Welcome to OpenDNSSEC
The OpenDNSSEC project announces the development of Open Source software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
- More information about OpenDNSSEC
- List of authors
- OpenDNSSEC features
- OpenDNSSEC Initial Deployment Guide
- Where to download OpenDNSSEC
- Where to get support
The latest news about OpenDNSSEC can be found below!
Version 1.4.12 of OpenDNSSEC has been released on 2016-10-17.
Hereby we announce the OpenDNSSEC 1.4.12 release. This is a bug fix release targeting a memory leak in the signer when being used in the “bump in the wire” model where the signer would send out notify messages and respond to IXFR requests for the signed zone. This typically would manifest itself with very frequent outgoing IXFRs over a longer period of time.
When upgrading from 1.4.10 (the 1.4.11 release was skipped) no migration steps are needed. For upgrading from earlier releases see the migration steps in the individual releases, most notably in 188.8.131.52. This version of OpenDNSSEC does however require a slightly less older minimal version of the library ldns.
- OPENDNSSEC-808: Crash on query with empty query section (thanks HÃ¥vard Eidnes).
- SUPPORT-191: Regression, Must accept notify without SOA (thanks Christos Trochalakis).
- OPENDNSSEC-845: memory leak occuring when responding to IXFR out when having had multiple updates.
- OPENDNSSEC-805: Avoid full resign due to mismatch in backup file when upgrading from 1.4.8 or later.
- OPENDNSSEC-828: parsing zone list could show data from next zone when zones iterated on single line.
- OPENDNSSEC-811,OPENDNSSEC-827,e.o.: compiler warnings and other static code analysis cleanup
- OPENDNSSEC-847: Broken DNS IN notifications when pkt answer section is empty.
- OPENDNSSEC-838: Crash in signer after having removed a zone.
- Update dependency to ldns to version 1.6.17 enabling the DNS HIP record.
- Prevent responding to queries when not fully started yet.
- Checksum SHA256: 4ba6cf06fcd1131c1ed913d61959ddc90726ed5e4f153c90f45ec64445528a0c
Version 2.0.3 of OpenDNSSEC has been released on 2016-10-17.
Hereby we announce the OpenDNSSEC 2.0.3 release. Most of the changes are related to further smoothing the migration path from OpenDNSSEC 1.4 to 2.0. If you still need to migrate from 1.4.10 please migrate to 2.0.3 directly rather than via 2.0.1. Another important fix is a memory leak in the signer. It would cause a high memory usage for installations with very frequent outgoing IXFR’s.
- OpenDNSSEC-839: update all no longer deletes zones or policies. Policy import now has a –remove-missing-policies option. (thanks David Peall)
- OpenDNSSEC-840: Fix migration script to correctly interpret SOA serial strategy.
- OPENDNSSEC-843: MaxZoneTTL defaults to 0 instead of 1 day.
- Migration script can handle converting a database with zones in rollover better.
- Fixed incorrect behaviour when more than 2 ZSKs involved in roll.
- SUPPORT-201: Remove old keys from converted DB.
- OPENDNSSEC-845: Memory leak on IXFR out.
- Checksum SHA256: ebeb5481d696cf83c21c5dfbecce6ab5dcc73df1a08573ef257f2f6fe10f6214
Version 2.0.1 of OpenDNSSEC has been released on 2016-07-21.
This release is primarily focused on ironing out the issues on the migration path from 1.4 to 2.0. Besides that there are no functional changes.
- Fixed crash and linking issue in ods-migrate.
- Fixed case where 2.0.0 could not read backup files from 1.4.10.
- Fixed bug in migration script where key state in the database wasn’t transformed properly.
- Checksum SHA256: bf874bbb346699a5b539699f90a54e0c15fff0574df7a3c118abb30938b7b346