diff --git a/dnsdist/DESCR b/dnsdist/DESCR
new file mode 100644
index 0000000000..8b6e998da8
--- /dev/null
+++ b/dnsdist/DESCR
@@ -0,0 +1,4 @@
+dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its
+goal in life is to route traffic to the best server, delivering top
+performance to legitimate users while shunting or blocking abusive
+traffic.
diff --git a/dnsdist/Makefile b/dnsdist/Makefile
new file mode 100644
index 0000000000..d5e13c1ca0
--- /dev/null
+++ b/dnsdist/Makefile
@@ -0,0 +1,63 @@
+# $NetBSD: Makefile,v 1.11 2020/01/18 21:50:11 jperkin Exp $
+
+DISTNAME= dnsdist-1.5.0
+CATEGORIES= net
+MASTER_SITES= https://downloads.powerdns.com/releases/
+EXTRACT_SUFX= .tar.bz2
+
+MAINTAINER= pkgsrc-users@NetBSD.org
+HOMEPAGE= https://dnsdist.org/
+COMMENT= Highly DNS-, DoS- and abuse-aware loadbalancer
+LICENSE= gnu-gpl-v2
+
+GNU_CONFIGURE= yes
+USE_LANGUAGES= c c++11
+USE_TOOLS+= gmake pkg-config
+
+.include "../../mk/bsd.prefs.mk"
+
+.if (${OPSYS} == "NetBSD" || ${OPSYS} == "OpenBSD") && exists(/usr/include/readline/readline.h)
+READLINE_DEFAULT?= readline
+.else
+READLINE_DEFAULT?= editline
+.endif
+
+BUILD_DEFS+= DNSDIST_USER DNSDIST_GROUP
+DNSDIST_USER?= dnsdist
+DNSDIST_GROUP?= dnsdist
+PKG_GROUPS+= ${DNSDIST_GROUP}
+PKG_USERS+= ${DNSDIST_USER}:${DNSDIST_GROUP}
+PKG_GECOS.${DNSDIST_USER}= dnsdist daemon user
+
+FILES_SUBST+= DNSDIST_USER=${DNSDIST_USER}
+FILES_SUBST+= DNSDIST_GROUP=${DNSDIST_GROUP}
+CONF_FILES+= share/examples/dnsdist/dnsdist.conf \
+ ${PKG_SYSCONFDIR}/dnsdist.conf
+
+CONFIGURE_ARGS+= --enable-dns-over-tls
+CONFIGURE_ARGS+= --enable-dnscrypt
+CONFIGURE_ARGS+= --enable-fstrm
+CONFIGURE_ARGS+= --enable-libsodium
+CONFIGURE_ARGS+= --enable-libssl
+CONFIGURE_ARGS+= --enable-re2
+CONFIGURE_ARGS+= --with-protobuf
+CONFIGURE_ARGS+= --without-net-snmp
+CONFIGURE_ENV+= LIBEDIT_CFLAGS="-I${BUILDLINK_PREFIX.editlinereadline}/include"
+CONFIGURE_ENV+= LIBEDIT_LIBS="-L${BUILDLINK_PREFIX.editlinereadline}/lib -ledit"
+
+INSTALLATION_DIRS+= share/examples/dnsdist
+RCD_SCRIPTS+= dnsdist
+
+post-install:
+ ${INSTALL_DATA} ${.CURDIR}/files/dnsdist.conf \
+ ${DESTDIR}${PREFIX}/share/examples/dnsdist
+
+.include "../../devel/boost-headers/buildlink3.mk"
+.include "../../devel/protobuf/buildlink3.mk"
+.include "../../devel/re2/buildlink3.mk"
+.include "../../lang/lua/buildlink3.mk"
+.include "../../net/fstrm/buildlink3.mk"
+.include "../../security/libsodium/buildlink3.mk"
+.include "../../security/openssl/buildlink3.mk"
+.include "../../mk/readline.buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"
diff --git a/dnsdist/PLIST b/dnsdist/PLIST
new file mode 100644
index 0000000000..555f5763d0
--- /dev/null
+++ b/dnsdist/PLIST
@@ -0,0 +1,4 @@
+@comment $NetBSD: PLIST,v 1.1 2017/03/31 20:49:51 fhajny Exp $
