OpenDNSSEC 2.1.6

Version 2.1.6 of OpenDNSSEC has been released on 2020-02-10.


This release of 2.1.6 fixes some issues regarding the key list wrongfully displayed (a regression bug in 2.1.5) as well as a small leak in the enforcer (which can add up when you bang the enforcer with a lot of commands). And as well as a serious signing error when using Combined Signing Keys (CSKs), this is only relevant if you combine KSK and ZSK in one. Especially users of CSKs need this fix now. Another nice fix is a reconnect to a MySQL/MariaDB database you you don’t have to tweak database parameters

The 2.1.6 release is available immediately from the download site.


  • OPENDNSSEC-913: verify database connection upon every use.
  • OPENDNSSEC-944: bad display of date of next transition (regression)
  • SUPPORT-250: missing signatures on using combined keys (CSK)
  • OPENDNSSEC-945: memory leak per command to enforcer.
  • OPENDNSSEC-946: unclean enforcer exit in case of certain config problems.
  • OPENDNSSEC-411: set-policy command to change policy of zone (experimental). Requires explicit enforce command to take effect.


Comments are closed.