Version 2.1.7 of OpenDNSSEC has been released on 2020-10-05.

News

This release of 2.1.7 fixes a bug in the migration script to migrate from 1.4 to 2.1. Additionally a bug in creating unnecessary signatures during a ZSK roll was fixed. We also had some contributions regarding edward curves and exporting keys by CKA identifier and other corrections and improvements, see the full list below.

The 2.1.7 release is available immediately from the download site.

Issues

• OPENDNSSEC-949: Fix for migration bug not keeping proper parameters of NSEC3 signed zones. Amongst others the zone become NSEC. Loading the policies
  fixes the situation, migration scripts now corrected. Since 1.4 does not require a salt, a resalt might be automatic after migrating, as this is
  a required parameter.
• OPENDNSSEC-948: do not recreate signatures for keys that are moving out this fixes unexpected double signatures in the zone.
• SUPPORT-253: Incorrect keytag used when using Combined Signing keys (CSK) (Thanks to Simon Arlott)
• SUPPORT-257: Export keys by locator (Thansk to Simon Arlott)
• SUPPORT-222: Support ED25519/ED448 keys. This requires library ldns 1.7.0 or better, otherwise unavailable. (Thanks again to Simon Arlott)
• Load libsqlite3.so.0 and fall back on libsqlite3.so.0 to allow to run migration tool on systems without libsqlite3.so.0 soft link. (Thanks to Paul Wouters)
• Some compilation warnings, o.a. gcc10 related, code quality and initialization improvements. (Thanks to Jonas Berlin, and Mathieu MirMont, and Paul Wouters)

Download

• https://dist.opendnssec.org/source/opendnssec-2.1.7.tar.gz
• https://dist.opendnssec.org/source/opendnssec-2.1.7.tar.gz.sig
• Checksum SHA256: 4cf3a797b8ff9fb0c02432187ef22adeb03d007074d70ec2b48b18ae6c1d09a4

This entry was posted on Monday, October 5th, 2020 at 04:10 and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.