OpenDNSSEC 1.4.0a1
Version 1.4.0a1 of OpenDNSSEC has now been released.
- Auditor: The Auditor has been removed.
- Enforcer: Key label logging upon deletion (#192 Sebastian Castro)
- Enforcer: Stop multiple instances of the Enforcer running by checking for the pidfile at startup. If you want to run multiple instances then a different pidfile will need to be specified with the -P flag.
- Enforcer/ods-ksmutil: Use TTLs from KASP when generating DNSKEY and DS records for output.
- Enforcer/ods-ksmutil: Give a more descriptive error message if the tag in conf.xml does not match the database-backend set at compile time.
- ods-ksmutil: Add warnings on “key export –ds” if no active or ready keys were seen, or if both were seen (so a key rollover is happening).
- ods-ksmutil: Prevent MySQL username or password being interpreted by the shell when running “ods-ksmutil setup”
- ods-ksmutil: “zone delete” renames the signconf file; so that if the zone is put back the signer will not pick up the old file.
- ods-ksmutil: “key delete” added. It allows keys that are not currently in use to be deleted from the database and HSM.
- OPENDNSSEC-1: Enforcer: Check DelegationSignerSubmitCommand exists and can be executed by ods-enforcerd.
- OPENDNSSEC-10: ods-ksmutil: Include key size and algorithm in “key list” with -v flag.
- OPENDNSSEC-28: ods-ksmutil: “key list” shows next state with -v flag.
- OPENDNSSEC-35: ods-ksmutil: “rollover list -v” now includes more information on the KSKs waiting for the ds-seen command.
- OPENDNSSEC-83: ods-ksmutil: “key generate” now displays how many keys will be generated and presents the user with the opportunity to stop the operation.
- OPENDNSSEC-124: ods-ksmutil: Suppress database connection information when no -v flag is given.
- Signer Engine: Input and Output DNS Adapters.
- Signer Engine: Zonefetcher has been removed.
Known issues:
- Signer Engine: The backup files do not work correctly in this alpha release.
Bugfixes:
- Bugfix #246: Less confusing text for XML validation in ods-kaspcheck.
- ods-ksmutil: “update kasp” now reflects changes in policy descriptions.
- ods-ksmutil: Policy descriptions now have special characters quoted.
- ods-ksmutil: Fix typo in policy export with NSEC3.
The documentation for the new DNS adapters can be found here:
DOCSTRUNK/conf.xml
DOCSTRUNK/zonelist.xml
DOCSTRUNK/addns.xml
Download the tarball from: opendnssec-1.4.0a1.tar.gz
This entry was posted on Friday, March 16th, 2012 at 09:36 and is filed under Releases. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.
Comments are closed.