Version 2.1.9 of OpenDNSSEC has been released on 2021-05-03.
This release contains two changes that avoid some problems with certain HSM configuration, one of them is SoftHSMv2 in database back-end mode.
This can lead to temporarily not being able to sign zones, hence upgrading is really recommended.
It does not occur on all systems and configurations though.
- OPENDNSSEC-955: Prevent concurrency between certain valid PKCS#11 HSM operations to avoid some keys to be (transiently) unavailable.
- OPENDNSSEC-956: Harden signing procedure to still sign zones for which there are unused keys specified in the zone which are unavailable.
- Checksum SHA256: 6d1d466c8d7f507f3e665f4bfe4d16a68d6bff9d7c2ab65f852e2b2a821c28b5