OpenDNSSEC

Version 1.3.0b1 of OpenDNSSEC has now been released. Enforcer: Stop import of policy if it is not consistent. ods-signer: The queue command will now also show what tasks the workers are working on. Signer Engine: Just warn if occluded zone data was ... [More] found, don’t stop signing process. Signer Engine: Simpler serial maintenance, reduces the number of conflicts. Less chance to hit [...] [Less]

Version 1.2.1 of OpenDNSSEC has now been released. ldns 1.6.9 is required for bugfixes. dnsruby-1.52 required for bugfixes. Bugfixes: Auditor: ‘make check’ now works when srcdir != builddir. Auditor: Include the ‘make check’ files in the tarball. ... [More] Enforcer: Fix the migration script for SQLite. Enforcer: Increase size of keypairs(id) field in MySQL to allow more than 32767 keys; see MIGRATION for details. Enforcer: Minor [...] [Less]

We are now working with the v1.3 release, which will add support for multithreaded signing. The current version of OpenDNSSEC only uses one thread when signing a single zone, which means that you will most likely not get the maximum performance out of your HSM. As our review of HSMs showed us, you’ll need to [...]

Getting OpenDNSSEC to run as a signer for a very large amount of zones is today not a trivial task. Running the software with a thousand zones is not a big deal. In this blog post I will outline how you can reach an even larger amount of zones – 50000 – using version 1.2.0 [...]

Version 1.2.0 of OpenDNSSEC has now been released. Bugfixes: Enforcer: Fixed a number of build warnings. Download the tarball from: opendnssec-1.2.0.tar.gz

We would like to present the report “A Review of Hardware Security Modules” that was published today. This report describes a technical review of four leading network based Hardware Security Modules performed during the fall of 2010. When deriving ... [More] the review point set the focus was primarily on security features and functionality used for DNSSEC applications. [...] [Less]

Version 1.2.0rc3 of OpenDNSSEC has now been released. Moved migration instructions to the file MIGRATION Bugfixes: Bugreport #199: The previous DB schema change made the zone removal broken. Enforcer: When retiring old KSK, use TTL(ds) and not ... [More] TTL(ksk). Enforcer: Minimize the set of DS RRs sent to DelegationSignerSubmitCommand. Enforcer: Replace tab with a space character in the DNSKEY printed to syslog. Enforcer: [...] [Less]

Version 1.2.0rc2 of OpenDNSSEC has now been released. Migration: There is a kasp schema change from the 1.1 branch (or trunk if you built prior to r3823). To make this transition you have 2 options: Run ods-ksmutil setup again. This will remove ... [More] _all_ the current information from the kasp database and start you off again with a fresh environment. If that is [...] [Less]

Version 1.2.0rc1 of OpenDNSSEC has now been released. New commandline option for the signer: ods-signer running. Allow connection to different MySQL ports in the Enforcer. Tone down and explain warning when converting M or Y to seconds ldns 1.6.7 is ... [More] required for bugfixes dnsruby 1.51 is required for bugfixes Migration: There is a kasp schema change from the 1.1 branch (or trunk [...] [Less]

Version 1.2.0b1 of OpenDNSSEC has now been released. News: A new signer engine, written in c. Zones are maintained in memory, instead of in files on disk. Removed the python and python-4suite-xml dependencies. Remove separate autoconf for ... [More] libhsm/conf/enforcer. Add option to disable building the signer. Signer logs statistics just after outputting a new signed zone. libhsm will skip processing (and not create) any [...] [Less]