Archive for the ‘Releases’ Category

« Older Entries
Newer Entries »

OpenDNSSEC 1.4.3

Posted by sara on December 4th, 2013

Version 1.4.3 of OpenDNSSEC has now been released:

Updates:

  • SUPPORT-72: Improve logging when failed to increment serial in case of key rollover and serial value “keep” [OPENDNSSEC-461].
  • OPENDNSSEC-106: Add ‘ods-enforcerd -p <policy>’ option. This prompts the enforcer to run once and only process the specified policy and associated zones.
  • OPENDNSSEC-330: NSEC3PARAM TTL can now be optionally configured in kasp.xml. Default value remains PT0S.
  • OPENDNSSEC-390: ods-ksmutil: Add an option to the ‘ods-ksmutil key ds-seen’ command so the user can choose not to notify the enforcer.
  • OPENDNSSEC-430: ods-ksmutil: Improve ‘zone add’ – Zone add command could warn if a specified zone file or adapter file does not exits.
  • OPENDNSSEC-431: ods-ksmutil: Improve ‘zone add’ – Support default <input> and <output> values for DNS adapters.
  • OPENDNSSEC-454: ods-ksmutil: Add option for ‘ods-ksmutil key import’ to check if there is a matching key in the repository before import.

Bugfixes:

  • OPENDNSSEC-435: Signer Engine: Fix a serious memory leak in signature cleanup.
  • OPENDNSSEC-463: Signer Engine: Duration PT0S is now printed correctly.
  • OPENDNSSEC-466: Signer Engine: Created bad TSIG signature when falling back to AXFR.
  • OPENDNSSEC-467: Signer Engine: After ods-signer clear, signer should not use inbound serial.

Documentation:

Download:

 

 

 

OpenDNSSEC 1.3.16

Posted by sara on December 4th, 2013

Version 1.3.16 of OpenDNSSEC has now been released:

Updates:

  • SUPPORT-72: Improve logging when failed to increment serial in case of key rollover and serial value “keep” [OPENDNSSEC-441].
  • OPENDNSSEC-436: NSEC3PARAM TTL can now be optionally configured in kasp.xml. Default value remains PT0S.
  • OPENDNSSEC-458: Add ‘ods-enforcerd -p <policy>’ option. This prompts the enforcer to run once and only process the specified policy and associated zones.
  • OPENDNSSEC-460: ods-ksmutil: Add an option to the ‘ods-ksmutil key ds-seen’ command so the user can choose not to notify the enforcer.
  • OPENDNSSEC-472: ods-ksmutil: Add option for ‘ods-ksmutil key import’ to check if there is a matching key in the repository before import.
  • OPENDNSSEC-473: ods-ksmutil: Improve ‘zone add’ – Support default <input> and <output> values for DNS adapters.

Bugfixes:

  • OPENDNSSEC-451: Signer Engine: Prevent CKA_ID and DNSKEY mixup by using a separate HSM context when loading signer configuration.
  • OPENDNSSEC-462: Signer Engine: Duration PT0S is not printed correctly.
  • ods-ksmutil: Fix typo in policy export with NSEC3 <Iterations>.

Documentation:

Download:

 

 

SoftHSM 1.3.5

Posted by sara on October 7th, 2013

Version 1.3.5 of SoftHSM has been released.

Bugfixes:

  • SOFTHSM-45: Improved handling of a busy database
  • SUPPORT-76: Add -Wall -Werror flags and fix the warnings.
  • Fix more warnings on EPEL.

Documentation:

Download:

 

OpenDNSSEC 1.3.15

Posted by sara on September 19th, 2013

Version 1.3.15 of OpenDNSSEC has now been released:

Updates:

  • SUPPORT-58: Extend ods-signer sign <zone> with –serial <nr> so that the user  can specify the SOA serial to use in the signed zone [OPENDNSSEC-423].
  • OPENDNSSEC-428: Add option for ‘ods-ksmutil key generate’ to take total  number of zones as a parameter
  • OPENDNSSEC-448: Signer Engine: Enhancements to signer debug locks.

Bugfixes:

  • SUPPORT-75: Signer Engine: Fix double free crash in case of HSM connection error during signing [OPENDNSSEC-452].
  • OPENDNSSEC-397: Change “hsmutil list” output so that the table header goes to stdout not stderr
  • OPENDNSSEC-438: ‘ods-ksmutil key generate’ and the enforcer can create  too many keys for <SharedKeys/> policies when KSK and ZSK use same  algorithm and length
  • OPENDNSSEC-445: ods-ksmutil: Clean up of hsm connection handling

Documentation:

Download:

 

OpenDNSSEC 1.4.2

Posted by sara on September 11th, 2013

Version 1.4.2 of OpenDNSSEC has now been released:

Updates:

  • OPENDNSSEC-428: ods-ksmutil: Add option for ‘ods-ksmutil key generate’ to take number of zones as a parameter

Bugfixes:

