Welcome to OpenDNSSEC

The OpenDNSSEC project announces the development of Open Source software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

The latest news about OpenDNSSEC can be found below!

OpenDNSSEC 1.4.13

Version 1.4.13 of OpenDNSSEC has been released on 2017-01-20.

News

Hereby we announce the OpenDNSSEC 1.4.13 release. It includes a small number of bug fixes and no migration steps are needed. Some minor code adjustments where made to make linking to OpenSSL 1.1.0 possible.

This release is signed by our new (Jan 11th) PGP key.

Fixes

  • OPENDNSSEC-778: Double NSEC3PARAM record after resalt.
  • OPENDNSSEC-853: Fixed serial_xfr_acquired not updated in state file.
  • Wrong error was sometimes being print on failing TCP connect.
  • Add support for OpenSSL 1.1.0.
  • OPENDNSSEC-866: Script for migration between MySQL and SQLite was outdated.

Download

OpenDNSSEC 2.0.4

Version 2.0.4 of OpenDNSSEC has been released on 2017-01-13.

News

As of now OpenDNSSEC 2.0.4 is released. This version is a minimal change over 2.0.3, fixing a reported crash of the Enforcer daemon. No additional migration steps are required. In the near future, we aim at the end of January, we are planning to release the next feature version which will be 2.1.

This release is signed by our new (Jan 11th) PGP key.

Fixes

  • Fix Enforcer crash that could occur in some cases while evaluating relationships between keys.
  • Support compiling with OpenSSL 1.1.

Download

SoftHSM 2.2.0

Version 2.2.0 of SoftHSM has been released.

Updates:

  • Issue #143: Delete a token using softhsm2-util.
  • Issue #185: Change access mode bits for /var/lib/softhsm/tokens/ to 1777. All users can now create tokens, but only access their own. (Patch from Rick van Rein)
  • Issue #186: Reinitializing a token will now keep the token, but all token objects are deleted, the user PIN is removed and the token label is updated.
  • Issue #190: Support for OpenSSL 1.1.0.
  • Issue #198: Calling C_GetSlotList with NULL_PTR will make sure that there is always a slot with an uninitialized token available.
  • Issue #199: The token serial number will be used when setting the slot number. The serial number is set after the token has been initialized. (Patch from Lars Silvén)
  • Issue #203: Update the command utils to use the token label or serial to find the token and its slot number.
  • Issue #209: Possibility to test other PKCS#11 implementations with the CppUnit test. (Patch from Lars Silvén)
  • Issue #223: Mark public key as non private by default. (Patch from Nikos Mavrogiannopoulos)
  • Issue #230: Install p11-kit module, to disable use –disable-p11-kit. (Patch from David Woodhouse)
  • Issue #237: Add windows continuous integration build. (Patch from Peter Polačko)

Bugfixes:

  • Issue #201: Missing new source file and test configuration in the Windows build project.
  • Issue #205: ECDSA P-521 support for OpenSSL and better test coverage.
  • Issue #207: Fix segmentation faults in loadLibrary function. (Patch from Jaroslav Imrich)
  • Issue #215: Update the Homebrew install notes for OSX.
  • Issue #218: Fix build warnings.
  • Issue #235: Add the libtool install command for OSX. (Patch from Mark Wylde)
  • Issue #236: Use GetEnvironmentVariable instead of getenv on Windows. (Patch from Jaroslav Imrich)
  • Issue #239: Crash on module unload with OpenSSL. (Patch from David Woodhouse)
  • Issue #241: Added EXTRALIBS to Windows utils project. (Patch from Peter Polačko)
  • Issue #250: C++11 not detected.
  • Issue #255: API changes in Botan 1.11.27.
  • Issue #260: Fix include guard to check WITH_FIPS. (Patch from Matt Hauck)
  • Issue #268: p11test fails on 32-bit systems.
  • Issue #270: Build warning about “converting a string constant”.
  • Issue #272: Fix C++11 check to look for unique_ptr. (Patch from Matt Hauck)

Download: