[Opendnssec-announce] OpenDNSSEC 1.2.0rc3

Rickard Bellgrim rickard.bellgrim at iis.se
Tue Dec 28 10:46:32 UTC 2010


Version 1.2.0rc3 of OpenDNSSEC has now been released.

* Moved migration instructions to the file MIGRATION

* Bugreport #199: The previous DB schema change made the zone removal broken.
* Enforcer: When retiring old KSK, use TTL(ds) and not TTL(ksk).
* Enforcer: Minimize the set of DS RRs sent to DelegationSignerSubmitCommand.
* Enforcer: Replace tab with a space character in the DNSKEY printed to syslog.
* Enforcer: Fixed pontential format string bug.
* ods-ksmutil: Log to syslog when ds-seen changes a key to active/standby.
* Signer Engine: Don’t be smart with RRSIG TTLs, the hsm will set them for you.
* Signer Engine: Set notify command for zone when receiving ods-signer update.
* Signer Engine: Update TTL of NSEC(3) records if SOA Minimum has changed in KASP.
* Signer Engine: Now logs to the correct facility.
* Signer Engine: Also remove NSEC records when detecting changes in signconf <Denial>
* Signer Engine: Dropped privileges before starting Zonefetcher.

Known bug:
* This release does not build on Solaris, but will be fixed.

Download the tarball from: http://www.opendnssec.org/files/source/opendnssec-1.2.0rc3.tar.gz

// OpenDNSSEC team

More information about the Opendnssec-announce mailing list