[Opendnssec-announce] OpenDNSSEC 1.3.0

Rickard Bellgrim rickard at opendnssec.org
Tue Jul 12 11:25:45 UTC 2011


Hi

Version 1.3.0 of OpenDNSSEC has now been released.

-----------------------------------------------------
Changes between 1.3.0 and 1.3.0rc3

* Include simple-dnskey-mailer-plugin in dist.
* Enforcer: Change message about KSK retirement to make it less confusing.

Bugfixes:
* ods-control: If the Enforcer did not close down, you entered an infinite loop.
* Signer Engine: Fix log message typos.
* Signer Engine: Fix crash where ods-signer update
* Signer Engine: Also replace DNSKEYs if <DNSKEY><TTL> has changed in policy.
* Zonefetcher: Sometimes invalid ‘Address already in use’ occurred.
* Bugfix #247: Fixes bug introduced by bugfix #242.

Download the tarball from:
http://www.opendnssec.org/files/source/opendnssec-1.3.0.tar.gz

--------------------------------------------------------------------------
Summery of changes between 1.3.0 and 1.2 branch

* Support for signing the root. Use the zone name “.”
* <SkipPublicKey/> is enabled for SoftHSM in the default
configuration. It improves the performance by only using the private
key objects.
* Document the <RolloverNotification> tag in conf.xml.
* Match the names of the signer pidfile and enforcer pidfile.
* Include check for resign < resalt in ods-kaspcheck.
* Do not distribute trang.
* Include simple-dnskey-mailer-plugin in dist.
* Enforcer: Stop import of policy if it is not consistent.
* ods-signer: The queue command will now also show what tasks the
workers are working on.
* Signer Engine: Just warn if occluded zone data was found, don’t stop
signing process.
* Signer Engine: Simpler serial maintenance, reduces the number of
conflicts. Less chance to hit a ‘cannot update: serial too small’
error message.
* Signer Engine: Simpler NSEC(3) maintenance.
* Signer Engine: Temperate the number of backup files.
* Signer Engine: Set number of <SignerThreads> in conf.xml to get peak
performance from HSMs that can handle multiple threads.

Bugfixes:
* Bugreport #139: ods-auditor fails on root zone.
* Bugreport #198: Zone updates ignored?
* Bugreport #231: Fix MySQL version check.
* Replace tab with white-space when writing to syslog.
* Fix test for java executable and others.
* Enforcer: ‘make check’ now works.
* Enforcer: Fixed some memory leaks in the tests.
* ods-ksmutil: Update now sends a HUP to the enforcerd.
* Signer Engine: Do not block update command while signing.
* Signer Engine: The default working directory was not specified.
* Signer Engine: Also replace DNSKEYs if <DNSKEY><TTL> has changed in policy.

// OpenDNSSEC team



More information about the Opendnssec-announce mailing list