Today, we released version 4.1.24 of the authoritative DNS name server NSD.
This version has a fix for a bug in resigning zones with different NSEC3 salt, where NSD would not pick up the NSEC3PARAM record, and serve answers that omit NSEC3 records. NSD is now lenient and when NSEC3PARAMs exist that point to nonworking NSEC3 chains, NSD attempts to find an alternative NSEC3PARAM with NSEC3 records.
It is possible to use nsd-control over a command pipe, without using TLS, by setting the name of the control socket file. Access permissions on that file then act as the access control. No TLS is used, because it is not network traffic, and this is likely faster.
Also systemd support is added for readiness signalling. Enabled with use-systemd: yes.
You can get source packages of this version from the downloads page.