+bin/dnsdist
+man/man1/dnsdist.1
+share/examples/dnsdist/dnsdist.conf
diff --git a/dnsdist/distinfo b/dnsdist/distinfo
new file mode 100644
index 0000000000..8061e72e3f
--- /dev/null
+++ b/dnsdist/distinfo
@@ -0,0 +1,11 @@
+$NetBSD: distinfo,v 1.8 2020/04/23 07:43:30 jperkin Exp $
+
+SHA1 (dnsdist-1.5.0.tar.bz2) = 34fd90b536976d0ed4dd72e9904519261d0bdbab
+RMD160 (dnsdist-1.5.0.tar.bz2) = 0dd88ed4b3abc8da54d568c35f29f6503b9b626a
+SHA512 (dnsdist-1.5.0.tar.bz2) = df6f8caae001f152f0d264176c570778842979484d16e4199afe0e2591006392444245dd8ce23287cdcf9613e2c40a9e3564f5236e5f5a6fd67b89d6ea0d9ed4
+Size (dnsdist-1.5.0.tar.bz2) = 1067645 bytes
+SHA1 (patch-dnsdist-console.cc) = a1b1959e4db6d847735eadf0c805d2f569b177f7
+SHA1 (patch-dnsdist.cc) = 7abbae4061a6d893fce33b9448e7233b89a545e0
+SHA1 (patch-ext_json11_json11.cpp) = 9fb12578d80103b8b92e984a483cbda98fd83db8
+SHA1 (patch-iputils.hh) = 09207cd894162d634cd832f12209e38a0c253624
+SHA1 (patch-qtype.hh) = 4551be1e303a31d34030c363849398923f5ff987
diff --git a/dnsdist/files/dnsdist.conf b/dnsdist/files/dnsdist.conf
new file mode 100644
index 0000000000..083ac49c4b
--- /dev/null
+++ b/dnsdist/files/dnsdist.conf
@@ -0,0 +1,6 @@
+-- newServer({address="2001:4860:4860::8888", qps=1})
+-- newServer({address="2001:4860:4860::8844", qps=1})
+-- newServer({address="2620:0:ccc::2", qps=10})
+-- newServer({address="2620:0:ccd::2", name="dns1", qps=10})
+-- newServer("192.168.1.2")
+-- setServerPolicy(firstAvailable) -- first server within its QPS limit
diff --git a/dnsdist/files/dnsdist.sh b/dnsdist/files/dnsdist.sh
new file mode 100644
index 0000000000..f861d0b448
--- /dev/null
+++ b/dnsdist/files/dnsdist.sh
@@ -0,0 +1,24 @@
+#!@RCD_SCRIPTS_SHELL@
+#
+# $NetBSD: dnsdist.sh,v 1.1 2017/03/31 20:49:51 fhajny Exp $
+#
+# PROVIDE: dnsdist
+# REQUIRE: DAEMON network
+# KEYWORD: shutdown
+
+if [ -f /etc/rc.subr ]; then
+ . /etc/rc.subr
+fi
+
+name="dnsdist"
+rcvar=$name
+command="@PREFIX@/bin/dnsdist"
+dnsdist_flags="${dnsdist_flags:- -d -u @DNSDIST_USER@ -g @DNSDIST@ -C @PKG_SYSCONFDIR@/dnsdist.conf}"
+
+if [ -f /etc/rc.subr ]; then
+ load_rc_config $name
+ run_rc_command "$1"
+else
+ echo -n "${name}"
+ ${command} ${dnsdist_flags}
+fi
diff --git a/dnsdist/files/smf/manifest.xml b/dnsdist/files/smf/manifest.xml
new file mode 100644
index 0000000000..6e260a44cb
--- /dev/null
+++ b/dnsdist/files/smf/manifest.xml
@@ -0,0 +1,28 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ dnsdist daemon
+
+
+
+
diff --git a/dnsdist/patches/patch-dnsdist-console.cc b/dnsdist/patches/patch-dnsdist-console.cc
new file mode 100644
index 0000000000..3a798f872f
--- /dev/null
+++ b/dnsdist/patches/patch-dnsdist-console.cc
@@ -0,0 +1,21 @@
+$NetBSD$
+
+Let readline be handled by buildlink from editline.
