OpenDNSSEC 1.4.2

Version 1.4.2 of OpenDNSSEC has now been released:


  • OPENDNSSEC-428: ods-ksmutil: Add option for ‘ods-ksmutil key generate’ to take number of zones as a parameter


  • SUPPORT-66: Signer Engine: Fix file descriptor leak in case of TCP write error [OPENDNSSEC-427].
  • SUPPORT-71: Signer Engine: Fix double free crash in case of HSM connection error during signing [OPENDNSSEC-444].
  • OPENDNSSEC-401: ‘ods-signer sign <zone> –serial <nr>’ command produces seg fault when run directly on command line (i.e. not via interactive mode)
  • OPENDNSSEC-440: ‘ods-ksmutil key generate’ and the enforcer can create too many keys if there are keys already available and the KSK and ZSK use same algorithm and length
  • OPENDNSSEC-424: Signer Engine: Respond to SOA queries from file instead of memory. Makes response non-blocking.
  • OPENDNSSEC-425 Change “hsmutil list” output so that the table header goes to stdout not stderr
  • OPENDNSSEC-438: ‘ods-ksmutil key generate’ and the enforcer can create too many keys for <SharedKeys/> policies when KSK and ZSK use same algorithm and length
  • OPENDNSSEC-443: ods-ksmutil: Clean up of hsm connection handling
  • Signer Engine: Improved Inbound XFR checking.
  • Signer Engine: Fix double free corruption in case of adding zone with DNS Outbound Adapters and NotifyCommand enabled.





Comments are closed.