OpenDNSSEC 2.1.3
Version 2.1.3 of OpenDNSSEC has been released on 2017-08-10.
News
As of today version 2.1.3 of OpenDNSSEC has been released. No special migration steps are required when upgrading from a previous 2.x.x release. It includes fixes to the build system, some regressions w.r.t. OpenDNSSEC 1.4 and a signing bug.
Build fixes
- OPENDNSSEC-904: autoconfigure fails to properly identify functions in ssl library on some distributions. This caused the “tsig unknown algorithm hmac-sha256″ error.
- OPENDNSSEC-894: repair configuration script to allow excluding the build of the enforcer.
Regressions
- OPENDNSSEC-508: Tag RolloverNotification was not functioning correctly
- OPENDNSSEC-901: Enforcer would ignore ManualKeyGeneration tag in conf.xml
- OPENDNSSEC-906: Tag AllowExtraction tag included from late 1.4 development
Bugs Fixed
- OPENDNSSEC-886: Improper time calculation on 32 bits machine causes purge of keys not being scheduled. The purge would happen but some time later than expected.
- OPENDNSSEC-890: Mismatching TTLs in record sets would cause bogus signatures.
- OPENDNSSEC-908: Warn when TTL of resource record exceeds KASP’s MaxZoneTTL. Formerly the signer would cap such TTLs to prevent situations where those records could get bogus during ZSK rollover. However it has been realized that this can potentially lead to failing IXFRs. We intend to bring back this feature in the near future when our internal data representation allows this.
Download
- https://dist.opendnssec.org/source/opendnssec-2.1.3.tar.gz
- https://dist.opendnssec.org/source/opendnssec-2.1.3.tar.gz.sig
- Checksum SHA256: 3de2a03edc9e2b8c366bf0ab541004f984777d4813057cbba7a78045d8cbfe7e
This entry was posted on Thursday, August 10th, 2017 at 14:44 and is filed under Releases. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.
Comments are closed.