Skip to content

Releases: NLnetLabs/cascade

0.1.0-alpha5 'Colline de la Croix'

21 Nov 16:31
@bal-e bal-e
v0.1.0-alpha5
07ba70c

Choose a tag to compare

View all tags
0.1.0-alpha5 'Colline de la Croix' Pre-release
Pre-release

Welcome to another release of Cascade, our new DNSSEC signer.

Check out the launch release notes to learn more about Cascade.

This release fixes some long-standing issues, relating to configuration files and DNSSEC rollover policies.

Our continued thanks to @jpmens, @bortzmeyer, and @gryphius for trying out Cascade.

Breaking changes

  • cascade config reload has been removed. Configuration can only be reloaded
    by restarting Cascade. The command was never fully supported, since changes
    to many configuration settings would be ignored. (#330 by @bal-e)

New

  • cascade debug change-logging can be used to change how Cascade logs
    information at runtime, which is a useful debugging aid. This functionality
    was previously provided by cascade config reload. (#330 by @bal-e)

  • cascade status keys now prints information about DNSSEC keys and rollovers,
    across all known zones. It will prioritize keys with the soonest rollover
    actions. (#288 by @tertsdiepraam)

Bug fixes

  • Changes to the [key-manager] section in zone policy will now propagate those
    changes into existing zones for that policy. (#355 by @Philip-NLnetLabs)

  • The threads spawned by Cascade are now named cascade-worker instead of
    generic names like tokio-worker. (#356 by @tertsdiepraam)

Documentation improvements

  • Note incompatibility with NitroKey v2.0.0 PKCS#11 module (#357 by @ximon18)

  • Note file access limitations for review scripts (#358 by @tertsdiepraam)

Contributors

jpmens, bortzmeyer, and 5 other contributors
Loading

0.1.0-alpha4 'Mont-Royal'

07 Nov 12:54
@bal-e bal-e
v0.1.0-alpha4
3bd3166

Choose a tag to compare

View all tags
0.1.0-alpha4 'Mont-Royal' Pre-release
Pre-release

Welcome to another release of Cascade, our new DNSSEC signer.

Check out the launch release notes to learn more about Cascade.

This release makes some small quality-of-life changes, primarily thanks to @tertsdiepraam.

Our continued thanks to @jpmens, @bortzmeyer, and @gryphius for trying out Cascade.

New

Bug fixes

  • Zone parsing errors now cause a soft-halt instead of a hard-halt (#280 by @tertsdiepraam)
  • Signing statistics now present accurate values related to NSEC(3) (#271 by @bal-e)

Other changes

Documentation improvements

Contributors

jpmens, bortzmeyer, and 4 other contributors
Loading

0.1.0-alpha3 'Rue des Cascades'

24 Oct 14:41
@bal-e bal-e
v0.1.0-alpha3
2c934d0

Choose a tag to compare

View all tags
0.1.0-alpha3 'Rue des Cascades' Pre-release
Pre-release

Welcome to another release of Cascade, our new DNSSEC signer.

Check out the launch release notes to learn more about Cascade.

This release primarily expands on the documentation, but also fixes a few important bugs.

Many thanks go to @jpmens and @bortzmeyer for trying out the alpha release of Cascade, reporting issues, and even submitting PRs.

Breaking changes

  • Cascade now loads configuration files when it (re)starts, instead of waiting
    for an explicit cascade config reload command. (#258 by @bal-e)

Bug fixes

  • The Cascade CLI only produces color output on terminals, while respecting
    relevant environment variables. Previously it would unconditionally output
    color, even when called from a script or in a pipeline. (#256 by
    @tertsdiepraam)

  • Errors from cascade keyset will no longer halt the pipeline (#265 by
    @tertsdiepraam)

  • Resolve systemd startup failure (#233 by @ximon18)

Documentation improvements

Contributors

jpmens, bortzmeyer, and 5 other contributors
Loading

0.1.0-alpha2 'Cascader la vertu'

17 Oct 11:50
@ximon18 ximon18
v0.1.0-alpha2
b334866
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
0.1.0-alpha2 'Cascader la vertu' Pre-release
Pre-release

Welcome to another release of Cascade. our new DNSSEC signer.

Check out the launch release notes to learn more about Cascade.

This release fixes a number of bugs and adds a few usability improvements, plus we've continued to expand on the documentation. Keep watching, more to come!

Many thanks go to @jpmens and @bortzmeyer for trying out the alpha release of Cascade and extensively reporting the issues they found.

New

  • Added a cascade health CLI subcommand by @ximon18 ([#208])
  • Added a cascade status CLI subcommand by @ximon18 ([#211])
  • Add CASCADE_SERVER_IP and CASCADE_SERVER_PORT environment variables for
    review hooks by @mozzieongit ([#213])

Bug fixes

  • Resume the pipeline when a new zone is loaded by @bal-e and @ximon18 ([#153])
  • Fix confusing error message when dnst is missing by @mozzieongit ([#158])
  • Fix panic when started via systemd due to "No such device or address" by
    @mozzieongit ([#163])
  • Set default CLASS for loaded zone files to IN by @mozzieongit ([#164])
  • Fix home directory for useradd cascade in packages by @mozzieongit ([#171])
  • Crashes when server not specified by @mozzieongit ([#172])
  • "The TTL of the RRSIG exceeds the value of its Original TTL field" by
    @ximon18 ([#174])
  • Fix error on startup "Could not load the state file: invalid type: map,
    expected a string" by @mozzieongit ([#184], [#189])
  • Ensure dnst keyset warnings are logged and included in zone history
    by @ximon18 ([#207])
  • Fix "Cannot acquire the queue semaphore" causing signing to be cancelled
    by @ximon18 ([#209])

Other changes

  • Introduce stdout/stderr log targets to replace using File to log to stdout by
    @mozzieongit ([#176])
  • Check for compatible dnst on startup by @mozzieongit ([#180])
  • Use MultiThreadedSorter for faster sorting before signing by @ximon18
    ([#219])
  • Pre-create /etc/cascade/policies when installing via DEB/RPM package ([#233])
  • Set homepage and documentation properties in Cargo.toml by @maertsen
    (98d988d)

Documentation improvements

  • Add documentation about integrating with a SmartCard-HSM by @jpmens ([#191])
  • Make it clear that state is human-readable but not writable by @mozzieongit
    and @maertsen ([#188])
  • Explicitly mention the need for config reload in the config file format man
    page by @mozzieongit ([#181])
  • Use proposed/testing names where appropriate by @ximon18 ([#170])
  • Fix the "unit-time" policy setting documentation by @jpmens ([#167])
  • Remove non-existing variable in example review script comment by @jpmens
    ([#196])
  • Add an intro to DNSSEC and a Glossary by @AlexanderBand ([#206])
  • Don't fail to show signing statistics for a finished signing operation when
    a signing operation was subsequently aborted by @ximon18 ([#210])
  • Improve documentation about review hooks by @mozzieongit ([#216])
  • Simplify review script example mention need for faster sorting before
    signing by @mozzieongit ([#218])
  • Add key management documentation by @Philip-NLnetLabs ([#225])
  • Add approve/reject to cascade-zone man page by @ximon18 ([#227])
  • Note steps required to upgare an alpha version of Cascade by @ximon18 ([#230])
  • Document that some policy options also require a restart by @mozzieongit
    (6cdc126)
  • Remove a broken link by @ximon18 (bbae66a)

Contributors

jpmens, bortzmeyer, and 6 other contributors
Loading

0.1.0-alpha 'Globen'

07 Oct 10:02
@ximon18 ximon18
v0.1.0-alpha
be525f4
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
0.1.0-alpha 'Globen' Pre-release
Pre-release

We are pleased to announce the first release of Cascade, version 0.1.0-alpha ‘Globen’.

Cascade is a purpose-built, standalone DNSSEC signer, shaped by the real-world demands of TLD operators. Written from the ground up in Rust forsafety, stability and speed, Cascade will be the next generation DNSSEC signing solution. For 15 years OpenDNSSEC served the DNSSEC community as a trusted DNSSEC signer. With the end-of-life announcement of OpenDNSSEC the future begins here with Cascade, a DNSSEC signer updated for a new era of DNSSEC signing.

As an alpha release please do not use this in production. Our goal with this release is to enable operators to try out Cascade and to gather feedback. With a first production ready version expected in the first half of 2026, your feedback is key and will shape the development of Cascade as we steam ahead.

From the start we are offering packages for installation on major operating systems and documentation to guide you. Cascade is a work-in-progress but is already capable of signing to match your workflow including automatic or manual key rollovers, built-in approval gates that let you run your own scripts to prevent a bad zone escaping into the wild, and with support for both on-disk and HSM signing keys.

And of course as with all our products we will offer paid support contracts for Cascade whether to help you migrate or be there if you need us.

Read all about the vision behind Cascade in our earlier blog post, and get started today with our packages and documentation. If the documentation doesn't answer your question or give you the guidance you need, keep checking back, Cascade is being actively developed and documented. Even better, let us know what we're missing by opening a GH issue or sending an email to [email protected] and we'll get right on it.

To try out Cascade right now follow the installation instructions in the manual.

Related links:

Loading