Archive for the ‘Uncategorized’ Category

OpenDNSSEC 2.1.3

Version 2.1.3 of OpenDNSSEC has been released on 2017-08-10.

News

As of today version 2.1.3 of OpenDNSSEC has been released. No special migration steps are required when upgrading from a previous 2.x.x release. It includes fixes to the build system, some regressions w.r.t. OpenDNSSEC 1.4 and a signing bug.

Build fixes

  • OPENDNSSEC-904: autoconfigure fails to properly identify functions in ssl library on some distributions. This caused the “tsig unknown algorithm hmac-sha256″ error.
  • OPENDNSSEC-894: repair configuration script to allow excluding the build of the enforcer.

Regressions

  • OPENDNSSEC-508: Tag RolloverNotification was not functioning correctly
  • OPENDNSSEC-901: Enforcer would ignore ManualKeyGeneration tag in conf.xml
  • OPENDNSSEC-906: Tag AllowExtraction tag included from late 1.4 development

Bugs Fixed

  • OPENDNSSEC-886: Improper time calculation on 32 bits machine causes purge of keys not being scheduled. The purge would happen but some time later than expected.
  • OPENDNSSEC-890: Mismatching TTLs in record sets would cause bogus signatures.
  • OPENDNSSEC-908: Warn when TTL of resource record exceeds KASP’s MaxZoneTTL. Formerly the signer would cap such TTLs to prevent situations where those records could get bogus during ZSK rollover. However it has been realized that this can potentially lead to failing IXFRs. We intend to bring back this feature in the near future when our internal data representation allows this.

Download

OpenDNSSEC 1.4.14

Version 1.4.14 of OpenDNSSEC has been released on 2017-04-28.

News

Hereby we announce the OpenDNSSEC 1.4.14 release.

Bugs Fixed

  • OPENDNSSEC-888: Fix up MySQL<->SQLite3 database conversion script.
  • OPENDNSSEC-752: Incorrect calculated number of KSKs needed when KSK and ZSK have exactly the same parameters. This would prevent KSK rollovers.
  • OPENDNSSEC-890: Bogus signatures on mismatching TTLs within the same RRset.

Download

OpenDNSSEC 2.1.1

Version 2.1.1 of OpenDNSSEC has been released on 2017-04-28.

News

OpenDNSSEC 2.1.1 addresses a number of bug fixes. No migration steps are required when upgrading from an earlier 2.X release. In case you are still on the 1.4.X branch and like to upgrade to 2.1.1 you are advised to do so directly rather than installing earlier 2.X versions first.

Bugs Fixed

  • OPENDNSSEC-889: MySQL migration script didn’t work for all database and MySQL versions.
  • OPENDNSSEC-887: Segfault on extraneous tag.
  • OPENDNSSEC-880: Command line parsing for import key command failed.
  • OPENDNSSEC-890: Bogus signatures upon wrong zone input when TTLs for same rrset are mismatching.

Download

OpenDNSSEC 1.4.13

Version 1.4.13 of OpenDNSSEC has been released on 2017-01-20.

News

Hereby we announce the OpenDNSSEC 1.4.13 release. It includes a small number of bug fixes and no migration steps are needed. Some minor code adjustments where made to make linking to OpenSSL 1.1.0 possible.

This release is signed by our new (Jan 11th) PGP key.

Fixes

  • OPENDNSSEC-778: Double NSEC3PARAM record after resalt.
  • OPENDNSSEC-853: Fixed serial_xfr_acquired not updated in state file.
  • Wrong error was sometimes being print on failing TCP connect.
  • Add support for OpenSSL 1.1.0.
  • OPENDNSSEC-866: Script for migration between MySQL and SQLite was outdated.

Download

OpenDNSSEC 2.0.4

Version 2.0.4 of OpenDNSSEC has been released on 2017-01-13.

News

As of now OpenDNSSEC 2.0.4 is released. This version is a minimal change over 2.0.3, fixing a reported crash of the Enforcer daemon. No additional migration steps are required. In the near future, we aim at the end of January, we are planning to release the next feature version which will be 2.1.

This release is signed by our new (Jan 11th) PGP key.

Fixes

  • Fix Enforcer crash that could occur in some cases while evaluating relationships between keys.
  • Support compiling with OpenSSL 1.1.

Download

You are currently browsing the archives for the Uncategorized category.