OpenDNSSEC 1.3.17 发布,DNS 安全扩展

发布于 2014年05月09日
收藏 6

OpenDNSSEC 是一个实现了 DNSSEC 的开源解决方案,用来在发布到认证的域名服务器之前保护 zone 数据。

Domain Name System Security Extensions (DNSSEC)DNS安全扩展,是由IETF提供的一系列DNS安全认证的机制(可参考RFC2535)。它提供了一种来源鉴定和数据完整性的扩展,但 不去保障可用性、加密性和证实域名不存在。

OpenDNSSEC 1.3.17 发布,改进记录包括:

  • Optimized storage in HSM,

  • logs the serial of signed zones in the STATS line,

  • provides NSEC3 records on empty non-terminals,

  • checks for the existence of SOA RRset, and extended the 'key list' command.

  • It fixed ods-ksmutil key import, date validation errors, and an off-by-one length check error in libhsm.

  • In libhsm, cleanup was improved for C_FindObjects.

  • The Signer Engine no longer replaces tabs in RRs with whitespace.

  • Possible memory corruption in hsm_get_slot_id was fixed.

  • A race condition when stopping the Signer Engine daemon was fixed.

  • enforcer and ods-ksmutil now have improved logging on key creation and allocation

转载请注明:文章转载自 开源中国社区 []
本文标题:OpenDNSSEC 1.3.17 发布,DNS 安全扩展