Add 'nixpkgs/' from commit 'abf060725d7614bd3b9f96764262dfbc2f9c2199'

git-subtree-dir: nixpkgs
git-subtree-mainline: 4e31070265257dc67d120c27e0f75c2344fdfa9a
git-subtree-split: abf060725d7614bd3b9f96764262dfbc2f9c2199

14 files changed, 862 insertions, 0 deletions

diff --git a/nixpkgs/pkgs/servers/dns/bind/darwin-openssl-linking-fix.patch b/nixpkgs/pkgs/servers/dns/bind/darwin-openssl-linking-fix.patch
new file mode 100644
index 000000000000..8276c28c3f4b
--- /dev/null
+++ b/nixpkgs/pkgs/servers/dns/bind/darwin-openssl-linking-fix.patch
@@ -0,0 +1,26 @@
+diff --git a/configure b/configure
+index b9ad66b..a2a7382 100755
+--- a/configure
++++ b/configure
+@@ -16033,21 +16033,6 @@ $as_echo "not found" >&6; }
+ 			*-hp-hpux*)
+ 				DST_OPENSSL_LIBS="-L$use_openssl/lib -Wl,+b: -lcrypto"
+ 				;;
+-			*-apple-darwin*)
+-				#
+-				# Apple's ld seaches for serially for dynamic
+-				# then static libraries.  This means you can't
+-				# use -L to override dynamic system libraries
+-				# with static ones when linking.  Instead
+-				# we specify a absolute path.
+-				#
+-				if test -f "$use_openssl/lib/libcrypto.dylib"
+-				then
+-					DST_OPENSSL_LIBS="-L$use_openssl/lib -lcrypto"
+-				else
+-					DST_OPENSSL_LIBS="$use_openssl/lib/libcrypto.a"
+-				fi
+-				;;
+ 			*)
+ 				DST_OPENSSL_LIBS="-L$use_openssl/lib -lcrypto"
+ 				;;
diff --git a/nixpkgs/pkgs/servers/dns/bind/default.nix b/nixpkgs/pkgs/servers/dns/bind/default.nix
new file mode 100644
index 000000000000..74e1fda2d423
--- /dev/null
+++ b/nixpkgs/pkgs/servers/dns/bind/default.nix
@@ -0,0 +1,87 @@
+{ stdenv, lib, fetchurl
+, perl
+, libcap, libtool, libxml2, openssl
+, enablePython ? false, python3 ? null
+, enableSeccomp ? false, libseccomp ? null, buildPackages
+}:
+
+assert enableSeccomp -> libseccomp != null;
+assert enablePython -> python3 != null;
+
+let version = "9.12.3-P1"; in
+
+stdenv.mkDerivation rec {
+  name = "bind-${version}";
+
+  src = fetchurl {
+    url = "https://ftp.isc.org/isc/bind9/${version}/${name}.tar.gz";
+    sha256 = "0wzdbn6ig851354cjdys5q3gvqcvl2gmmih1gzr8ldl7sy4r7dvc";
+  };
+
+  outputs = [ "out" "lib" "dev" "man" "dnsutils" "host" ];
+
+  patches = [ ./dont-keep-configure-flags.patch ./remove-mkdir-var.patch ] ++
+    stdenv.lib.optional stdenv.isDarwin ./darwin-openssl-linking-fix.patch;
+
+  nativeBuildInputs = [ perl ];
+  buildInputs = [ libtool libxml2 openssl ]
+    ++ lib.optional stdenv.isLinux libcap
+    ++ lib.optional enableSeccomp libseccomp
+    ++ lib.optional enablePython python3;
+
+  STD_CDEFINES = [ "-DDIG_SIGCHASE=1" ]; # support +sigchase
+
+  depsBuildBuild = [ buildPackages.stdenv.cc ];
+
+  configureFlags = [
+    "--localstatedir=/var"
+    "--with-libtool"
+    "--with-libxml2=${libxml2.dev}"
+    "--with-openssl=${openssl.dev}"
+    (if enablePython then "--with-python" else "--without-python")
+    "--without-atf"
+    "--without-dlopen"
+    "--without-docbook-xsl"
+    "--without-gssapi"
+    "--without-idn"
+    "--without-idnlib"
+    "--without-lmdb"
+    "--without-libjson"
+    "--without-pkcs11"
+    "--without-purify"
+    "--with-randomdev=/dev/random"
+    "--with-ecdsa"
+    "--with-gost"
+    "--without-eddsa"
+    "--with-aes"
+  ] ++ lib.optional stdenv.isLinux "--with-libcap=${libcap.dev}"
+    ++ lib.optional enableSeccomp "--enable-seccomp";
+
+  postInstall = ''
+    moveToOutput bin/bind9-config $dev
+    moveToOutput bin/isc-config.sh $dev
+
+    moveToOutput bin/host $host
+
+    moveToOutput bin/dig $dnsutils
+    moveToOutput bin/nslookup $dnsutils
+    moveToOutput bin/nsupdate $dnsutils
+
+    for f in "$lib/lib/"*.la "$dev/bin/"{isc-config.sh,bind*-config}; do
+      sed -i "$f" -e 's|-L${openssl.dev}|-L${openssl.out}|g'
+    done
+  '';
+
+  doCheck = false; # requires root and the net
+
+  meta = {
+    homepage = http://www.isc.org/software/bind;
+    description = "Domain name server";
+    license = stdenv.lib.licenses.mpl20;
+
+    maintainers = with stdenv.lib.maintainers; [peti];
+    platforms = with stdenv.lib.platforms; unix;
+
+    outputsToInstall = [ "out" "dnsutils" "host" ];
+  };
+}
diff --git a/nixpkgs/pkgs/servers/dns/bind/dont-keep-configure-flags.patch b/nixpkgs/pkgs/servers/dns/bind/dont-keep-configure-flags.patch
new file mode 100644
index 000000000000..5a934056d13d
--- /dev/null
+++ b/nixpkgs/pkgs/servers/dns/bind/dont-keep-configure-flags.patch
@@ -0,0 +1,41 @@
+diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h
+index 388dc97..3c6135c 100644
+--- a/bin/named/include/named/globals.h
++++ b/bin/named/include/named/globals.h
+@@ -65,7 +65,9 @@ EXTERN const char *		named_g_version		INIT(VERSION);
+ EXTERN const char *		named_g_product		INIT(PRODUCT);
+ EXTERN const char *		named_g_description	INIT(DESCRIPTION);
+ EXTERN const char *		named_g_srcid		INIT(SRCID);
++#if 0
+ EXTERN const char *		named_g_configargs	INIT(CONFIGARGS);
++#endif
+ EXTERN const char *		named_g_builder		INIT(BUILDER);
+ EXTERN in_port_t		named_g_port		INIT(0);
+ EXTERN isc_dscp_t		named_g_dscp		INIT(-1);
+diff --git a/bin/named/main.c b/bin/named/main.c
+index 4fb0566..60d56cd 100644
+--- a/bin/named/main.c
++++ b/bin/named/main.c
+@@ -672,8 +672,10 @@ parse_command_line(int argc, char *argv[]) {
+ 			       (*named_g_description != '\0') ? " " : "",
+ 			       named_g_description, named_g_srcid);
+ 			printf("running on %s\n", named_os_uname());
++			#if 0
+ 			printf("built by %s with %s\n",
+ 			       named_g_builder, named_g_configargs);
++			#endif
+ #ifdef __clang__
+ 			printf("compiled by CLANG %s\n", __VERSION__);
+ #else
+@@ -1075,9 +1077,11 @@ setup(void) {
+ 		      NAMED_LOGMODULE_MAIN, ISC_LOG_NOTICE,
+ 		      "running on %s", named_os_uname());
+ 
++#if 0
+ 	isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
+ 		      NAMED_LOGMODULE_MAIN, ISC_LOG_NOTICE,
+ 		      "built with %s", named_g_configargs);
++#endif
+ 
+ 	isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
+ 		      NAMED_LOGMODULE_MAIN, ISC_LOG_NOTICE,
diff --git a/nixpkgs/pkgs/servers/dns/bind/remove-mkdir-var.patch b/nixpkgs/pkgs/servers/dns/bind/remove-mkdir-var.patch
new file mode 100644
index 000000000000..d0dcd580c20a
--- /dev/null
+++ b/nixpkgs/pkgs/servers/dns/bind/remove-mkdir-var.patch
@@ -0,0 +1,12 @@
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -53,8 +53,7 @@ docclean manclean maintainer-clean::
+ doc man:: ${MANOBJS}
+ 
+ installdirs:
+-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir} \
+-	${DESTDIR}${localstatedir}/run ${DESTDIR}${sysconfdir}
++	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir} ${DESTDIR}${sysconfdir}
+	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1
+ 
+ install:: isc-config.sh installdirs
diff --git a/nixpkgs/pkgs/servers/dns/coredns/default.nix b/nixpkgs/pkgs/servers/dns/coredns/default.nix
new file mode 100644
index 000000000000..bc01d9946c71
--- /dev/null
+++ b/nixpkgs/pkgs/servers/dns/coredns/default.nix
@@ -0,0 +1,25 @@
+{ stdenv, buildGoPackage, fetchFromGitHub }:
+
+buildGoPackage rec {
+  name = "coredns-${version}";
+  version = "005";
+
+  goPackagePath = "github.com/miekg/coredns";
+  subPackages = [ "." ];
+
+  src = fetchFromGitHub {
+    owner = "miekg";
+    repo = "coredns";
+    rev = "v${version}";
+    sha256 = "15q8l4apspaw1xbbb9j1d8s2cc5zrgycan6iq597ga9m0vyf7wiw";
+  };
+
+  goDeps = ./deps.nix;
+
+  meta = with stdenv.lib; {
+    homepage = https://coredns.io;
+    description = "A DNS server that runs middleware";
+    license = licenses.asl20;
+    maintainers = [ maintainers.rushmorem maintainers.rtreffer ];
+  };
+}
diff --git a/nixpkgs/pkgs/servers/dns/coredns/deps.nix b/nixpkgs/pkgs/servers/dns/coredns/deps.nix
new file mode 100644
index 000000000000..18bd2b1f85d8
--- /dev/null
+++ b/nixpkgs/pkgs/servers/dns/coredns/deps.nix
@@ -0,0 +1,317 @@
+[
+  {
+    goPackagePath = "github.com/cockroachdb/cmux";
+    fetch = {
+      type = "git";
+      url = "https://github.com/cockroachdb/cmux";
+      rev = "30d10be492927e2dcae0089c374c455d42414fcb";
+      sha256 = "0ixif6hwcm2dpi1si5ah49dmdyy5chillz1048jpvjzwzxyfv1nx";
+    };
+  }
+  {
+    goPackagePath = "github.com/coreos/go-semver";
+    fetch = {
+      type = "git";
+      url = "https://github.com/coreos/go-semver";
+      rev = "5e3acbb5668c4c3deb4842615c4098eb61fb6b1e";
+      sha256 = "0kbfr8q7s10z2r01xvbv6i31n4wq6z1qvgfj7njgbcgb65bkjjrh";
+    };
+  }
+  {
+    goPackagePath = "github.com/eapache/go-xerial-snappy";
+    fetch = {
+      type = "git";
+      url = "https://github.com/eapache/go-xerial-snappy";
+      rev = "bb955e01b9346ac19dc29eb16586c90ded99a98c";
+      sha256 = "1zhxcil8hn88hvxr2d6rmj4cls5zgss1scj0ikwiqq89f8vcgwn4";
+    };
+  }
+  {
+    goPackagePath = "github.com/eapache/queue";
+    fetch = {
+      type = "git";
+      url = "https://github.com/eapache/queue";
+      rev = "44cc805cf13205b55f69e14bcb69867d1ae92f98";
+      sha256 = "07dp54n94gn3gsvdcki56yqh7py7wqqigxbamhxwgbr05n61fqyg";
+    };
+  }
+  {
+    goPackagePath = "github.com/flynn/go-shlex";
+    fetch = {
+      type = "git";
+      url = "https://github.com/flynn/go-shlex";
+      rev = "3f9db97f856818214da2e1057f8ad84803971cff";
+      sha256 = "1j743lysygkpa2s2gii2xr32j7bxgc15zv4113b0q9jhn676ysia";
+    };
+  }
+  {
+    goPackagePath = "github.com/fsnotify/fsnotify";
+    fetch = {
+      type = "git";
+      url = "https://github.com/fsnotify/fsnotify";
+      rev = "a904159b9206978bb6d53fcc7a769e5cd726c737";
+      sha256 = "0qq758fcnhlqa1913jki79a1ic7p2iczdx1l2mn8s886nxydn0fi";
+    };
+  }
+  {
+    goPackagePath = "github.com/golang/snappy";
+    fetch = {
+      type = "git";
+      url = "https://github.com/golang/snappy";
+      rev = "553a641470496b2327abcac10b36396bd98e45c9";
+      sha256 = "0kssxnih1l722hx9219c7javganjqkqhvl3i0hp0hif6xm6chvqk";
+    };
+  }
+  {
+    goPackagePath = "github.com/go-logfmt/logfmt";
+    fetch = {
+      type = "git";
+      url = "https://github.com/go-logfmt/logfmt";
+      rev = "390ab7935ee28ec6b286364bba9b4dd6410cb3d5";
+      sha256 = "1gkgh3k5w1xwb2qbjq52p6azq3h1c1rr6pfwjlwj1zrijpzn2xb9";
+    };
+  }
+  {
+    goPackagePath = "github.com/hashicorp/golang-lru";
+    fetch = {
+      type = "git";
+      url = "https://github.com/hashicorp/golang-lru";
+      rev = "0a025b7e63adc15a622f29b0b2c4c3848243bbf6";
+      sha256 = "1iq7lbpsz7ks052mpznmkf8s4k43p51z4dik2n9ivrxk666q2wxi";
+    };
+  }
+  {
+    goPackagePath = "github.com/hashicorp/go-syslog";
+    fetch = {
+      type = "git";
+      url = "https://github.com/hashicorp/go-syslog";
+      rev = "b609c7d9de4658cded34a7336b90886c56f9dbdb";
+      sha256 = "1k0dqkizj4vwgdsb7x7fzmcgz9079sczhpn9whd0r3xcnqs7pkkb";
+    };
+  }
+  {
+    goPackagePath = "github.com/klauspost/crc32";
+    fetch = {
+      type = "git";
+      url = "https://github.com/klauspost/crc32";
+      rev = "1bab8b35b6bb565f92cbc97939610af9369f942a";
+      sha256 = "0n71bf2xkrk3b6svzsph3brwvam0cbz21pcwyymdw8scdn7mmyak";
+    };
+  }
+  {
+    goPackagePath = "github.com/mholt/caddy";
+    fetch = {
+      type = "git";
+      url = "https://github.com/mholt/caddy";
+      rev = "60838710883baa70cf6aae08e73820b21134ee72";
+      sha256 = "15dx12sap8ziwyn2wkgiy7fj1s320444zh0pn32mwjvn065c2k3z";
+    };
+  }
+  {
+    goPackagePath = "github.com/miekg/coredns";
+    fetch = {
+      type = "git";
+      url = "https://github.com/miekg/coredns";
+      rev = "a7c9fd5d6b5157958a3df8dba0cdc1f24407957b";
+      sha256 = "11zbwx74hhgrd3qlwm91gqw6zcj4yf7af54cn3183ca8v66f3xyf";
+    };
+  }
+  {
+    goPackagePath = "github.com/miekg/dns";
+    fetch = {
+      type = "git";
+      url = "https://github.com/miekg/dns";
+      rev = "75229eecb7af00b2736e93b779a78429dcb19472";
+      sha256 = "1vsjy07kkyx11iz4qsihhykac3ddq3ywdgv6bwrv407504f7x6wl";
+    };
+  }
+  {
+    goPackagePath = "github.com/opentracing/opentracing-go";
+    fetch = {
+      type = "git";
+      url = "https://github.com/opentracing/opentracing-go";
+      rev = "6edb48674bd9467b8e91fda004f2bd7202d60ce4";
+      sha256 = "0kwighhdm187b1yzcccm4hpy7m5sv1dij5ckg31n2614xvpippby";
+    };
+  }
+  {
+    goPackagePath = "github.com/openzipkin/zipkin-go-opentracing";
+    fetch = {
+      type = "git";
+      url = "https://github.com/openzipkin/zipkin-go-opentracing";
+      rev = "6022d4d3ed39632fad842942bda1813a9b4f63c8";
+      sha256 = "0gg9g2nxjf9almgzhx5sgqvbcx4zwvs873nl1d62jb6kqhsr8sjd";
+    };
+  }
+  {
+    goPackagePath = "github.com/pierrec/lz4";
+    fetch = {
+      type = "git";
+      url = "https://github.com/pierrec/lz4";
+      rev = "5c9560bfa9ace2bf86080bf40d46b34ae44604df";
+      sha256 = "0j74a3xc48ispj8sb9c2sd1h53q99ws0f2x827b5p86xlpam8xyj";
+    };
+  }
+  {
+    goPackagePath = "github.com/prometheus/procfs";
+    fetch = {
+      type = "git";
+      url = "https://github.com/prometheus/procfs";
+      rev = "a1dba9ce8baed984a2495b658c82687f8157b98f";
+      sha256 = "1k2460bjzsm238sqx7wi42bym5bk7ybdr4qadk9szdbv65hh8vf6";
+    };
+  }
+  {
+    goPackagePath = "github.com/rcrowley/go-metrics";
+    fetch = {
+      type = "git";
+      url = "https://github.com/rcrowley/go-metrics";
+      rev = "1f30fe9094a513ce4c700b9a54458bbb0c96996c";
+      sha256 = "1hvbiaq4b6dqgjz6jkkxglfh9gf71zin6qsg508sh0r0ixfavrzj";
+    };
+  }
+  {
+    goPackagePath = "github.com/Shopify/sarama";
+    fetch = {
+      type = "git";
+      url = "https://github.com/Shopify/sarama";
+      rev = "1416bd78f804d523005322194994f08c2a0ad797";
+      sha256 = "1skfkb1yhwf8w2n31dawr1kk145h3nwdf7xmm6yrwn69vbv8jqns";
+    };
+  }
+  {
+    goPackagePath = "github.com/apache/thrift";
+    fetch = {
+      type = "git";
+      url = "https://github.com/apache/thrift";
+      rev = "655b9b6ef86c45b423a194abee2a9cd057a16a74";
+      sha256 = "1kagirgxy2a9iabm8i32i5hdr36v5p0h651bsbyr0l99970myqfp";
+    };
+  }
+  {
+    goPackagePath = "github.com/beorn7/perks";
+    fetch = {
+      type = "git";
+      url = "https://github.com/beorn7/perks";
+      rev = "4c0e84591b9aa9e6dcfdf3e020114cd81f89d5f9";
+      sha256 = "1hrybsql68xw57brzj805xx2mghydpdiysv3gbhr7f5wlxj2514y";
+    };
+  }
+  {
+    goPackagePath = "github.com/coreos/etcd";
+    fetch = {
+      type = "git";
+      url = "https://github.com/coreos/etcd";
+      rev = "2533c2a50c4b6114ad6fd4c0000175fac3b6ee06";
+      sha256 = "0z8byms8hfn7ncq8sqcw9avn9nfal5hw75ckbladd6gzjc8jay02";
+    };
+  }
+  {
+    goPackagePath = "github.com/davecgh/go-spew";
+    fetch = {
+      type = "git";
+      url = "https://github.com/davecgh/go-spew";
+      rev = "346938d642f2ec3594ed81d874461961cd0faa76";
+      sha256 = "0d4jfmak5p6lb7n2r6yvf5p1zcw0l8j74kn55ghvr7zr7b7axm6c";
+    };
+  }
+  {
+    goPackagePath = "github.com/eapache/go-resiliency";
+    fetch = {
+      type = "git";
+      url = "https://github.com/eapache/go-resiliency";
+      rev = "b86b1ec0dd4209a588dc1285cdd471e73525c0b3";
+      sha256 = "1kzv95bh3nidm2cr7iv9lk3s2qiw1i17n8gyl2x6xk6qv8b0bc21";
+    };
+  }
+  {
+    goPackagePath = "github.com/gogo/protobuf";
+    fetch = {
+      type = "git";
+      url = "https://github.com/gogo/protobuf";
+      rev = "d2e1ade2d719b78fe5b061b4c18a9f7111b5bdc8";
+      sha256 = "1fh4jyxv1drh9jmadidrlszcnjp4zfazysbq5075lqd1mhq99lz0";
+    };
+  }
+  {
+    goPackagePath = "github.com/golang/protobuf";
+    fetch = {
+      type = "git";
+      url = "https://github.com/golang/protobuf";
+      rev = "69b215d01a5606c843240eab4937eab3acee6530";
+      sha256 = "1cy9jxqi6ba5qnjmvznlq49n2zzr5vqgky6pa9mckrbli8ssvzw7";
+    };
+  }
+  {
+    goPackagePath = "github.com/matttproud/golang_protobuf_extensions";
+    fetch = {
+      type = "git";
+      url = "https://github.com/matttproud/golang_protobuf_extensions";
+      rev = "c12348ce28de40eed0136aa2b644d0ee0650e56c";
