From sara at sinodun.com Wed Dec 4 14:47:16 2013 From: sara at sinodun.com (Sara Dickinson) Date: Wed, 4 Dec 2013 14:47:16 +0000 Subject: [Opendnssec-maintainers] OpenDNSSEC 1.3.16 Message-ID: <72E3CA9D-997B-40C3-9472-A11D1F98CE8F@sinodun.com> All, Version 1.3.16 of OpenDNSSEC has now been released: Updates: * SUPPORT-72: Improve logging when failed to increment serial in case of key rollover and serial value "keep" [OPENDNSSEC-441]. * OPENDNSSEC-436: NSEC3PARAM TTL can now be optionally configured in kasp.xml. Default value remains PT0S. * OPENDNSSEC-458: Add 'ods-enforcerd -p ' option. This prompts the enforcer to run once and only process the specified policy and associated zones. * OPENDNSSEC-460: ods-ksmutil: Add an option to the 'ods-ksmutil key ds-seen' command so the user can choose not to notify the enforcer. * OPENDNSSEC-472: ods-ksmutil: Add option for 'ods-ksmutil key import' to check if there is a matching key in the repository before import. * OPENDNSSEC-473: ods-ksmutil: Improve 'zone add' - Support default and values for DNS adapters. Bugfixes: * OPENDNSSEC-451: Signer Engine: Prevent CKA_ID and DNSKEY mixup by using a separate HSM context when loading signer configuration. * OPENDNSSEC-462: Signer Engine: Duration PT0S is not printed correctly. * ods-ksmutil: Fix typo in policy export with NSEC3 . Documentation: * http://wiki.opendnssec.org/display/DOCS13 Download: * http://dist.opendnssec.org/source/opendnssec-1.3.16.tar.gz * http://dist.opendnssec.org/source/opendnssec-1.3.16.tar.gz.sig * Checksum sha1: 4d81517cc99f8120f773c2af772b17eb5714f793 * Checksum sha256: fa0fe18757a19d6b03e27c2c76f291d61a735f14c2661725df4e569e0be1d04c //OpenDNSSEC team From sara at sinodun.com Wed Dec 4 14:47:23 2013 From: sara at sinodun.com (Sara Dickinson) Date: Wed, 4 Dec 2013 14:47:23 +0000 Subject: [Opendnssec-maintainers] OpenDNSSEC 1.4.3 Message-ID: <05C3B60A-3DE4-4C9F-9E41-9FDC6F8CE2BE@sinodun.com> All, Version 1.4.3 of OpenDNSSEC has now been released. This is the latest stable release. Updates: * SUPPORT-72: Improve logging when failed to increment serial in case of key rollover and serial value "keep" [OPENDNSSEC-461]. * OPENDNSSEC-106: Add 'ods-enforcerd -p ' option. This prompts the enforcer to run once and only process the specified policy and associated zones. * OPENDNSSEC-330: NSEC3PARAM TTL can now be optionally configured in kasp.xml. Default value remains PT0S. * OPENDNSSEC-390: ods-ksmutil: Add an option to the 'ods-ksmutil key ds-seen' command so the user can choose not to notify the enforcer. * OPENDNSSEC-430: ods-ksmutil: Improve 'zone add' - Zone add command could warn if a specified zone file or adapter file does not exits. * OPENDNSSEC-431: ods-ksmutil: Improve 'zone add' - Support default and values for DNS adapters. * OPENDNSSEC-454: ods-ksmutil: Add option for 'ods-ksmutil key import' to check if there is a matching key in the repository before import. Bugfixes: * OPENDNSSEC-435: Signer Engine: Fix a serious memory leak in signature cleanup. * OPENDNSSEC-463: Signer Engine: Duration PT0S is now printed correctly. * OPENDNSSEC-466: Signer Engine: Created bad TSIG signature when falling back to AXFR. * OPENDNSSEC-467: Signer Engine: After ods-signer clear, signer should not use inbound serial. Documentation: * http://wiki.opendnssec.org/display/DOCS Download: * http://dist.opendnssec.org/source/opendnssec-1.4.3.tar.gz * http://dist.opendnssec.org/source/opendnssec-1.4.3.tar.gz.sig * Checksum sha1: 9e985fc42ce679c930bbdbc1a38ad5ff1ca4c61a * Checksum sha256: 22979b53851a1ec74a242ca89bbd1fc58a170272f33c6a395f0ab14f6244e491 //OpenDNSSEC team