The OpenDNSSEC 2.1.6 release fixes a number of issues with regard to the key list that was displayed incorrectly (a regression error in 2.1.5) and a small memomry leak in the enforcer (which can add up if you bang the enforcer with a lot of commands). And also a serious signing error when using Combined Signing Keys (CSKs); only relevant if you combine KSK and ZSK in one. CSK users in particular now need this fix. Another nice fix is a reconnect to a MySQL/MariaDB database for which you do not have to adjust any database parameters.
The 2.1.6 release is available immediately from the download site.
- OPENDNSSEC-913: verify database connection upon every use.
- OPENDNSSEC-944: bad display of date of next transition (regression).
- SUPPORT-250: missing signatures on using combined keys (CSK).
- OPENDNSSEC-945: memory leak per command to enforcer.
- OPENDNSSEC-946: unclean enforcer exit in case of certain config problems.
- OPENDNSSEC-411: set-policy command to change policy of zone (experimental). Requires explicit enforce command to take effect.
For OpenDNSSEC 2.1.6 download and additional information: