OpenDNSSEC 是一个实现了 DNSSEC 的开源解决方案,用来在发布到认证的域名服务器之前保护 zone 数据。
Domain Name System Security Extensions (DNSSEC)DNS安全扩展,是由IETF提供的一系列DNS安全认证的机制(可参考RFC2535)。它提供了一种来源鉴定和数据完整性的扩展,但不去保障可用性、加密性和证实域名不存在。
OpenDNSSEC 1.3.17 发布,改进记录包括:
Optimized storage in HSM,
logs the serial of signed zones in the STATS line,
provides NSEC3 records on empty non-terminals,
checks for the existence of SOA RRset, and extended the 'key list' command.
It fixed ods-ksmutil key import, date validation errors, and an off-by-one length check error in libhsm.
In libhsm, cleanup was improved for C_FindObjects.
The Signer Engine no longer replaces tabs in RRs with whitespace.
Possible memory corruption in hsm_get_slot_id was fixed.
A race condition when stopping the Signer Engine daemon was fixed.
enforcer and ods-ksmutil now have improved logging on key creation and allocation
项目主页:http://www.opendnssec.org/
下载地址:http://www.opendnssec.org/download/
来自:开源中国社区
