[Opendnssec-user] OpenDNSSEC 2.1.6 released

Berry A.W. van Halderen berry at nlnetlabs.nl
Tue Feb 11 07:47:43 UTC 2020

Dear all,

Version 2.1.6 of OpenDNSSEC has been released a few hours ago.

This release of 2.1.6 fixes some issues regarding the key list
wrongfully displayed (a regression bug in 2.1.5) as well as a small
leak in the enforcer (which can add up when you bang the enforcer
with a lot of commands.  And as well as a serious signing error when
using Combined Signing Keys (CSKs), this is only relevant if you
combine KSK and ZSK in one.  Especially users of CSKs need this fix
now.  Another nice fix is a reconnect to a MySQL/MariaDB database
you you don't have to tweak database parameters.

* OPENDNSSEC-913: verify database connection upon every use.
* OPENDNSSEC-944: bad display of date of next transition (regression)
* SUPPORT-250: missing signatures on using combined keys (CSK)
* OPENDNSSEC-945: memory leak per command to enforcer.
* OPENDNSSEC-946: unclean enforcer exit in case of certain config
* OPENDNSSEC-411: set-policy command to change policy of zone
  (experimental).  Requestes explicit enforce command to take effect.

Download here:

Yours Truly,

More information about the Opendnssec-user mailing list