[Opendnssec-maintainers] OpenDNSSEC 2.1.3 released
yuri at nlnetlabs.nl
Thu Aug 10 12:49:12 UTC 2017
As of today version 2.1.3 of OpenDNSSEC has been released. No special
migration steps are required when upgrading from a previous 2.x.x
release. It includes fixes to the build system, some regressions w.r.t.
OpenDNSSEC 1.4 and a signing bug. Please note that version 2.1.2 was
skipped for release.
* OPENDNSSEC-904: autoconfigure fails to properly identify functions in
ssl library on some distributions. This caused the "tsig unknown
algorithm hmac-sha256" error.
* OPENDNSSEC-894: repair configuration script to allow excluding the
build of the enforcer.
* OPENDNSSEC-508: Tag <RolloverNotification> was not functioning
* OPENDNSSEC-901: Enforcer would ignore <ManualKeyGeneration/> tag in
* OPENDNSSEC-906: Tag <AllowExtraction> tag included from late 1.4
* OPENDNSSEC-886: Improper time calculation on 32 bits machine causes
purge of keys not being scheduled. The purge would happen but some
time later than expected.
* OPENDNSSEC-890: Mismatching TTLs in record sets would cause bogus
* OPENDNSSEC-908: Warn when TTL of resource record exceeds KASP's
MaxZoneTTL. Formerly the signer would cap such TTLs to prevent
situations where those records could get bogus during ZSK rollover.
However it has been realized that this can potentially lead to failing
IXFRs. We intend to bring back this feature in the near future when
our internal data representation allows this.
* Checksum SHA256:
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 195 bytes
Desc: OpenPGP digital signature
More information about the Opendnssec-maintainers