[Opendnssec-user] OpenDNSSEC 2.1.4 released

Berry A.W. van Halderen berry at nlnetlabs.nl
Fri May 17 09:07:39 UTC 2019

Dear Community,

It has been a while after the previous release.  The 2.1 release
has been quite stable with a few corner case problems.  However
there is now a need for a release to fix an issue with zone signing
that can potentially lead to missing signatures so definitely warrants
a release.

The 2.1.4 release is available immediately from the download site
below, we urge you to upgrade.  Also for installations still
on the 1.4 release should consider upgrading as a number of
incidents reported against 1.4 have not occurred on 2.1
installations due to better stability.

To make sure this release is picked out we will not include a fix
that was to the issue for a double KSK roll.  This fix is available
on our develop branch, but includes more changes, and this fix needs
to go out on its own.


There are no migration steps needed from a previous 2.1 release.


* SUPPORT-229: Missing signatures for key new while signatures for
  old key   still present under certain kasp policies, leading to
  bogus zones.   Root cause for bug existed but made prominent
  since 2.1.3 release.
* OPENDNSSEC-943: support build on MacOS with missing pthread barriers
* SUPPORT-229: fixed for too early retivement of signatures upon double
  rrsig key roll signing strategy.
* Strip build directory from doxygen docs, remove bashisms from
* The ods-signer and ods-signerd man page should be in section 8 not 22
  Note that this might mean that package managers should remove the
  older man pages from the old location.
Thanks to Mathieu Mirmont for providing the latter two fixes.

* https://dist.opendnssec.org/source/opendnssec-2.1.4.tar.gz
* https://dist.opendnssec.org/source/opendnssec-2.1.4.tar.gz.sig
* Checksum SHA256:

Kind regards,
The OpenDNSSEC team

More information about the Opendnssec-user mailing list