diff --git a/libs/ldns/Makefile b/libs/ldns/Makefile
index 484e5c368..093e2be36 100644
--- a/libs/ldns/Makefile
+++ b/libs/ldns/Makefile
@@ -8,16 +8,16 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ldns
-PKG_VERSION:=1.7.0
-PKG_RELEASE:=5
+PKG_VERSION:=1.7.1
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.nlnetlabs.nl/downloads/ldns
-PKG_HASH:=c19f5b1b4fb374cfe34f4845ea11b1e0551ddc67803bd6ddd5d2a20f0997a6cc
+PKG_HASH:=8ac84c16bdca60e710eea75782356f3ac3b55680d40e1530d7cea474ac208229
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
-PKG_MAINTAINER:=
+PKG_MAINTAINER:=Eric Luehrsen <ericluehrsen@gmail.com>
 PKG_CPE_ID:=cpe:/a:nlnetlabs:ldns
 
 PKG_FIXUP:=autoreconf
@@ -55,15 +55,31 @@ define Package/drill
 endef
 
 define Package/drill/description
-  drill is a tool to designed to get all sorts of information out of the DNS. It
-  is specificly designed to be used with DNSSEC.
+  ldns includes the drill tool, which is much like dig from BIND. It was
+  designed with DNSSEC in mind and should be a useful debugging/query tool
+  for DNSSEC.
+endef
+
+define Package/ldns-examples
+  $(call Package/libldns/Default)
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=IP Addresses and Names
+  TITLE:=Example programs from NLNetLabs ldns library
+  DEPENDS+= +libldns +libpcap +drill
+endef
+
+define Package/ldns-examples/description
+  A few example programs are included in the source of ldns. They include tools
+  which can create DNSSEC keys and DNSSEC zone files.
 endef
 
 CONFIGURE_ARGS += \
-	--disable-dane-ta-usage \
-	--disable-ecdsa \
+	--disable-dsa \
 	--disable-gost \
+	--enable-ecdsa \
 	--with-drill \
+	--with-examples \
 	--with-ssl="$(STAGING_DIR)/usr"
 
 define Build/InstallDev
@@ -85,5 +101,33 @@ define Package/drill/install
 	$(CP) $(PKG_INSTALL_DIR)/usr/bin/drill $(1)/usr/bin/
 endef
 
