Welcome to OpenDNSSEC
The OpenDNSSEC project announces the development of Open Source software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
- More information about OpenDNSSEC
- List of authors
- OpenDNSSEC features
- Documentation
- Where to download OpenDNSSEC
- Where to get support
The latest news about OpenDNSSEC can be found below!
OpenDNSSEC 1.1.2
Version 1.1.2 of OpenDNSSEC has now been released.
- Dnsruby 1.49 now required (for correct zone parsing)
- ldns 1.6.6 is required to fix the zone fetcher bug
Bugfixes:
- ods-control stop did not stopped zone fetcher (bug was introduced in 1.1.0)
- Auditor correctly handles chains of empty nonterminals
- Zone fetcher can block zone transfers if AXFR once failed. This is a bug in ldns versions 1.6.5 and lower. See KNOWN_ISSUES for more information.
- Bugreport #165: Ensure Output SOA serial is always bigger than Input SOA serial.
- Bugreport #166: Correct exit value from signer.
- Bugreport #167: Zone fetcher now also picks up changes when zonelist is reloaded
- Bugreport #168: ods-control with tightened control for the Enforcer
- Bugreport #169: Do not include config.h in the distribution
- Bugreport #170: Typo in a man page (ods-signer)
- Bugreport #172: Correction of some macros in a man page (ods-timing)
- Bugreport #173: A man page used a macro that does not exist (ods-ksmutil)
Download the tarball from: opendnssec-1.1.2.tar.gz
OpenDNSSEC 1.1.1
Version 1.1.1 of OpenDNSSEC has now been released.
Bugfixes:
- Bugreport #127: Large SOA serial numbers were not handled properly by signer
- Bugreport #133: Better handling of SOA serial when setting is ‘keep’
- Bugreport #136: quicksorter could not handle standard bind format SOA rdata
- The Auditor could not handle the new way of rolling KSKs
- One log message in the Enforcer referred to an old command
- The Enforcer forgot to publish certain keys during transition between states
Download the tarball from: opendnssec-1.1.1.tar.gz
OpenDNSSEC 1.1.0 and release plan for 1.2
Version 1.1.0 of OpenDNSSEC has now been released. There is no changes between between this version and the rc3. Download the tarball from: opendnssec-1.1.0.tar.gz
Release plan for OpenDNSSEC 1.2 (August 2010)
- Improved handling of shared keys
- Only the private key object on the HSM is needed, will save space
- Replace the Python engine with a C engine
- Configurable auditing program
- Performance improvements for large numbers of zones
- Working with internal structures instead of temporary files
