OpenDNSSEC 1.2.0rc3

Version 1.2.0rc3 of OpenDNSSEC has now been released.

  • Moved migration instructions to the file MIGRATION


  • Bugreport #199: The previous DB schema change made the zone removal broken.
  • Enforcer: When retiring old KSK, use TTL(ds) and not TTL(ksk).
  • Enforcer: Minimize the set of DS RRs sent to DelegationSignerSubmitCommand.
  • Enforcer: Replace tab with a space character in the DNSKEY printed to syslog.
  • Enforcer: Fixed pontential format string bug.
  • ods-ksmutil: Log to syslog when ds-seen changes a key to active/standby.
  • Signer Engine: Don’t be smart with RRSIG TTLs, the hsm will set them for you.
  • Signer Engine: Set notify command for zone when receiving ods-signer update.
  • Signer Engine: Update TTL of NSEC(3) records if SOA Minimum has changed in KASP.
  • Signer Engine: Now logs to the correct facility.
  • Signer Engine: Also remove NSEC records when detecting changes in signconf <Denial>
  • Signer Engine: Dropped privileges before starting Zonefetcher.

Known bug:

  • This release does not build on Solaris, but will be fixed.

Download the tarball from: opendnssec-1.2.0rc3.tar.gz

Comments are closed.