Version 2.1.10 of OpenDNSSEC has been released on 2021-09-10.

News

This release addresses an automatic re-salting after a migration from 1.4
and an error manifesting as a key_data_update failure in the logs where
a retired key wasn’t removed from the signer configuration in time in
certain circumstances.
Also an RPM is now provided for RHEL/CentOS distros at the same download
location.

Issues

• OPENDNSSEC-955: Prevent concurrency between certain valid PKCS#11 HSM operations to avoid some keys to be (transiently) unavailable.
• OPENDNSSEC-956: Harden signing procedure to still sign zones for which there are unused keys specified in the zone which are unavailable.
• OPENDNSSEC-957: Fix exit code signer daemon to not always report failure.
• OPENDNSSEC-958: Fix immediate resalting after migration from 1.4.
• OPENDNSSEC-959: Emit warning on ods-kaspcheck for NSEC iteration count that is deemed too high.
• SUPPORT-265: Resolve conflict when deleting keys from HSM whilst also performing step in key roll process. Typically a message “key_data_update failed” is present in logs.
• Provided RedHat/CentOS spec file in contrib directory.

Download

• https://dist.opendnssec.org/source/opendnssec-2.1.10.tar.gz
• https://dist.opendnssec.org/source/opendnssec-2.1.10.tar.gz.sig
• Checksum SHA256: c0a8427de241118dccbf7abc508e4dd53fb75b45e9f386addbadae7ecc092756
• RPMs for RHEL/CentOS

This entry was posted on Saturday, September 11th, 2021 at 13:09 and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.