[Opendnssec-develop] [OpenDNSSEC] #26: Signer (or communicated) gets very slow with many zones

OpenDNSSEC owner-dnssec-trac at kirei.se
Mon Sep 14 08:42:29 UTC 2009

#26: Signer (or communicated) gets very slow with many zones
Reporter:  pawal   |       Owner:  rb     
    Type:  defect  |      Status:  new    
Priority:  major   |   Component:  Unknown
 Version:          |    Keywords:         
 As I said during the weekend, the signer seems slow with many zones.

 This is approximately what happens. I don't have SharedKeys enabled (this
 will be my next test). I have 1000 zones which I add using the ksmutil
 addzone command. I do this very rapidly.

 1) keygend creates a lot of keys (8000). This is faster now after I added
 the index to the SoftHSM database.
 2) after 1) the signer begins to sign zones. At first this is pretty fast,
 On this machines, fast means six zones per minute. However, this
 performance does gradually become much worse, the last zones takes about
 one minute each to sign.
 3) after 2) trying to look at keys and zones using this:
 mask:/var/opendnssec/signed# ksmutil export ds 992manyzones
 SQLite database set to: /var/opendnssec/kasp.db
 mask:/var/opendnssec/signed# ksmutil list keys 992manyzones
 SQLite database set to: /var/opendnssec/kasp.db
 /var/opendnssec/kasp.db.our_lock already locked, sleep

 ...is pretty much impossible. The kasp.db is always locked by the
 communicated process. So my guess is that communicated is the process that
 is having the performance problems. By looking into it using strace, I
 believe communicated gets very slow when writing to the kasp.dp, but I
 don't really know what it is writing.

Ticket URL: <http://trac.opendnssec.org/ticket/26>
OpenDNSSEC <http://www.opendnssec.org/>

More information about the Opendnssec-develop mailing list