OpenDNSSEC 1.4.0b1

Version 1.4.0b1 of OpenDNSSEC has now been released. This version is recommended for testing only, not for use in production environments.


  • OPENDNSSEC-130: libhsm: The PIN is now optional in conf.xml. The PIN can be entered using “ods-hsmutil login” and is stored in shared memory. The daemons will not start until this has been donr by the user.
  • OPENDNSSEC-297: Enforcer: Multi-threaded option available for the enforcer to improve performance (MySQL only).
  • OPENDNSSEC-320: Signer Engine: The <ProvideTransfer>, <Notify>, <AllowNotify> and <RequestTransfer> elements are now optional, but if provided they require one or more <Peer> or <Remote> elements.


  • OPENDNSSEC-255: Signer Engine: OpenDNSSEC 1.4.0a1 writes out mangled RRSIG record.
  • OPENDNSSEC-261: Signer Engine: Ldns fails to parse RR that seems syntactically correct.
  • OPENDNSSEC-269: Signer Engine: Crash when multiple threads access ixfr struct.
  • OPENDNSSEC-281: Commandhandler sometimes unresponsive.
  • OPENDNSSEC-318: Signer Engine: Don’t stop dns and xfr handlers if these threads have not yet been started.
  • OPENDNSSEC-319: Signer Engine: Fix TSIG segfault on signer shutdown.
  • OPENDNSSEC-325: Signer Engine: Don’t include RRSIG records when DO bit is not set.
  • OPENDNSSEC-326: Signer Engine: Stop serving a zone that could not be transferred from master and has been expired.



Download the tarball from: opendnssec-1.4.0b1.tar.gz


Comments are closed.