Archive for the ‘Releases’ Category
OpenDNSSEC 1.4.3
Version 1.4.3 of OpenDNSSEC has now been released:
Updates:
- SUPPORT-72: Improve logging when failed to increment serial in case of key rollover and serial value “keep” [OPENDNSSEC-461].
- OPENDNSSEC-106: Add ‘ods-enforcerd -p <policy>’ option. This prompts the enforcer to run once and only process the specified policy and associated zones.
- OPENDNSSEC-330: NSEC3PARAM TTL can now be optionally configured in kasp.xml. Default value remains PT0S.
- OPENDNSSEC-390: ods-ksmutil: Add an option to the ‘ods-ksmutil key ds-seen’ command so the user can choose not to notify the enforcer.
- OPENDNSSEC-430: ods-ksmutil: Improve ‘zone add’ – Zone add command could warn if a specified zone file or adapter file does not exits.
- OPENDNSSEC-431: ods-ksmutil: Improve ‘zone add’ – Support default <input> and <output> values for DNS adapters.
- OPENDNSSEC-454: ods-ksmutil: Add option for ‘ods-ksmutil key import’ to check if there is a matching key in the repository before import.
Bugfixes:
- OPENDNSSEC-435: Signer Engine: Fix a serious memory leak in signature cleanup.
- OPENDNSSEC-463: Signer Engine: Duration PT0S is now printed correctly.
- OPENDNSSEC-466: Signer Engine: Created bad TSIG signature when falling back to AXFR.
- OPENDNSSEC-467: Signer Engine: After ods-signer clear, signer should not use inbound serial.
Documentation:
Download:
- opendnssec-1.4.3.tar.gz
- opendnssec-1.4.3.tar.gz.sig
- Checksum sha1: 9e985fc42ce679c930bbdbc1a38ad5ff1ca4c61a
- Checksum sha256: 22979b53851a1ec74a242ca89bbd1fc58a170272f33c6a395f0ab14f6244e491
OpenDNSSEC 1.3.16
Version 1.3.16 of OpenDNSSEC has now been released:
Updates:
- SUPPORT-72: Improve logging when failed to increment serial in case of key rollover and serial value “keep” [OPENDNSSEC-441].
- OPENDNSSEC-436: NSEC3PARAM TTL can now be optionally configured in kasp.xml. Default value remains PT0S.
- OPENDNSSEC-458: Add ‘ods-enforcerd -p <policy>’ option. This prompts the enforcer to run once and only process the specified policy and associated zones.
- OPENDNSSEC-460: ods-ksmutil: Add an option to the ‘ods-ksmutil key ds-seen’ command so the user can choose not to notify the enforcer.
- OPENDNSSEC-472: ods-ksmutil: Add option for ‘ods-ksmutil key import’ to check if there is a matching key in the repository before import.
- OPENDNSSEC-473: ods-ksmutil: Improve ‘zone add’ – Support default <input> and <output> values for DNS adapters.
Bugfixes:
- OPENDNSSEC-451: Signer Engine: Prevent CKA_ID and DNSKEY mixup by using a separate HSM context when loading signer configuration.
- OPENDNSSEC-462: Signer Engine: Duration PT0S is not printed correctly.
- ods-ksmutil: Fix typo in policy export with NSEC3 <Iterations>.
Documentation:
Download:
- opendnssec-1.3.16.tar.gz
- opendnssec-1.3.16.tar.gz.sig
- Checksum sha1: 4d81517cc99f8120f773c2af772b17eb5714f793
- Checksum sha256: fa0fe18757a19d6b03e27c2c76f291d61a735f14c2661725df4e569e0be1d04c
SoftHSM 1.3.5
Version 1.3.5 of SoftHSM has been released.
Bugfixes:
- SOFTHSM-45: Improved handling of a busy database
- SUPPORT-76: Add -Wall -Werror flags and fix the warnings.
- Fix more warnings on EPEL.
Documentation:
Download:
- softhsm-1.3.5.tar.gz
- softhsm-1.3.5.tar.gz.sig
- Checksum sha1: b3857da8304f6effb04c7c27e2ad013372c04614
- Checksum sha256: 28b5062a13450faf6099fcb82d25d21f0ac7d202ba31ec85e943246cdcf87ebd
OpenDNSSEC 1.3.15
Version 1.3.15 of OpenDNSSEC has now been released:
Updates:
- SUPPORT-58: Extend ods-signer sign <zone> with –serial <nr> so that the user can specify the SOA serial to use in the signed zone [OPENDNSSEC-423].
- OPENDNSSEC-428: Add option for ‘ods-ksmutil key generate’ to take total number of zones as a parameter
- OPENDNSSEC-448: Signer Engine: Enhancements to signer debug locks.
Bugfixes:
- SUPPORT-75: Signer Engine: Fix double free crash in case of HSM connection error during signing [OPENDNSSEC-452].
- OPENDNSSEC-397: Change “hsmutil list” output so that the table header goes to stdout not stderr
- OPENDNSSEC-438: ‘ods-ksmutil key generate’ and the enforcer can create too many keys for <SharedKeys/> policies when KSK and ZSK use same algorithm and length
- OPENDNSSEC-445: ods-ksmutil: Clean up of hsm connection handling
Documentation:
Download:
- opendnssec-1.3.15.tar.gz
- opendnssec-1.3.15.tar.gz.sig
- Checksum sha1: 7241936811ae079af6002115cda057e825b60cfe
- Checksum sha256: c29884f76d278862de59576c2e5440e37c2b7c16f1984ccc7685a3a049e1c081
OpenDNSSEC 1.4.2
Version 1.4.2 of OpenDNSSEC has now been released:
Updates:
- OPENDNSSEC-428: ods-ksmutil: Add option for ‘ods-ksmutil key generate’ to take number of zones as a parameter
Bugfixes:
- SUPPORT-66: Signer Engine: Fix file descriptor leak in case of TCP write error [OPENDNSSEC-427].
- SUPPORT-71: Signer Engine: Fix double free crash in case of HSM connection error during signing [OPENDNSSEC-444].
- OPENDNSSEC-401: ‘ods-signer sign <zone> –serial <nr>’ command produces seg fault when run directly on command line (i.e. not via interactive mode)
- OPENDNSSEC-440: ‘ods-ksmutil key generate’ and the enforcer can create too many keys if there are keys already available and the KSK and ZSK use same algorithm and length
- OPENDNSSEC-424: Signer Engine: Respond to SOA queries from file instead of memory. Makes response non-blocking.
- OPENDNSSEC-425 Change “hsmutil list” output so that the table header goes to stdout not stderr
- OPENDNSSEC-438: ‘ods-ksmutil key generate’ and the enforcer can create too many keys for <SharedKeys/> policies when KSK and ZSK use same algorithm and length
- OPENDNSSEC-443: ods-ksmutil: Clean up of hsm connection handling
- Signer Engine: Improved Inbound XFR checking.
- Signer Engine: Fix double free corruption in case of adding zone with DNS Outbound Adapters and NotifyCommand enabled.
Documentation:
Download:
- opendnssec-1.4.2.tar.gz
- opendnssec-1.4.2.tar.gz.sig
- Checksum sha1: 82991f3110820ec0b12608fd3175bb70252a6f2b
- Checksum sha256: b4bc70bfb54ede8ed657cc7f669b5f58bc5e20eabf9b01ca107a6876b08bed35
OpenDNSSEC 1.4.1
Version 1.4.1 of OpenDNSSEC has now been released:
Updates:
- SUPPORT-58: Extend ods-signer sign <zone> with –serial <nr> so that the user can specify the SOA serial to use in the signed zone [OPENDNSSEC-401].
- OPENDNSSEC-91: Make the keytype flag required when rolling keys
Bugfixes:
- SUPPORT-60: Fix datecounter in case inbound serial is higher than outbound serial [OPENDNSSEC-420].
- OPENDNSSEC-247: Signer Engine: TTL on NSEC3 was not updated on SOA Minimum change.
- OPENDNSSEC-421: Signer Engine: Fix assertion error in case NSEC3 hash algorithm in signconf is not SHA1.
- OPENDNSSEC-421: ods-kaspcheck: Check whether NSEC3 hash algorithm in kasp is valid.
- Bugfix: The time when inbound serial is acquired was reset invalidly, could cause OpenDNSSEC wanting AXFR responses while requesting IXFR (thanks Stuart Lau).
- Bugfix: Fix malform in Outbound IXFR/TCP subsequent packet (thanks Stuart Lau).
