OpenDNSSEC

We have now finally released the first version of OpenDNSSEC. We want to thank you all for being patient and so helpful during our alpha and beta trials. Changes between RC4 and 1.0.0 Fixed a broken path in ods-control Known issues OpenDNSSEC has ... [More] some known issues, but they will be fixed in a future release. Auditor slow for large zones KSK [...] [Less]

Version 1.0.0rc4 of OpenDNSSEC has now been released. Added manual pages for ods-auditor(1), ods-control(8), ods-enforcerd(8), ods-signerd(8), ods-signer(8), ods-hsmpseed(1), ods-hsmutil(1), ods-kaspcheck(1), ods-ksmutil(1), ods-timing(5) ... [More] , opendnssec(7). Move ods-control & ods-signer from PREFIX/bin to PREFIX/sbin. Dnsruby-1.43 is now required Bugfixes: Bugreport #89: Signer Engine: bug in logging.c. Auditor: Had some problems with escaped characters in domain names Download the tarball from: opendnssec-1.0.0rc4.tar.gz [Less]

Version 1.0.0rc3 of OpenDNSSEC has now been released. This should be the last release candidate before 1.0.0. Bugfixes: ods-ksmutil: The ksk-roll command did not handle its options correctly Auditor: Configured zone SOA TTL now used to track ... [More] pre-published keys, rather than the unsigned zone SOA TTL. Enforcer: There was a flaw in the implementation of the timing code (it  [...] [Less]

SoftHSM has now been released as version 1.1.3 Only check for the SQLite3 library. The binary is not needed. Switch to PKCS#11 header file from the Scute project. KNOWN BUG: A bug in Botan made some of the checks to fail on Debian unstable. The bug may appear on other platforms. Please upgrade to Botan 1.8.9 when it [...]

SoftHSM has now been released as version 1.1.2 Documentation on how to do backup. Limiting the number of concurrent sessions to 256, because SQLite has a limit on the number of database connections. Install a sample of the configuration file. ... [More] Manual pages are now available for softhsm, softhsm-keyconv, and softhsm.conf Bugfix: –enable-64bit configure option did not work correctly. KNOWN BUG: A [...] [Less]

Version 1.0.0rc2 of OpenDNSSEC has now been released. Bugfixes: Signer Engine: Signer processes could remain open, if they were not close correctly. ods-ksmutil: Got a segmentation fault, when an HSM was missing in the configuration. Only applied to ... [More] versions using MySQL. Zone fetcher: Did not close files before moving them. Zone fetcher: The serial arithmetic was not correct. Auditor: It now [...] [Less]

SoftHSM has now been released as version 1.1.1 Bugfix: Signing could not be done when another application had a lock on the database. Bugfix: Check if a session were able to create a connection to the database. KNOWN BUG: A version of Botan available in some OS has a problem with the entropy. This causes SoftHSM to freeze [...]

OpenDNSSEC has now been released as a release candidate. The following things are new for this release: Auditor: dnsruby-1.41 should be used (includes fixes for zero length salt and RFC3597 unknown classes) Signer Engine: ldns 1.6.3 should be used ... [More] (includes NSEC3 bugfix and class inheritance when creating signatures) Bugfixes: Signer Engine: 1.0.0b8 introduced a bug that no signatures where reused. [...] [Less]

The 9th beta-version of OpenDNSSEC has been released. The following things are new for this release: ods-ksmutil: update command split so that individual configuration files can be updated separately. ods-ksmutil: “ds-seen” renamed to “ksk-roll” ... [More] which is a more accurate description of its effect. (ds-seen will reappear in v1.1) add contributed .spec file for RPM builds Signer Engine: verifies signature after [...] [Less]

The 8th beta-version of OpenDNSSEC has been released. The following things are new for this release: ods-ksmutil: KSK rollover now holds at the point where the new key is made active until the command “ds-seen” is issued. ods-ksmutil: “database ... [More] backup” implemented to safely make a copy of the SQLite enforcer database. Bugfixes: Auditor: Crashed on unknown RR class. Signer Engine: NSEC3 [...] [Less]