Log Message:
net/bind911: update to 9.11.22

Update bind911 to 9.11.22 (BIND 9.11.22).

	--- 9.11.22 released ---

5481.	[security]	"update-policy" rules of type "subdomain" were
			incorrectly treated as "zonesub" rules, which allowed
			keys used in "subdomain" rules to update names outside
			of the specified subdomains. The problem was fixed by
			making sure "subdomain" rules are again processed as
			described in the ARM. (CVE-2020-8624) [GL #2055]

5480.	[security]	When BIND 9 was compiled with native PKCS#11 support, it
			was possible to trigger an assertion failure in code
			determining the number of bits in the PKCS#11 RSA public
			key with a specially crafted packet. (CVE-2020-8623)
			[GL #2037]

5476.	[security]	It was possible to trigger an assertion failure when
			verifying the response to a TSIG-signed request.
			(CVE-2020-8622) [GL #2028]

5475.	[bug]		Wildcard RPZ passthru rules could incorrectly be
			overridden by other rules that were loaded from RPZ
			zones which appeared later in the "response-policy"
			statement. This has been fixed. [GL #1619]

5474.	[bug]		dns_rdata_hip_next() failed to return ISC_R_NOMORE
			when it should have. [GL !3880]

5465.	[func]		Added fallback to built-in trust-anchors, managed-keys,
			or trusted-keys if the bindkeys-file (bind.keys) cannot
			be parsed. [GL #1235]

5463.	[bug]		Address a potential NULL pointer dereference when out of
			memory in dnstap.c. [GL #2010]

5462.	[bug]		Move LMDB locking from LMDB itself to named. [GL #1976]