append = " -lz"
+inherit ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3native distutils3-base', '', d)}
+# dhcp needs .la so keep them
+REMOVE_LIBTOOL_LA = "0"
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \
+                       --user-group bind"
+INITSCRIPT_NAME = "bind"
+INITSCRIPT_PARAMS = "defaults"
+SYSTEMD_SERVICE_${PN} = "named.service"
+do_install_append() {
+        rmdir "${D}${localstatedir}/run"
+        rmdir --ignore-fail-on-non-empty "${D}${localstatedir}"
+        install -d -o bind "${D}${localstatedir}/cache/bind"
+        install -d "${D}${sysconfdir}/bind"
+        install -d "${D}${sysconfdir}/init.d"
+        install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/"
+        install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind"
+        if ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'true', 'false', d)}; then
+                sed -i -e '1s,#!.*python3,#! /usr/bin/python3,' \
+                ${D}${sbindir}/dnssec-coverage \
+                ${D}${sbindir}/dnssec-checkds \
+                ${D}${sbindir}/dnssec-keymgr
+        fi
+        # Install systemd related files
+        install -d ${D}${sbindir}
+        install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir}
+        install -d ${D}${systemd_unitdir}/system
+        install -m 0644 ${WORKDIR}/named.service ${D}${systemd_unitdir}/system
+        sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
+               -e 's,@SBINDIR@,${sbindir},g' \
+               ${D}${systemd_unitdir}/system/named.service
+        install -d ${D}${sysconfdir}/default
+        install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default
+        if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+                install -d ${D}${sysconfdir}/tmpfiles.d
+                echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf
+        fi
+    oe_multilib_header isc/platform.h
+}
+CONFFILES_${PN} = " \
+        ${sysconfdir}/bind/named.conf \
+        ${sysconfdir}/bind/named.conf.local \
+        ${sysconfdir}/bind/named.conf.options \
+        ${sysconfdir}/bind/db.0 \
+        ${sysconfdir}/bind/db.127 \
+        ${sysconfdir}/bind/db.empty \
+        ${sysconfdir}/bind/db.local \
+        ${sysconfdir}/bind/db.root \
+        "
+ALTERNATIVE_${PN}-utils = "nslookup"
+ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup"
+ALTERNATIVE_PRIORITY = "100"
+PACKAGE_BEFORE_PN += "${PN}-utils"
+FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate"
+FILES_${PN}-dev += "${bindir}/isc-config.h"
+FILES_${PN} += "${sbindir}/generate-rndc-key.sh"
+PACKAGE_BEFORE_PN += "${PN}-libs"
+FILES_${PN}-libs = "${libdir}/*.so* ${libdir}/named/*.so*"
+FILES_${PN}-staticdev += "${libdir}/*.la"
+PACKAGE_BEFORE_PN += "${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3-bind', '', d)}"
+FILES_python3-bind = "${sbindir}/dnssec-coverage ${sbindir}/dnssec-checkds \
+                ${sbindir}/dnssec-keymgr ${PYTHON_SITEPACKAGES_DIR}"
+RDEPENDS_${PN}-dev = ""
+RDEPENDS_python3-bind = "python3-core python3-ply"