OpenDNSSEC 1.0a2

It has now been two weeks since the first release. We want to thank you all for discovering a number of bugs which has now been fixed in this release. We have also added some minor features.

Please go to and get the latest version.


  • conf.xml format changed
  • Read the default path to kasp.xml from conf.xml
  • libksm integrated into enforcer (and no longer installed)
  • Dropping privileges as specified
  • Option to specify that a key from a specific repository should not be used if it has not been backed up
  • Hsmutil backup done, to signal that the keys are backed up
  • KASP Auditor should now function properly
  • A quick start script is available
  • XSLT to translate KASP into readable text (HTML)
  • Changes to the KASP DB, please apply:
    If want to use your old DB:
    sqlite3 < enforcer/utils/migrate_090812_1.sqlite3
    sqlite3 < enforcer/utils/migrate_090813_1.sqlite3
    Or start fresh (with loss of information):
    ksmutil setup


  • Signer Engine can now read standard bind format correctly
  • Make install creates an incorrectly named directory
  • ksmutil addzone defaults to wrong path
  • SoftHSM links libsofthsm to build directory
  • libksm install problem when builddir == srcdir
  • Missing include of header file in SoftHSM
  • Text about a problem with Botan on some systems.

Comments are closed.