diff --git a/lib/import/import-libgetdns.mk b/lib/import/import-libgetdns.mk
new file mode 100644
index 0000000..313f7c4
--- /dev/null
+++ b/lib/import/import-libgetdns.mk
@@ -0,0 +1,2 @@
+GETDNS_PORT_DIR := $(call select_from_ports,getdns)
+INC_DIR += $(GETDNS_PORT_DIR)/include
diff --git a/lib/mk/getdns-gldns.mk b/lib/mk/getdns-gldns.mk
new file mode 100644
index 0000000..957b25f
--- /dev/null
+++ b/lib/mk/getdns-gldns.mk
@@ -0,0 +1,12 @@
+include $(REP_DIR)/lib/import/import-libgetdns.mk
+
+GLDNS_SRC_DIR := $(GETDNS_PORT_DIR)/src/lib/getdns/src/gldns
+
+LIBS += libc libssl
+
+INC_DIR += $(GLDNS_SRC_DIR)/..
+INC_DIR += $(REP_DIR)/src/lib/getdns
+
+SRC_C += $(notdir $(wildcard $(GLDNS_SRC_DIR)/*.c))
+
+vpath %.c $(GLDNS_SRC_DIR)
diff --git a/lib/mk/libgetdns.mk b/lib/mk/libgetdns.mk
new file mode 100644
index 0000000..20200b3
--- /dev/null
+++ b/lib/mk/libgetdns.mk
@@ -0,0 +1,31 @@
+include $(REP_DIR)/lib/import/import-libgetdns.mk
+
+GETDNS_SRC_DIR := $(GETDNS_PORT_DIR)/src/lib/getdns/src
+
+LIBS += libc libcrypto libssl libyaml
+
+INC_DIR += $(GETDNS_SRC_DIR)
+INC_DIR += $(GETDNS_SRC_DIR)/../stubby/src
+INC_DIR += $(GETDNS_SRC_DIR)/util/auxiliary
+INC_DIR += $(REP_DIR)/src/lib/getdns
+
+SRC_C += \
+	const-info.c convert.c dict.c dnssec.c general.c \
+	list.c request-internal.c platform.c pubkey-pinning.c rr-dict.c \
+	rr-iter.c server.c stub.c sync.c ub_loop.c util-internal.c \
+	mdns.c context.c rbtree.c select_eventloop.c version.c \
+
+CC_OPT += -D_BSD_SOURCE -D_DEFAULT_SOURCE
+
+SRC_C += $(notdir $(wildcard $(GETDNS_SRC_DIR)/gldns/*.c))
+SRC_C += $(notdir $(wildcard $(GETDNS_SRC_DIR)/jsmn/*.c))
+SRC_C += $(notdir $(wildcard $(GETDNS_SRC_DIR)/ssl_dane/*.c))
+
+vpath %.c $(GETDNS_SRC_DIR)
+vpath %.c $(GETDNS_SRC_DIR)/extension
+vpath %.c $(GETDNS_SRC_DIR)/gldns
+vpath %.c $(GETDNS_SRC_DIR)/jsmn
+vpath %.c $(GETDNS_SRC_DIR)/ssl_dane
+vpath %.c $(GETDNS_SRC_DIR)/util
+
+SHARED_LIB = 1
diff --git a/lib/symbols/libgetdns b/lib/symbols/libgetdns
new file mode 100644
index 0000000..dc7dde7
--- /dev/null
+++ b/lib/symbols/libgetdns
@@ -0,0 +1,182 @@
+getdns_address T
+getdns_address_sync T
+getdns_cancel_callback T
+getdns_context_config T
+getdns_context_create T
+getdns_context_create_with_extended_memory_functions T
+getdns_context_create_with_memory_functions T
+getdns_context_destroy T
+getdns_context_detach_eventloop T
+getdns_context_get_api_information T
+getdns_context_get_append_name T
+getdns_context_get_dns_root_servers T
+getdns_context_get_dns_transport T
+getdns_context_get_dns_transport_list T
+getdns_context_get_dnssec_allowed_skew T
+getdns_context_get_dnssec_trust_anchors T
+getdns_context_get_edns_client_subnet_private T
+getdns_context_get_edns_do_bit T
+getdns_context_get_edns_extended_rcode T
+getdns_context_get_edns_maximum_udp_payload_size T
+getdns_context_get_edns_version T
+getdns_context_get_eventloop T
+getdns_context_get_follow_redirects T
+getdns_context_get_hosts T
+getdns_context_get_idle_timeout T
+getdns_context_get_limit_outstanding_queries T
+getdns_context_get_namespaces T
+getdns_context_get_num_pending_requests T
+getdns_context_get_resolution_type T
+getdns_context_get_resolvconf T
+getdns_context_get_round_robin_upstreams T
+getdns_context_get_suffix T
+getdns_context_get_timeout T
+getdns_context_get_tls_authentication T
+getdns_context_get_tls_backoff_time T
+getdns_context_get_tls_ca_file T
+getdns_context_get_tls_ca_path T
+getdns_context_get_tls_cipher_list T
+getdns_context_get_tls_connection_retries T
+getdns_context_get_tls_curves_list T
+getdns_context_get_tls_query_padding_blocksize T
+getdns_context_get_trust_anchors_url T
+getdns_context_get_trust_anchors_verify_CA T
+getdns_context_get_trust_anchors_verify_email T
+getdns_context_get_update_callback T
+getdns_context_get_upstream_recursive_servers T
+getdns_context_process_async T
+getdns_context_run T
+getdns_context_set_appdata_dir T
+getdns_context_set_append_name T
+getdns_context_set_context_update_callback T
+getdns_context_set_dns_root_servers T
+getdns_context_set_dns_transport T
+getdns_context_set_dns_transport_list T
+getdns_context_set_dnssec_allowed_skew T
+getdns_context_set_dnssec_trust_anchors T
+getdns_context_set_edns_client_subnet_private T
+getdns_context_set_edns_do_bit T
+getdns_context_set_edns_extended_rcode T
+getdns_context_set_edns_maximum_udp_payload_size T
+getdns_context_set_edns_version T
+getdns_context_set_eventloop T
+getdns_context_set_extended_memory_functions T
+getdns_context_set_follow_redirects T
+getdns_context_set_hosts T
+getdns_context_set_idle_timeout T
+getdns_context_set_limit_outstanding_queries T
+getdns_context_set_listen_addresses T
+getdns_context_set_logfunc T
+getdns_context_set_memory_functions T
+getdns_context_set_namespaces T
+getdns_context_set_resolution_type T
+getdns_context_set_resolvconf T
+getdns_context_set_return_dnssec_status T
+getdns_context_set_round_robin_upstreams T
