From owner-dnssec-trac at kirei.se Tue Mar 1 02:30:31 2011 From: owner-dnssec-trac at kirei.se (OpenDNSSEC) Date: Tue, 01 Mar 2011 02:30:31 -0000 Subject: [Opendnssec-develop] [OpenDNSSEC] #221: Things to Consider When Trading Penny Stocks Message-ID: <047.b1e4bddbb4f0f304d24e5fa5190ee332@kirei.se> #221: Things to Consider When Trading Penny Stocks ----------------------+----------------------------------------------------- Reporter: anonymous | Owner: rb Type: defect | Status: new Priority: major | Component: Unknown Version: trunk | Keywords: ----------------------+----------------------------------------------------- Things to Consider When Trading Penny Stocks In contrast to the stocks and shares of listed organizations out there at big figures, there're a few other kinds of stocks known as the [http://www.pennystockclassroom.com penny stock], which are small in value but have got the potential to offer high returns. These kind of penny stocks are the shares from companies which have failed to list on the big exchanges or are incredibly small to satisfy the listing requirements. These stocks are bought and sold at the counter and are therefore, also referred to as OTCBB stocks. Conversely, there are a few huge businesses, which provide their stocks for comparatively reduced prices any time their aim is other than gathering money. Such stocks are known as the hot penny stocks. these stocks, although available for comparatively low values can make a trader earn huge profits because of the huge amounts of trade. Nevertheless, one must be very careful when trading penny stocks and must take into account the subsequent suggestions: Select a reputable broker to trade with penny stocks, a broker first has to choose a reputable broker who can execute purchases for a decided fee. He must look for a reputable discount broker who shall not just recommend great penny stocks but also trade them for him reliably. Practice and start small: a fresh broker must be mindful when trading in penny stocks, as they may be misleading. Despite the fact that, the initial investment may be low, however in case the trader isn't mindful, too many losses on small investments may sum up to a huge sum. Thus, one must first learn the subtleties of trading penny stocks and then start with a modest amount of money. Right after adequate training, the trader may raise his investment limit. Diversify: in cases where a trader is intrigued in trading penny stocks, he must not put in just about all his money in one stock but diversify. He may purchase [http://www.pennystockclassroom.com hot penny stocks], which are low-valued stocks from listed companies besides the [http://www.pennystockclassroom.com/otc-stocks/ otcbb stocks],. Diversification can save a trader from ocurring massive losses. Research: just like research is important for normal stock trading, so it is important for penny stock trading. A trader may sign up to notifications or keep a close watch on the changes in the market. search for a mentor: there's no better way to learn about and trade penny stocks, than under the help and advice of a guide. An individual who has done sufficient trading of penny stock could be a much better teacher than anyone or anything. A trader may look for such a person and take help from his experience. -- Ticket URL: OpenDNSSEC OpenDNSSEC From owner-dnssec-trac at kirei.se Wed Mar 2 09:10:15 2011 From: owner-dnssec-trac at kirei.se (OpenDNSSEC) Date: Wed, 02 Mar 2011 09:10:15 -0000 Subject: [Opendnssec-develop] Re: [OpenDNSSEC] #218: ods-signerd crashes on stop In-Reply-To: <078.3a57febe631406cd1c74fd51350b2544@kirei.se> References: <078.3a57febe631406cd1c74fd51350b2544@kirei.se> Message-ID: <093.37954c93d353a9a351def0cd529bbc1e@kirei.se> #218: ods-signerd crashes on stop -----------------------------------------------------+---------------------- Reporter: Sebastian Castro | Owner: matthijs Type: defect | Status: closed Priority: minor | Component: Signer Version: trunk | Resolution: worksforme Keywords: | -----------------------------------------------------+---------------------- Changes (by rb): * status: new => closed * resolution: => worksforme -- Ticket URL: OpenDNSSEC OpenDNSSEC From owner-dnssec-trac at kirei.se Wed Mar 2 09:10:52 2011 From: owner-dnssec-trac at kirei.se (OpenDNSSEC) Date: Wed, 02 Mar 2011 09:10:52 -0000 Subject: [Opendnssec-develop] Re: [OpenDNSSEC] #206: Run away zone serial ? In-Reply-To: <055.92187ea21936c331b17c840e99fc5d31@kirei.se> References: <055.92187ea21936c331b17c840e99fc5d31@kirei.se> Message-ID: <070.9ef3196bbfd2efcdfd596bb7de276fb3@kirei.se> #206: Run away zone serial ? ------------------------------+--------------------------------------------- Reporter: hostmaster@? | Owner: matthijs Type: defect | Status: closed Priority: major | Component: Unknown Version: trunk | Resolution: worksforme Keywords: | ------------------------------+--------------------------------------------- Changes (by rb): * status: assigned => closed * resolution: => worksforme -- Ticket URL: OpenDNSSEC OpenDNSSEC From sion at nominet.org.uk Wed Mar 2 11:34:47 2011 From: sion at nominet.org.uk (=?iso-8859-1?q?Si=F4n_Lloyd?