[Opendnssec-develop] number of signatures generated
Patrik Wallström
patrik.wallstrom at iis.se
Wed Oct 28 13:43:55 UTC 2009
I really don't understand the logging messages I see when test-signing
the .SE zone.
This is what is appended to the end of the signed zone:
; Last refresh stats: existing: 870678, removed 1, created 6143
The number of generated signatures corresponds to the log message:
Oct 28 12:29:13 dnssecsigner ods-signerd: signer stderr: signer:
number of signatures created: 6143 (62 rr/sec)
Oct 28 12:29:13 dnssecsigner ods-signerd: Created 6143 new signatures
The parameters I use when test-signing is a lot shorted signature
lifetimes (2 days, with 6 hour jitter) than our real system. Which
means that a lot more signatures should be dropped and generated. So
my guess is that these counters don't really work... could this be true?
From our real system, signing the same zone a day earlier:
Oct 27 13:27:28 zonesign mksigned[14097]: signzone success = 876229
Oct 27 13:27:28 zonesign mksigned[14097]: signzone retained = 839845
Oct 27 13:27:28 zonesign mksigned[14097]: signzone generated = 36384
--
Patrik Wallström
Project Manager, R&D
.SE (Stiftelsen för Internetinfrastruktur)
E-mail: patrik.wallstrom at iis.se
Web: http://www.iis.se/
More information about the Opendnssec-develop
mailing list