+getdns_context_set_suffix T
+getdns_context_set_timeout T
+getdns_context_set_tls_authentication T
+getdns_context_set_tls_backoff_time T
+getdns_context_set_tls_ca_file T
+getdns_context_set_tls_ca_path T
+getdns_context_set_tls_cipher_list T
+getdns_context_set_tls_connection_retries T
+getdns_context_set_tls_curves_list T
+getdns_context_set_tls_query_padding_blocksize T
+getdns_context_set_trust_anchors_url T
+getdns_context_set_trust_anchors_verify_CA T
+getdns_context_set_trust_anchors_verify_email T
+getdns_context_set_update_callback T
+getdns_context_set_upstream_recursive_servers T
+getdns_context_set_use_threads T
+getdns_context_unset_edns_maximum_udp_payload_size T
+getdns_convert_alabel_to_ulabel T
+getdns_convert_dns_name_to_fqdn T
+getdns_convert_fqdn_to_dns_name T
+getdns_convert_ulabel_to_alabel T
+getdns_dict_create T
+getdns_dict_create_with_context T
+getdns_dict_create_with_extended_memory_functions T
+getdns_dict_create_with_memory_functions T
+getdns_dict_destroy T
+getdns_dict_get_bindata T
+getdns_dict_get_data_type T
+getdns_dict_get_dict T
+getdns_dict_get_int T
+getdns_dict_get_list T
+getdns_dict_get_names T
+getdns_dict_remove_name T
+getdns_dict_set_bindata T
+getdns_dict_set_dict T
+getdns_dict_set_int T
+getdns_dict_set_list T
+getdns_dict_util_get_string T
+getdns_dict_util_set_string T
+getdns_display_ip_address T
+getdns_fp2rr_list T
+getdns_general T
+getdns_general_sync T
+getdns_get_api_version T
+getdns_get_api_version_number T
+getdns_get_errorstr_by_id T
+getdns_get_version T
+getdns_get_version_number T
+getdns_hostname T
+getdns_hostname_sync T
+getdns_list_create T
+getdns_list_create_with_context T
+getdns_list_create_with_extended_memory_functions T
+getdns_list_create_with_memory_functions T
+getdns_list_destroy T
+getdns_list_get_bindata T
+getdns_list_get_data_type T
+getdns_list_get_dict T
+getdns_list_get_int T
+getdns_list_get_length T
+getdns_list_get_list T
+getdns_list_set_bindata T
+getdns_list_set_dict T
+getdns_list_set_int T
+getdns_list_set_list T
+getdns_msg_dict2str T
+getdns_msg_dict2str_buf T
+getdns_msg_dict2str_scan T
+getdns_msg_dict2wire T
+getdns_msg_dict2wire_buf T
+getdns_msg_dict2wire_scan T
+getdns_pretty_print_dict T
+getdns_pretty_print_list T
+getdns_pretty_snprint_dict T
+getdns_pretty_snprint_list T
+getdns_print_json_dict T
+getdns_print_json_list T
+getdns_pubkey_pin_create_from_string T
+getdns_pubkey_pinset_sanity_check T
+getdns_reply T
+getdns_root_trust_anchor T
+getdns_rr_dict2str T
+getdns_rr_dict2str_buf T
+getdns_rr_dict2str_scan T
+getdns_rr_dict2wire T
+getdns_rr_dict2wire_buf T
+getdns_rr_dict2wire_scan T
+getdns_service T
+getdns_service_sync T
+getdns_snprint_json_dict T
+getdns_snprint_json_list T
+getdns_str2bindata T
+getdns_str2dict T
+getdns_str2int T
+getdns_str2list T
+getdns_str2rr_dict T
+getdns_strerror T
+getdns_validate_dnssec T
+getdns_validate_dnssec2 T
+getdns_wire2msg_dict T
+getdns_wire2msg_dict_buf T
+getdns_wire2msg_dict_scan T
+getdns_wire2rr_dict T
+getdns_wire2rr_dict_buf T
+getdns_wire2rr_dict_scan T
+plain_mem_funcs_user_arg T
+priv_getdns_context_mf T
diff --git a/ports/getdns.hash b/ports/getdns.hash
new file mode 100644
index 0000000..f5ebbb7
--- /dev/null
+++ b/ports/getdns.hash
@@ -0,0 +1 @@
+03023398461425e2bcc09b8c8f72d5b3f970c454
diff --git a/ports/getdns.port b/ports/getdns.port
new file mode 100644
index 0000000..6e8c5c1
--- /dev/null
+++ b/ports/getdns.port
@@ -0,0 +1,19 @@
+LICENSE   = BSD3
+DOWNLOADS = getdns.archive
+VERSION  = 1.4.0
+
+URL(getdns) := https://getdnsapi.net/releases/getdns-1-4-0/getdns-1.4.0.tar.gz
+SHA(getdns) := de360cd554fdec4bae3f5afbb36145872b8ff7306ded5deb0905442c4909f7b3
+DIR(getdns) := src/lib/getdns
+
+DIRS := include/getdns
+DIR_CONTENT(include/getdns) = src/lib/getdns/src/getdns/getdns_extra.h
+
+default: include/getdns/getdns.h
+
+include/getdns/getdns.h: src/lib/getdns/src/getdns/getdns.h.in
+	@$(MSG_GENERATE)$(notdir $@)
+	$(VERBOSE)mkdir -p $(dir $@)
+	$(VERBOSE)cp $< $@
+
+src/lib/getdns/src/getdns/getdns.h.in: $(DOWNLOADS)
diff --git a/recipes/api/libgetdns/content.mk b/recipes/api/libgetdns/content.mk
new file mode 100644
index 0000000..2c34c6d
--- /dev/null
+++ b/recipes/api/libgetdns/content.mk
@@ -0,0 +1,18 @@
+content: include lib/symbols/libgetdns LICENSE
+
+PORT_DIR := $(call port_dir,$(REP_DIR)/ports/getdns)
+
+include:
+	cp -r $(PORT_DIR)/$@ $@
+
+lib/symbols/libgetdns:
+	$(mirror_from_rep_dir)
+
+LICENSE:
+	cp $(PORT_DIR)/src/lib/getdns/$@ $@
+
+content: include/config.h
+
+include/config.h:
+	mkdir -p $(dir $@)
+	cp $(REP_DIR)/src/lib/getdns/config.h $@
diff --git a/recipes/api/libgetdns/hash b/recipes/api/libgetdns/hash
new file mode 100644
index 0000000..d041191
--- /dev/null
+++ b/recipes/api/libgetdns/hash
@@ -0,0 +1 @@
+2019-02-25 468537af47bef2c1aad3d76f33839880b158ed4b
diff --git a/recipes/pkg/nic_router-nat-dns/README b/recipes/pkg/nic_router-nat-dns/README
new file mode 100644
index 0000000..9d0a501
--- /dev/null
+++ b/recipes/pkg/nic_router-nat-dns/README
@@ -0,0 +1,2 @@
+
+     Runtime for using the NIC router for NAT and DNS
diff --git a/recipes/pkg/nic_router-nat-dns/archives b/recipes/pkg/nic_router-nat-dns/archives
new file mode 100644
index 0000000..692a315
--- /dev/null
+++ b/recipes/pkg/nic_router-nat-dns/archives
@@ -0,0 +1,10 @@
+_/src/nic_router
+_/src/stubby
+_/src/libc
+_/src/libssl
+_/src/libgetdns
+_/src/libcrypto
+_/src/posix
+_/src/vfs
+_/src/vfs_lxip
+_/src/vfs_jitterentropy
diff --git a/recipes/pkg/nic_router-nat-dns/hash b/recipes/pkg/nic_router-nat-dns/hash
new file mode 100644
index 0000000..a961879
--- /dev/null
+++ b/recipes/pkg/nic_router-nat-dns/hash
@@ -0,0 +1 @@
+2020-05-26 ffddbe1ef8f91cc6eb260ae5da29c76fa0d1b2fe
diff --git a/recipes/pkg/nic_router-nat-dns/runtime b/recipes/pkg/nic_router-nat-dns/runtime
new file mode 100644
index 0000000..6fbd6e6
--- /dev/null
+++ b/recipes/pkg/nic_router-nat-dns/runtime
@@ -0,0 +1,91 @@
+<runtime ram="48M" caps="600" binary="init">
+
+	<requires> <nic/> </requires>
+	<provides> <nic/> </provides>
+
+	<config>
+		<parent-provides>
+			<service name="CPU"/>
+			<service name="LOG"/>
+			<service name="PD"/>
+			<service name="RM"/>
+			<service name="ROM"/>
+			<service name="Nic"/>
+			<service name="Report"/>
+			<service name="Rtc"/>
+			<service name="Timer"/>
+		</parent-provides>
+		<service name="Nic">
+			<default-policy> <child name="router"/> </default-policy> </service>
+		<start name="router" caps="300">
+			<binary name="nic_router"/>
+			<resource name="RAM" quantum="10M"/>
+			<provides> <service name="Nic"/> </provides>
+			<config verbose_domain_state="yes">
+				<default-policy domain="default" />
+				<uplink         domain="uplink"  />
+				<domain name="uplink">
+					<nat domain="default" tcp-ports="1000" udp-ports="1000"/>
+				</domain>
+				<domain name="default" interface="10.0.1.1/24">
+					<dhcp-server ip_first="10.0.1.4"
+					             ip_last="10.0.1.200"
+					             ip_lease_time_sec="360"
+					             dns_server="10.0.1.2"/>
+					<tcp dst="0.0.0.0/0"><permit-any domain="uplink"/></tcp>
+					<udp dst="0.0.0.0/0"><permit-any domain="uplink"/></udp>
+				</domain>
+			</config>
+			<route>
+				<any-service> <parent/> </any-service>
+			</route>
+		</start>
+		<start name="stubby" caps="300">
+			<resource name="RAM" quantum="32M"/>
+			<config>
+				<vfs>
+					<ram/>
+					<dir name="dev">
+						<log/> <null/> <rtc/>
+						<jitterentropy name="random"/>
+					</dir>
+					<dir name="socket">
+						<lxip ip_addr="10.0.1.2" netmask="255.255.255.0" gateway="10.0.1.1" nameserver="9.9.9.9"/>
+					</dir>
+<inline name="stubby.yaml">
+listen_addresses:
+  - 10.0.1.2
+</inline>
+				</vfs>
+				<libc stdout="/dev/log" stderr="/dev/log" rtc="/dev/rtc" socket="/socket"/>
+				<env key="HOME" value="/"/>
+				<arg value="stubby"/>
+				<arg value="-C"/>
+				<arg value="/stubby.yaml"/>
+			</config>
+			<route>
+				<any-service> <any-child/> <parent/> </any-service>
+			</route>
+		</start>
+	</config>
+
+	<content>
+		<rom label="ld.lib.so"/>
+		<rom label="init"/>
+		<rom label="nic_router"/>
+		<rom label="libc.lib.so"/>
+		<rom label="libcrypto.lib.so"/>
+		<rom label="libgetdns.lib.so"/>
+		<rom label="libm.lib.so"/>
+		<rom label="libssl.lib.so"/>
+		<rom label="lxip.lib.so"/>
+		<rom label="posix.lib.so"/>
+		<rom label="rtc_drv"/>
+		<rom label="stubby"/>
+		<rom label="vfs_jitterentropy.lib.so"/>
+		<rom label="lxip.lib.so"/>
+		<rom label="vfs.lib.so"/>
+		<rom label="vfs_lxip.lib.so"/>
+	</content>
+
+</runtime>
diff --git a/recipes/src/libgetdns/content.mk b/recipes/src/libgetdns/content.mk
new file mode 100644
index 0000000..1f52cf8
--- /dev/null
+++ b/recipes/src/libgetdns/content.mk
@@ -0,0 +1,24 @@
+MIRROR_FROM_REP_DIR = lib/import/import-libgetdns.mk lib/mk/libgetdns.mk
+
+content: $(MIRROR_FROM_REP_DIR)
+
+$(MIRROR_FROM_REP_DIR):
+	$(mirror_from_rep_dir)
+
+MIRROR_FROM_PORT_DIR = src/lib/getdns
+content: $(MIRROR_FROM_PORT_DIR)
+
+PORT_DIR := $(call port_dir,$(REP_DIR)/ports/getdns)
+
+$(MIRROR_FROM_PORT_DIR):
+	mkdir -p $(dir $@)
+	cp -r $(PORT_DIR)/$@ $@
+
+content: src/lib/getdns/target.mk LICENSE
+
+src/lib/getdns/target.mk:
+	mkdir -p $(dir $@)
+	echo 'LIBS=libgetdns' > $@
+
+LICENSE:
+	cp $(PORT_DIR)/src/lib/getdns/$@ $@
diff --git a/recipes/src/libgetdns/hash b/recipes/src/libgetdns/hash
new file mode 100644
index 0000000..3747dc3
--- /dev/null
+++ b/recipes/src/libgetdns/hash
@@ -0,0 +1 @@
+2020-06-21 109df97f77d3fb7855b543b509245630de889ba2
diff --git a/recipes/src/libgetdns/used_apis b/recipes/src/libgetdns/used_apis
new file mode 100644
index 0000000..d605b5d
--- /dev/null
+++ b/recipes/src/libgetdns/used_apis
@@ -0,0 +1,5 @@
+libc
+libcrypto
+libssl
+libyaml
+libgetdns
diff --git a/recipes/src/stubby/content.mk b/recipes/src/stubby/content.mk
new file mode 100644
index 0000000..215956f
--- /dev/null
+++ b/recipes/src/stubby/content.mk
@@ -0,0 +1,39 @@
+content: src/lib/getdns/stubby LICENSE
+
+PORT_DIR := $(call port_dir,$(REP_DIR)/ports/getdns)
+
+STUBBY_SRC_DIR := $(PORT_DIR)/src/lib/getdns/stubby
+
+MIRROR_FROM_PORT_DIR = src/lib/getdns/stubby include/sldns src/lib/getdns/src/gldns
+content: $(MIRROR_FROM_PORT_DIR)
+
+include/sldns:
+	mkdir -p $(dir $@)
+	cp -r $(PORT_DIR)/src/lib/getdns/src/util/auxiliary/sldns $@
+
+src/lib/getdns/src/gldns:
+	mkdir -p $(dir $@)
+	cp -r $(PORT_DIR)/$@ $@
+
+src/lib/getdns/stubby:
+	mkdir -p $(dir $@)
+	cp -r $(STUBBY_SRC_DIR) $@
+
+LICENSE:
+	cp $(STUBBY_SRC_DIR)/COPYING $@
+
+MIRROR_FROM_REP_DIR := \
+	src/app/stubby \
+	lib/mk/getdns-gldns.mk lib/import/import-libgetdns.mk \
+	src/app/stubby/config.h \
+
+content: $(MIRROR_FROM_REP_DIR)
+
+$(MIRROR_FROM_REP_DIR):
+	$(mirror_from_rep_dir)
+
+content: include/config.h
+
+include/config.h:
+	mkdir -p $(dir $@)
+	cp $(REP_DIR)/src/app/stubby/config.h $@
diff --git a/recipes/src/stubby/hash b/recipes/src/stubby/hash
new file mode 100644
index 0000000..346adee
--- /dev/null
+++ b/recipes/src/stubby/hash
@@ -0,0 +1 @@
+2020-06-21 e404b2d85aaedc807440ff4b424658bec943b9fa
diff --git a/recipes/src/stubby/used_apis b/recipes/src/stubby/used_apis
new file mode 100644
index 0000000..762c067
--- /dev/null
+++ b/recipes/src/stubby/used_apis
@@ -0,0 +1,8 @@
+libc
+timer_session
+report_session
+posix
+libgetdns
+libcrypto
+libyaml
+libssl
diff --git a/run/stubby.run b/run/stubby.run
new file mode 100644
index 0000000..c57b381
--- /dev/null
+++ b/run/stubby.run
@@ -0,0 +1,200 @@
+assert_spec x86
+
+if {[have_spec linux]} {
+	puts "The [run_name] scenario requires QEMU networking."
+	exit 1
+}
+
+source ${genode_dir}/repos/base/run/platform_drv.inc
+
+set build_components {
+	app/drill
+	app/sequence
+	app/stubby
+	core init timer
+	drivers/nic
+	drivers/rtc
+	lib/vfs/jitterentropy
+	lib/vfs/lxip
+	server/nic_router
+	server/vfs
+	test/libc_getaddrinfo
+}
+
+append_platform_drv_build_components
+
+build $build_components
+
+create_boot_directory
+
+append config {
+<config>
+	<parent-provides>
+		<service name="CPU"/>
+		<service name="IO_MEM"/>
+		<service name="IO_PORT"/>
+		<service name="IRQ"/>
+		<service name="LOG"/>
+		<service name="PD"/>
+		<service name="RM"/>
+		<service name="ROM"/>
+	</parent-provides>
+	<default-route>
+		<service name="Nic"> <child name="nic_router"/> </service>
+		<any-service> <parent/> <any-child/> </any-service>
+	</default-route>
+	<default caps="128"/>}
+
+append_platform_drv_config
+
+append config {
+	<start name="timer">
+		<resource name="RAM" quantum="1M"/>
+		<provides> <service name="Timer"/> </provides>
+	</start>
+	<start name="rtc_drv">
+		<resource name="RAM" quantum="1M"/>
+		<provides> <service name="Rtc"/> </provides>
+	</start>
+	<start name="nic_drv">
+		<binary name="ipxe_nic_drv"/>
+		<resource name="RAM" quantum="4M"/>
+		<provides> <service name="Nic"/> </provides>
+	</start>
+	<start name="nic_router" caps="200">
+		<resource name="RAM" quantum="10M"/>
+		<provides><service name="Nic"/></provides>
+		<config verbose="no">
+			<policy label_prefix="vfs"    domain="default" />
+			<policy label_prefix="stubby" domain="dns"     />
+			<uplink                       domain="uplink"  />
+
+			<domain name="uplink">
+				<nat domain="dns" tcp-ports="64" udp-ports="64"/>
+			</domain>
+			<domain name="dns" interface="10.0.53.1/24">
+				<ip dst="10.0.1.0/24" domain="default"/>
+				<tcp dst="10.0.4.0/24"><permit-any domain="default"/></tcp>
+				<udp dst="10.0.4.0/24"><permit-any domain="default"/></udp>
+				<tcp dst="0.0.0.0/0"><permit-any domain="uplink"/></tcp>
+				<udp dst="0.0.0.0/0"><permit-any domain="uplink"/></udp>
+			</domain>
+			<domain name="default" interface="10.0.1.1/24">
+				<dhcp-server ip_first="10.0.1.2"
+				             ip_last="10.0.1.200"
+				             ip_lease_time_sec="360"
+				             dns_server="10.0.53.2"/>
+				<ip dst="10.0.53.0/24" domain="dns"/>
+				<udp dst="10.0.53.0/24"><permit-any domain="dns"/></udp>
+				<tcp dst="0.0.0.0/0"><permit-any domain="uplink"/></tcp>
+				<udp dst="0.0.0.0/0"><permit-any domain="uplink"/></udp>
+			</domain>
+		</config>
+		<route>
+			<service name="Nic"> <child name="nic_drv"/> </service>
+			<any-service> <parent/> <any-child/> </any-service>
+		</route>
+	</start>
+	<start name="stubby" caps="512">
+		<resource name="RAM" quantum="32M"/>
+		<config>
+			<vfs>
+				<ram/>
+				<dir name="dev">
+					<log/> <null/> <rtc/>
+					<jitterentropy name="random"/>
+				</dir>
+				<dir name="socket">
+					<lxip ip_addr="10.0.53.2" netmask="255.255.255.0" gateway="10.0.53.1" nameserver="10.0.2.3"/>
+				</dir>
+<inline name="stubby.yaml">
+listen_addresses:
+  - 10.0.53.2
+</inline>
+			</vfs>
+			<libc stdout="/dev/log" stderr="/dev/log" rtc="/dev/rtc" socket="/socket"/>
