OpenDNSSEC 1.4.12

Version 1.4.12 of OpenDNSSEC has been released on 2016-10-17.


Hereby we announce the OpenDNSSEC 1.4.12 release. This is a bug fix release targeting a memory leak in the signer when being used in the “bump in the wire” model where the signer would send out notify messages and respond to IXFR requests for the signed zone. This typically would manifest itself with very frequent outgoing IXFRs over a longer period of time.
When upgrading from 1.4.10 (the 1.4.11 release was skipped) no migration steps are needed. For upgrading from earlier releases see the migration steps in the individual releases, most notably in This version of OpenDNSSEC does however require a slightly less older minimal version of the library ldns.


  • OPENDNSSEC-808: Crash on query with empty query section (thanks HÃ¥vard Eidnes).
  • SUPPORT-191: Regression, Must accept notify without SOA (thanks Christos Trochalakis).
  • OPENDNSSEC-845: memory leak occuring when responding to IXFR out when having had multiple updates.
  • OPENDNSSEC-805: Avoid full resign due to mismatch in backup file when upgrading from 1.4.8 or later.
  • OPENDNSSEC-828: parsing zone list could show data from next zone when zones iterated on single line.
  • OPENDNSSEC-811,OPENDNSSEC-827,e.o.: compiler warnings and other static code analysis cleanup
  • OPENDNSSEC-847: Broken DNS IN notifications when pkt answer section is empty.
  • OPENDNSSEC-838: Crash in signer after having removed a zone.
  • Update dependency to ldns to version 1.6.17 enabling the DNS HIP record.
  • Prevent responding to queries when not fully started yet.


Comments are closed.