[Opendnssec-announce] OpenDNSSEC v1.2.0b1

Rickard Bellgrim rickard.bellgrim at iis.se
Mon Oct 18 14:43:34 UTC 2010

Version 1.2.0b1 of OpenDNSSEC has now been released.

* A new signer engine, written in c. Zones are maintained in memory, instead of in files on disk.
* Removed the python and python-4suite-xml dependencies.
* Remove separate autoconf for libhsm/conf/enforcer.
* Add option to disable building the signer.
* Signer logs statistics just after outputting a new signed zone.
* libhsm will skip processing (and not create) any public keys if the per repository option <SkipPublicKey/> is set.
* Keysharing improved – keys can now exist in different states on each zone that the key is in use for.
* Backup prepare/commit/rollback added for 2-step backups without taking the enforcer offline.
* Standby keys are now optional (default to 0) and should be considered experimental.

* Fix semantics of refresh value in Signer Engine.
* Auditor handles chains of empty nonterminals correctly.
* Recalculate salt immediately if the saltlength is changed.
* libhsm connected to slot 0 if the token label was not found. An error is now returned instead of connecting to the slot.
* Bugreport #102: Removed the obsoleted python-4suite-xml dependency.
* Fixed Known Issue: KSK rollover requires manual timing.
* Fixed Known Issue: Key rollover and reuse of signatures.
* Fixed Known Issue: Issue with sharing keys and adding zones.
* Fixed Known Issue: Quicksorter does not allow certain owner name. (Quicksorter is removed, signer now reads and sorts the zone).

Known issue:
* Auditor cannot verify zone containing RP or DNAME RR. Fixed in dnsruby trunk. Will be included in dnsruby v1.51

Download the source from our repository:
svn co http://svn.opendnssec.org/tags/OpenDNSSEC-1.2.0b1/

// OpenDNSSEC team

More information about the Opendnssec-announce mailing list