+			<env key="HOME" value="/"/>
+			<arg value="stubby"/>
+			<arg value="-C"/>
+			<arg value="/stubby.yaml"/>
+		</config>
+	</start>
+	<start name="vfs">
+		<resource name="RAM" quantum="32M"/>
+		<provides> <service name="File_system"/> </provides>
+		<config>
+			<vfs>
+				<dir name="socket"> <lxip dhcp="yes"/> </dir>
+			</vfs>
+			<default-policy writeable="yes" root="/"/>
+		</config>
+	</start>
+	<start name="application" caps="256">
+		<binary name="sequence"/>
+		<resource name="RAM" quantum="8M"/>
+		<config>
+			<start name="getaddrinfo">
+				<binary name="test-libc_getaddrinfo"/>
+				<config>
+					<vfs>
+						<fs/>
+						<dir name="dev"> <log/> </dir>
+					</vfs>
+					<libc stdout="/dev/log" socket="/socket"/>
+					<arg value="test-libc_getenv"/>
+					<arg value="genode.org"/>
+					<arg value="hypervisor.org"/>
+					<arg value="example.com"/>
+				</config>
+			</start>
+			<start name="ldns">
+				<binary name="drill"/>
+				<config>
+					<vfs>
+						<fs/>
+						<dir name="dev"> <log/> </dir>
+					</vfs>
+					<libc stdout="/dev/log" stderr="/dev/log" rtc="/dev/rtc" socket="/socket"/>
+					<arg value="drill"/>
+					<arg value="genode.org"/>
+					<arg value="@10.0.53.2"/>
+				</config>
+			</start>
+		</config>
+	</start>
+</config>
+}
+
+install_config $config
+
+set boot_modules {
+	core init ld.lib.so 
+	drill
+	libc.lib.so libm.lib.so posix.lib.so
+	libcrypto.lib.so
+	libgetdns.lib.so
+	libssl.lib.so
+	lxip.lib.so vfs_lxip.lib.so
+	nic_router
+	ipxe_nic_drv
+	rtc_drv
+	sequence
+	stubby
+	timer
+	test-libc_getaddrinfo
+	vfs
+	vfs_jitterentropy.lib.so
+}
+
+# platform-specific modules
+append_platform_drv_boot_modules
+
+build_boot_image $boot_modules
+
+append qemu_args " -nographic -net nic,model=e1000 -net user -net dump,file=[run_dir]/dump.pcap"
+
+run_genode_until "child \"application\" exited with exit value 0.*\n" 120
+
+if {[have_include "power_on/qemu"]} {
+	puts "\ntraffic dump at [run_dir]/dump.pcap"
+}
diff --git a/run/stubby_deploy.run b/run/stubby_deploy.run
new file mode 100644
index 0000000..aea8a81
--- /dev/null
+++ b/run/stubby_deploy.run
@@ -0,0 +1,203 @@
+assert_spec x86
+
+if {[have_spec linux]} {
+	puts "Platform is unsupported."
+	exit 0
+}
+
+create_boot_directory
+
+proc current_pkg { pkg } { return $pkg/[_current_depot_archive_version pkg $pkg] }
+
+import_from_depot [depot_user]/src/[base_src] \
+                  [depot_user]/pkg/[drivers_nic_pkg] \
+                  [depot_user]/src/report_rom \
+                  [depot_user]/src/fs_rom \
+                  [depot_user]/src/vfs \
+                  [depot_user]/src/init \
+                  [depot_user]/src/rtc_drv \
+                  [depot_user]/src/posix \
+                  [depot_user]/src/libc \
+                  [depot_user]/src/vfs_lxip \
+
+create_tar_from_depot_binaries [run_dir]/genode/depot.tar \
+	[depot_user]/pkg/nic_router-nat-dns \
+
+install_config {
+<config>
+	<parent-provides>
+		<service name="ROM"/>
+		<service name="IRQ"/>
+		<service name="IO_MEM"/>
+		<service name="IO_PORT"/>
+		<service name="PD"/>
+		<service name="RM"/>
+		<service name="CPU"/>
+		<service name="LOG"/>
+	</parent-provides>
+
+	<default-route>
+		<service name="Nic"> <child name="dynamic"/> </service>
+		<service name="Report"> <child name="report_rom"/> </service>
+		<any-service> <parent/> <any-child/> </any-service>
+	</default-route>
+	<default caps="100"/>
+
+	<start name="timer">
+		<resource name="RAM" quantum="1M"/>
+		<provides> <service name="Timer"/> </provides>
+	</start>
+
+	<start name="nic_drv" caps="1000">
+		<resource name="RAM" quantum="32M" constrain_phys="yes"/>
+		<binary name="init"/>
+		<route>
+			<service name="ROM" label="config"> <parent label="drivers.config"/> </service>
+			<service name="Timer"> <child name="timer"/> </service>
+			<any-service> <parent/> </any-service>
+		</route>
+		<provides> <service name="Nic"/> </provides>
+	</start>
+
+	<start name="rtc_drv">
+		<resource name="RAM" quantum="6M"/>
+		<provides> <service name="Rtc"/> </provides>
+	</start>
+
+	<start name="report_rom">
+		<binary name="report_rom"/>
+		<resource name="RAM" quantum="1M"/>
+		<provides> <service name="Report"/> <service name="ROM"/> </provides>
+		<config verbose="no">
+			<policy label="depot_deploy -> blueprint" report="depot_query -> blueprint"/>
+			<policy label="depot_query -> query"      report="depot_deploy -> query"/>
+			<policy label="dynamic -> config"         report="depot_deploy -> init.config"/>
+		</config>
+	</start>
+
+	<start name="vfs">
+		<resource name="RAM" quantum="4M"/>
+		<provides> <service name="File_system"/> </provides>
+		<config>
+			<vfs> <tar name="depot.tar"/> </vfs>
+			<policy label="depot_query -> depot" root="/" />
+			<policy label="fs_rom -> "           root="/" />
+		</config>
+	</start>
+
+	<start name="fs_rom">
+		<resource name="RAM" quantum="50M"/>
