OpenDNSSEC 1.4.0a1

Version 1.4.0a1 of OpenDNSSEC has now been released.

  • Auditor: The Auditor has been removed.
  • Enforcer: Key label logging upon deletion (#192 Sebastian Castro)
  • Enforcer: Stop multiple instances of the Enforcer running by checking for the pidfile at startup. If you want to run multiple instances then a different pidfile will need to be specified with the -P flag.
  • Enforcer/ods-ksmutil: Use TTLs from KASP when generating DNSKEY and DS records for output.
  • Enforcer/ods-ksmutil: Give a more descriptive error message if the tag in conf.xml does not match the database-backend set at compile time.
  • ods-ksmutil: Add warnings on “key export –ds” if no active or ready keys were seen, or if both were seen (so a key rollover is happening).
  • ods-ksmutil: Prevent MySQL username or password being interpreted by the shell when running “ods-ksmutil setup”
  • ods-ksmutil: “zone delete” renames the signconf file; so that if the zone is put back the signer will not pick up the old file.
  • ods-ksmutil: “key delete” added. It allows keys that are not currently in use to be deleted from the database and HSM.
  • OPENDNSSEC-1: Enforcer: Check DelegationSignerSubmitCommand exists and can be executed by ods-enforcerd.
  • OPENDNSSEC-10: ods-ksmutil: Include key size and algorithm in “key list” with -v flag.
  • OPENDNSSEC-28: ods-ksmutil: “key list” shows next state with -v flag.
  • OPENDNSSEC-35: ods-ksmutil: “rollover list -v” now includes more information on the KSKs waiting for the ds-seen command.
  • OPENDNSSEC-83: ods-ksmutil: “key generate” now displays how many keys will be generated and presents the user with the opportunity to stop the operation.
  • OPENDNSSEC-124: ods-ksmutil: Suppress database connection information when no -v flag is given.
  • Signer Engine: Input and Output DNS Adapters.
  • Signer Engine: Zonefetcher has been removed.

Known issues:

  • Signer Engine: The backup files do not work correctly in this alpha release.

Bugfixes:

  • Bugfix #246: Less confusing text for XML validation in ods-kaspcheck.
  • ods-ksmutil: “update kasp” now reflects changes in policy descriptions.
  • ods-ksmutil: Policy descriptions now have special characters quoted.
  • ods-ksmutil: Fix typo in policy export with NSEC3.

The documentation for the new DNS adapters can be found here:
DOCSTRUNK/conf.xml
DOCSTRUNK/zonelist.xml
DOCSTRUNK/addns.xml

Download the tarball from: opendnssec-1.4.0a1.tar.gz

Comments are closed.