OpenDNSSEC 1.4.1

Version 1.4.1 of OpenDNSSEC has now been released:


  • SUPPORT-58: Extend ods-signer sign <zone> with –serial <nr> so that the user can specify the SOA serial to use in the signed zone [OPENDNSSEC-401].
  • OPENDNSSEC-91: Make the keytype flag required when rolling keys


  • SUPPORT-60: Fix datecounter in case inbound serial is higher than outbound serial [OPENDNSSEC-420].
  • OPENDNSSEC-247: Signer Engine: TTL on NSEC3 was not updated on SOA Minimum change.
  • OPENDNSSEC-421: Signer Engine: Fix assertion error in case NSEC3 hash algorithm in signconf is not SHA1.
  • OPENDNSSEC-421: ods-kaspcheck: Check whether NSEC3 hash algorithm in kasp is valid.
  • Bugfix: The time when inbound serial is acquired was reset invalidly, could cause OpenDNSSEC wanting AXFR responses while requesting IXFR (thanks Stuart Lau).
  • Bugfix: Fix malform in Outbound IXFR/TCP subsequent packet (thanks Stuart Lau).
  • OPENDNSSEC-398: The ods-ksmutil key rollover command does not work correctly when rolling all keys using the –policy option




Comments are closed.