Release Notes: This release optimized storage in HSM, logs the serial of signed zones in the STATS line, provides NSEC3 records on empty non-terminals, checks for the existence of SOA RRset, and extended the 'key list' command. It fixed ods-ksmutil key import, date validation errors, and an off-by-one length check error in libhsm. In libhsm, cleanup was improved for C_FindObjects. The Signer Engine no longer replaces tabs in RRs with whitespace. Possible memory corruption in hsm_get_slot_id was fixed. A race condition when stopping the Signer Engine daemon was fixed. enforcer and ods-ksmutil now have improved logging on key creation and allocation.
Release Notes: This release fixes libhsm not using all mandatory attributes for GOST key generation and the "key list" command failing with an error in 1.4.4 on MySQL.
Release Notes: This release adds an option for 'ods-ksmutil key generate' to take the number of zones as a parameter. Several important bugfixes have been made.
Release Notes: SUPPORT-42: ./configure fails on FreeBSD (or if ldns is not installed in a directory in the default search path of the complier). OpenDNSSEC does not compile against ldns 1.6.16 on platforms that rely on the OpenDNSSEC implementation of strlcpy/cat.
Release Notes: NSEC3PARAM TTL should be set to zero. Bugfixes: OPENDNSSEC-306 (can't delete zone until Enforcer made signerconf); OPENDNSSEC-281 (Commandhandler was sometimes unresponsive); OPENDNSSEC-299 (ods-ksmutil <enter> now includes policy import); OPENDNSSEC-300 (ods-ksmutil policy purge documented with a warning); OPENDNSSEC-338 (fixes zone deletion on MySQL in ods-ksmutil (broken by SUPPORT-27)); OPENDNSSEC-342: auditor comparisons made case-insensitive; and OPENDNSSEC-345 (in ods-ksmutil, use ods-control to HUP the enforcerd process).
Release Notes: This version is recommended for testing only, not for use in production environments. The PIN is now optional in conf.xml. A multi-threaded option is available for the enforcer to improve performance (MySQL only). Signer Engine: The <ProvideTransfer>, <Notify>, <AllowNotify>, and <RequestTransfer> elements are now optional, but if provided they require one or more <Peer> or <Remote> elements.
Release Notes: For Enforcer, this release provides performance optimization of database access. For ods-ksmutil, it simplifies zone deletion so it only marks keys as dead (rather than actually removing them), leaving key removal to purge jobs.
Release Notes: This alpha release features a new signer with AXFR and IXFR for both the input and output adapters.
Release Notes: 'ods-signer update' now reloads signconfs even if the zonelist has not changed. The Signer Engine now allow for classless IN-ADDR.ARPA names (RFC 2317). Enforcer now has indexes for foreign keys in the kasp DB (SQLite only, MySQL already has them) Signer Engine warns if it is in signer configuration but ods-auditor is not installed. If key export in ods-ksmutil finds nothing to do, it now says so rather than displaying nothing, which might be misinterpreted. A problem in Signer Engine where TTL on NSEC(3) was not updated on SOA Minimum change was fixed, as was a problem with "ods-ksmutil zone delete --all".
Release Notes: Signer Engine: always recover serial from backup, even if it is corrupted, preventing unnecessary serial decrementals. Enforcer: tries to detect pidfile staleness so that the daemon will start after a power failure. More bugfixes.