OpenDNSSEC 2.1.10
Version 2.1.10 of OpenDNSSEC has been released on 2021-09-10.
News
This release addresses an automatic re-salting after a migration from 1.4
and an error manifesting as a key_data_update failure in the logs where
a retired key wasn’t removed from the signer configuration in time in
certain circumstances.
Also an RPM is now provided for RHEL/CentOS distros at the same download
location.
Issues
- OPENDNSSEC-955: Prevent concurrency between certain valid PKCS#11 HSM operations to avoid some keys to be (transiently) unavailable.
- OPENDNSSEC-956: Harden signing procedure to still sign zones for which there are unused keys specified in the zone which are unavailable.
- OPENDNSSEC-957: Fix exit code signer daemon to not always report failure.
- OPENDNSSEC-958: Fix immediate resalting after migration from 1.4.
- OPENDNSSEC-959: Emit warning on ods-kaspcheck for NSEC iteration count that is deemed too high.
- SUPPORT-265: Resolve conflict when deleting keys from HSM whilst also performing step in key roll process. Typically a message “key_data_update failed” is present in logs.
- Provided RedHat/CentOS spec file in contrib directory.
Download
- https://dist.opendnssec.org/source/opendnssec-2.1.10.tar.gz
- https://dist.opendnssec.org/source/opendnssec-2.1.10.tar.gz.sig
- Checksum SHA256: c0a8427de241118dccbf7abc508e4dd53fb75b45e9f386addbadae7ecc092756
- RPMs for RHEL/CentOS
This entry was posted on Saturday, September 11th, 2021 at 13:09 and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.
Comments are closed.