OpenDNSSEC 1.3.1

Version 1.3.1 of OpenDNSSEC has now been released.


  • Auditor: Fix ‘ZSK in use too long’ message to handle new signer behaviour.
  • Bugfix #255: RHEL6 patch to contrib/opendnssec.spec. (Rick van Rein)
  • Bugfix #256: Make sure argument in “ods-control signer” is not stripped off.
  • Bugfix #259: ods-ksmutil: Prevent MySQL username or password being interpreted by the shell when running “ods-ksmutil setup”.
  • Bugfix #260: “ods-ksmutil zone list” now handles empty zonelists.
  • Enforcer: Unsigned comparison resulting in wrong error message.
  • ods-ksmutil: fixed issue where first ds-seen command run on a zone would work, but return an error code and not send a HUP to the enforcerd.
  • Signer Engine: A threading issue occasionally puts the default validity on NSEC(3) RRs and the denial validity on other RRs.
  • Signer Engine: An update command could interrupt the signing process and the zone would get missing signatures.
  • Signer Engine: Fix an issue where some systems could not copy the zone file.
  • Zonefetcher: Check inbound serial in transferred file, to prevent redundant zone transfers.

Download the tarball from: opendnssec-1.3.1.tar.gz

Comments are closed.