«
»

OpenDNSSEC 1.3.0

Version 1.3.0 of OpenDNSSEC has now been released.

Changes between 1.3.0 and 1.3.0rc3

  • Include simple-dnskey-mailer-plugin in dist.
  • Enforcer: Change message about KSK retirement to make it less confusing.

Bugfixes:

  • ods-control: If the Enforcer did not close down, you entered an infinite loop.
  • Signer Engine: Fix log message typos.
  • Signer Engine: Fix crash where ods-signer update
  • Signer Engine: Also replace DNSKEYs if <DNSKEY><TTL> has changed in policy.
  • Zonefetcher: Sometimes invalid ‘Address already in use’ occurred.
  • Bugfix #247: Fixes bug introduced by bugfix #242.

Download the tarball from: opendnssec-1.3.0.tar.gz

 

Summery of changes between 1.3.0 and 1.2 branch

  • Support for signing the root. Use the zone name “.”
  • <SkipPublicKey/> is enabled for SoftHSM in the default configuration. It improves the performance by only using the private key objects.
  • Document the <RolloverNotification> tag in conf.xml.
  • Match the names of the signer pidfile and enforcer pidfile.
  • Include check for resign < resalt in ods-kaspcheck.
  • Do not distribute trang.
  • Include simple-dnskey-mailer-plugin in dist.
  • Enforcer: Stop import of policy if it is not consistent.
  • ods-signer: The queue command will now also show what tasks the workers are working on.
  • Signer Engine: Just warn if occluded zone data was found, don’t stop signing process.
  • Signer Engine: Simpler serial maintenance, reduces the number of conflicts. Less chance to hit a ‘cannot update: serial too small’ error message.
  • Signer Engine: Simpler NSEC(3) maintenance.
  • Signer Engine: Temperate the number of backup files.
  • Signer Engine: Set number of <SignerThreads> in conf.xml to get peak performance from HSMs that can handle multiple threads.

Bugfixes:

  • Bugreport #139: ods-auditor fails on root zone.
  • Bugreport #198: Zone updates ignored?
  • Bugreport #231: Fix MySQL version check.
  • Replace tab with white-space when writing to syslog.
  • Fix test for java executable and others.
  • Enforcer: ‘make check’ now works.
  • Enforcer: Fixed some memory leaks in the tests.
  • ods-ksmutil: Update now sends a HUP to the enforcerd.
  • Signer Engine: Do not block update command while signing.
  • Signer Engine: The default working directory was not specified.
  • Signer Engine: Also replace DNSKEYs if <DNSKEY><TTL> has changed in policy.

This entry was posted on Tuesday, July 12th, 2011 at 13:16 and is filed under Releases. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.

Comments are closed.