Welcome to OpenDNSSEC
The OpenDNSSEC project announces the development of Open Source software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
- More information about OpenDNSSEC
- List of authors
- OpenDNSSEC features
- OpenDNSSEC Initial Deployment Guide
- Where to download OpenDNSSEC
- Where to get support
The latest news about OpenDNSSEC can be found below!
Algorithm Rollover in OpenDNSSEC 1.3
Changing signature algorithms in DNSSEC is a different process than normal key rollovers. OpenDNSSEC currently does not support performing rolls to another algorithm. The only safe way to do it would be to retract your DS record and go insecure for a short while. However, we now worked out a way to do an algorithm rollover with OpenDNSSEC 1.3 while keeping the zone properly signed and without the need to take the signer daemon offline. Service downtime should not be needed.
Version 220.127.116.11 of OpenDNSSEC has now been released.
- Support for RFC5011 style KSK rollovers. KSK section in the KASP now accepts element.
- Enforcer: New repository option allows to generate keys with CKA_EXTRACTABLE attribute set to TRUE so keys can be wrapped and extracted from HSM.
- SUPPORT-145: EOF handling an ARM architecture caused signer to hang.
- Fixed signer hitting assertion on short reply XFR handler.
- Include revoke bit in keytag calculation.
- Increased stacksize on some systems (thanks Patrik Lundin!).
- Stop ods-signerd on SIGINT.
- By error 1.4.8 did not include database migration scripts for upgrading existing installations. 18.104.22.168 resolves this issue.
- Checksum SHA256: 7fd553ee39173e807477ed1daff6ee2f8b1c83875cd2e52a1df3315bf0015513
Version 2.0.0 of SoftHSM has been released. More updates and bug fixes can be found in the alpha and beta release notes.
- SOFTHSM-121: Test cases for C_DecryptUpdate/C_DecryptFinal.
- Support C_DecryptUpdate/C_DecryptFinal for symmetric algorithms. (Patch from Thomas Calderon
- SOFTHSM-120: Segfault after renaming variables.
- Checksum sha1: 14f387cff26039ba0e49d413ea6e3fee3e08276a
- Checksum sha256: eae8065f6c472af24f4c056d6728edda0fd34306f41a818697f765a6a662338d
- GitHub tag: 2.0.0