OpenDNSSEC 1.2.0rc1

Version 1.2.0rc1 of OpenDNSSEC has now been released.

  • New commandline option for the signer: ods-signer running.
  • Allow connection to different MySQL ports in the Enforcer.
  • Tone down and explain warning when converting M or Y to seconds
  • ldns 1.6.7 is required for bugfixes
  • dnsruby 1.51 is required for bugfixes

There is a kasp schema change from the 1.1 branch (or trunk if you built prior to r3823). To make this transition you have 2 options:

  1. Run ods-ksmutil setup again. This will remove _all_ the current information from the kasp database and start you off again with a fresh environment. If that is not an option, or you want to try something else then:
  2. Run one of the migration scripts:
    depending on your database.

NOTE: Although these scripts have been tested it is recommended to make a backup of your database prior to running them.


  • Bugreport #187: ods-control signer start will return non-zero if start up failed (uses ods-signer running).
  • Narrow glue at the zone cut is allowed, do not consider it as occluded.
  • Move zone fetcher output to correct input adapter file.
  • Enforcer shared keys on zones with ShareKeys disabled.
  • Make names of key states consistent.
  • Signer Engine file descriptor leak fix on engine.sock.
  • Set explicit “unlimited” repository capacity to prevent random integer being read. Requires “ods-ksmutil update conf” to be run if using an existing database.
  • Fix issue with key generation creating too many keys Ticket #194.
  • Bugreport #189: Auditor did not handle white-space-seperated substrings for base64 text
  • Bugreport #190: Auditor (and signer) does not handle case correctly
  • Signer now silence stdout-output from the notify command

Download the tarball from: opendnssec-1.2.0rc1.tar.gz

Comments are closed.