OpenDNSSEC 1.3.5

Version 1.3.5 of OpenDNSSEC has now been released.

  • Auditor: Include the zone name in the log messages.
  • ldns 1.6.12 is required for bugfixes.
  • ods-ksmutil: Suppress database connection information when no -v flag is given.
  • ods-enforcerd: Stop multiple instances of the enforcer running by checking for the pidfile at startup. If you want to run multiple instances then a different pidfile will need to be specified with the -P flag.
  • ods-ksmutil: “zone delete” renames the signconf file; so that if the zone is put back the signer will not pick up the old file.
  • Signer Engine: Verbosity can now be set via conf.xml, default is 3.


  • Bugfix OPENDNSSEC-174: Configure the location for conf.xml with –config or -c when starting the signer.
  • Bugfix OPENDNSSEC-192: Signer crashed on deleting NSEC3 for a domain that becomes opt-out.
  • Bugfix OPENDNSSEC-193: Auditor crashed with certain empty non-terminals.
  • Signer Engine: A file descriptor for sockets with value zero is allowed.
  • Signer Engine: Only log messages about a full signing queue in debug mode.
  • Signer Engine: Fix time issues, make sure that the internal serial does not wander off after a failed audit.
  • Signer Engine: Upgrade ldns to avoid future problems on 32-bit platforms with extra long signature expiration dates. More information in separate announcement.

Download the tarball from: opendnssec-1.3.5.tar.gz

Comments are closed.