  • SUPPORT-66: Signer Engine: Fix file descriptor leak in case of TCP write error [OPENDNSSEC-427].
  • SUPPORT-71: Signer Engine: Fix double free crash in case of HSM connection error during signing [OPENDNSSEC-444].
  • OPENDNSSEC-401: ‘ods-signer sign <zone> –serial <nr>’ command produces seg fault when run directly on command line (i.e. not via interactive mode)
  • OPENDNSSEC-440: ‘ods-ksmutil key generate’ and the enforcer can create too many keys if there are keys already available and the KSK and ZSK use same algorithm and length
  • OPENDNSSEC-424: Signer Engine: Respond to SOA queries from file instead of memory. Makes response non-blocking.
  • OPENDNSSEC-425 Change “hsmutil list” output so that the table header goes to stdout not stderr
  • OPENDNSSEC-438: ‘ods-ksmutil key generate’ and the enforcer can create too many keys for <SharedKeys/> policies when KSK and ZSK use same algorithm and length
  • OPENDNSSEC-443: ods-ksmutil: Clean up of hsm connection handling
  • Signer Engine: Improved Inbound XFR checking.
  • Signer Engine: Fix double free corruption in case of adding zone with DNS Outbound Adapters and NotifyCommand enabled.

Documentation:

Download:

 

 

OpenDNSSEC 1.4.1

Posted by sara on June 27th, 2013

Version 1.4.1 of OpenDNSSEC has now been released:

Updates:

  • SUPPORT-58: Extend ods-signer sign <zone> with –serial <nr> so that the user can specify the SOA serial to use in the signed zone [OPENDNSSEC-401].
  • OPENDNSSEC-91: Make the keytype flag required when rolling keys

Bugfixes:

  • SUPPORT-60: Fix datecounter in case inbound serial is higher than outbound serial [OPENDNSSEC-420].
  • OPENDNSSEC-247: Signer Engine: TTL on NSEC3 was not updated on SOA Minimum change.
  • OPENDNSSEC-421: Signer Engine: Fix assertion error in case NSEC3 hash algorithm in signconf is not SHA1.
  • OPENDNSSEC-421: ods-kaspcheck: Check whether NSEC3 hash algorithm in kasp is valid.
  • Bugfix: The time when inbound serial is acquired was reset invalidly, could cause OpenDNSSEC wanting AXFR responses while requesting IXFR (thanks Stuart Lau).
  • Bugfix: Fix malform in Outbound IXFR/TCP subsequent packet (thanks Stuart Lau).
  • OPENDNSSEC-398: The ods-ksmutil key rollover command does not work correctly when rolling all keys using the –policy option

Documentation:

Download:

 

OpenDNSSEC 1.3.14

Posted by sara on May 16th, 2013

Version 1.3.14 of OpenDNSSEC has now been released:

Updates:

  • OPENDNSSEC-367: ods-ksmutil: Require user confirmation if the algorithm for  a key is changed in a policy (as this rollover is not handled cleanly)
  • OPENDNSSEC-91: Make the keytype flag required when rolling keys
  • OPENDNSSEC-403: Signer Engine: new command ‘ods-signer locks’ that shows  locking information (for debugging purposes).

Bugfixes:

  • OPENDNSSEC-247: Signer Engine: TTL on NSEC3 was not updated on SOA  Minimum change.
  • OPENDNSSEC-396: Use TTLs from kasp when generating DNSKEY and DS records for  output.
  • OPENDNSSEC-398: The ods-ksmutil key rollover command does not work correctly  when rolling all keys using the –policy option
  • SUPPORT-40: Signer Engine: Keep occluded data in signed zone files/transfers.

Documentation:

Download:

 

OpenDNSSEC 1.4.0

Posted by sara on April 22nd, 2013

Version 1.4.0 of OpenDNSSEC has now been released.  This is the latest stable release.

Updates since 1.4.0rc3:

Documentation:

Download:

OpenDNSSEC 1.4.0rc3

Posted by sara on March 15th, 2013

Version 1.4.0rc3 of OpenDNSSEC has now been released. This version is recommended for testing only, not for use in production environments.

Updates:

  • Further testing of OPENDNSSEC-387 completed, release returned to rc status.

Documentation:

Download:

 

OpenDNSSEC 1.4.0b3

Posted by sara on February 21st, 2013

Version 1.4.0b3 of OpenDNSSEC has now been released. This version is recommended for testing only, not for use in production environments.

*NOTE: This release is marked as a beta release (rather than rc3) due to OPENDNSSEC-387, which is a significant functional change compared to rc2.

Updates:

  • OPENDNSSEC-387: Rollback of multi-threaded enforcer. Due to key allocation issues the usefulness of the threaded enforcer is outweighed by the code complications. The option still remains in conf.xml for compatibility with existing use; but it will now be silently ignored.

Bugfixes:

  • OPENDNSSEC-388: Signer Engine: Internal serial should take into account the inbound serial.
  • SUPPORT-50/51: Signer Engine: Inbound DNS Adapter incorrectly updates NSEC3PARAM and DNSKEY RRset [OPENDNSSEC-389]
  • OPENDNSSEC-389: Input DNS Adapter incorrectly updating NSEC3PARAM and DNSKEY RRsets

Documentation:

Download:

**NOTE: This release is signed with the new OpenDNSSEC Distribution key (2013) available from: https://wiki.opendnssec.org/display/OpenDNSSEC/PGP

 

« Older Entries
Newer Entries »

You are currently browsing the archives for the Releases category.