- OPENDNSSEC-398: The ods-ksmutil key rollover command does not work correctly when rolling all keys using the –policy option
Documentation:
Download:
- opendnssec-1.4.1.tar.gz
- opendnssec-1.4.1.tar.gz.sig
- Checksum sha1: 90020d343456af0846b13c951a6a914109cb5d22
- Checksum sha256: 7795ba9f98f9c8292d5f9f9d6ffbf88352a6f77986f43acc1a30141f6027cc82
OpenDNSSEC 1.3.14
Version 1.3.14 of OpenDNSSEC has now been released:
Updates:
- OPENDNSSEC-367: ods-ksmutil: Require user confirmation if the algorithm for a key is changed in a policy (as this rollover is not handled cleanly)
- OPENDNSSEC-91: Make the keytype flag required when rolling keys
- OPENDNSSEC-403: Signer Engine: new command ‘ods-signer locks’ that shows locking information (for debugging purposes).
Bugfixes:
- OPENDNSSEC-247: Signer Engine: TTL on NSEC3 was not updated on SOA Minimum change.
- OPENDNSSEC-396: Use TTLs from kasp when generating DNSKEY and DS records for output.
- OPENDNSSEC-398: The ods-ksmutil key rollover command does not work correctly when rolling all keys using the –policy option
- SUPPORT-40: Signer Engine: Keep occluded data in signed zone files/transfers.
Documentation:
Download:
- opendnssec-1.3.14.tar.gz
- opendnssec-1.3.14.tar.gz.sig
- Checksum sha1: 9e6be8b42ab25cf1984f00326d44d0c195e00ef2
- Checksum sha256: 04016069f980191fac446ccab51f06bc7969d7544997c9e538ca1c170c2f42f5
OpenDNSSEC 1.4.0
Version 1.4.0 of OpenDNSSEC has now been released. This is the latest stable release.
Updates since 1.4.0rc3:
- Production release of 1.4
- Versioning scheme and release support policies updated
- Summary of changes in 1.4 vs 1.3 can be found on the wiki:
New in OpenDNSSEC 1.4
Documentation:
Download:
- opendnssec-1.4.0.tar.gz
- opendnssec-1.4.0.tar.gz.sig
- Checksum sha1: 111a6de4bb8f13bcedc31880c87588ce07eecc31
- Checksum sha256: 36d4926dcdf351a527ad7600b151ab6cc56d0a472a7eb8871eecd70afef9e101
OpenDNSSEC 1.4.0rc3
Version 1.4.0rc3 of OpenDNSSEC has now been released. This version is recommended for testing only, not for use in production environments.
Updates:
- Further testing of OPENDNSSEC-387 completed, release returned to rc status.
Documentation:
Download:
- opendnssec-1.4.0rc3.tar.gz
- opendnssec-1.4.0rc3.tar.gz.sig
- Checksum sha1: 9b824bd8be628a77daa8afd0079052978b10029b
- Checksum sha256: 7b572604522218125f800af59dfd33667c6cbc92ebaea3ef0dcd2edb8a0a4443
OpenDNSSEC 1.4.0b3
Version 1.4.0b3 of OpenDNSSEC has now been released. This version is recommended for testing only, not for use in production environments.
*NOTE: This release is marked as a beta release (rather than rc3) due to OPENDNSSEC-387, which is a significant functional change compared to rc2.
Updates:
- OPENDNSSEC-387: Rollback of multi-threaded enforcer. Due to key allocation issues the usefulness of the threaded enforcer is outweighed by the code complications. The option still remains in conf.xml for compatibility with existing use; but it will now be silently ignored.
Bugfixes:
- OPENDNSSEC-388: Signer Engine: Internal serial should take into account the inbound serial.
- SUPPORT-50/51: Signer Engine: Inbound DNS Adapter incorrectly updates NSEC3PARAM and DNSKEY RRset [OPENDNSSEC-389]
- OPENDNSSEC-389: Input DNS Adapter incorrectly updating NSEC3PARAM and DNSKEY RRsets
Documentation:
Download:
- opendnssec-1.4.0b3.tar.gz
- opendnssec-1.4.0b3.tar.gz.sig
- Checksum sha1: c549c2e0c6e08ac7ed79e1d2999c4ccfd7cf481f
- Checksum sha256: b1b5fe88fad3c8517b6921de50f88d6d8ce5b0c102ca5b0d4597b5420b44254b
**NOTE: This release is signed with the new OpenDNSSEC Distribution key (2013) available from: https://wiki.opendnssec.org/display/OpenDNSSEC/PGP
You are currently browsing the archives for the Releases category.