OpenDNSSEC 2.1.7

Version 2.1.7 of OpenDNSSEC has been released on 2020-10-05.

News

This release of 2.1.7 fixes a bug in the migration script to migrate from 1.4 to 2.1. Additionally a bug in creating unnecessary signatures during a ZSK roll was fixed. We also had some contributions regarding edward curves and exporting keys by CKA identifier and other corrections and improvements, see the full list below.

The 2.1.7 release is available immediately from the download site.

Issues

  • OPENDNSSEC-949: Fix for migration bug not keeping proper parameters of NSEC3 signed zones. Amongst others the zone become NSEC. Loading the policies
    fixes the situation, migration scripts now corrected. Since 1.4 does not require a salt, a resalt might be automatic after migrating, as this is
    a required parameter.
  • OPENDNSSEC-948: do not recreate signatures for keys that are moving out this fixes unexpected double signatures in the zone.
  • SUPPORT-253: Incorrect keytag used when using Combined Signing keys (CSK) (Thanks to Simon Arlott)
  • SUPPORT-257: Export keys by locator (Thansk to Simon Arlott)
  • SUPPORT-222: Support ED25519/ED448 keys. This requires library ldns 1.7.0 or better, otherwise unavailable. (Thanks again to Simon Arlott)
  • Load libsqlite3.so.0 and fall back on libsqlite3.so.0 to allow to run migration tool on systems without libsqlite3.so.0 soft link. (Thanks to Paul Wouters)
  • Some compilation warnings, o.a. gcc10 related, code quality and initialization improvements. (Thanks to Jonas Berlin, and Mathieu MirMont, and Paul Wouters)

Download

OpenDNSSEC