+		<provides> <service name="ROM"/> </provides>
+		<route>
+			<service name="File_system"> <child name="vfs"/> </service>
+			<any-service> <parent/> </any-service>
+		</route>
+	</start>
+
+	<start name="depot_query">
+		<resource name="RAM" quantum="1M"/>
+		<config query="rom">
+			<vfs> <dir name="depot"> <fs label="depot"/> </dir> </vfs>
+		</config>
+		<route>
+			<service name="ROM" label="query"> <child name="report_rom"/> </service>
+			<service name="File_system"> <child name="vfs"/> </service>
+			<service name="Report"> <child name="report_rom"/> </service>
+			<any-service> <parent/> <any-child/> </any-service>
+		</route>
+	</start>
+
+	<start name="ram_fs">
+		<resource name="RAM" quantum="8M"/>
+		<binary name="vfs"/>
+		<provides> <service name="File_system"/> </provides>
+		<config>
+			<vfs> <ram/> </vfs>
+			<default-policy root="/" writeable="yes"/>
+		</config>
+	</start>
+
+	<start name="depot_deploy">
+		<resource name="RAM" quantum="1M"/>
+		<config arch="} [depot_spec] {">
+			<static>
+				<parent-provides>
+					<service name="ROM"/>
+					<service name="RM"/>
+					<service name="CPU"/>
+					<service name="PD"/>
+					<service name="LOG"/>
+					<service name="File_system"/>
+					<service name="Nic"/>
+					<service name="Rtc"/>
+					<service name="Timer"/>
+				</parent-provides>
+				<service name="Nic">
+					<default-policy> <child name="nic_router"/> </default-policy> </service>
+			</static>
+			<common_routes>
+				<service name="ROM" label_last="ld.lib.so"> <parent/> </service>
+				<service name="ROM" label_last="init">      <parent/> </service>
+				<service name="CPU">   <parent/> </service>
+				<service name="PD">    <parent/> </service>
+				<service name="LOG">   <parent/> </service>
+				<service name="Timer"> <parent/> </service>
+				<service name="Rtc"> <parent/> </service>
+				<service name="Nic"> <parent/> </service>
+			</common_routes>
+
+			<start name="nic_router" pkg="} [depot_user]/pkg/[current_pkg nic_router-nat-dns] {">
+				<route>
+					<service name="RM"> <parent/> </service>
+					<service name="Rtc"> <parent/> </service>
+					<service name="Nic"> <parent/> </service>
+				</route>
+			</start>
+
+		</config>
+		<route>
+			<service name="ROM" label="blueprint"> <child name="report_rom"/> </service>
+			<service name="Report" label="query"> <child name="report_rom"/> </service>
+			<service name="Report"> <child name="report_rom"/> </service>
+			<any-service> <parent/> <any-child/> </any-service>
+		</route>
+	</start>
+
+	<start name="dynamic" caps="8000">
+		<resource name="RAM" quantum="160M"/>
+		<binary name="init"/>
+		<provides> <service name="Nic"/> </provides>
+		<route>
+			<service name="ROM" label_last="ld.lib.so"> <parent/> </service>
+			<service name="ROM" label_last="init">      <parent/> </service>
+			<service name="ROM" label="config"> <child name="report_rom"/> </service>
+			<service name="ROM">   <child name="fs_rom"/> </service>
+			<service name="Timer"> <child name="timer"/>  </service>
+			<service name="File_system"> <child name="ram_fs"/> </service>
+			<service name="Nic"> <child name="nic_drv"/> </service>
+			<any-service> <parent/> <any-child/> </any-service>
+		</route>
+	</start>
+	<start name="test-libc_getaddrinfo" caps="256">
+		<resource name="RAM" quantum="32M"/>
+		<config>
+			<vfs>
+				<dir name="dev"> <log/> </dir>
+				<dir name="socket"> <lxip dhcp="yes"/> </dir>
+			</vfs>
+			<libc stdout="/dev/log" socket="/socket"/>
+			<arg value="test-libc_getenv"/>
+			<arg value="genode.org"/>
+			<arg value="genode-labs.com"/>
+		</config>
+	</start>
+
+</config>}
+
+append qemu_args -nographic
+
+build { app/depot_query app/depot_deploy test/libc_getaddrinfo }
+
+build_boot_image { depot_query depot_deploy test-libc_getaddrinfo }
+
+run_genode_until "child \"test-libc_getaddrinfo\" exited with exit value 0.*\n" 120
diff --git a/src/app/stubby/config.h b/src/app/stubby/config.h
new file mode 100644
index 0000000..e0ccf28
--- /dev/null
+++ b/src/app/stubby/config.h
@@ -0,0 +1,58 @@
+/* hand-tweaked automess */
+#define HAVE_ASSERT_H 1
+#define HAVE_ATTR_FORMAT 1
+#define HAVE_ATTR_UNUSED 1
+#define HAVE_GETDNS_GETDNS_EXTRA_H 1
+#define HAVE_INTTYPES_H 1
+#define HAVE_LIBGETDNS 1
+#define HAVE_LIBYAML 1
+#define HAVE_MEMORY_H 1
+#define HAVE_STDARG_H 1
+#define HAVE_STDINT_H 1
+#define HAVE_STDIO_H 1
+#define HAVE_STDLIB_H 1
+#define HAVE_STRINGS_H 1
+#define HAVE_STRING_H 1
+#define HAVE_SYS_STAT_H 1
+#define HAVE_SYS_TYPES_H 1
+#define HAVE_UNISTD_H 1
+#define PACKAGE "stubby"
+#define PACKAGE_BUGREPORT ""
+#define PACKAGE_NAME "Stubby"
+#define PACKAGE_STRING "Stubby"
+#define PACKAGE_TARNAME "stubby"
+#define PACKAGE_URL ""
+#define PACKAGE_VERSION ""
+#define STDC_HEADERS 1
+#define VERSION ""
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <inttypes.h>
+#ifdef HAVE_ATTR_FORMAT
+# define ATTR_FORMAT(archetype, string_index, first_to_check) \
