From jelte at NLnetLabs.nl Mon Jun 2 13:53:11 2008 From: jelte at NLnetLabs.nl (Jelte Jansen) Date: Mon, 02 Jun 2008 15:53:11 +0200 Subject: [ldns-users] ldns 1.3.0 Message-ID: <4843FB47.40905@NLnetLabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, ldns 1.3.0 is here! Full changelog below this message. Project page: http://www.nlnetlabs.nl/ldns Direct download: http://www.nlnetlabs.nl/downloads/ldns-1.3.0.tar.gz Sha1sum: 9b05ea3ae23f973345de89936c59ad79f77aeccf Thanks to everyone involved for sending in bugs and patches. Jelte Jansen NLnet Labs - --------------------------------- ldns 1.3.0 Changelog: Base library: * Added a new family of functions based around ldns_dnssec_zone, which is a new structure that keeps a zone sorted through an rbtree and links signatures and NSEC(3) records directly to their RRset. These functions all start with ldns_dnssec_ * ldns_zone_sign and ldns_zone_sign_nsec3 are now deprecated, but have been changed to internally use the new ldns_dnssec_zone_sign(_nsec3) * Moved some ldns_buffer functions inline, so a clean rebuild of applications relying on those is needed (otherwise you'll get linker errors) * ldns_dname_label now returns one extra (zero) byte, so it can be seen as an fqdn. * NSEC3 type code update for signing algorithms. * DSA key generation of DNSKEY RRs fixed (one byte too small). * Added support for RSA/SHA256 and RSA/SHA512, as specified in draft-ietf-dnsext-dnssec-rsasha256-04. The typecodes are not final, and this feature is not enabled by default. It can be enabled at compilation time with the flag --with-sha2 * Added 2wire_canonical family of functions that lowercase dnames in rdata fields in resource records of the types in the list in rfc3597 * Added base32 conversion functions. * Fixed DSA RRSIG conversion when calling OpenSSL Drill: * Chase output is completely different, it shows, in ascii, the relations in the trust hierarchy. Examples: * Added ldns-verify-zone, that can verify the internal DNSSEC records of a signed BIND-style zone file * ldns-keygen now takes an -a argument specifying the algorithm, instead of -R or -D. -a list show a list of supported algorithms * ldns-keygen now defaults to the exponent RSA_F4 instead of RSA_3 for RSA key generation * ldns-signzone now has support for HSMs * ldns-signzone uses the new ldns_dnssec_ structures and functions which improves its speed, and output; RRSIGS are now placed directly after their RRset, NSEC(3) records directly after the name they handle Contrib: * new contrib/ dir with user contributions * added compilation script for solaris (thanks to Jakob Schlyter) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhD+0cACgkQ4nZCKsdOncUG3wCgo/y7Zr/Z3Jn2l2w6pNfD0Of+ XvsAoN4Cl84Vcn0FBWQ3+ama5IuOYZ2J =6udZ -----END PGP SIGNATURE-----