OpenDNSSEC 1.2.1

Version 1.2.1 of OpenDNSSEC has now been released.

  • ldns 1.6.9 is required for bugfixes.
  • dnsruby-1.52 required for bugfixes.


  • Auditor: ‘make check’ now works when srcdir != builddir.
  • Auditor: Include the ‘make check’ files in the tarball.
  • Enforcer: Fix the migration script for SQLite.
  • Enforcer: Increase size of keypairs(id) field in MySQL to allow more than 32767 keys; see MIGRATION for details.
  • Enforcer: Minor change to NOT_READY_KEY error message.
  • libhsm: Increase the maximum number of attached HSM:s from 10 to 100.
  • ods-ksmutil: Send trivial MySQL messages to stdout when exporting zonelist etc. Otherwise the resulting XML needs to be edited by hand.
  • ods-control: Fix for Bourne shell.
  • Signer Engine: Prevent race condition when setting up the workers and the command handler.
  • Signer Engine: Check if the signature exists before recycling it.
  • Signer Engine: Quit when there are errors in the configuration.
  • Signer Engine: Enable core dump on failure.
  • Signer Engine: Explicitly close down log msg with null.
  • Signer Engine: Backup state after writing output.
  • Signer Engine: Allow update of serial if internal structure is not initialized.
  • Signer Engine: NSEC chain could become broken if the predecessor domain of a deleted domain was a glue domain.

Download the tarball from: opendnssec-1.2.1.tar.gz

Comments are closed.