+    __attribute__ ((format (archetype, string_index, first_to_check)))
+#else /* !HAVE_ATTR_FORMAT */
+# define ATTR_FORMAT(archetype, string_index, first_to_check) /* empty */
+#endif /* !HAVE_ATTR_FORMAT */
+#if defined(__cplusplus)
+#  define ATTR_UNUSED(x)
+#elif defined(HAVE_ATTR_UNUSED)
+#  define ATTR_UNUSED(x)  x __attribute__((unused))
+#else /* !HAVE_ATTR_UNUSED */
+#  define ATTR_UNUSED(x)  x
+#endif /* !HAVE_ATTR_UNUSED */
+#ifndef HAVE_GETDNS_YAML2DICT
+# define USE_YAML_CONFIG 1
+#endif
+#define yaml_string_to_json_string        stubby_yaml_string_to_json_string
+#define PRIsz "zu"
+#include <arpa/inet.h>
+#include <sys/socket.h>
+#include <sys/time.h>
+#include <errno.h>
+#define HAVE_NETDB_H
+#define HAVE_TIME_H
diff --git a/src/app/stubby/target.mk b/src/app/stubby/target.mk
new file mode 100644
index 0000000..d38ef2c
--- /dev/null
+++ b/src/app/stubby/target.mk
@@ -0,0 +1,18 @@
+TARGET = stubby
+LIBS  += libc posix libgetdns getdns-gldns libcrypto libyaml
+
+STUBBY_DIR     := $(call select_from_ports,getdns)/src/lib/getdns/stubby
+STUBBY_SRC_DIR := $(STUBBY_DIR)/src
+
+SRC_C += stubby.c convert_yaml_to_json.c
+
+INC_DIR += $(PRG_DIR) $(STUBBY_SRC_DIR)
+INC_DIR += $(STUBBY_SRC_DIR)/../../src
+INC_DIR += $(STUBBY_SRC_DIR)/../../src/util/auxiliary
+
+CC_DEF += -DHAVE_CONFIG_H -DSTUBBYCONFDIR=\"/\" -DRUNSTATEDIR=\"/\"
+
+CC_DEF += -DSTUBBY_PACKAGE=\"stubby\" -DSTUBBY_PACKAGE_STRING=\"0.2.2\" 
+
+vpath %.c $(STUBBY_SRC_DIR)
+vpath %.c $(STUBBY_SRC_DIR)/yaml
diff --git a/src/lib/getdns/config.h b/src/lib/getdns/config.h
new file mode 100644
index 0000000..8f59f57
--- /dev/null
+++ b/src/lib/getdns/config.h
@@ -0,0 +1,320 @@
+//#define ANCHOR_DEBUG 1
+//#define DAEMON_DEBUG 1
+#define DNSSEC_ROADBLOCK_AVOIDANCE 1
+#define DRAFT_RRTYPES 1
+#define EDNS_COOKIES 1
+#define EDNS_COOKIE_OPCODE 10
+#define EDNS_COOKIE_ROLLOVER_TIME (24 * 60 * 60)
+#define EDNS_PADDING_OPCODE 12
+#define GETDNS_FN_HOSTS "/etc/hosts"
+#define GETDNS_FN_RESOLVCONF "/etc/resolv.conf"
+#define HAVE_ARPA_INET_H 1
+#define HAVE_ATTR_FORMAT 1
+#define HAVE_ATTR_UNUSED 1
+#define HAVE_DECL_ARC4RANDOM 0
+#define HAVE_DECL_ARC4RANDOM_UNIFORM 0
+#define HAVE_DECL_INET_NTOP 0
+#define HAVE_DECL_INET_PTON 0
+#define HAVE_DECL_NID_SECP384R1 1
+#define HAVE_DECL_NID_X9_62_PRIME256V1 1
+#define HAVE_DECL_SK_SSL_COMP_POP_FREE 1
+#define HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS 1
+//#define HAVE_DECL_SSL_CTX_SET1_CURVES_LIST 1
+#define HAVE_DECL_SSL_CTX_SET_ECDH_AUTO 1
+//#define HAVE_DECL_SSL_SET1_CURVES_LIST 1
+#define HAVE_DECL_STRLCPY 0
+#define HAVE_DLFCN_H 1
+#define HAVE_ENDIAN_H 1
+#define HAVE_ENGINE_LOAD_CRYPTODEV 1
+#define HAVE_EVP_DSS1 1
+#define HAVE_EVP_MD5 1
+#define HAVE_EVP_PKEY_BASE_ID 1
+#define HAVE_EVP_PKEY_KEYGEN 1
+#define HAVE_EVP_SHA1 1
+#define HAVE_EVP_SHA224 1
+#define HAVE_EVP_SHA256 1
+#define HAVE_EVP_SHA384 1
+#define HAVE_EVP_SHA512 1
+#define HAVE_FCNTL 1
+#define HAVE_FIPS_MODE 1
+#define HAVE_GETADDRINFO 1
+#define HAVE_GETAUXVAL 1
+#define HAVE_HMAC_UPDATE 1
+#define HAVE_INET_NTOP 1
+#define HAVE_INET_PTON 1
+#define HAVE_INTTYPES_H 1
+#define HAVE_LIBYAML 1
+#define HAVE_LIMITS_H 1
+#define HAVE_MEMORY_H 1
+#define HAVE_NETDB_H 1
+#define HAVE_NETINET_IN_H 1
+#define HAVE_OPENSSL_BN_H 1
+#define HAVE_OPENSSL_CONFIG 1
+#define HAVE_OPENSSL_CONF_H 1
+#define HAVE_OPENSSL_DSA_H 1
+#define HAVE_OPENSSL_ENGINE_H 1
+#define HAVE_OPENSSL_ERR_H 1
+#define HAVE_OPENSSL_RAND_H 1
+#define HAVE_OPENSSL_RSA_H 1
+#define HAVE_OPENSSL_SSL_H 1
+//#define HAVE_POLL_H 1
+//#define HAVE_PTHREAD 1
+#define HAVE_SIGADDSET 1
+#define HAVE_SIGEMPTYSET 1
+#define HAVE_SIGFILLSET 1
+#define HAVE_SIGNAL_H 1
+#define HAVE_SIGSET_T 1
+#define HAVE_SSL /**/
+//#define HAVE_SSL_HN_AUTH 1
+// FIXME
+#define HAVE_STDARG_H 1
+#define HAVE_STDINT_H 1
+#define HAVE_STDIO_H 1
+#define HAVE_STDLIB_H 1
+#define HAVE_STRINGS_H 1
+#define HAVE_STRING_H 1
+#define HAVE_STRPTIME 1
+//#define HAVE_SYS_POLL_H 1
+#define HAVE_SYS_RESOURCE_H 1
+#define HAVE_SYS_SELECT_H 1
+#define HAVE_SYS_SOCKET_H 1
+#define HAVE_SYS_STAT_H 1
+#define HAVE_SYS_SYSCTL_H 1
+#define HAVE_SYS_TIME_H 1
+#define HAVE_SYS_TYPES_H 1
+#define HAVE_TIME_H 1
+#define HAVE_TLS_v1_2 1
+#define HAVE_UNISTD_H 1
+#define HAVE_U_CHAR 1
+//#define HAVE_X509_CHECK_HOST 1
+#define HAVE___FUNC__ 1
+#define LT_OBJDIR ".libs/"
+#define MAXIMUM_UPSTREAM_OPTION_SPACE 3000
+#define MAX_CNAME_REFERRALS 100
+#define PACKAGE_BUGREPORT "team@getdnsapi.net"
+#define PACKAGE_NAME "getdns"
+#define PACKAGE_STRING "getdns 1.4.0"
+#define PACKAGE_TARNAME "getdns"
+#define PACKAGE_URL "https://getdnsapi.net"
+#define PACKAGE_VERSION "1.4.0"
+//#define REQ_DEBUG 1
+#define RETSIGTYPE void
+//#define SCHED_DEBUG 1
+//#define SEC_DEBUG 1
+//#define SERVER_DEBUG 1
+#define STDC_HEADERS 1
+#define STRPTIME_WORKS 1
+#define STUBBY_PACKAGE "stubby"
+#define STUBBY_PACKAGE_STRING ""
+//#define STUB_DEBUG 1