+      sha256 = "1d0c1isd2lk9pnfq2nk0aih356j30k3h1gi2w0ixsivi5csl7jya";
+    };
+  }
+  {
+    goPackagePath = "github.com/pierrec/xxHash";
+    fetch = {
+      type = "git";
+      url = "https://github.com/pierrec/xxHash";
+      rev = "5a004441f897722c627870a981d02b29924215fa";
+      sha256 = "146ibrgvgh61jhbbv9wks0mabkci3s0m68sg6shmlv1yixkw6gja";
+    };
+  }
+  {
+    goPackagePath = "github.com/prometheus/client_golang";
+    fetch = {
+      type = "git";
+      url = "https://github.com/prometheus/client_golang";
+      rev = "6ab3432d241cbe3cb7543da7e7e9a934c7e9fe76";
+      sha256 = "19phcsvq1gn53af3nnh1lvvyzg8kpwribka9mszk18jv7l6nq9mf";
+    };
+  }
+  {
+    goPackagePath = "github.com/prometheus/client_model";
+    fetch = {
+      type = "git";
+      url = "https://github.com/prometheus/client_model";
+      rev = "6f3806018612930941127f2a7c6c453ba2c527d2";
+      sha256 = "1413ibprinxhni51p0755dp57r9wvbw7xgj9nmdaxmhzlqhc86j4";
+    };
+  }
+  {
+    goPackagePath = "github.com/prometheus/common";
+    fetch = {
+      type = "git";
+      url = "https://github.com/prometheus/common";
+      rev = "3007b6072c17c8d985734e6e19b1dea9174e13d3";
+      sha256 = "0jpvnmzqbzy2krwzan7pp3bc8pj9f1qic98lqq4hanccr0g5cmk3";
+    };
+  }
+  {
+    goPackagePath = "github.com/ugorji/go";
+    fetch = {
+      type = "git";
+      url = "https://github.com/ugorji/go";
+      rev = "c88ee250d0221a57af388746f5cf03768c21d6e2";
+      sha256 = "0ylb5p5i9hln8chq8whk5iy8qypjpzyrp07zpwjd1zbf5nsm1nmv";
+    };
+  }
+  {
+    goPackagePath = "golang.org/x/net";
+    fetch = {
+      type = "git";
+      url = "https://go.googlesource.com/net";
+      rev = "6b27048ae5e6ad1ef927e72e437531493de612fe";
+      sha256 = "08zk0vavl7g6jzklhxhwrgcjh42mn2flbx2d2rxsblyxkbqri07j";
+    };
+  }
+  {
+    goPackagePath = "golang.org/x/sys";
+    fetch = {
+      type = "git";
+      url = "https://go.googlesource.com/sys";
+      rev = "075e574b89e4c2d22f2286a7e2b919519c6f3547";
+      sha256 = "1p38siwqcbd592lphaqpigl7scshkfy67k6jcwscbcsl6akw51km";
+    };
+  }
+]
diff --git a/nixpkgs/pkgs/servers/dns/dnsdist/default.nix b/nixpkgs/pkgs/servers/dns/dnsdist/default.nix
new file mode 100644
index 000000000000..6757542050af
--- /dev/null
+++ b/nixpkgs/pkgs/servers/dns/dnsdist/default.nix
@@ -0,0 +1,35 @@
+{ stdenv, fetchurl, pkgconfig, systemd
+, boost, libsodium, libedit, re2
+, net_snmp, lua, protobuf, openssl }: stdenv.mkDerivation rec {
+  name = "dnsdist-${version}";
+  version = "1.3.2";
+
+  src = fetchurl {
+    url = "https://downloads.powerdns.com/releases/dnsdist-${version}.tar.bz2";
+    sha256 = "1i3b1vpk9a8zbx9aby2s1ckkzhlvzgn11hcgj3b8x2j1b9771rqb";
+  };
+
+  nativeBuildInputs = [ pkgconfig ];
+  buildInputs = [ systemd boost libsodium libedit re2 net_snmp lua protobuf openssl ];
+
+  configureFlags = [
+    "--enable-libsodium"
+    "--enable-re2"
+    "--enable-dnscrypt"
+    "--enable-dns-over-tls"
+    "--with-protobuf=yes"
+    "--with-net-snmp"
+    "--disable-dependency-tracking"
+    "--enable-unit-tests"
+    "--enable-systemd"
+  ];
+
+  doCheck = true;
+
+  meta = with stdenv.lib; {
+    description = "DNS Loadbalancer";
+    homepage = "https://dnsdist.org";
+    license = licenses.gpl2;
+    maintainers = with maintainers; [ das_j ];
+  };
+}
diff --git a/nixpkgs/pkgs/servers/dns/doh-proxy/default.nix b/nixpkgs/pkgs/servers/dns/doh-proxy/default.nix
new file mode 100644
index 000000000000..ac44dbbf04d1
--- /dev/null
+++ b/nixpkgs/pkgs/servers/dns/doh-proxy/default.nix
@@ -0,0 +1,22 @@
+{ lib, python3Packages }:
+
+python3Packages.buildPythonApplication rec {
+  pname = "doh-proxy";
+  version = "0.0.8";
+
+  src = python3Packages.fetchPypi {
+    inherit pname version;
+    sha256 = "0mfl84mcklby6cnsw29kpcxj7mh1cx5yw6mjs4sidr1psyni7x6c";
+  };
+
+  propagatedBuildInputs = with python3Packages;
+    [ aioh2 dnspython aiohttp-remotes pytestrunner flake8 ];
+  doCheck = false; # Trouble packaging unittest-data-provider
+
+  meta = with lib; {
+    homepage = https://facebookexperimental.github.io/doh-proxy/;
+    description = "A proof of concept DNS-Over-HTTPS proxy";
+    license = licenses.bsd3;
+    maintainers = [ maintainers.qyliss ];
+  };
+}
diff --git a/nixpkgs/pkgs/servers/dns/knot-dns/default.nix b/nixpkgs/pkgs/servers/dns/knot-dns/default.nix
new file mode 100644
index 000000000000..2ff80906c01b
--- /dev/null
+++ b/nixpkgs/pkgs/servers/dns/knot-dns/default.nix
@@ -0,0 +1,45 @@
+{ stdenv, fetchurl, pkgconfig, gnutls, liburcu, lmdb, libcap_ng, libidn2, libunistring
+, systemd, nettle, libedit, zlib, libiconv, libintl
+}:
+
+let inherit (stdenv.lib) optional optionals; in
+
+# Note: ATM only the libraries have been tested in nixpkgs.
+stdenv.mkDerivation rec {
+  name = "knot-dns-${version}";
+  version = "2.7.4";
+
+  src = fetchurl {
+    url = "https://secure.nic.cz/files/knot-dns/knot-${version}.tar.xz";
+    sha256 = "0x7xx6jh4x8ljnvj30zh3n1zw5jkhla62dv9i75v0rwgrpxy5sxc";
+  };
+
+  outputs = [ "bin" "out" "dev" ];
+
+  nativeBuildInputs = [ pkgconfig ];
+  buildInputs = [
+    gnutls liburcu libidn2 libunistring
+    nettle libedit
+    libiconv lmdb libintl
+    # without sphinx &al. for developer documentation
+  ]
+    ++ optionals stdenv.isLinux [ libcap_ng systemd ]
+    ++ optional stdenv.isDarwin zlib; # perhaps due to gnutls
+
+  enableParallelBuilding = true;
+
+  CFLAGS = [ "-O2" "-DNDEBUG" ];
+
+  doCheck = true;
+  doInstallCheck = false; # needs pykeymgr?
+
+  postInstall = ''rm -r "$out"/var "$out"/lib/*.la'';
+
+  meta = with stdenv.lib; {
+    description = "Authoritative-only DNS server from .cz domain registry";
+    homepage = https://knot-dns.cz;
+    license = licenses.gpl3Plus;
+    platforms = platforms.unix;
+    maintainers = [ maintainers.vcunat ];
+  };
+}
diff --git a/nixpkgs/pkgs/servers/dns/knot-resolver/default.nix b/nixpkgs/pkgs/servers/dns/knot-resolver/default.nix
new file mode 100644
index 000000000000..b4768f32bf16
--- /dev/null
+++ b/nixpkgs/pkgs/servers/dns/knot-resolver/default.nix
@@ -0,0 +1,87 @@
+{ stdenv, fetchurl, runCommand, pkgconfig, hexdump, which
+, knot-dns, luajit, libuv, lmdb, gnutls, nettle
+, cmocka, systemd, dns-root-data, makeWrapper
+, extraFeatures ? false /* catch-all if defaults aren't enough */
+, luajitPackages
+}:
+let # un-indented, over the whole file
+
+result = if extraFeatures then wrapped-full else unwrapped;
+
+inherit (stdenv.lib) optional concatStringsSep;
+
+unwrapped = stdenv.mkDerivation rec {
+  name = "knot-resolver-${version}";
+  version = "3.2.0";
+
+  src = fetchurl {
+    url = "https://secure.nic.cz/files/knot-resolver/${name}.tar.xz";
+    sha256 = "924f1aebad04cacbc4545571239914d2c42e9253784c0df0f391dfad97c59f42";
+  };
+
+  outputs = [ "out" "dev" ];
+
+  configurePhase = "patchShebangs scripts/";
+
+  nativeBuildInputs = [ pkgconfig which hexdump ];
+
+  # http://knot-resolver.readthedocs.io/en/latest/build.html#requirements
+  buildInputs = [ knot-dns luajit libuv gnutls nettle lmdb ]
+    ++ optional stdenv.isLinux systemd # sd_notify
+    ## optional dependencies; TODO: libedit, dnstap
+    ;
+
+  checkInputs = [ cmocka ];
+
+  makeFlags = [
+    "PREFIX=$(out)"
+    "ROOTHINTS=${dns-root-data}/root.hints"
+    "KEYFILE_DEFAULT=${dns-root-data}/root.ds"
+  ];
+  CFLAGS = [ "-O2" "-DNDEBUG" ];
+
+  enableParallelBuilding = true;
+
+  doCheck = true;
+  doInstallCheck = false; # FIXME
+  preInstallCheck = ''
+    patchShebangs tests/config/runtest.sh
+  '';
+
+  postInstall = ''
+    rm "$out"/etc/knot-resolver/root.hints # using system-wide instead
+  '';
+
+  meta = with stdenv.lib; {
+    description = "Caching validating DNS resolver, from .cz domain registry";
+    homepage = https://knot-resolver.cz;
+    license = licenses.gpl3Plus;
+    # Platforms using negative pointers for stack won't work ATM due to LuaJIT impl.
