[Opendnssec-user] OpenDNSSEC 2.1.4 released
Berry A.W. van Halderen
berry at nlnetlabs.nl
Fri May 17 09:07:39 UTC 2019
It has been a while after the previous release. The 2.1 release
has been quite stable with a few corner case problems. However
there is now a need for a release to fix an issue with zone signing
that can potentially lead to missing signatures so definitely warrants
The 2.1.4 release is available immediately from the download site
below, we urge you to upgrade. Also for installations still
on the 1.4 release should consider upgrading as a number of
incidents reported against 1.4 have not occurred on 2.1
installations due to better stability.
To make sure this release is picked out we will not include a fix
that was to the issue for a double KSK roll. This fix is available
on our develop branch, but includes more changes, and this fix needs
to go out on its own.
There are no migration steps needed from a previous 2.1 release.
* SUPPORT-229: Missing signatures for key new while signatures for
old key still present under certain kasp policies, leading to
bogus zones. Root cause for bug existed but made prominent
since 2.1.3 release.
* OPENDNSSEC-943: support build on MacOS with missing pthread barriers
* SUPPORT-229: fixed for too early retivement of signatures upon double
rrsig key roll signing strategy.
* Strip build directory from doxygen docs, remove bashisms from
* The ods-signer and ods-signerd man page should be in section 8 not 22
Note that this might mean that package managers should remove the
older man pages from the old location.
Thanks to Mathieu Mirmont for providing the latter two fixes.
* Checksum SHA256:
The OpenDNSSEC team
More information about the Opendnssec-user