+#define STUB_NATIVE_DNSSEC 1
+#define SYSCONFDIR sysconfdir
+#define TRUST_ANCHOR_FILE "/getdns-root.key"
+#define USE_DANESSL 1
+#define USE_DSA 1
+#define USE_ECDSA 1
+#define USE_GOST 1
+#define USE_SHA1 1
+#define USE_SHA2 1
+#ifdef HAVE___FUNC__
+#define __FUNC__ __func__
+#else
+#define __FUNC__ __FUNCTION__
+#endif
+#ifdef GETDNS_ON_WINDOWS
+# ifndef FD_SETSIZE
+#  define FD_SETSIZE 1024
+# endif
+# ifndef WINVER
+#  define WINVER 0x0600 // 0x0502
+# endif
+# ifndef _WIN32_WINNT
+#  define _WIN32_WINNT 0x0600 // 0x0502
+# endif
+# ifdef HAVE_WS2TCPIP_H
+#  include <ws2tcpip.h>
+# endif
+# ifdef _MSC_VER
+#  if _MSC_VER >= 1800
+#   define PRIsz "zu"
+#  else
+#   define PRIsz "Iu"
+#  endif
+# else
+#  define PRIsz "Iu"
+# endif
+# ifdef HAVE_WINSOCK2_H
+#  include <winsock2.h>
+# endif
+# ifdef HAVE_WINSOCK2_H
+#  define FD_SET_T (u_int)
+# else
+#  define FD_SET_T 
+# endif
+ /* Windows wants us to use _strdup instead of strdup */
+# ifndef strdup
+#  define strdup _strdup
+# endif
+#else
+# define PRIsz "zu"
+#endif
+#include <stdint.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <assert.h>
+#include <string.h>
+#ifdef __cplusplus
+extern "C" {
+#endif
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+#if !defined(HAVE_STRLCPY) || !HAVE_DECL_STRLCPY || !defined(strlcpy)
+size_t strlcpy(char *dst, const char *src, size_t siz);
+#else
+#ifndef __BSD_VISIBLE
+#define __BSD_VISIBLE 1
+#endif
+#endif
+#if !defined(HAVE_ARC4RANDOM) || !HAVE_DECL_ARC4RANDOM
+uint32_t arc4random(void);
+#endif
+#if !defined(HAVE_ARC4RANDOM_UNIFORM) || !HAVE_DECL_ARC4RANDOM_UNIFORM 
+uint32_t arc4random_uniform(uint32_t upper_bound);
+#endif
+#ifndef HAVE_ARC4RANDOM
+void explicit_bzero(void* buf, size_t len);
+int getentropy(void* buf, size_t len);
+void arc4random_buf(void* buf, size_t n);
+void _ARC4_LOCK(void);
+void _ARC4_UNLOCK(void);
+#endif
+#ifndef HAVE_DECL_INET_PTON
+int inet_pton(int af, const char* src, void* dst);
+#endif /* HAVE_INET_PTON */
+#ifndef HAVE_DECL_INET_NTOP
+const char *inet_ntop(int af, const void *src, char *dst, size_t size);
+#endif
+#ifdef USE_WINSOCK
+# ifndef  _CUSTOM_VSNPRINTF
+#  define _CUSTOM_VSNPRINTF
+static inline int _gldns_custom_vsnprintf(char *str, size_t size, const char *format, va_list ap)
+{ int r = vsnprintf(str, size, format, ap); return r == -1 ? _vscprintf(format, ap) : r; }
+#  define vsnprintf _gldns_custom_vsnprintf
+# endif
+#endif
+#ifdef __cplusplus
+}
+#endif
+#define USE_GLDNS 1
+#ifdef HAVE_SSL
+#  define GLDNS_BUILD_CONFIG_HAVE_SSL 1
+#endif
+#ifdef HAVE_STDARG_H
+#include <stdarg.h>
+#endif
+#include <errno.h>
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_OPENSSL_SSL_H
+#include <openssl/ssl.h>
+#endif
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+#ifdef HAVE_SYS_LIMITS_H
+#include <sys/limits.h>
+#endif
+#ifdef PATH_MAX
+#define _GETDNS_PATH_MAX PATH_MAX
+#else
+#define _GETDNS_PATH_MAX 2048
+#endif
+#ifndef PRIu64
+#define PRIu64 "llu"
+#endif
+#ifdef HAVE_ATTR_FORMAT
+#  define ATTR_FORMAT(archetype, string_index, first_to_check) \
+    __attribute__ ((format (archetype, string_index, first_to_check)))
+#else /* !HAVE_ATTR_FORMAT */
+#  define ATTR_FORMAT(archetype, string_index, first_to_check) /* empty */
+#endif /* !HAVE_ATTR_FORMAT */
+#if defined(DOXYGEN)
+#  define ATTR_UNUSED(x)  x
+#elif defined(__cplusplus)
+#  define ATTR_UNUSED(x)
+#elif defined(HAVE_ATTR_UNUSED)
+#  define ATTR_UNUSED(x)  x __attribute__((unused))
+#else /* !HAVE_ATTR_UNUSED */
+#  define ATTR_UNUSED(x)  x
+#endif /* !HAVE_ATTR_UNUSED */
+#ifdef TIME_WITH_SYS_TIME
+# include <sys/time.h>
+# include <time.h>
+#else
+# ifdef HAVE_SYS_TIME_H
+#  include <sys/time.h>
+# else
+#  include <time.h>
+# endif
+#endif
+#ifdef __cplusplus
+extern "C" {
+#endif
+#if !defined(HAVE_STRPTIME) || !defined(STRPTIME_WORKS)
+#define strptime unbound_strptime
+struct tm;
+char *strptime(const char *s, const char *format, struct tm *tm);
+#endif
+#if !defined(HAVE_SIGSET_T) && defined(HAVE__SIGSET_T)
+typedef _sigset_t sigset_t;
+#endif
+#if !defined(HAVE_SIGEMPTYSET)
+#  define sigemptyset(pset)    (*(pset) = 0)
+#endif
+#if !defined(HAVE_SIGFILLSET)
+#  define sigfillset(pset)     (*(pset) = (sigset_t)-1)
+#endif
+#if !defined(HAVE_SIGADDSET)
+#  define sigaddset(pset, num) (*(pset) |= (1L<<(num)))
+#endif
+#ifdef HAVE_LIBUNBOUND
+# include <unbound.h>
+# ifdef HAVE_UNBOUND_EVENT_H
+#  include <unbound-event.h>
+# else
+#  ifdef HAVE_UNBOUND_EVENT_API
+#   ifndef _UB_EVENT_PRIMITIVES
+#    define _UB_EVENT_PRIMITIVES
+struct ub_event_base;
+struct ub_ctx* ub_ctx_create_ub_event(struct ub_event_base* base);
+typedef void (*ub_event_callback_t)(void*, int, void*, int, int, char*);
+int ub_resolve_event(struct ub_ctx* ctx, const char* name, int rrtype, 
+        int rrclass, void* mydata, ub_event_callback_t callback, int* async_id);
+#   endif
+#  endif
+# endif
+#endif
+#ifdef __cplusplus
+}
+#endif