OpenDNSSEC 2.1.6 released

Published: Mon 10 February 2020

The OpenDNSSEC 2.1.6 release fixes a number of issues with regard to the key list that was displayed incorrectly (a regression error in 2.1.5) and a small memomry leak in the enforcer (which can add up if you bang the enforcer with a lot of commands). And also a serious signing error when using Combined Signing Keys (CSKs); only relevant if you combine KSK and ZSK in one. CSK users in particular now need this fix. Another nice fix is a reconnect to a MySQL/MariaDB database for which you do not have to adjust any database parameters.

The 2.1.6 release is available immediately from the download site.


  • OPENDNSSEC-913: verify database connection upon every use.
  • OPENDNSSEC-944: bad display of date of next transition (regression).
  • SUPPORT-250: missing signatures on using combined keys (CSK).
  • OPENDNSSEC-945: memory leak per command to enforcer.
  • OPENDNSSEC-946: unclean enforcer exit in case of certain config problems.
  • OPENDNSSEC-411: set-policy command to change policy of zone (experimental). Requires explicit enforce command to take effect.

For OpenDNSSEC 2.1.6 download and additional information:

software update