OpenDNSSEC 2.1.4

Version 2.1.4 of OpenDNSSEC has been released on 2019-05-16.


The 2.1 release has been quite stable with a few corner case problems. However there is now a need for a release to fix an issue with zone signing that can potentially lead to missing signatures so definitely warrants a release.

The 2.1.4 release is available immediately from the download site, we urge you to upgrade. Also for installations still on the 1.4 release should consider upgrading as a number of incidents reported against 1.4 have not occurred on 2.1 installations due to better stability.

To make sure this release is picked out we will not include a fix that was to the issue for a double KSK roll. This fix is available on our develop branch, but includes more changes, and this fix needs to go out on its own.


  • OPENDNSSEC-904: autoconfigure fails to properly identify functions in ssl library on some distributions. This caused the “tsig unknown algorithm hmac-sha256″ error.
  • OPENDNSSEC-894: repair configuration script to allow excluding the build of the enforcer.
  • SUPPORT-229: Missing signatures for key new while signatures for old key still present under certain kasp policies, leading to bogus zones. Root cause for bug existed but made prominent since 2.1.3 release.
  • OPENDNSSEC-943: support build on MacOS with missing pthread barriers
  • SUPPORT-229: fixed for too early retivement of signatures upon double rrsig key roll signing strategy.
  • Strip build directory from doxygen docs, remove bashisms from
  • The ods-signer and ods-signerd man page should be in section 8 not 22. Note that this might mean that package managers should remove the older man pages from the old location.


Comments are closed.