[Opendnssec-develop] too many new signatures?

Matthijs Mekking matthijs at NLnetLabs.nl
Thu Nov 19 22:12:58 UTC 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I did made a fix which had as side effect the signatures from the
.signed file were not checked, but I reverted in r2466.

- From the logs I see that the number of created signatures differ. Do you
now why that could be?

Providing the signconf.xml (partially) could give more insight.

Thanks,

Matthijs



Patrik Wallström wrote:
> This is how it currently looks in my .SE test environment. 2 day  
> signatures with 6h jitter. It should not look like this after a couple  
> of days signing:
> 
> Nov 19 07:17:12 dnssecsigner ods-signerd: Created 237163 new signatures
> Nov 19 07:25:08 dnssecsigner ods-signerd: Created 882734 new signatures
> Nov 19 09:25:39 dnssecsigner ods-signerd: Created 882842 new signatures
> Nov 19 11:17:12 dnssecsigner ods-signerd: Created 160163 new signatures
> Nov 19 11:25:02 dnssecsigner ods-signerd: Created 882988 new signatures
> Nov 19 13:25:39 dnssecsigner ods-signerd: Created 883109 new signatures
> 
> I am running trunk revision 2470. From the last run:
> 
> ; Last refresh stats: existing: 0, removed 0, created 883109
> 
> This is the content of the tmp-dir:
> 
> -rw-r--r-- 1 opendnssec pkcs11 144844591 2009-11-19 13:17 se.nsecced
> -rw-r--r-- 1 opendnssec pkcs11  92338975 2009-11-19 13:17 se.processed
> -rw-r--r-- 1 opendnssec pkcs11 383978634 2009-11-19 13:25 se.signed
> -rw-r--r-- 1 opendnssec pkcs11  91727158 2009-11-18 18:02  
> se.signed.sorted
> -rw-r--r-- 1 opendnssec pkcs11  92252223 2009-11-19 13:16 se.sorted
> -rw-r--r-- 1 opendnssec pkcs11 109717100 2009-11-19 13:15 se.unsorted
> 
> So it seems that it cannot reuse the old signatures.
> 
> Yes, I move the signed zone file from signed/ when I see it and  
> deliver it to my destination.
> 
> Anybody else seen this or who has any ideas?
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBAgAGBQJLBcLkAAoJEA8yVCPsQCW5Vr4IANFkIr0/r2fzJo5CcmcJuwxf
ngagZ7hVDkUpRC5Eq8S4YiVArVm/aAwF8VXYt1wleq7MGM4DkyzOE2TBh8ft2gSH
yvXX/2C0K3rRiXUXO0X7VP9RjqU93csI2ROt0HPbm4qhz1BcoJ9eCb0NT0jpkUiU
VejXr+4U1eXZJgvm/BTh7qokpZbwOMDMfxDnjbPZLg7J6Zjexwh6EcFHf0t6vRb2
ckE45wvI1qkALMfciwHvqzRv3B1heL/pzaa4BBFAedf9Xi6r8DdRWpFauHHMxEA1
Uqq8g2c1ECLcbLACMSAD+/wZYL+dJ2OYF7hAZwXR9w+oRMSkvMojMc7k3i2fZ1o=
=7nmO
-----END PGP SIGNATURE-----

More information about the Opendnssec-develop mailing list