+
+--- dnsdist-console.cc.orig 2020-07-28 07:39:28.000000000 +0000
++++ dnsdist-console.cc
+@@ -24,14 +24,10 @@
+ #include
+ #include
+
+-#if defined (__OpenBSD__) || defined(__NetBSD__)
+ // If this is not undeffed, __attribute__ wil be redefined by /usr/include/readline/rlstdc.h
+ #undef __STRICT_ANSI__
+ #include
+ #include
+-#else
+-#include
+-#endif
+
+ #include "ext/json11/json11.hpp"
+
diff --git a/dnsdist/patches/patch-dnsdist.cc b/dnsdist/patches/patch-dnsdist.cc
new file mode 100644
index 0000000000..6c539f6151
--- /dev/null
+++ b/dnsdist/patches/patch-dnsdist.cc
@@ -0,0 +1,20 @@
+$NetBSD$
+
+Let readline be handled by buildlink from editline.
+
+--- dnsdist.cc.orig 2020-07-29 16:09:33.000000000 +0000
++++ dnsdist.cc
+@@ -31,13 +31,9 @@
+ #include
+ #include
+
+-#if defined (__OpenBSD__) || defined(__NetBSD__)
+ // If this is not undeffed, __attribute__ wil be redefined by /usr/include/readline/rlstdc.h
+ #undef __STRICT_ANSI__
+ #include
+-#else
+-#include
+-#endif
+
+ #include "dnsdist-systemd.hh"
+ #ifdef HAVE_SYSTEMD
diff --git a/dnsdist/patches/patch-ext_json11_json11.cpp b/dnsdist/patches/patch-ext_json11_json11.cpp
new file mode 100644
index 0000000000..41dafd3ff3
--- /dev/null
+++ b/dnsdist/patches/patch-ext_json11_json11.cpp
@@ -0,0 +1,30 @@
+$NetBSD: patch-ext_json11_json11.cpp,v 1.1 2017/05/22 23:41:22 joerg Exp $
+
+Clang rejects ordering relations for nullptr, so introduce a template
+indirection.
+
+--- ext/json11/json11.cpp.orig 2016-12-29 12:45:46.000000000 +0000
++++ ext/json11/json11.cpp
+@@ -132,6 +132,13 @@ void Json::dump(string &out) const {
+ * Value wrappers
+ */
+
++template bool json11_less(T a, T b) {
++ return a < b;
++}
++template <> bool json11_less(const std::nullptr_t a, const std::nullptr_t b) {
++ return false;
++}
++
+ template
+ class Value : public JsonValue {
+ protected:
+@@ -150,7 +157,7 @@ protected:
+ return m_value == static_cast *>(other)->m_value;
+ }
+ bool less(const JsonValue * other) const override {
+- return m_value < static_cast *>(other)->m_value;
++ return json11_less(m_value, static_cast *>(other)->m_value);
+ }
+
+ const T m_value;
diff --git a/dnsdist/patches/patch-iputils.hh b/dnsdist/patches/patch-iputils.hh
new file mode 100644
index 0000000000..6eebd0406f
--- /dev/null
+++ b/dnsdist/patches/patch-iputils.hh
@@ -0,0 +1,17 @@
+$NetBSD: patch-iputils.hh,v 1.3 2018/08/08 15:39:55 fhajny Exp $
+
+Do not use IP_PKTINFO on NetBSD, the structure is not as expected.
+
+--- iputils.hh.orig 2017-01-17 08:43:49.000000000 +0000
++++ iputils.hh
+@@ -40,6 +40,10 @@
+
+ #include "namespaces.hh"
+
++#if defined(__NetBSD__) && defined(IP_PKTINFO)
++#undef IP_PKTINFO
++#endif
++
+ #ifdef __APPLE__
+ #include
+
diff --git a/dnsdist/patches/patch-qtype.hh b/dnsdist/patches/patch-qtype.hh
new file mode 100644
index 0000000000..d50bb4229f
--- /dev/null
+++ b/dnsdist/patches/patch-qtype.hh
@@ -0,0 +1,17 @@
+$NetBSD: patch-qtype.hh,v 1.1 2017/03/31 20:49:51 fhajny Exp $
+
+Avoid symbol pollution on SunOS.
+
+--- qtype.hh.orig 2017-01-17 08:43:49.000000000 +0000
++++ qtype.hh
+@@ -26,6 +26,10 @@
+ #include
+ #include "namespaces.hh"
+
++#if defined(__sun) && defined(DS)
++#undef DS
++#endif
++
+ /** The QType class is meant to deal easily with the different kind of resource types, like 'A', 'NS',
+ * 'CNAME' etcetera. These types have both a name and a number. This class can seamlessly move between
+ * them. Use it like this: