OpenDNSSEC 1.4.0a3

Version 1.4.0a3 of OpenDNSSEC has now been released. This version is recommended for testing only, not for use in production environments.


  • OPENDNSSEC-258: Optionally include cka_id in output to DelegationSignerSubmitCommand.


  • SUPPORT-27: ods-ksmutil: simplify zone delete so that it only marks keys as dead (rather than actually removing them). Leave the key removal to purge jobs.
  • SUPPORT-29: Signer Engine: Fix ods-signer clear <zone> command exits prematurely [OPENDNSSEC-289].
  • SUPPORT-30: Signer Engine: RRSIGs are left in the signed zone when authoritative RRsets become glue [OPENDNSSEC-282].
  • OPENDNSSEC-278: ods-ksmutil processes waiting forever to get DB lock
  • OPENDNSSEC-290: Signer Engine: Fix false conflict when changing CNAME into other RRtype.
  • OPENDNSSEC-298: Enforcer: Only unlink existing pidfile on exit if we wrote it.
  • OPENDNSSEC-304: Signer Engine: Check pidfile on startup, if pidfile exists and corresponding process is running, then complain and exit.
  • OPENDNSSEC-306: Can’t delete zone until Enforcer made signconf.
  • Fix assertion error when printing signed zone with empty non-terminals and NSEC.
  • Make setting QUERY ID in XFR requests more random.

The documentation for the new DNS adapters can be found here:

Download the tarball from: opendnssec-1.4.0a3.tar.gz



Comments are closed.