* OPENDNSSEC-226: Change in conf.xml: Configure the DNS listener IP address
with /Listener/Interface/Address instead of /Listener/Interface/IPv{4,6}.
* OPENDNSSEC-249: ods-ksmutil: If key export finds nothing to do then say so
rather than display nothing which might be misinterpreted.
* OPENDNSSEC-262: Signer Engine: Make DNS Adapter ACL optional.
* OPENDNSSEC-263: Signer Engine: Added EDNS0 support, so that zone transfers
and SOA requests with OPT RRs are possible.
* Enforcer: Add indexes for foreign keys. (sqlite only, MySQL already has them.)
Bugfixes:
* OPENDNSSEC-259: Signer Engine: Fix assertion failure for outbound AXFR for
large zones.
* OPENDNSSEC-264: Signer Engine: Fix assertion error on reading IXFR from
backup.
* OPENDNSSEC-265: Signer Engine: Fix crash in corner cases when signing zone
with NSEC3 and Opt-out.
* OPENDNSSEC-267: Signer Engine: Sign NOTIFY OK response with TSIG, if present
in the query and ACL.
OpenDNSSEC 1.4.0a1
* Auditor: The Auditor has been removed.
* Enforcer: Key label logging upon deletion (#192 Sebastian Castro)
* Enforcer: Stop multiple instances of the Enforcer running by checking for
the pidfile at startup. If you want to run multiple instances then a
different pidfile will need to be specified with the -P flag.
* Enforcer/ods-ksmutil: Use TTLs from KASP when generating DNSKEY and DS
records for output.
* Enforcer/ods-ksmutil: Give a more descriptive error message if the
<Datastore> tag in conf.xml does not match the database-backend set at
compile time.
* ods-ksmutil: Add warnings on "key export --ds" if no active or ready keys
were seen, or if both were seen (so a key rollover is happening).
* ods-ksmutil: Prevent MySQL username or password being interpreted by the
shell when running "ods-ksmutil setup"
* ods-ksmutil: "zone delete" renames the signconf file; so that if the zone is
put back the signer will not pick up the old file.
* ods-ksmutil: "key delete" added. It allows keys that are not currently in
use to be deleted from the database and HSM.
* OPENDNSSEC-1: Enforcer: Check DelegationSignerSubmitCommand exists and can
be executed by ods-enforcerd.
* OPENDNSSEC-10: ods-ksmutil: Include key size and algorithm in "key list"
with -v flag.
* OPENDNSSEC-28: ods-ksmutil: "key list" shows next state with -v flag.
* OPENDNSSEC-35: ods-ksmutil: "rollover list -v" now includes more information
on the KSKs waiting for the ds-seen command.
* OPENDNSSEC-83: ods-ksmutil: "key generate" now displays how many keys will
be generated and presents the user with the opportunity to stop the
operation.
* OPENDNSSEC-124: ods-ksmutil: Suppress database connection information when
no -v flag is given.
* Signer Engine: Input and Output DNS Adapters.
* Signer Engine: Zonefetcher has been removed.
Known issues:
* Signer Engine: The backup files do not work correctly in this alpha release.
Bugfixes:
* Bugfix #246: Less confusing text for XML validation in ods-kaspcheck.
* ods-ksmutil: "update kasp" now reflects changes in policy descriptions.
* ods-ksmutil: Policy descriptions now have special characters quoted.
* ods-ksmutil: Fix typo in policy export with NSEC3.
97e4133a18