OpenDNSSEC 2.1.10

Version 2.1.10 of OpenDNSSEC has been released on 2021-09-10.

News

This release addresses an automatic re-salting after a migration from 1.4
and an error manifesting as a key_data_update failure in the logs where
a retired key wasn’t removed from the signer configuration in time in
certain circumstances.
Also an RPM is now provided for RHEL/CentOS distros at the same download
location.

Issues

  • OPENDNSSEC-955: Prevent concurrency between certain valid PKCS#11 HSM operations to avoid some keys to be (transiently) unavailable.
  • OPENDNSSEC-956: Harden signing procedure to still sign zones for which there are unused keys specified in the zone which are unavailable.
  • OPENDNSSEC-957: Fix exit code signer daemon to not always report failure.
  • OPENDNSSEC-958: Fix immediate resalting after migration from 1.4.
  • OPENDNSSEC-959: Emit warning on ods-kaspcheck for NSEC iteration count that is deemed too high.
  • SUPPORT-265: Resolve conflict when deleting keys from HSM whilst also performing step in key roll process. Typically a message “key_data_update failed” is present in logs.
  • Provided RedHat/CentOS spec file in contrib directory.

Download

OpenDNSSEC