Welcome to OpenDNSSEC

The OpenDNSSEC project announces the development of Open Source software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

The latest news about OpenDNSSEC can be found below!

SoftHSM 2.2.0

Version 2.2.0 of SoftHSM has been released.


  • Issue #143: Delete a token using softhsm2-util.
  • Issue #185: Change access mode bits for /var/lib/softhsm/tokens/ to 1777. All users can now create tokens, but only access their own. (Patch from Rick van Rein)
  • Issue #186: Reinitializing a token will now keep the token, but all token objects are deleted, the user PIN is removed and the token label is updated.
  • Issue #190: Support for OpenSSL 1.1.0.
  • Issue #198: Calling C_GetSlotList with NULL_PTR will make sure that there is always a slot with an uninitialized token available.
  • Issue #199: The token serial number will be used when setting the slot number. The serial number is set after the token has been initialized. (Patch from Lars Silvén)
  • Issue #203: Update the command utils to use the token label or serial to find the token and its slot number.
  • Issue #209: Possibility to test other PKCS#11 implementations with the CppUnit test. (Patch from Lars Silvén)
  • Issue #223: Mark public key as non private by default. (Patch from Nikos Mavrogiannopoulos)
  • Issue #230: Install p11-kit module, to disable use –disable-p11-kit. (Patch from David Woodhouse)
  • Issue #237: Add windows continuous integration build. (Patch from Peter Polačko)


  • Issue #201: Missing new source file and test configuration in the Windows build project.
  • Issue #205: ECDSA P-521 support for OpenSSL and better test coverage.
  • Issue #207: Fix segmentation faults in loadLibrary function. (Patch from Jaroslav Imrich)
  • Issue #215: Update the Homebrew install notes for OSX.
  • Issue #218: Fix build warnings.
  • Issue #235: Add the libtool install command for OSX. (Patch from Mark Wylde)
  • Issue #236: Use GetEnvironmentVariable instead of getenv on Windows. (Patch from Jaroslav Imrich)
  • Issue #239: Crash on module unload with OpenSSL. (Patch from David Woodhouse)
  • Issue #241: Added EXTRALIBS to Windows utils project. (Patch from Peter Polačko)
  • Issue #250: C++11 not detected.
  • Issue #255: API changes in Botan 1.11.27.
  • Issue #260: Fix include guard to check WITH_FIPS. (Patch from Matt Hauck)
  • Issue #268: p11test fails on 32-bit systems.
  • Issue #270: Build warning about “converting a string constant”.
  • Issue #272: Fix C++11 check to look for unique_ptr. (Patch from Matt Hauck)


SoftHSM 1.3.8

Version 1.3.8 of SoftHSM has been released.


  • SOFTHSM-101: softhsm-keyconv creates files with sensitive material in insecure way. Also applies to softhsm-util when using –export or –optimize.
  • SOFTHSM-104: Inconsistencies between v1 and v2.
  • Issue #17: Use the MutexFactory wrapper functions correctly.


OpenDNSSEC 1.4.12

Version 1.4.12 of OpenDNSSEC has been released on 2016-10-17.


Hereby we announce the OpenDNSSEC 1.4.12 release. This is a bug fix release targeting a memory leak in the signer when being used in the “bump in the wire” model where the signer would send out notify messages and respond to IXFR requests for the signed zone. This typically would manifest itself with very frequent outgoing IXFRs over a longer period of time.
When upgrading from 1.4.10 (the 1.4.11 release was skipped) no migration steps are needed. For upgrading from earlier releases see the migration steps in the individual releases, most notably in This version of OpenDNSSEC does however require a slightly less older minimal version of the library ldns.


  • OPENDNSSEC-808: Crash on query with empty query section (thanks HÃ¥vard Eidnes).
  • SUPPORT-191: Regression, Must accept notify without SOA (thanks Christos Trochalakis).
  • OPENDNSSEC-845: memory leak occuring when responding to IXFR out when having had multiple updates.
  • OPENDNSSEC-805: Avoid full resign due to mismatch in backup file when upgrading from 1.4.8 or later.
  • OPENDNSSEC-828: parsing zone list could show data from next zone when zones iterated on single line.
  • OPENDNSSEC-811,OPENDNSSEC-827,e.o.: compiler warnings and other static code analysis cleanup
  • OPENDNSSEC-847: Broken DNS IN notifications when pkt answer section is empty.
  • OPENDNSSEC-838: Crash in signer after having removed a zone.
  • Update dependency to ldns to version 1.6.17 enabling the DNS HIP record.
  • Prevent responding to queries when not fully started yet.