Release Notes: Signer Engine will check the HSM connection before use, and attempt to reconnect if it is not valid. Instead of waiting an arbitrary amount of time, it will let the worker wait with pushing sign operations until the queue is not full. Adjustments in log messages.
Release Notes: This release adds bugfixes. Auditor now includes the zone name in the log. ldns 1.6.12 is required. ods-ksmutil suppresses database connection information when no -v flag is given. ods-enforcerd stops multiple instances of the enforcer from running. ods-ksmutil's "zone delete" renames the signconf file, so if the zone is put back, the signer will not pick up the old file. Signer Engine's verbosity can now be set via conf.xml (the default is 3).
Release Notes: This release uses "debug" instead of "warning" for the drudgers queue being full, and sleeps 10 ms if it is full, so it doesn't hog the CPU. This has increased signing speed on single core machines by a factor of 2.
Release Notes: This release adds bugfixes in the Enforcer, the Auditor, and the Signer.
Release Notes: A new signer engine, written in C, was added. Zones are maintained in memory, instead of in files on disk. The python and python-4suite-xml dependencies were removed. libhsm will skip processing (and not create) any public keys if the per repository option <SkipPublicKey/> is set. Keysharing was improved, so keys can now exist in different states on each zone for which the key is in use.
Release Notes: In Signer Engine, the correct TTL is used for RRs after the $INCLUDE directive, a new signature is created if TTL of RR has changed, and old NSEC/NSEC3 records are dropped. Some memory leaks were fixed in ods-ksmutil.
Release Notes: A new commandline option was added for the signer: ods-signer running. Connection to different MySQL ports is allowed in the Enforcer. The warning when converting M or Y to seconds has been toned down and is now explained. ldns 1.6.7 is required for bugfixes. dnsruby 1.51 is required for bugfixes.
Release Notes: A new signer engine, written in C. Zones are maintained in memory instead of in files on disk. The Python and python-4suite-xml dependencies have been removed. There is no longer separate autoconf for libhsm/conf/enforcer. An option to disable building the signer has been added. Signer logs statistics just after outputting a new signed zone. libhsm will skip processing (and not create) any public keys if the per-repository option <SkipPublicKey/> is set. Key sharing has been improved: keys can now exist in different states on each zone for which the key is in use.
Release Notes: A Partial Auditor was added. Communication of signconfs for multiple zones sharing keys was optimized. Jitter was redefined and is now in the range of [-jitter, ..., +jitter]. The sorter and zone_reader were was optimized. nseccing and nsec3ing were included, and nseccer and nsec3er become obsolete. A new EPP client was included for sending DS RR to the parent zone. It can be enabled using --enable-eppclient (experimental feature). A simple kasp2html conversion script was added. DNSKEY records are communicated to an external script if configured. Many bugs were fixed.
Release Notes: Since RC4, a broken path in ods-control was fixed. Known issues include the fact that the Auditor is slow for large zones, that KSK rollover requires manual timing, and that the software is too slow when handling a massive number of zones.