+define Package/ldns-examples/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-chaos $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-compare-zones $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-dane $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-dpa $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-gen-zone $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-key2ds $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-keyfetcher $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-keygen $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-mx $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-notify $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-nsec3-hash $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-read-zone $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-revoke $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-rrsig $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-signzone $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-test-edns $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-testns $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-update $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-verify-zone $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-version $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-walk $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-zcat $(1)/usr/bin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/bin/ldns-zsplit $(1)/usr/bin/
+endef
+
 $(eval $(call BuildPackage,libldns))
 $(eval $(call BuildPackage,drill))
+$(eval $(call BuildPackage,ldns-examples))
diff --git a/libs/ldns/patches/001-compile-for-darwin.patch b/libs/ldns/patches/001-compile-for-darwin.patch
new file mode 100644
index 000000000..5ba0d57d4
--- /dev/null
+++ b/libs/ldns/patches/001-compile-for-darwin.patch
@@ -0,0 +1,13 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -859,10 +859,10 @@
+ AC_ARG_WITH(xcode-sdk, AC_HELP_STRING([--with-xcode-sdk], 
+  [Set xcode SDK version. Default is autodetect]), 
+  [],[with_xcode_sdk="yes"])
+ if test "x_$with_xcode_sdk" != "x_no" ; then
+    # check OSX deployment target, if needed
+-   if echo $build_os | grep darwin > /dev/null; then
++   if echo $target_os | grep darwin > /dev/null; then
+      sdk_p=`xcode-select -print-path`;
+      if test "x_$with_xcode_sdk" = "x_yes" ; then
+         sdk_v="$( /usr/bin/xcrun --show-sdk-version 2>/dev/null )"
diff --git a/libs/ldns/patches/001-fix-cross-compile-on-darwin.patch b/libs/ldns/patches/001-fix-cross-compile-on-darwin.patch
deleted file mode 100644
index ddc2691e8..000000000
--- a/libs/ldns/patches/001-fix-cross-compile-on-darwin.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/configure.ac
-+++ b/configure.ac
-@@ -842,7 +842,7 @@ ACX_CHECK_FORMAT_ATTRIBUTE
- ACX_CHECK_UNUSED_ATTRIBUTE
- 
- # check OSX deployment target, if needed
--if echo $build_os | grep darwin > /dev/null; then
-+if echo $target_os | grep darwin > /dev/null; then
-   sdk_p=`xcode-select -print-path`;
-   sdk_v="$( /usr/bin/xcrun --show-sdk-version )";
-   case $sdk_v in
diff --git a/libs/ldns/patches/100-CVE-2017-1000231.patch b/libs/ldns/patches/100-CVE-2017-1000231.patch
deleted file mode 100644
index 2c2abe8a4..000000000
--- a/libs/ldns/patches/100-CVE-2017-1000231.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From c8391790c96d4c8a2c10f9ab1460fda83b509fc2 Mon Sep 17 00:00:00 2001
-From: Willem Toorop <willem@nlnetlabs.nl>
-Date: Thu, 27 Apr 2017 00:14:58 +0200
-Subject: [PATCH] Check parse limit before t increment
-
-Thanks Stephan Zeisberg
----
- parse.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/parse.c b/parse.c
-index e68627c..947dbb8 100644
---- a/parse.c
-+++ b/parse.c
-@@ -118,6 +118,10 @@ ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *li
- 			if (line_nr) {
- 				*line_nr = *line_nr + 1;
- 			}
-+			if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
-+				*t = '\0';
-+				return -1;
-+			}
- 			*t++ = ' ';
- 			prev_c = c;
- 			continue;
--- 
-2.9.5
-
diff --git a/libs/ldns/patches/101-CVE-2017-1000232.patch b/libs/ldns/patches/101-CVE-2017-1000232.patch
deleted file mode 100644
index 25be44dc5..000000000
--- a/libs/ldns/patches/101-CVE-2017-1000232.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 3bdeed02505c9bbacb3b64a97ddcb1de967153b7 Mon Sep 17 00:00:00 2001
-From: Willem Toorop <willem@nlnetlabs.nl>
-Date: Thu, 27 Apr 2017 00:25:20 +0200
-Subject: [PATCH] bugfix #1257: Free after reallocing to 0 size
-
-Thanks Stephan Zeisberg
----
- str2host.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/str2host.c b/str2host.c
-index b274b17..f2a317b 100644
---- a/str2host.c
-+++ b/str2host.c
-@@ -1525,8 +1525,10 @@ ldns_str2rdf_long_str(ldns_rdf **rd, const char *str)
- 	if (! str) {
- 		return LDNS_STATUS_SYNTAX_BAD_ESCAPE;
- 	}
--	length = (size_t)(dp - data);
--
-+	if (!(length = (size_t)(dp - data))) {
-+		LDNS_FREE(data);
-+		return LDNS_STATUS_SYNTAX_EMPTY;
-+	}
- 	/* Lose the overmeasure */
- 	data = LDNS_XREALLOC(dp = data, uint8_t, length);
- 	if (! data) {
--- 
-2.9.5
-
diff --git a/libs/ldns/patches/200-deprecated-openssl.patch b/libs/ldns/patches/200-deprecated-openssl.patch
deleted file mode 100644
index cdeff84a7..000000000
--- a/libs/ldns/patches/200-deprecated-openssl.patch
+++ /dev/null
@@ -1,78 +0,0 @@
---- a/dnssec.c
-+++ b/dnssec.c
-@@ -23,6 +23,9 @@
- #include <openssl/rand.h>
- #include <openssl/err.h>
- #include <openssl/md5.h>
-+#include <openssl/bn.h>
-+#include <openssl/rsa.h>
-+#include <openssl/dsa.h>
- #endif
- 
- ldns_rr *
---- a/dnssec_sign.c
-+++ b/dnssec_sign.c
-@@ -17,6 +17,9 @@
- #include <openssl/rand.h>
- #include <openssl/err.h>
- #include <openssl/md5.h>
-+#include <openssl/bn.h>
-+#include <openssl/rsa.h>
-+#include <openssl/dsa.h>
- #endif /* HAVE_SSL */
- 
- ldns_rr *
---- a/dnssec_verify.c
-+++ b/dnssec_verify.c
-@@ -594,7 +594,9 @@ ldns_dnssec_trust_tree_print_sm_fmt(FILE
- 						if (tree->parent_status[i]
- 						    == LDNS_STATUS_SSL_ERR) {
- 							printf("; SSL Error: ");
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- 							ERR_load_crypto_strings();
-+#endif
- 							ERR_print_errors_fp(stdout);
- 							printf("\n");
- 						}
---- a/drill/drill.c
-+++ b/drill/drill.c
-@@ -1013,7 +1013,7 @@ main(int argc, char *argv[])
- 	xfree(tsig_data);
- 	xfree(tsig_algorithm);
- 
--#ifdef HAVE_SSL
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- 	CRYPTO_cleanup_all_ex_data();
- 	ERR_free_strings();
- 	EVP_cleanup();
---- a/host2str.c
-+++ b/host2str.c
-@@ -28,6 +28,12 @@
- #include <time.h>
- #include <sys/time.h>
- 
-+#ifdef HAVE_SSL
-+#include <openssl/bn.h>
-+#include <openssl/rsa.h>
-+#include <openssl/dsa.h>
-+#endif
-+
- #ifndef INET_ADDRSTRLEN
- #define INET_ADDRSTRLEN 16
- #endif
---- a/keys.c
-+++ b/keys.c
-@@ -16,8 +16,12 @@
- 
- #ifdef HAVE_SSL
- #include <openssl/ssl.h>
--#include <openssl/engine.h>
- #include <openssl/rand.h>
-+#include <openssl/bn.h>
-+#include <openssl/rsa.h>
-+#include <openssl/dsa.h>
-+#include <openssl/engine.h>
-+#include <openssl/ui.h>
- #endif /* HAVE_SSL */
- 
- ldns_lookup_table ldns_signing_algorithms[] = {
diff --git a/libs/ldns/patches/300-openssl-engine.patch b/libs/ldns/patches/300-openssl-engine.patch
deleted file mode 100644
index 8f2be2367..000000000
--- a/libs/ldns/patches/300-openssl-engine.patch
+++ /dev/null
@@ -1,23 +0,0 @@
---- a/keys.c
-+++ b/keys.c
-@@ -20,8 +20,10 @@
- #include <openssl/bn.h>
- #include <openssl/rsa.h>
- #include <openssl/dsa.h>
--#include <openssl/engine.h>
- #include <openssl/ui.h>
-+#ifndef OPENSSL_NO_ENGINE
-+#include <openssl/engine.h>
-+#endif
- #endif /* HAVE_SSL */
- 
- ldns_lookup_table ldns_signing_algorithms[] = {
-@@ -103,7 +105,7 @@ ldns_key_new_frm_fp(ldns_key **k, FILE *fp)
- 	return ldns_key_new_frm_fp_l(k, fp, NULL);
- }
- 
--#ifdef HAVE_SSL
-+#if defined(HAVE_SSL) && !defined(OPENSSL_NO_ENGINE)
- ldns_status
- ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm alg)
- {