<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=gb2312" http-equiv=Content-Type>
<STYLE>
BLOCKQUOTE {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; MARGIN-LEFT: 2em
}
OL {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
UL {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
P {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
BODY {
LINE-HEIGHT: 1.5; FONT-FAMILY: ΢ÈíÑźÚ; COLOR: #000000; FONT-SIZE: 10.5pt
}
</STYLE>
<META name=GENERATOR content="MSHTML 8.00.7601.17514"></HEAD>
<BODY style="MARGIN: 10px">
<DIV>Hi All,</DIV>
<DIV> </DIV>
<DIV>We are doing automatic testing with opendnssec-1.4.0rc2 using INBOUND
Adapter and OUTBOUND Adapter both configured DNS and two BINDs used as the
inbound source and outbound source respectively.</DIV>
<DIV> </DIV>
<DIV>We use a shell script to add 100 domains to the inbound BIND every 10
minutes and each with 2 DS RRs, 1 NS RR and 1 A RR.</DIV>
<DIV> </DIV>
<DIV>At first, it works great and the signing process is smooth, too.</DIV>
<DIV>But after a day's testing, we have observed that after a time signerd
failed to sign the incoming RRs (or even failed to receive them) and the check
script got NXDOMAIN from the outbound BIND, let alone the RRSIGs.</DIV>
<DIV> </DIV>
<DIV>We tried to restart opendnssec proceses to check where the problem was
and found that after restarting, all the missing RRs are received by opendnssec
and signed successfully via AXFR, now we can get</DIV>
<DIV>NOERROR from the outbound BIND.</DIV>
<DIV> </DIV>
<DIV>We have got two logs from opendnssec for you to troubleshoot.</DIV>
<DIV>We did the same nsupdate processes (one domain with 2 DS RRs, 1 NS RR and 1
A RR) to the inboud BIND before and after restarting opendnssec and get failed
suffixed and restart suffixed logs.</DIV>
<DIV> </DIV>
<DIV>I hope that will help, thank you.</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>Best regards,</DIV>
<DIV>Stuart</DIV></BODY></HTML>