OpenDNSSEC

Release Notes: 'ods-signer update' now reloads signconfs even if the zonelist has not changed. The Signer Engine now allow for classless IN-ADDR.ARPA names (RFC 2317). Enforcer now has indexes for foreign keys in the kasp DB (SQLite only, MySQL already has them) Signer Engine warns if it is in signer configuration but ods-auditor is not installed. If key export in ods-ksmutil finds nothing to do, it now says so rather than displaying nothing, which might be misinterpreted. A problem in Signer Engine where TTL on NSEC(3) was not updated on SOA Minimum change was fixed, as was a problem with "ods-ksmutil zone delete --all".

Release Notes: Signer Engine: always recover serial from backup, even if it is corrupted, preventing unnecessary serial decrementals. Enforcer: tries to detect pidfile staleness so that the daemon will start after a power failure. More bugfixes.

Release Notes: Signer Engine will check the HSM connection before use, and attempt to reconnect if it is not valid. Instead of waiting an arbitrary amount of time, it will let the worker wait with pushing sign operations until the queue is not full. Adjustments in log messages.

Release Notes: This release adds bugfixes. Auditor now includes the zone name in the log. ldns 1.6.12 is required. ods-ksmutil suppresses database connection information when no -v flag is given. ods-enforcerd stops multiple instances of the enforcer from running. ods-ksmutil's "zone delete" renames the signconf file, so if the zone is put back, the signer will not pick up the old file. Signer Engine's verbosity can now be set via conf.xml (the default is 3).

Release Notes: This release uses "debug" instead of "warning" for the drudgers queue being full, and sleeps 10 ms if it is full, so it doesn't hog the CPU. This has increased signing speed on single core machines by a factor of 2.