=) Date: Wed, 2 Mar 2011 11:34:47 +0000 Subject: [Opendnssec-develop] Trailing dot in enforcer Message-ID: <201103021134.47972.sion@nominet.org.uk> I've committed the code that I think takes care of the trailing dot. There are a couple of cases that are not covered. Firstly a zone "." will be left as-is. Secondly, if the user edits the zonelist and includes a zone with a trailing dot then they will need to be consistent. So, if you call "ods-ksmutil zone add -z test." the zone "test" is added. You can then interact with this zone via "-z test" _or_ "-z test." (E.g. issuing the ds-seen command.) However, if you add "test." directly to zonelist.xml then you will need to use "-z test.". (This is to avoid trashing existing zones which have trailing dots.) The other time when the dot is significant is on zone delete where "-z test." will not delete a zone called "test" and vice versa... Does this seem reasonable? Sion From matthijs at NLnetLabs.nl Wed Mar 2 12:17:49 2011 From: matthijs at NLnetLabs.nl (Matthijs Mekking) Date: Wed, 02 Mar 2011 13:17:49 +0100 Subject: [Opendnssec-develop] Trailing dot in enforcer In-Reply-To: <201103021134.47972.sion@nominet.org.uk> References: <201103021134.47972.sion@nominet.org.uk> Message-ID: <4D6E356D.3040201@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, On 03/02/2011 12:34 PM, Si?n Lloyd wrote: > I've committed the code that I think takes care of the trailing dot. There are > a couple of cases that are not covered. > > Firstly a zone "." will be left as-is. That sounds reasonable. > Secondly, if the user edits the zonelist and includes a zone with a trailing > dot then they will need to be consistent. > > So, if you call "ods-ksmutil zone add -z test." the zone "test" is added. You > can then interact with this zone via "-z test" _or_ "-z test." (E.g. issuing > the ds-seen command.) Ok > However, if you add "test." directly to zonelist.xml then you will need to use > "-z test.". (This is to avoid trashing existing zones which have trailing > dots.) Is this because currently you could have two different zones in the enforcer: "zone" and "zone."? I am not sure if we necessarily have to be backwards compatible with this. I would like to see that everywhere you make the comparison: - - "zone" equals "zone" - - "zone" equals "zone." - - "zone." equals "zone" - - "zone." equals "zone." In that case, it doesn't matter how you would add them, and the user doesn't have to be concerned about being consistent. Best regards, Matthijs > The other time when the dot is significant is on zone delete where "-z test." > will not delete a zone called "test" and vice versa... > > Does this seem reasonable? > > Sion > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNbjVtAAoJEA8yVCPsQCW5638H/3GUNpfASfvvpYLZzLM4Bgi9 gZ12YI/zsB31YQhXS9igpqYwDh321LE3dlQ/kqSf3ANTnXwDP0FJMuf3e48OLLbC zD2Bfv9fWh1tnxug3UfiXJ7m18F7xtgzB64L9JVirjt8BqOy6GWkfbeQ/7dmsWrb t97OckOqyvGfZzBBbJc1vCTUWzA4hmNwVUIL/T6/gZ7QVPO917LuRpBhll8St/xM tJ41hyT/+MtbDNC6BGO5FQVpyn0O4fEBgUErsvgfjCPovzM3aXMQxFaduSxwi8hr aD2b2doIqkJFMPcr4sPXlz8JzOVGBRhTBqbVy1Q2IV+rKVZ9YIyr527ePs4asjY= =rcpo -----END PGP SIGNATURE----- From sion at nominet.org.uk Wed Mar 2 13:46:08 2011 From: sion at nominet.org.uk (=?iso-8859-1?q?Si=F4n_Lloyd?=) Date: Wed, 2 Mar 2011 13:46:08 +0000 Subject: [Opendnssec-develop] Trailing dot in enforcer In-Reply-To: <4D6E356D.3040201@nlnetlabs.nl> References: <201103021134.47972.sion@nominet.org.uk> <4D6E356D.3040201@nlnetlabs.nl> Message-ID: <201103021346.08770.sion@nominet.org.uk> > > However, if you add "test." directly to zonelist.xml then you will need > > to use "-z test.". (This is to avoid trashing existing zones which have > > trailing dots.) > > Is this because currently you could have two different zones in the > enforcer: "zone" and "zone."? I am not sure if we necessarily have to be > backwards compatible with this. > > I would like to see that everywhere you make the comparison: > - "zone" equals "zone" > - "zone" equals "zone." > - "zone." equals "zone" > - "zone." equals "zone." > > In that case, it doesn't matter how you would add them, and the user > doesn't have to be concerned about being consistent. It is a backwards compatibility thing. I had a zone "sion2." in the database and 2 zones "sion2." and "sion2" in the zonelist... The import script refuses to import the second instance as they now look like the same zone; however, depending on which came first in the zonelist I may have already changed the policy that "sion2." was on. So I decided to be strict with what is in zonelist to be on the safe side. I agree that it is not perfect. Sion From jakob at kirei.se Wed Mar 2 19:57:51 2011 From: jakob at kirei.se (Jakob Schlyter) Date: Wed, 2 Mar 2011 20:57:51 +0100 Subject: [Opendnssec-develop] Trailing dot in enforcer In-Reply-To: <4D6E356D.3040201@nlnetlabs.nl> References: <201103021134.47972.sion@nominet.org.uk> <4D6E356D.3040201@nlnetlabs.nl> Message-ID: <2855AE67-451C-42CD-99B1-D7415223B695@kirei.se> On 2 mar 2011, at 13.17, Matthijs Mekking wrote: > Is this because currently you could have two different zones in the > enforcer: "zone" and "zone."? I am not sure if we necessarily have to be > backwards compatible with this. > > I would like to see that everywhere you make the comparison: > - - "zone" equals "zone" > - - "zone" equals "zone." > - - "zone." equals "zone" > - - "zone." equals "zone." > > In that case, it doesn't matter how you would add them, and the user > doesn't have to be concerned about being consistent. +1 jakob From paul at xelerance.com Fri Mar 4 00:11:40 2011 From: paul at xelerance.com (Paul Wouters) Date: Thu, 3 Mar 2011 19:11:40 -0500 (EST) Subject: [Opendnssec-develop] packaging questions about softhsm Message-ID: Hi, I'm packaging opendnssec for Fedora/RHEL/Centos and have a few questions. For now, involving the softhsm: - The libsofthsm.so is not versioned. This creates an error for packaging. Is there is reason behind this? Can numbered sonames be used? - If a thirdparty would want to use libsofthsm, would they not need some include files? Currently none are installed. I assume they would need src/lib/Soft*.h ? I would like to install these in /usr/include/softhsm/ Paul From paul at xelerance.com Fri Mar 4 00:56:58 2011 From: paul at xelerance.com (Paul Wouters) Date: Thu, 3 Mar 2011 19:56:58 -0500 (EST) Subject: [Opendnssec-develop] opendnssec make check problem Message-ID: I'm seeing the following issue with "make check": make[1]: Entering directory `/home/paul/BUILD/opendnssec-1.2.0/auditor' test -d test || (cd .; \ find test -name .svn -prune -o -type f -print |\ cpio -pmdu /home/paul/BUILD/opendnssec-1.2.0/auditor) find: `test': No such file or directory 0 blocks /usr/bin/ruby -I ./lib ./test_scripts/auditor_test.rb /usr/bin/ruby: No such file or directory -- ./test_scripts/auditor_test.rb (LoadError) make[1]: *** [check] Error 1 make[1]: Leaving directory `/home/paul/BUILD/opendnssec-1.2.0/auditor' make: *** [check-recursive] Error 1 error: Bad exit status from /var/tmp/rpm-tmp.zchdR4 (%check) It looks like the entire test_scripts directory is missing from the tar ball? Paul From rickard.bellgrim at iis.se Fri Mar 4 09:42:58 2011 From: rickard.bellgrim at iis.se (Rickard Bellgrim) Date: Fri, 4 Mar 2011 10:42:58 +0100 Subject: [Opendnssec-develop] packaging questions about softhsm In-Reply-To: References: Message-ID: <6F0BC411-BCE8-4FA2-8C86-3BC7D34311F8@iis.se> On 4 mar 2011, at 01.11, Paul Wouters wrote: > I'm packaging opendnssec for Fedora/RHEL/Centos and have a few questions. Rachid Zarouali, Ville Mattila, and Tim Verhoeven, on the user's list, were working on packaging opendnssec 6 months ago. Do not know the current status of that. > For now, involving the softhsm: > > - The libsofthsm.so is not versioned. This creates an error for packaging. Is > there is reason behind this? Can numbered sonames be used? The version number in the library file name was dropped because SoftHSM was change from a shared library to a loadable module. > - If a thirdparty would want to use libsofthsm, would they not need some > include files? Currently none are installed. I assume they would need > src/lib/Soft*.h ? I would like to install these in /usr/include/softhsm/ That is the pkcs11.h from RSA Labs (or the Scute project). What do we think, should we install it? // Rickard From rickard.bellgrim at iis.se Fri Mar 4 13:11:31 2011 From: rickard.bellgrim at iis.se (Rickard Bellgrim) Date: Fri, 4 Mar 2011 14:11:31 +0100 Subject: [Opendnssec-develop] opendnssec make check problem In-Reply-To: References: Message-ID: <6FB8269C-A3CF-407A-BB77-39015561A986@iis.se> On 4 mar 2011, at 01.56, Paul Wouters wrote: > > I'm seeing the following issue with "make check": > > make[1]: Entering directory `/home/paul/BUILD/opendnssec-1.2.0/auditor' > test -d test || (cd .; \ > find test -name .svn -prune -o -type f -print |\ > cpio -pmdu /home/paul/BUILD/opendnssec-1.2.0/auditor) > find: `test': No such file or directory > 0 blocks > /usr/bin/ruby -I ./lib ./test_scripts/auditor_test.rb > /usr/bin/ruby: No such file or directory -- ./test_scripts/auditor_test.rb (LoadError) > make[1]: *** [check] Error 1 > make[1]: Leaving directory `/home/paul/BUILD/opendnssec-1.2.0/auditor' > make: *** [check-recursive] Error 1 > error: Bad exit status from /var/tmp/rpm-tmp.zchdR4 (%check) > > > It looks like the entire test_scripts directory is missing from the tar ball? Thanks for spotting this. Fixed in r4530 // Rickard From rickard.bellgrim at iis.se Fri Mar 4 14:25:30 2011 From: rickard.bellgrim at iis.se (Rickard Bellgrim) Date: Fri, 4 Mar 2011 15:25:30 +0100 Subject: [Opendnssec-develop] Trailing dot in enforcer In-Reply-To: <2855AE67-451C-42CD-99B1-D7415223B695@kirei.se> References: <201103021134.47972.sion@nominet.org.uk> <4D6E356D.3040201@nlnetlabs.nl> <2855AE67-451C-42CD-99B1-D7415223B695@kirei.se> Message-ID: <5CD60D48-776D-4AE2-A839-A401F37FD3C0@iis.se> On 2 mar 2011, at 20.57, Jakob Schlyter wrote: >> Is this because currently you could have two different zones in the >> enforcer: "zone" and "zone."? I am not sure if we necessarily have to be >> backwards compatible with this. >> >> I would like to see that everywhere you make the comparison: >> - - "zone" equals "zone" >> - - "zone" equals "zone." >> - - "zone." equals "zone" >> - - "zone." equals "zone." >> >> In that case, it doesn't matter how you would add them, and the user >> doesn't have to be concerned about being consistent. > > +1 +1 From paul at xelerance.com Fri Mar 4 16:48:56 2011 From: paul at xelerance.com (Paul Wouters) Date: Fri, 4 Mar 2011 11:48:56 -0500 (EST) Subject: [Opendnssec-develop] packaging questions about softhsm In-Reply-To: <6F0BC411-BCE8-4FA2-8C86-3BC7D34311F8@iis.se> References: <6F0BC411-BCE8-4FA2-8C86-3BC7D34311F8@iis.se> Message-ID: On Fri, 4 Mar 2011, Rickard Bellgrim wrote: >> I'm packaging opendnssec for Fedora/RHEL/Centos and have a few questions. > > Rachid Zarouali, Ville Mattila, and Tim Verhoeven, on the user's list, were working on packaging opendnssec 6 months ago. Do not know the current status of that. I did not know about that effort. I did not see anything in the RH bugzilla, so nothing has been submitted yet. >> - The libsofthsm.so is not versioned. This creates an error for packaging. Is >> there is reason behind this? Can numbered sonames be used? > > The version number in the library file name was dropped because SoftHSM was change from a shared library to a loadable module. If it is a module and not a shared library, then it should not be installed in /usr/lib* ? Perhaps a better place would be /usr/lib/softhsm/ ? Is this module only loadable by opendnssec? If so, then it should probably be a sub package, like opendnssec-softhsm. >> - If a thirdparty would want to use libsofthsm, would they not need some >> include files? Currently none are installed. I assume they would need >> src/lib/Soft*.h ? I would like to install these in /usr/include/softhsm/ > > That is the pkcs11.h from RSA Labs (or the Scute project). What do we think, should we install it? That could cause issues with other packages, like cryptoki or bind-pkcs11. I'll try to get some more enduser experience with the software so I understand the components better, and then adjust the packaging. Paul From rickard.bellgrim at iis.se Mon Mar 7 08:57:56 2011 From: rickard.bellgrim at iis.se (Rickard Bellgrim) Date: Mon, 7 Mar 2011 09:57:56 +0100 Subject: [Opendnssec-develop] packaging questions about softhsm In-Reply-To: References: <6F0BC411-BCE8-4FA2-8C86-3BC7D34311F8@iis.se> Message-ID: <5501223D-6A2A-4CAD-8AFA-6C41D3EC96F8@iis.se> On 4 mar 2011, at 17.48, Paul Wouters wrote: >>> - The libsofthsm.so is not versioned. This creates an error for packaging. Is >>> there is reason behind this? Can numbered sonames be used? >> >> The version number in the library file name was dropped because SoftHSM was change from a shared library to a loadable module. > > If it is a module and not a shared library, then it should not be installed in /usr/lib* ? > Perhaps a better place would be /usr/lib/softhsm/ ? Yes, perhaps. What do you think Jakob? > Is this module only loadable by opendnssec? If so, then it should probably be a sub package, > like opendnssec-softhsm. It can be loaded by any application that supports PKCS#11. >>> - If a thirdparty would want to use libsofthsm, would they not need some >>> include files? Currently none are installed. I assume they would need >>> src/lib/Soft*.h ? I would like to install these in /usr/include/softhsm/ >> >> That is the pkcs11.h from RSA Labs (or the Scute project). What do we think, should we install it? > > That could cause issues with other packages, like cryptoki or bind-pkcs11. If you would like to develop something with SoftHSM, then you download the header from RSA or Scute. The header is not SoftHSM specific, but is more generic for any type of PKCS#11 provider. // Rickard From rickard.bellgrim at iis.se Tue Mar 8 08:23:20 2011 From: rickard.bellgrim at iis.se (Rickard Bellgrim) Date: Tue, 8 Mar 2011 09:23:20 +0100 Subject: [Opendnssec-develop] Meeting tomorrow Message-ID: Hi We have a telephone meeting tomorrow. Date: Wednesday 09 March Time: 14:00-15:00 CET, 13:00-14:00 GMT Agenda: http://trac.opendnssec.org/wiki/Meetings/Agenda/2011-03-09 // Rickard From paul at xelerance.com Mon Mar 7 17:24:22 2011 From: paul at xelerance.com (Paul Wouters) Date: Mon, 7 Mar 2011 12:24:22 -0500 (EST) Subject: [Opendnssec-develop] packaging questions about softhsm In-Reply-To: <5501223D-6A2A-4CAD-8AFA-6C41D3EC96F8@iis.se> References: <6F0BC411-BCE8-4FA2-8C86-3BC7D34311F8@iis.se> <5501223D-6A2A-4CAD-8AFA-6C41D3EC96F8@iis.se> Message-ID: On Mon, 7 Mar 2011, Rickard Bellgrim wrote: >> If it is a module and not a shared library, then it should not be installed in /usr/lib* ? >> Perhaps a better place would be /usr/lib/softhsm/ ? > > Yes, perhaps. What do you think Jakob? Okay, I'll put it there and update things for the new location. >> Is this module only loadable by opendnssec? If so, then it should probably be a sub package, >> like opendnssec-softhsm. > > It can be loaded by any application that supports PKCS#11. >>> That is the pkcs11.h from RSA Labs (or the Scute project). What do we think, should we install it? >> >> That could cause issues with other packages, like cryptoki or bind-pkcs11. I'll double check how the other PKCS#11 providers (bind-pkcs11 and openCryptoki) do it. > If you would like to develop something with SoftHSM, then you download the header from RSA or Scute. The header is not SoftHSM specific, but is more generic for any type of PKCS#11 provider. Since some other package will provide that, I will add a dependancy for softhsm-devel for it. Thanks, Paul From matthijs at NLnetLabs.nl Tue Mar 8 14:21:18 2011 From: matthijs at NLnetLabs.nl (Matthijs Mekking) Date: Tue, 08 Mar 2011 15:21:18 +0100 Subject: [Opendnssec-develop] performance test Message-ID: <4D763B5E.9020101@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have tried to sign a tld alike zone (1465431 RRs) on my machine today with three different versions of OpenDNSSEC: 1. OpenDNSSEC 1.1.3 2. OpenDNSSEC 1.2.0 3. OpenDNSSEc trunk (revision 4527) All three used SoftHSM as the dedicated HSM. With version 1.1.3, it took me 53 minutes and 18 seconds to sign the zone (51:44 signing, 200 signatures per second) With version 1.2.0, it took me 44 minutes and 52 seconds to sign the zone (42:02 signing, 246 signatures per second). It used up to almost 1GB of physical memory. With trunk, it took me 46 minutes and 19 seconds to sign the zone (42:08 signing, 246 signatures per second). So not much worse than with 1.2.0. The additional time is in calculating the differences (preparing OpenDNSSEC for IXFR). It used up to almost 1GB of physical memory, so not worse than 1.2.0. Best regards, Matthijs -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNdjteAAoJEA8yVCPsQCW5LW0IAL+wIfdHUgLPy9egm4HtW1qM N/NnW35RAZBJyJ2q8WT0xifJUbRGL6od4obJMdG/3ZskXGolSkWhSvq7+VPrqjV5 RWv0J3GxRkTFcchRd07i5MLLKCVP1UE2CYlI18vyT29ONEGzvdd/PIlBBLHi56qu r8/rzR4PllxBSsPlqANeLyu/J9tgEck9SCtDi+x5TVCFrRzCA4u/Mark1FANc9fe BGVWdTMne4HK8zuuNHLPsMEijtnUo+GTupeQj/N8vMRWs5S54mv2UF15vbW+bZe/ bx3Fkc4m7Fe7PCHVQfRZoSyt8FR4/peVvpt2qPawbUK42FKjqzt4tbxilih7QKU= =WT+e -----END PGP SIGNATURE----- From rickard.bellgrim at iis.se Tue Mar 8 15:33:10 2011 From: rickard.bellgrim at iis.se (Rickard Bellgrim) Date: Tue, 8 Mar 2011 16:33:10 +0100 Subject: [Opendnssec-develop] performance test In-Reply-To: <4D763B5E.9020101@nlnetlabs.nl> References: <4D763B5E.9020101@nlnetlabs.nl> Message-ID: On 8 mar 2011, at 15.21, Matthijs Mekking wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > With version 1.2.0, it took me 44 minutes and 52 seconds to sign the > zone (42:02 signing, 246 signatures per second). It used up to almost > 1GB of physical memory. Tested the .se-zone with SCA6000. 8 workers: [STATS] se RR[count=2322389 time=72(sec)] NSEC[count=998562 time=34(sec)] RRSIG[new=1002849 reused=0 time=457(sec) avg=2194(sig/sec)] AUDIT[time=0(sec)] TOTAL[time=590(sec)] 1 worker, 16 drudgers: [STATS] se RR[count=2322389 time=72(sec)] NSEC[count=998562 time=34(sec)] RRSIG[new=1002849 reused=0 time=459(sec) avg=2184(sig/sec)] AUDIT[time=0(sec)] TOTAL[time=595(sec)] 1 worker, 32 drudgers: [STATS] se RR[count=2322389 time=72(sec)] NSEC[count=998562 time=34(sec)] RRSIG[new=1002849 reused=0 time=461(sec) avg=2175(sig/sec)] AUDIT[time=0(sec)] TOTAL[time=596(sec)] >From 26 August 2010: [STATS] se RR[count=2167209 time=52(sec)) NSEC[count=926590 time=8(sec)] RRSIG[new=930497 reused=0 time=406(sec) avg=2291(sig/sec)] TOTAL[time=501(sec)] No performance gain by using multiple threads. // Rickard From jakob at kirei.se Tue Mar 8 15:36:22 2011 From: jakob at kirei.se (Jakob Schlyter) Date: Tue, 8 Mar 2011 16:36:22 +0100 Subject: [Opendnssec-develop] performance test In-Reply-To: References: <4D763B5E.9020101@nlnetlabs.nl> Message-ID: <97888F91-FDE0-46E0-818F-632E3E5FD78A@kirei.se> On 8 mar 2011, at 16.33, Rickard Bellgrim wrote: > No performance gain by using multiple threads. How many cores on the host? Could you also try on kuriputo? jakob From rickard.bellgrim at iis.se Tue Mar 8 15:40:57 2011 From: rickard.bellgrim at iis.se (Rickard Bellgrim) Date: Tue, 8 Mar 2011 16:40:57 +0100 Subject: [Opendnssec-develop] performance test In-Reply-To: <97888F91-FDE0-46E0-818F-632E3E5FD78A@kirei.se> References: <4D763B5E.9020101@nlnetlabs.nl> <97888F91-FDE0-46E0-818F-632E3E5FD78A@kirei.se> Message-ID: <6711A4A7-CAED-4E89-B408-8B4CAA72C211@iis.se> On 8 mar 2011, at 16.36, Jakob Schlyter wrote: > How many cores on the host? Could you also try on kuriputo? 