[ldns-users] First candidate for ldns-1.9.0 release

Willem Toorop willem at nlnetlabs.nl
Thu Nov 27 14:45:12 UTC 2025 

Dear all,

We have a new candidate for the upcoming 1.9.0 release of ldns. This 
release contains a few bugfixes and other easy to apply changes, 
primarily from ready to merge, easy to review and good quality 
contributions in the form of github pull requests.

The most prominent fix is for the bug where ldns would, break TXT RRset 
signing when a WALLET RR is present at the same name. At the apex this 
would break records responsible for SPF and/or domain control validation 
(see https://github.com/NLnetLabs/ldns/issues/285 )

Please review this release candidate carefully and let us know if 
anything is wrong.  If all is well, the actual release will follow 
Thursday the 4th of December 2025.


link  : https://nlnetlabs.nl/downloads/ldns/ldns-1.9.0-rc.1.tar.gz
sha256: 610c24fd5059612c0d7ad16315dbd2f28186cc81e9ff8e39d992aba7d3a31016
asc   : https://nlnetlabs.nl/downloads/ldns/ldns-1.9.0-rc.1.tar.gz.asc


Changelog
=========
1.9.0    2025-12-??
   * PR #246: Make ldns_calc_keytag() available for CDNSKEY RR
     Thanks tgreenx and pnax
   * PR #247: Make ldns_key_rr2ds() available for CDNSKEY RR
     Thanks tgreenx
   * PR #248: Make ldns_rr_compare_{ds,ds_dnskey}() available for
     CDS and CDNSKEY RRs. Thanks tgreenx
   * PR #245: Make drill trace use IPv6 when used with -6
     Thanks Paul Radford
   * Fix #254: Unquoted "value" rdata for CAA records fail to validate.
     Follows the long string unquoted syntax from RFC8659, section 4.1.1.
   * Fix #266: ldns-read-zone -u fails if a type is the only type in a
     window and the type modulo 256 is equal to zero.
   * Fix #271: Intermittent build failure with multi-job
     builds (make -j).
   * Add ldns-verify-zone -s option. It checks all signature results,
     instead of passing by when one RRSIG validates. That prints output
     for spurious RRSIGs, the failures for them.
   * Fix RR types NSAP-PTR, GPOS and RESINFO to print unquoted strings.
   * Fix memory leak when trying to read zones that have equal RRs.
     the ldns_dnssec_*_add_rr() functions now return LDNS_STATUS_EQUAL_RR
     when an already existing RR is tried to be added. This is a API
     change, hence this also bumps the version to 1.9.0
   * PR #282: ensure returning pkt with LDNS_STATUS_OK. Thanks grobian.
   * PR #286: Fix RR Type AMTRELAY type nogateway, to print relay '.',
     and memory leaks in parsing it.
   * DSYNC is no longer a draft RR type and compiled by default
   * RFC 9824 support: Compact Denial of Existence in DNSSEC
   * The HHIT and BRID draft RR types
   * PR #249: If RNG is already seeded, return early.
     Thanks crrodriguez
   * PR #221: Improve error messages. Thanks jschauma
   * PR #256: Use SWIG_AppendOutput to support swig 4.3
     Thanks pemensik
   * PR #188: Homogenize paths for source files during compilation
     Thanks duthils
   * Fix #283: ldns-walk fails after update from 1.8.3 to 1.8.4
     Thanks jschauma
   * PR #200: Allow compiled tests to link to ldns statically via
     environment variable. Thanks FGasper and pemensik
   * PR #220: Optionally exclude ZONEMD RRs in ldns-compare-zone
     Thanks gjherbiet
   * Fix #285: A WALLET RR breaks TXT signing. Thanks bortzmeyer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE5F8F8212F77A498_and_old_rev.asc
Type: application/pgp-keys
Size: 7749 bytes
Desc: OpenPGP public key
URL: <http://lists.nlnetlabs.nl/pipermail/ldns-users/attachments/20251127/5b2c619d/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/ldns-users/attachments/20251127/5b2c619d/attachment-0001.bin>

More information about the ldns-users mailing list