This release contains two changes that avoid some problems with certain HSM configuration, one of them is SoftHSMv2 in database back-end mode. This can lead to temporarily not being able to sign zones, hence upgrading is really recommended. It does not occur on all systems and configurations though.
The 2.1.9 release is available immediately from the download site.
- OPENDNSSEC-955: Prevent concurrency between certain valid PKCS#11 HSM operations to avoid some keys to be (transiently) unavailable.
- OPENDNSSEC-956: Harden signing procedure to still sign zones for which there are unused keys specified in the zone which are unavailable.
For OpenDNSSEC 2.1.9 download and additional information: