# SSSD 2.9.6
The SSSD team is announcing the release of version 2.9.6 of the System Security Services Daemon. The tarball can be downloaded from: https://github.com/SSSD/sssd/releases/tag/2.9.6
Note that this is the latest release of 2.9.x LTM branch.
See the full release notes at: https://sssd.io/release-notes/sssd-2.9.6.html
RPM packages will be made available for Fedora shortly.
## Feedback
Please provide comments, bugs and other feedback via the sssd-devel or sssd-users mailing lists: https://lists.fedorahosted.org/mailman/listinfo/sssd-devel https://lists.fedorahosted.org/mailman/listinfo/sssd-users
# SSSD 2.9.6 Release Notes
## Highlights
### General information
* The DoT for dynamic DNS updates is supported now. It requires new version of `nsupdate` from BIND 9.19+.
* The option `default_domain_suffix` is deprecated. Consider using the more flexible `domain_resolution_order` instead.
### Important fixes
* When the `DP_OPT_DYNDNS_REFRESH_OFFSET` enumerator was created, the associated `struct dp_option` was not. Because these structures are part of an array and the enumerator is used as the index, the wrong structure would be accessed when trying to use this index. This problem was fixed by creating the missing structure.
### Configuration changes
* The `dyndns_server` option is extended so it can be in form of URI (`dns+tls://1.2.3.4:853#servername`). New set of options `dyndns_dot_cacert`, `dyndns_dot_cert` and `dyndns_dot_key` allows to configure DNS-over-TLS communication.
* Added `exop_force` value for configuration option `ldap_pwmodify_mode`. This can be used to force a password change even if no grace logins are left. Depending on the configuration of the LDAP server it might be expected that the password change will fail.
sssd-users@lists.fedorahosted.org