OpenDNSSEC 1.3.14

Version 1.3.14 of OpenDNSSEC has now been released:


  • OPENDNSSEC-367: ods-ksmutil: Require user confirmation if the algorithm for  a key is changed in a policy (as this rollover is not handled cleanly)
  • OPENDNSSEC-91: Make the keytype flag required when rolling keys
  • OPENDNSSEC-403: Signer Engine: new command ‘ods-signer locks’ that shows  locking information (for debugging purposes).


  • OPENDNSSEC-247: Signer Engine: TTL on NSEC3 was not updated on SOA  Minimum change.
  • OPENDNSSEC-396: Use TTLs from kasp when generating DNSKEY and DS records for  output.
  • OPENDNSSEC-398: The ods-ksmutil key rollover command does not work correctly  when rolling all keys using the –policy option
  • SUPPORT-40: Signer Engine: Keep occluded data in signed zone files/transfers.




Comments are closed.