[Opendnssec-develop] [OpenDNSSEC] #181: Multi-master mode MySQL breaks KASP Enforcer

OpenDNSSEC owner-dnssec-trac at kirei.se
Mon Sep 6 07:30:40 UTC 2010

#181: Multi-master mode MySQL breaks KASP Enforcer
Reporter:  vanrein  |       Owner:  sion    
    Type:  defect   |      Status:  new     
Priority:  major    |   Component:  Enforcer
 Version:  trunk    |    Keywords:          
 We have setup a replicated signer on top of a multi-master-mode MySQL
 database.  This gave unexpected results; concretely, our
 <Serial>datecounter</Serial> setting in kasp.xml was turned into
 <Serial>(null)</Serial> in the .signconf files.

 We found the cause to be the multi-master mode of MySQL.  If you use that,
 you set auto_increment such that no two nodes can generate the same IDs
 automatically; in our case, one signer generated even numbers and the
 other produced odd numbers.  This led to IDs that were not 1, 2, 3, ...
 but 1, 3, 5, ... and it appears that the KASP Enforcer has a hard-coded
 assumption of the former scheme.

 A work-around that worked for us: Since no two nodes will be actively
 inserting records at the same time, we skipped the cautious distributed
 auto-numbering scheme of MySQL.  This means that KASP may now assume a 1,
 2, 3, ... auto-numbering scheme as with a single node.  This brought back
 the usual level of reliable service.

 Solutions in the KASP code could be any of:
 1. Use the function that provides the last auto-generated ID;
 2. Do not resort to autonumbering but write explicit IDs for such things
 as configuration parameters;
 3. Use strings like 'datecounter' everywhere in the database scheme, and
 less numeric IDs.

 We hope this is a useful report in preparation of 1.2.  It is a bug in
 1.1.2 that warrants a resolution or a warning to users.

Ticket URL: <http://trac.opendnssec.org/ticket/181>
OpenDNSSEC <http://www.opendnssec.org/>

More information about the Opendnssec-develop mailing list