+    platforms = filter (p: p != "aarch64-linux") platforms.unix;
+    maintainers = [ maintainers.vcunat /* upstream developer */ ];
+  };
+};
+
+wrapped-full = with luajitPackages; let
+    luaPkgs =  [
+      luasec luasocket # trust anchor bootstrap, prefill module
+      lfs # prefill module
+      # Almost all is for the 'http' module:
+      http cqueues fifo lpeg lpeg_patterns luaossl compat53 basexx
+    ];
+  in runCommand unwrapped.name
+  {
+    nativeBuildInputs = [ makeWrapper ];
+    preferLocalBuild = true;
+    allowSubstitutes = false;
+  }
+  ''
+    mkdir -p "$out/sbin" "$out/share"
+    makeWrapper '${unwrapped}/sbin/kresd' "$out"/sbin/kresd \
+      --set LUA_PATH  '${concatStringsSep ";" (map getLuaPath  luaPkgs)}' \
+      --set LUA_CPATH '${concatStringsSep ";" (map getLuaCPath luaPkgs)}'
+    ln -sr '${unwrapped}/share/man' "$out"/share/
+    ln -sr "$out"/{sbin,bin}
+  '';
+
+in result
diff --git a/nixpkgs/pkgs/servers/dns/nsd/default.nix b/nixpkgs/pkgs/servers/dns/nsd/default.nix
new file mode 100644
index 000000000000..8c0fc7377661
--- /dev/null
+++ b/nixpkgs/pkgs/servers/dns/nsd/default.nix
@@ -0,0 +1,61 @@
+{ stdenv, fetchurl, libevent, openssl
+, bind8Stats       ? false
+, checking         ? false
+, ipv6             ? true
+, mmap             ? false
+, minimalResponses ? true
+, nsec3            ? true
+, ratelimit        ? false
+, recvmmsg         ? false
+, rootServer       ? false
+, rrtypes          ? false
+, zoneStats        ? false
+
+, configFile ? "etc/nsd/nsd.conf"
+}:
+
+stdenv.mkDerivation rec {
+  name = "nsd-4.1.26";
+
+  src = fetchurl {
+    url = "https://www.nlnetlabs.nl/downloads/nsd/${name}.tar.gz";
+    sha256 = "1x0mvj4872dzj1rr9adnchdm4dhn41xmc459p5j4s0r13m1l32lz";
+  };
+
+  prePatch = ''
+    substituteInPlace nsd-control-setup.sh.in --replace openssl ${openssl}/bin/openssl
+  '';
+
+  buildInputs = [ libevent openssl ];
+
+  configureFlags =
+    let edf = c: o: if c then ["--enable-${o}"] else ["--disable-${o}"];
+     in edf bind8Stats       "bind8-stats"
+     ++ edf checking         "checking"
+     ++ edf ipv6             "ipv6"
+     ++ edf mmap             "mmap"
+     ++ edf minimalResponses "minimal-responses"
+     ++ edf nsec3            "nsec3"
+     ++ edf ratelimit        "ratelimit"
+     ++ edf recvmmsg         "recvmmsg"
+     ++ edf rootServer       "root-server"
+     ++ edf rrtypes          "draft-rrtypes"
+     ++ edf zoneStats        "zone-stats"
+     ++ [ "--with-ssl=${openssl.dev}"
+          "--with-libevent=${libevent.dev}"
+          "--with-nsd_conf_file=${configFile}"
+          "--with-configdir=etc/nsd"
+        ];
+
+  patchPhase = ''
+    sed 's@$(INSTALL_DATA) nsd.conf.sample $(DESTDIR)$(nsdconfigfile).sample@@g' -i Makefile.in
+  '';
+
+  meta = with stdenv.lib; {
+    homepage = http://www.nlnetlabs.nl;
+    description = "Authoritative only, high performance, simple and open source name server";
+    license = licenses.bsd3;
+    platforms = platforms.unix;
+    maintainers = [ maintainers.hrdinka ];
+  };
+}
diff --git a/nixpkgs/pkgs/servers/dns/pdns-recursor/default.nix b/nixpkgs/pkgs/servers/dns/pdns-recursor/default.nix
new file mode 100644
index 000000000000..e4a4bcf5760a
--- /dev/null
+++ b/nixpkgs/pkgs/servers/dns/pdns-recursor/default.nix
@@ -0,0 +1,38 @@
+{ stdenv, fetchurl, pkgconfig, boost
+, openssl, systemd, lua, luajit, protobuf
+, enableProtoBuf ? false
+}:
