OpenDNSSEC 1.3.1 released
Posted on 07 September 2011.
Internet engineers continue to enhance Internet security with the release of OpenDNSSEC, a tool which simplifies the process of signing one or more zones with DNSSEC. OpenDNSSEC handles the entire process, including secure key management and rollover issues. With OpenDNSSEC, fewer manual operations are needed by the operator.

OpenDNSSEC ensures that all the steps in signing process are done in the correct order and at the right time, making sure that nothing breaks. The issue of storing the private keys associated with DNSSEC signing has been handled using so-called HSMs (Hardware Security Modules), so that the private keys can not be leaked to an unauthorized third party.

OpenDNSSEC works in all Unix-like operating systems and is suitable both for those who will only sign a single large zone (such as top-level domains) and those who have many small zones (e.g. web hotels, ISPs).

Bugfixes in OpenDNSSEC 1.3.1:

  • Fix ‘ZSK in use too long’ message to handle new signer behaviour.
  • RHEL6 patch to contrib/opendnssec.spec. (Rick van Rein)
  • Make sure argument in “ods-control signer” is not stripped off.
  • ods-ksmutil: Prevent MySQL username or password being interpreted by the shell when running “ods-ksmutil setup”.
  • “ods-ksmutil zone list” now handles empty zonelists.
  • Enforcer: Unsigned comparison resulting in wrong error message.
  • ods-ksmutil: fixed issue where first ds-seen command run on a zone would work, but return an error code and not send a HUP to the enforcerd.
  • Signer Engine: A threading issue occasionally puts the default validity on NSEC(3) RRs and the denial validity on other RRs.
  • Signer Engine: An update command could interrupt the signing process and the zone would get missing signatures.
  • Signer Engine: Fix an issue where some systems could not copy the zone file.
  • Zonefetcher: Check inbound serial in transferred file, to prevent redundant zone transfers.


Credential manager system used by Cisco, IBM, F5 has been breached

Pearson VUE is part of Pearson, the world's largest learning company. Over 450 credential owners (including IT organizations such as IBM, Adobe, etc.) across the globe use the company's solutions to develop, manage, deliver and grow their testing programs.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Nov 25th