8 cores. One core is utilized at 80 % and another core is at 20 %. And roughly 2.6 GB memory. // Rickard From rickard.bellgrim at iis.se Tue Mar 8 16:42:47 2011 From: rickard.bellgrim at iis.se (Rickard Bellgrim) Date: Tue, 8 Mar 2011 17:42:47 +0100 Subject: [Opendnssec-develop] performance test In-Reply-To: References: <4D763B5E.9020101@nlnetlabs.nl> Message-ID: On 8 mar 2011, at 16.33, Rickard Bellgrim wrote: > No performance gain by using multiple threads. Is the queue locked while the drudger is waiting for the condition? http://trac.opendnssec.org/browser/trunk/OpenDNSSEC/signer/src/daemon/worker.c#L684 // Rickard From rickard.bellgrim at iis.se Tue Mar 8 17:03:22 2011 From: rickard.bellgrim at iis.se (Rickard Bellgrim) Date: Tue, 8 Mar 2011 18:03:22 +0100 Subject: [Opendnssec-develop] performance test In-Reply-To: References: <4D763B5E.9020101@nlnetlabs.nl> Message-ID: Just to be safe, shouldn't the locks of the queue be handled within the pop and push functions? So that the thread safety is handled by the queue and not someone else. 8 mar 2011 kl. 17:42 skrev "Rickard Bellgrim" : > > On 8 mar 2011, at 16.33, Rickard Bellgrim wrote: > >> No performance gain by using multiple threads. > > Is the queue locked while the drudger is waiting for the condition? > > http://trac.opendnssec.org/browser/trunk/OpenDNSSEC/signer/src/daemon/worker.c#L684 > > // Rickard > From matthijs at NLnetLabs.nl Wed Mar 9 07:36:58 2011 From: matthijs at NLnetLabs.nl (Matthijs Mekking) Date: Wed, 09 Mar 2011 08:36:58 +0100 Subject: [Opendnssec-develop] performance test In-Reply-To: References: <4D763B5E.9020101@nlnetlabs.nl> Message-ID: <4D772E1A.9000601@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/08/2011 06:03 PM, Rickard Bellgrim wrote: > Just to be safe, shouldn't the locks of the queue be handled within the pop and push functions? So that the thread safety is handled by the queue and not someone else. My school of thought is that the user of the shared element (queue in this case) should lock and unlock, not the shared element itself. > 8 mar 2011 kl. 17:42 skrev "Rickard Bellgrim" : > >> >> On 8 mar 2011, at 16.33, Rickard Bellgrim wrote: >> >>> No performance gain by using multiple threads. :( >> Is the queue locked while the drudger is waiting for the condition? No, the queue is only locked when pushing an item: http://trac.opendnssec.org/browser/trunk/OpenDNSSEC/signer/src/signer/rrset.c#L1140 and popping an item: http://trac.opendnssec.org/browser/trunk/OpenDNSSEC/signer/src/daemon/worker.c#L513 >> >> http://trac.opendnssec.org/browser/trunk/OpenDNSSEC/signer/src/daemon/worker.c#L684 >> >> // Rickard >> > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNdy4aAAoJEA8yVCPsQCW5lecIAKryTK6R0chwNn8crqUQNVBd dybRjH9BlRgi3ifTzJWOPBljwHPheRRqhY4gKc5VVGa9r5fiCGzly6dhXwFqmBUv jEwwSii0aWguBDYzrwq9pQVZzMiOgU9Gk8TCtgwctf37yTJfYaVODg9y3tTn7QXx peHLHgWKhXESQEOfi7nqY3PHUXyLSfFCTZdaRRM0dr0/iijxwK8PTzYFm1kmB/AL WCIzC4yKqKd/aASazbAbr+Kk21XC6i/TC84RVUrfdkgS2S8ZRyZ2sqic+BeAXTts if+6vbVs8bSMk/DkuWWEk5OUgnW81Fav59sj9+BuypnEW99oCETKVgXfBwJvPpw= =Wo72 -----END PGP SIGNATURE----- From rickard.bellgrim at iis.se Wed Mar 9 08:01:18 2011 From: rickard.bellgrim at iis.se (Rickard Bellgrim) Date: Wed, 9 Mar 2011 09:01:18 +0100 Subject: [Opendnssec-develop] performance test In-Reply-To: <4D772E1A.9000601@nlnetlabs.nl> References: <4D763B5E.9020101@nlnetlabs.nl> <4D772E1A.9000601@nlnetlabs.nl> Message-ID: On 9 mar 2011, at 08.36, Matthijs Mekking wrote: > On 03/08/2011 06:03 PM, Rickard Bellgrim wrote: >> Just to be safe, shouldn't the locks of the queue be handled within the pop and push functions? So that the thread safety is handled by the queue and not someone else. > > My school of thought is that the user of the shared element (queue in > this case) should lock and unlock, not the shared element itself. Yes, and I am from the C++ area with threads safe objects :) >>> Is the queue locked while the drudger is waiting for the condition? > > No, the queue is only locked when pushing an item: > > http://trac.opendnssec.org/browser/trunk/OpenDNSSEC/signer/src/signer/rrset.c#L1140 > > and popping an item: > > http://trac.opendnssec.org/browser/trunk/OpenDNSSEC/signer/src/daemon/worker.c#L513 But how come you are sending in the lock of the queue here: http://trac.opendnssec.org/browser/trunk/OpenDNSSEC/signer/src/daemon/worker.c#L578 and then locking it here: http://trac.opendnssec.org/browser/trunk/OpenDNSSEC/signer/src/daemon/worker.c#L684 // Rickard From rickard.bellgrim at iis.se Wed Mar 9 12:57:33 2011 From: rickard.bellgrim at iis.se (Rickard Bellgrim) Date: Wed, 9 Mar 2011 13:57:33 +0100 Subject: [Opendnssec-develop] performance test In-Reply-To: References: <4D763B5E.9020101@nlnetlabs.nl> Message-ID: <1E0A5D58-1223-4195-9635-09893B31117B@iis.se> On 8 mar 2011, at 16.33, Rickard Bellgrim wrote: > 1 worker, 32 drudgers: > [STATS] se RR[count=2322389 time=72(sec)] NSEC[count=998562 time=34(sec)] RRSIG[new=1002849 reused=0 time=461(sec) avg=2175(sig/sec)] AUDIT[time=0(sec)] TOTAL[time=596(sec)] Success! 