[Opendnssec-user] Release candidate for OpenDNSSEC 2.1.8

(Berry) A.W. van Halderen berry at nlnetlabs.nl
Tue Feb 16 09:55:14 UTC 2021


There is finally another release candiate for OpenDNSSEC (2.1.8rc2),
which fixes a big in the enforcer set-policy command and a niche, but
important crash in the signer.  The fixes in this release candidate
should not pose any problems, but the first release candidate included
a fix to keys not being purged from the HSM.  This warrented a release
candidate before going for a direct release, so I want to bring this
again to the attention:

> To the key purge problem.  Either when manually purging keys, or having
> specified a <Purge> in your key policy (kasp.xml), the keys are suppost
> to be removed from the HSM.  However, for some time, the keys were marked
> for deletion, and became invisible, but the removal from the HSM was
> skipped.  In this release candidate this is fixed, but still allowing
> keys not to be removed entirely.  When you specify an automatic purge
> then the keys will, after the specified period, will be completely
> removed.  When you purge manually, keys are not removed from the HSM
> unless you specify an additional flag (the --delete or -d flag).

This new release candidate is available using the following link:


With kind regards,
Berry van Halderen

More information about the Opendnssec-user mailing list