From berry at nlnetlabs.nl Tue Feb 11 07:47:43 2020 From: berry at nlnetlabs.nl (Berry A.W. van Halderen) Date: Tue, 11 Feb 2020 08:47:43 +0100 Subject: [Opendnssec-announce] OpenDNSSEC 2.1.6 released Message-ID: <2f3c8bf5-ea75-1927-84f3-2ed38714a826@nlnetlabs.nl> Dear all, Version 2.1.6 of OpenDNSSEC has been released a few hours ago. This release of 2.1.6 fixes some issues regarding the key list wrongfully displayed (a regression bug in 2.1.5) as well as a small leak in the enforcer (which can add up when you bang the enforcer with a lot of commands. And as well as a serious signing error when using Combined Signing Keys (CSKs), this is only relevant if you combine KSK and ZSK in one. Especially users of CSKs need this fix now. Another nice fix is a reconnect to a MySQL/MariaDB database you you don't have to tweak database parameters. Fixes * OPENDNSSEC-913: verify database connection upon every use. * OPENDNSSEC-944: bad display of date of next transition (regression) * SUPPORT-250: missing signatures on using combined keys (CSK) * OPENDNSSEC-945: memory leak per command to enforcer. * OPENDNSSEC-946: unclean enforcer exit in case of certain config problems. * OPENDNSSEC-411: set-policy command to change policy of zone (experimental). Requestes explicit enforce command to take effect. Download here: https://dist.opendnssec.org/source/opendnssec-2.1.6.tar.gz Yours Truly, \OpenDNSSEC From vincent.levigneron at afnic.fr Mon Feb 17 21:19:04 2020 From: vincent.levigneron at afnic.fr (Vincent Levigneron) Date: Mon, 17 Feb 2020 21:19:04 -0000 Subject: [Opendnssec-announce] [Opendnssec-user] OpenDNSSEC 2.1.6 released In-Reply-To: <2f3c8bf5-ea75-1927-84f3-2ed38714a826@nlnetlabs.nl> References: <2f3c8bf5-ea75-1927-84f3-2ed38714a826@nlnetlabs.nl> Message-ID: <20200217211857.GA31168@stardust.tech.prive.nic.fr> Dear Berry, It seems that the following command does not work anymore in 2.1.6 : > ods-signer sign nic.fr Error: Zone nic.fr not found. If I go back to 2.1.5, it works. > ods-control start Starting enforcer... OpenDNSSEC key and signing policy enforcer version 2.1.5 Engine running. Starting signer engine... OpenDNSSEC signer engine version 2.1.5 Engine running. > ods-signer sign nic.fr Zone nic.fr scheduled for immediate re-sign. Is there something to modify in 2.1.6 to make ods-signer command works ? Best regards, Vincent le 11 f?vr., Berry A.W. van Halderen via Opendnssec-user a ?crit : > Dear all, > > Version 2.1.6 of OpenDNSSEC has been released a few hours ago. > > This release of 2.1.6 fixes some issues regarding the key list > wrongfully displayed (a regression bug in 2.1.5) as well as a small > leak in the enforcer (which can add up when you bang the enforcer > with a lot of commands. And as well as a serious signing error when > using Combined Signing Keys (CSKs), this is only relevant if you > combine KSK and ZSK in one. Especially users of CSKs need this fix > now. Another nice fix is a reconnect to a MySQL/MariaDB database > you you don't have to tweak database parameters. > > Fixes > * OPENDNSSEC-913: verify database connection upon every use. > * OPENDNSSEC-944: bad display of date of next transition (regression) > * SUPPORT-250: missing signatures on using combined keys (CSK) > * OPENDNSSEC-945: memory leak per command to enforcer. > * OPENDNSSEC-946: unclean enforcer exit in case of certain config > problems. > * OPENDNSSEC-411: set-policy command to change policy of zone > (experimental). Requestes explicit enforce command to take effect. > > Download here: > https://dist.opendnssec.org/source/opendnssec-2.1.6.tar.gz > > Yours Truly, > \OpenDNSSEC > _______________________________________________ > Opendnssec-user mailing list > Opendnssec-user at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user > -- Vincent Levigneron A.F.N.I.C. Vincent.Levigneron at afnic.fr -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: not available URL: