OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
|Tags||DNS Internet Security Registry dnssec infrastructure tld registrar|
|Operating Systems||Unix RHEL Linux OpenBSD FreeBSD NetBSD Fedora Debian Ubuntu Mac OS X|
|Implementation||C C++ Python Ruby ldns|
Release Notes: SUPPORT-42: ./configure fails on FreeBSD (or if ldns is not installed in a directory in the default search path of the complier). OpenDNSSEC does not compile against ldns 1.6.16 on platforms that rely on the OpenDNSSEC implementation of strlcpy/cat.
Release Notes: NSEC3PARAM TTL should be set to zero. Bugfixes: OPENDNSSEC-306 (can't delete zone until Enforcer made signerconf); OPENDNSSEC-281 (Commandhandler was sometimes unresponsive); OPENDNSSEC-299 (ods-ksmutil <enter> now includes policy import); OPENDNSSEC-300 (ods-ksmutil policy purge documented with a warning); OPENDNSSEC-338 (fixes zone deletion on MySQL in ods-ksmutil (broken by SUPPORT-27)); OPENDNSSEC-342: auditor comparisons made case-insensitive; and OPENDNSSEC-345 (in ods-ksmutil, use ods-control to HUP the enforcerd process).
Release Notes: This version is recommended for testing only, not for use in production environments. The PIN is now optional in conf.xml. A multi-threaded option is available for the enforcer to improve performance (MySQL only). Signer Engine: The <ProvideTransfer>, <Notify>, <AllowNotify>, and <RequestTransfer> elements are now optional, but if provided they require one or more <Peer> or <Remote> elements.
Release Notes: For Enforcer, this release provides performance optimization of database access. For ods-ksmutil, it simplifies zone deletion so it only marks keys as dead (rather than actually removing them), leaving key removal to purge jobs.
Release Notes: This alpha release features a new signer with AXFR and IXFR for both the input and output adapters.