+assert enableProtoBuf -> protobuf != null;
+
+with stdenv.lib;
+
+stdenv.mkDerivation rec {
+  name = "pdns-recursor-${version}";
+  version = "4.1.8";
+
+  src = fetchurl {
+    url = "https://downloads.powerdns.com/releases/pdns-recursor-${version}.tar.bz2";
+    sha256 = "1xg5swappik8v5mjyl7magw7picf5cqp6rbhckd6ijssz16qzy38";
+  };
+
+  nativeBuildInputs = [ pkgconfig ];
+  buildInputs = [
+    boost openssl systemd
+    lua luajit
+  ] ++ optional enableProtoBuf protobuf;
+
+  configureFlags = [
+    "--enable-reproducible"
+    "--with-systemd"
+  ];
+
+  enableParallelBuilding = true;
+
+  meta = {
+    description = "A recursive DNS server";
+    homepage = https://www.powerdns.com/;
+    platforms = platforms.linux;
+    license = licenses.gpl2;
+    maintainers = with maintainers; [ rnhmjoj ];
+  };
+}
diff --git a/nixpkgs/pkgs/servers/dns/powerdns/default.nix b/nixpkgs/pkgs/servers/dns/powerdns/default.nix
new file mode 100644
index 000000000000..f9f94f002a36
--- /dev/null
+++ b/nixpkgs/pkgs/servers/dns/powerdns/default.nix
@@ -0,0 +1,52 @@
+{ stdenv, fetchurl, pkgconfig
+, boost, libyamlcpp, libsodium, sqlite, protobuf, botan2
+, mysql57, postgresql, lua, openldap, geoip, curl, opendbx, unixODBC
+}:
+
+stdenv.mkDerivation rec {
+  name = "powerdns-${version}";
+  version = "4.1.5";
+
+  src = fetchurl {
+    url = "https://downloads.powerdns.com/releases/pdns-${version}.tar.bz2";
+    sha256 = "12jgkdsh6hzaznq6y9y7hfdpjhnn7ar2qn7x706k9iyqcq55faf3";
+  };
+
+  nativeBuildInputs = [ pkgconfig ];
+  buildInputs = [
+    boost mysql57.connector-c postgresql lua openldap sqlite protobuf geoip
+    libyamlcpp libsodium curl opendbx unixODBC botan2
+  ];
+
+  patches = [
+    # checksum type not found, maybe a dependency is to old?
+    ./skip-sha384-test.patch
+  ];
+
+  # nix destroy with-modules arguments, when using configureFlags
+  preConfigure = ''
+    configureFlagsArray=(
+      "--with-modules=bind gmysql geoip godbc gpgsql gsqlite3 ldap lua mydns opendbx pipe random remote"
+      --with-sqlite3
+      --with-socketdir=/var/lib/powerdns
+      --enable-libsodium
+      --enable-botan
+      --enable-tools
+      --disable-dependency-tracking
+      --disable-silent-rules
+      --enable-reproducible
+      --enable-unit-tests
+    )
+  '';
+
+  doCheck = true;
+
+  meta = with stdenv.lib; {
+    description = "Authoritative DNS server";
+    homepage = https://www.powerdns.com;
+    platforms = platforms.linux;
+    # cannot find postgresql libs on macos x
+    license = licenses.gpl2;
+    maintainers = with maintainers; [ mic92 disassembler ];
+  };
+}
diff --git a/nixpkgs/pkgs/servers/dns/powerdns/skip-sha384-test.patch b/nixpkgs/pkgs/servers/dns/powerdns/skip-sha384-test.patch
new file mode 100644
index 000000000000..3fafb38c48fb
--- /dev/null
+++ b/nixpkgs/pkgs/servers/dns/powerdns/skip-sha384-test.patch
@@ -0,0 +1,14 @@
+--- pdns-4.1.1.org/pdns/test-signers.cc	2018-02-17 11:43:15.953228279 +0000
++++ pdns-4.1.1/pdns/test-signers.cc	2018-02-17 11:44:21.089516393 +0000
+@@ -212,11 +212,6 @@
+       BOOST_CHECK_EQUAL(ds2.getZoneRepresentation(), signer.dsSHA256);
+     }
+ 
+-    auto ds4 = makeDSFromDNSKey(name, drc, DNSSECKeeper::SHA384);
+-    if (!signer.dsSHA384.empty()) {
+-      BOOST_CHECK_EQUAL(ds4.getZoneRepresentation(), signer.dsSHA384);
+-    }
+-
+     auto signature = dcke->sign(message);
+     BOOST_CHECK(dcke->verify(message, signature));
+