Major enhancements
DNS Adapters
OpenDNSSEC now supports both input and output adapters for AXFR and IXFR in addition to file transfer.
PIN Storage
The HSM PIN can now be omitted from the conf.xml file and entered via the 'ods-hsmutil login' command instead for increased security.
Auditor is deprecated
The auditor is no longer supported in 1.4. This greatly reduced the dependencies of OpenDNSSEC, namely it no longer depends on Ruby. Alternative validation tools are described here.
Minor enhancements
(Some enhancements are also available in later 1.3 releases - see the 1.3 release NEWS file)
ods-ksmutil: one step 'key backup' is deprecated
The command
is deprecated - for more details see ods-ksmutil backup
ods-ksmutil/enforcer enhancements
- ods-ksmutil key list: key size, algorithm and next key state are included in output when -v flag is used
- ods-ksmutil rollover list: more information displayed on the KSKs waiting for the ds-seen command when the -v flag is used
- ods-ksmutil key generate: now displays how many keys will be generated and presents the user with the opportunity to stop the operation.
- Optionally include CKA_ID in output of the DelegationSignerSubmitCommand
Signer enhancements
Database
Versioning and Support Policy
The versioning scheme used for releases and the release maintenance policy have both been updated as of 1.4. Please see the Release Management Process for details.
Bug fixes
A full list of bug fixes and issue numbers can be found in the 1.4 release NEWS file.
A summary of the updates in 1.4.0 that are not in 1.3.13 can be found here.
Notes
The 'Multi-threaded enforcer' feature (which was available in earlier beta versions of 1.4) was removed from the 1.4 release due to issues with the implementation. Note that the 2.0 release will deliver significant performance improvements for running with many zones.