From yuri at nlnetlabs.nl Mon Oct 17 08:03:40 2016 From: yuri at nlnetlabs.nl (Yuri Schaeffer) Date: Mon, 17 Oct 2016 10:03:40 +0200 Subject: [Opendnssec-maintainers] OpenDNSSEC 2.0.3 released Message-ID: <365a8432-514f-62eb-5555-e4df8b1d3001@nlnetlabs.nl> Dear community, Hereby we announce the OpenDNSSEC 2.0.3 release. Most of the changes are related to further smoothing the migration path from OpenDNSSEC 1.4 to 2.0. If you still need to migrate from 1.4.10 please migrate to 2.0.3 directly rather than from 2.0.1. Another important fix is a memory leak in the signer. It would cause a high memory usage for installations with very frequent outgoing IXFR's. Changes: * OpenDNSSEC-839: update all no longer deletes zones or policies. Policy import now has a --remove-missing-policies option. (thanks David Peall) * OpenDNSSEC-840: Fix migration script to correctly interpret SOA serial strategy. * OPENDNSSEC-843: MaxZoneTTL defaults to 0 instead of 1 day. * Migration script can handle converting a database with zones in rollover better. * Fixed incorrect behaviour when more than 2 ZSKs involved in roll. * SUPPORT-201: Remove old keys from converted DB. * OPENDNSSEC-845: Memory leak on IXFR out. Download: * https://dist.opendnssec.org/source/opendnssec-2.0.3.tar.gz * https://dist.opendnssec.org/source/opendnssec-2.0.3.tar.gz.sig * Checksum SHA256: ebeb5481d696cf83c21c5dfbecce6ab5dcc73df1a08573ef257f2f6fe10f6214 Kind regards, The OpenDNSSEC team -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 163 bytes Desc: OpenPGP digital signature URL: From berry at nlnetlabs.nl Mon Oct 17 13:52:12 2016 From: berry at nlnetlabs.nl (Berry A.W. van Halderen) Date: Mon, 17 Oct 2016 15:52:12 +0200 Subject: [Opendnssec-maintainers] OpenDNSSEC 1.4.12 released Message-ID: <5804D78C.4000004@nlnetlabs.nl> Dear community, Hereby we announce the OpenDNSSEC 1.4.12 release. This is a bug fix release targeting a memory leak in the signer when being used in the "bumb in the wire" model where the signer would send out notify messages and respond to IXFR requests for the signed zone. This typically would manifest itself with very frequent outgoing IXFRs over a longer period of time. When upgrading from 1.4.10 (the 1.4.11 release was skipped) no migration steps are needed. For upgrading from earlier releases see the migration steps in the individual releases, most notably in 1.4.8.2. This version of OpenDNSSEC does however require a slightly less older minimal version of the library ldns. Changes: * OPENDNSSEC-808: Crash on query with empty query section (thanks H??vard Eidnes). * SUPPORT-191: Regression, Must accept notify without SOA (thanks Christos Trochalakis). * OPENDNSSEC-845: memory leak occuring when responding to IXFR out when having had multiple updates. * OPENDNSSEC-805: Avoid full resign due to mismatch in backup file when upgrading from 1.4.8 or later. * OPENDNSSEC-828: parsing zone list could show data from next zone when zones iterated on single line. * OPENDNSSEC-811,OPENDNSSEC-827,e.o.: compiler warnings and other static code analysis cleanup * OPENDNSSEC-847: Broken DNS IN notifications when pkt answer section is empty. * OPENDNSSEC-838: Crash in signer after having removed a zone. * Update dependency to ldns to version 1.6.17 enabling the DNS HIP record. * Prevent responding to queries when not fully started yet. Download: * https://dist.opendnssec.org/source/opendnssec-1.4.12.tar.gz * https://dist.opendnssec.org/source/opendnssec-1.4.12.tar.gz.sig * Checksum SHA256: 4ba6cf06fcd1131c1ed913d61959ddc90726ed5e4f153c90f45ec64445528a0c Kind regards, The OpenDNSSEC team _______________________________________________ Opendnssec-announce mailing list Opendnssec-announce at lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-announce -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: