Welcome to OpenDNSSEC

The OpenDNSSEC project announces the development of Open Source software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

The latest news about OpenDNSSEC can be found below!

OpenDNSSEC 1.4.5

Version 1.4.5 of OpenDNSSEC has now been released:

Bugfixes:

  • OPENDNSSEC-607: libhsm not using all mandatory attributes for GOST key generation.
  • OPENDNSSEC-609: ods-ksmutil: ‘key list’ command fails with error in 1.4.4 on MySQL. Reported by Mark Elkins <mje@posix.co.za>

Documentation:

Download:

 

SoftHSM 2.0.0a2

Version 2.0.0a2 of SoftHSM has been released.

Updates:

  • SOFTHSM-68: Display a better configure message when there is a version of Botan with a broken ECC/GOST/OID implementation.
  • SOFTHSM-70: Improved handling of the database backend.
  • SOFTHSM-71: Supporting Botan 1.11.
  • SOFTHSM-76: Do not generate RSA keys smaller than 1024 bit when using the Botan crypto backend.
  • SOFTHSM-83: Support CKA_VALUE_BITS for CKK_DH private key object.
  • SOFTHSM-85: Rename libsofthsm.so to libsofthsm2.so and prefix the command line utilties with softhsm2-.
  • SOFTHSM-89: Use constants and not strings for signaling algorithms.
  • SUPPORT-129: Possible to use an empty template in C_GenerateKey. The class and key type are inherited from the generation mechanism. Some mechanisms do however require a length attribute. [SOFTHSM-88]
  • SUPPORT-131: Support RSA-PSS using SHA1, SHA224, SHA256, SHA384, or SHA512. [SOFTHSM-87]

Bugfixes:

  • SOFTHSM-39: Fix 64 bit build on sparc sun4v.
  • SOFTHSM-69: GOST did not work when you disabled ECC.
  • SOFTHSM-78: Correct the attribute checks for a number of objects.
  • SOFTHSM-80: Prevent segfault in OpenSSL GOST HMAC code.
  • SOFTHSM-91: Fix a warning from static code analysis.
  • Fixed a number of memory leaks.

Documentation:

Download:

 

OpenDNSSEC 1.4.4

Version 1.4.4 of OpenDNSSEC has now been released:

Updates:

  • SUPPORT-114: libhsm: Optimize storage in HSM by deleting the public key directly if SkipPublicKey is used [OPENDNSSEC-574].
  • OPENDNSSEC-358: ods-ksmutil: Extend ‘key list’ command with options to filter on key type and state. This allows keys in the GENERATE and DEAD state to be output.
  • OPENDNSSEC-549: Signer Engine: Put NSEC3 records on empty non-terminals derived from unsigned delegations (be compatible with servers that are incompatible with RFC 5155 errata 3441).

Bugfixes:

  • SUPPORT-86: Fixed build on OS X [OPENDNSSEC-512].
  • SUPPORT-97: Signer Engine: Fix after restart signer thinks zone has expired [OPENDNSSEC-526].
  • SUPPORT-101: Signer Engine: Fix multiple zone transfer to single file bug [OPENDNSSEC-529].
  • SUPPORT-102: Signer Engine: Fix statistics (count can be negative)/
  • SUPPORT-108: Signer Engine: Don’t replace tabs in RRs with whitespace [OPENDNSSEC-520].
  • SUPPORT-116: ods-ksmutil: ‘key import’ date validation fails on certain dates [OPENDNSSEC-553].
  • SUPPORT-128: ods-ksmutil. Man page had incorrect formatting [OPENDNSSEC-576].
  • SUPPORT-127: ods-signer: Fix manpage sections.
  • OPENDNSSEC-457: ods-ksmutil: Add a check on the ‘zone add’ input/output type parameter to allow only File or DNS.
  • OPENDNSSEC-481: libhsm: Fix an off-by-one length check error.
  • OPENDNSSEC-482: libhsm: Improved cleanup for C_FindObjects.
  • OPENDNSSEC-531: ods-ksmutil: Exported value of <Parent><SOA><TTL> in ‘policy export’ output could be wrong on MySQL.
  • OPENDNSSEC-537: libhsm: Possible memory corruption in hsm_get_slot_id.
  • OPENDNSSEC-544: Signer Engine: Fix assertion error that happens on an IXFR request with EDNS.
  • OPENDNSSEC-546: enforcer & ods-ksmutil: Improve logging on key creation and alloctaion.
  • OPENDNSSEC-560: Signer Engine: Don’t crash when unsigned zone has no SOA.
  • Signer Engine: Fix a race condition when stopping daemon.

Documentation:

Download: