[Opendnssec-develop] We need to push out 1.3.4 now!

Jerry Lundström jerry at opendnssec.org
Fri Dec 9 10:05:53 UTC 2011


Hi,

We really need to push out 1.3.4 immediately!

The drugers notifications added in 1.3.3 really breaks the signing if your
signing is a bit slow. When the queue is full it will spam 10.000 of
messages per sec about the queue being full and that in its turn slows
down signing and can fill the syslog very fast.

The main issue I see is that the worker thread keeps trying to add items
on the fifoq and its very bad because it will use 100% cpu if it can. This
MUST be changed to a secondary condition broadcast so that when there is
space in the fifoq it will notify anyone that wants to write for it. Then
you will have threads waiting to write instead of trying some million
times a second!

I've added an issue about it:
https://issues.opendnssec.org/browse/OPENDNSSEC-178 .

3 issues left for 1.3.4, 1 I hope to finish today, other two? Finish or
push for 1.3.5?

https://issues.opendnssec.org/browse/OPENDNSSEC-21	Alex
https://issues.opendnssec.org/browse/OPENDNSSEC-175	Jerry
https://issues.opendnssec.org/browse/OPENDNSSEC-176	Sion

1.3.2:
Dec  9 10:33:43 osd ods-signerd: [engine] signer started
Dec  9 10:33:43 osd ods-signerd: [signconf] zone test.se signconf:
RESIGN[PT300S] REFRESH[PT2700S] VALIDITY[PT3600S] DENIAL[PT3600S]
JITTER[PT120S] OFFSET[PT3600S] NSEC[50] DNSKEYTTL[PT60S] SOATTL[PT60S]
MINIMUM[PT60S] SERIAL[unixtime] AUDIT[0]
Dec  9 10:34:00 osd ods-signerd: [STATS] test.se RR[count=10003
time=1(sec)] NSEC3[count=10002 time=0(sec)] RRSIG[new=20008 reused=0
time=16(sec) avg=1250(sig/sec)] AUDIT[time=0(sec)] TOTAL[time=17(sec)]Dec
9 10:34:18 osd ods-signerd: [engine] signer shutdown
1.3.3:
Dec  9 10:34:47 osd ods-signerd: [engine] signer started
Dec  9 10:34:47 osd ods-signerd: [signconf] zone test.se signconf:
RESIGN[PT300S] REFRESH[PT2700S] VALIDITY[PT3600S] DENIAL[PT3600S]
JITTER[PT120S] OFFSET[PT3600S] NSEC[50] DNSKEYTTL[PT60S] SOATTL[PT60S]
MINIMUM[PT60S] SERIAL[unixtime] AUDIT[0]
Dec  9 10:34:47 osd ods-signerd: [data] unable to use unixtime 1323423287
as serial: not greater than inbound serial 2011102400
Dec  9 10:34:47 osd ods-signerd: [fifo] max cap reached, but drudgers seem
to be on hold, notify drudgers again
Dec  9 10:35:04 osd ods-signerd: last message repeated 237391 times
Dec  9 10:35:04 osd ods-signerd: [worker[1]] sign zone test.se failed: 4
of 1003 signatures completed
Dec  9 10:35:04 osd ods-signerd: [worker[1]] backoff task [read] for zone
test.se with 60 seconds
Dec  9 10:35:04 osd ods-signerd: [engine] signer shutdown

CPU usage was 25% opendnssec and 75% rsyslogd.



/Jerry






More information about the Opendnssec-develop mailing list