[Opendnssec-announce] OpenDNSSEC 1.4.0a1

Rickard Bellgrim rickard at opendnssec.org
Fri Mar 16 07:36:47 UTC 2012


Hi

Version 1.4.0a1 of OpenDNSSEC has now been released.

* Auditor: The Auditor has been removed.
* Enforcer: Key label logging upon deletion (#192 Sebastian Castro)
* Enforcer: Stop multiple instances of the Enforcer running by
checking for the pidfile at startup. If you want to run multiple
instances then a different pidfile will need to be specified with the
-P flag.
* Enforcer/ods-ksmutil: Use TTLs from KASP when generating DNSKEY and
DS records for output.
* Enforcer/ods-ksmutil: Give a more descriptive error message if the
tag in conf.xml does not match the database-backend set at compile
time.
* ods-ksmutil: Add warnings on "key export --ds" if no active or ready
keys were seen, or if both were seen (so a key rollover is happening).
* ods-ksmutil: Prevent MySQL username or password being interpreted by
the shell when running "ods-ksmutil setup"
* ods-ksmutil: "zone delete" renames the signconf file; so that if the
zone is put back the signer will not pick up the old file.
* ods-ksmutil: "key delete" added. It allows keys that are not
currently in use to be deleted from the database and HSM.
* OPENDNSSEC-1: Enforcer: Check DelegationSignerSubmitCommand exists
and can be executed by ods-enforcerd.
* OPENDNSSEC-10: ods-ksmutil: Include key size and algorithm in "key
list" with -v flag.
* OPENDNSSEC-28: ods-ksmutil: "key list" shows next state with -v flag.
* OPENDNSSEC-35: ods-ksmutil: "rollover list -v" now includes more
information on the KSKs waiting for the ds-seen command.
* OPENDNSSEC-83: ods-ksmutil: "key generate" now displays how many
keys will be generated and presents the user with the opportunity to
stop the operation.
* OPENDNSSEC-124: ods-ksmutil: Suppress database connection
information when no -v flag is given.
* Signer Engine: Input and Output DNS Adapters.
* Signer Engine: Zonefetcher has been removed.

Known issues:
* Signer Engine: The backup files do not work correctly in this alpha release.

Bugfixes:
* Bugfix #246: Less confusing text for XML validation in ods-kaspcheck.
* ods-ksmutil: "update kasp" now reflects changes in policy descriptions.
* ods-ksmutil: Policy descriptions now have special characters quoted.
* ods-ksmutil: Fix typo in policy export with NSEC3.

The documentation for the new DNS adapters can be found here:
https://wiki.opendnssec.org/display/DOCSTRUNK/conf.xml
https://wiki.opendnssec.org/display/DOCSTRUNK/zonelist.xml
https://wiki.opendnssec.org/display/DOCSTRUNK/addns.xml

Download the tarball from:
http://www.opendnssec.org/files/source/testing/opendnssec-1.4.0a1.tar.gz

// OpenDNSSEC team



More information about the Opendnssec-announce mailing list