OpenDNSSEC 1.3.1 released
Posted on 07 September 2011.
Internet engineers continue to enhance Internet security with the release of OpenDNSSEC, a tool which simplifies the process of signing one or more zones with DNSSEC. OpenDNSSEC handles the entire process, including secure key management and rollover issues. With OpenDNSSEC, fewer manual operations are needed by the operator.

OpenDNSSEC ensures that all the steps in signing process are done in the correct order and at the right time, making sure that nothing breaks. The issue of storing the private keys associated with DNSSEC signing has been handled using so-called HSMs (Hardware Security Modules), so that the private keys can not be leaked to an unauthorized third party.

OpenDNSSEC works in all Unix-like operating systems and is suitable both for those who will only sign a single large zone (such as top-level domains) and those who have many small zones (e.g. web hotels, ISPs).

Bugfixes in OpenDNSSEC 1.3.1:

  • Fix ‘ZSK in use too long’ message to handle new signer behaviour.
  • RHEL6 patch to contrib/opendnssec.spec. (Rick van Rein)
  • Make sure argument in “ods-control signer” is not stripped off.
  • ods-ksmutil: Prevent MySQL username or password being interpreted by the shell when running “ods-ksmutil setup”.
  • “ods-ksmutil zone list” now handles empty zonelists.
  • Enforcer: Unsigned comparison resulting in wrong error message.
  • ods-ksmutil: fixed issue where first ds-seen command run on a zone would work, but return an error code and not send a HUP to the enforcerd.
  • Signer Engine: A threading issue occasionally puts the default validity on NSEC(3) RRs and the denial validity on other RRs.
  • Signer Engine: An update command could interrupt the signing process and the zone would get missing signatures.
  • Signer Engine: Fix an issue where some systems could not copy the zone file.
  • Zonefetcher: Check inbound serial in transferred file, to prevent redundant zone transfers.





Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //