The OpenDNSSEC project

OpenDNSSEC is a policy-based zone signer that automates the process of keeping track of DNSSEC keys and the signing of zones. The goal of the project is to make DNSSEC easy to deploy. The project is Open Source and intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

CrypTech Alpha 3 + OpenDNSSEC 2.1.1

The CrypTech Alpha is a fully open source hardware cryptographic engine. This week the CrypTech team released version 3 of their software and firmware. We gave it a test run and found that their efforts did pay off. OpenDNSSEC 2.1.1 is found to be working smoothly with the Alpha Board. Thank you CrypTech!

OpenDNSSEC 1.4.14

Version 1.4.14 of OpenDNSSEC has been released on 2017-04-28.

News

Hereby we announce the OpenDNSSEC 1.4.14 release.

Bugs Fixed

  • OPENDNSSEC-888: Fix up MySQL<->SQLite3 database conversion script.
  • OPENDNSSEC-752: Incorrect calculated number of KSKs needed when KSK and ZSK have exactly the same parameters. This would prevent KSK rollovers.
  • OPENDNSSEC-890: Bogus signatures on mismatching TTLs within the same RRset.

Download

OpenDNSSEC 2.1.1

Version 2.1.1 of OpenDNSSEC has been released on 2017-04-28.

News

OpenDNSSEC 2.1.1 addresses a number of bug fixes. No migration steps are required when upgrading from an earlier 2.X release. In case you are still on the 1.4.X branch and like to upgrade to 2.1.1 you are advised to do so directly rather than installing earlier 2.X versions first.

Bugs Fixed

  • OPENDNSSEC-889: MySQL migration script didn’t work for all database and MySQL versions.
  • OPENDNSSEC-887: Segfault on extraneous tag.
  • OPENDNSSEC-880: Command line parsing for import key command failed.
  • OPENDNSSEC-890: Bogus signatures upon wrong zone input when TTLs for same rrset are mismatching.

Download