1 worker, 64 drudgers (230 % CPU and 2.6 GB memory): [STATS] se RR[count=2322389 time=72(sec)] NSEC[count=998562 time=34(sec)] RRSIG[new=1002744 reused=0 time=78(sec) avg=12855(sig/sec)] AUDIT[time=0(sec)] TOTAL[time=211(sec)] From rickard.bellgrim at iis.se Wed Mar 9 13:42:41 2011 From: rickard.bellgrim at iis.se (Rickard Bellgrim) Date: Wed, 9 Mar 2011 14:42:41 +0100 Subject: [Opendnssec-develop] Meeting 20110323 Message-ID: <1E910045-815B-4E20-BBE4-A271A5EBB5B9@iis.se> Hi We decided to have the next meeting on the 23rd of March, 14 CET, Wednesday. Any objections? // Rickard From sion at nominet.org.uk Wed Mar 9 13:48:05 2011 From: sion at nominet.org.uk (=?iso-8859-1?q?Si=F4n_Lloyd?=) Date: Wed, 9 Mar 2011 13:48:05 +0000 Subject: [Opendnssec-develop] Meeting tomorrow In-Reply-To: References: Message-ID: <201103091348.05608.sion@nominet.org.uk> On Tuesday 08 Mar 2011 8:23:20 am Rickard Bellgrim wrote: > Hi > > We have a telephone meeting tomorrow. > > Date: Wednesday 09 March > Time: 14:00-15:00 CET, 13:00-14:00 GMT > > Agenda: > http://trac.opendnssec.org/wiki/Meetings/Agenda/2011-03-09 minutes: http://trac.opendnssec.org/wiki/Meetings/Minutes/2011-03-09 From rickard.bellgrim at iis.se Wed Mar 9 14:59:00 2011 From: rickard.bellgrim at iis.se (Rickard Bellgrim) Date: Wed, 9 Mar 2011 15:59:00 +0100 Subject: [Opendnssec-develop] performance test In-Reply-To: <1E0A5D58-1223-4195-9635-09893B31117B@iis.se> References: <4D763B5E.9020101@nlnetlabs.nl> <1E0A5D58-1223-4195-9635-09893B31117B@iis.se> Message-ID: <65C78BA1-FE4F-4207-8C8A-EC9470184C24@iis.se> On 9 mar 2011, at 13.57, Rickard Bellgrim wrote: > > On 8 mar 2011, at 16.33, Rickard Bellgrim wrote: > >> 1 worker, 32 drudgers: >> [STATS] se RR[count=2322389 time=72(sec)] NSEC[count=998562 time=34(sec)] RRSIG[new=1002849 reused=0 time=461(sec) avg=2175(sig/sec)] AUDIT[time=0(sec)] TOTAL[time=596(sec)] > > Success! > > 1 worker, 64 drudgers (230 % CPU and 2.6 GB memory): > > [STATS] se RR[count=2322389 time=72(sec)] NSEC[count=998562 time=34(sec)] RRSIG[new=1002744 reused=0 time=78(sec) avg=12855(sig/sec)] AUDIT[time=0(sec)] TOTAL[time=211(sec)] > Running with 80 drudgers and thread safe statistics. You can see that the number of signatures are back on normal levels. [STATS] se RR[count=2322389 time=71(sec)] NSEC[count=998562 time=34(sec)] RRSIG[new=1002849 reused=0 time=76(sec) avg=13195(sig/sec)] AUDIT[time=0(sec)] TOTAL[time=211(sec)] [STATS] se RR[count=2322389 time=72(sec)] NSEC[count=998562 time=34(sec)] RRSIG[new=1002849 reused=0 time=75(sec) avg=13371(sig/sec)] AUDIT[time=0(sec)] TOTAL[time=211(sec)] [STATS] se RR[count=2322389 time=71(sec)] NSEC[count=998562 time=34(sec)] RRSIG[new=1002849 reused=0 time=76(sec) avg=13195(sig/sec)] AUDIT[time=0(sec)] TOTAL[time=211(sec)] From matthijs at NLnetLabs.nl Wed Mar 9 15:56:42 2011 From: matthijs at NLnetLabs.nl (Matthijs Mekking) Date: Wed, 09 Mar 2011 16:56:42 +0100 Subject: [Opendnssec-develop] performance test In-Reply-To: <65C78BA1-FE4F-4207-8C8A-EC9470184C24@iis.se> References: <4D763B5E.9020101@nlnetlabs.nl> <1E0A5D58-1223-4195-9635-09893B31117B@iis.se> <65C78BA1-FE4F-4207-8C8A-EC9470184C24@iis.se> Message-ID: <4D77A33A.20101@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I thought that the SCA6000 could do 64 operations in parallel. But your test shows that increasing the number of drudgers to above 64 still improves the performance. Am I wrong about the number of concurrent threads on the SCA6000 or is providing more drudgers than threads on the HSM peaking the performance? Best regards, Matthijs On 03/09/2011 03:59 PM, Rickard Bellgrim wrote: > > On 9 mar 2011, at 13.57, Rickard Bellgrim wrote: > >> >> On 8 mar 2011, at 16.33, Rickard Bellgrim wrote: >> >>> 1 worker, 32 drudgers: >>> [STATS] se RR[count=2322389 time=72(sec)] NSEC[count=998562 time=34(sec)] RRSIG[new=1002849 reused=0 time=461(sec) avg=2175(sig/sec)] AUDIT[time=0(sec)] TOTAL[time=596(sec)] >> >> Success! >> >> 1 worker, 64 drudgers (230 % CPU and 2.6 GB memory): >> >> [STATS] se RR[count=2322389 time=72(sec)] NSEC[count=998562 time=34(sec)] RRSIG[new=1002744 reused=0 time=78(sec) avg=12855(sig/sec)] AUDIT[time=0(sec)] TOTAL[time=211(sec)] >> > > Running with 80 drudgers and thread safe statistics. You can see that the number of signatures are back on normal levels. > > [STATS] se RR[count=2322389 time=71(sec)] NSEC[count=998562 time=34(sec)] RRSIG[new=1002849 reused=0 time=76(sec) avg=13195(sig/sec)] AUDIT[time=0(sec)] TOTAL[time=211(sec)] > [STATS] se RR[count=2322389 time=72(sec)] NSEC[count=998562 time=34(sec)] RRSIG[new=1002849 reused=0 time=75(sec) avg=13371(sig/sec)] AUDIT[time=0(sec)] TOTAL[time=211(sec)] > [STATS] se RR[count=2322389 time=71(sec)] NSEC[count=998562 time=34(sec)] RRSIG[new=1002849 reused=0 time=76(sec) avg=13195(sig/sec)] AUDIT[time=0(sec)] TOTAL[time=211(sec)] > > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNd6M6AAoJEA8yVCPsQCW5kCEIAKEbg/uA01ZMQQSjj4msGhWM NG+ybsQykx69Sj/9WplzvRxOgDAkEiZvSJ4riQFJjlEaFCLogeKDjBsinic0rjPw zZaQe1Di1btuNMqK5kS84kjIeWgVP6h4TX0C1CmCfcKY5cfZfNZjBDz6bjZ8b+ld wcI1MYbGlTYXlGlrklZmniutmV6P/yN+kRizB8DF4r1uDrRi1oNvgXMolzYXahN4 uHtL66rcabjbEMpHtkYZ/rsTDoAAwsxQnJ9EyWC1EgTzew3Hcn+8oSoiwwdP6Dir N6iAPNekymWK6tFohosV+R9WslKdhqZiS8gY44dQjwANXSe7UO1HwZGlMA3XI/Q= =kVeX -----END PGP SIGNATURE----- From rickard.bellgrim at iis.se Wed Mar 9 16:17:00 2011 From: rickard.bellgrim at iis.se (Rickard Bellgrim) Date: Wed, 9 Mar 2011 17:17:00 +0100 Subject: [Opendnssec-develop] performance test In-Reply-To: <4D77A33A.20101@nlnetlabs.nl> References: <4D763B5E.9020101@nlnetlabs.nl> <1E0A5D58-1223-4195-9635-09893B31117B@iis.se> <65C78BA1-FE4F-4207-8C8A-EC9470184C24@iis.se> <4D77A33A.20101@nlnetlabs.nl> Message-ID: <900A5853-B5CA-4930-B883-17E5DA6BCD2A@iis.se> On 9 mar 2011, at 16.56, Matthijs Mekking wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I thought that the SCA6000 could do 64 operations in parallel. But your > test shows that increasing the number of drudgers to above 64 still > improves the performance. > > Am I wrong about the number of concurrent threads on the SCA6000 or is > providing more drudgers than threads on the HSM peaking the performance? It can do more, but the performance does not increase so much more. On 12 jun 2009, at 16.51, Jakob Schlyter wrote: > 128 threads, 1000 signatures per thread, 13387.46 sig/s (RSA 1024 bits) // Rickard From jakob at kirei.se Thu Mar 10 07:03:24 2011 From: jakob at kirei.se (Jakob Schlyter) Date: Thu, 10 Mar 2011 08:03:24 +0100 Subject: [Opendnssec-develop] packaging questions about softhsm In-Reply-To: <5501223D-6A2A-4CAD-8AFA-6C41D3EC96F8@iis.se> References: <6F0BC411-BCE8-4FA2-8C86-3BC7D34311F8@iis.se> <5501223D-6A2A-4CAD-8AFA-6C41D3EC96F8@iis.se> Message-ID: <4923C2E4-27BB-423E-A968-308FCCA82E9E@kirei.se> On 7 mar 2011, at 09.57, Rickard Bellgrim wrote: >> If it is a module and not a shared library, then it should not be installed in /usr/lib* ? >> Perhaps a better place would be /usr/lib/softhsm/ ? > > Yes, perhaps. What do you think Jakob? Yes, much better. >> Is this module only loadable by opendnssec? If so, then it should probably be a sub package, >> like opendnssec-softhsm. > > It can be loaded by any application that supports PKCS#11. Right, it is usable my many other applications. jakob From rickard.bellgrim at iis.se Thu Mar 10 16:17:29 2011 From: rickard.bellgrim at iis.se (Rickard Bellgrim) Date: Thu, 10 Mar 2011 17:17:29 +0100 Subject: [Opendnssec-develop] performance test In-Reply-To: <65C78BA1-FE4F-4207-8C8A-EC9470184C24@iis.se> References: <4D763B5E.9020101@nlnetlabs.nl> <1E0A5D58-1223-4195-9635-09893B31117B@iis.se> <65C78BA1-FE4F-4207-8C8A-EC9470184C24@iis.se> Message-ID: On 9 mar 2011, at 15.59, Rickard Bellgrim wrote: > [STATS] se RR[count=2322389 time=71(sec)] NSEC[count=998562 time=34(sec)] RRSIG[new=1002849 reused=0 time=76(sec) avg=13195(sig/sec)] AUDIT[time=0(sec)] TOTAL[time=211(sec)] Done some more optimization. Mostly about doing less string processing. NSEC [STATS] se RR[count=2322389 time=46(sec)] NSEC[count=998562 time=20(sec)] RRSIG[new=1002849 reused=0 time=75(sec) avg=13371(sig/sec)] AUDIT[time=0(sec)] TOTAL[time=170(sec)] NSEC3 OptIn [STATS] se RR[count=2322389 time=46(sec)] NSEC3[count=998603 time=28(sec)] RRSIG[new=1002891 reused=0 time=75(sec) avg=13371(sig/sec)] AUDIT[time=0(sec)] TOTAL[time=184(sec)] NSEC3 OptOut [STATS] se RR[count=2322389 time=46(sec)] NSEC3[count=4265 time=4(sec)] RRSIG[new=8553 reused=0 time=1(sec) avg=8553(sig/sec)] AUDIT[time=0(sec)] TOTAL[time=63(sec)] // Rickard From owner-dnssec-trac at kirei.se Fri Mar 11 05:07:26 2011 From: owner-dnssec-trac at kirei.se (OpenDNSSEC) Date: Fri, 11 Mar 2011 05:07:26 -0000 Subject: [Opendnssec-develop] =?utf-8?b?W09wZW5ETlNTRUNdICMyMjE6INC40L0=?= =?utf-8?b?0YLQuNC8INC30L3QsNC60L7QvNGB0YLQstCwINGB0LDRgNCw0YLQvtCy0YE=?= =?utf-8?b?0LrQuNC5INGB0LDQudGC?= Message-ID: <041.02b9cd79f98181e9d59d1f8c4de80796@kirei.se> #221: ????? ?????????? ??????????? ???? ----------------------------------------------+----------------------------- Reporter: ????? ?????????? ??????????? ???? | Owner: rb Type: defect | Status: new Priority: major | Component: Unknown Version: trunk | Keywords: ????? ?????????? ??????????? ???? ----------------------------------------------+----------------------------- ??? ????? ????????? ???? ??????, ??????? ?????, ? ? ?????? ?????????? ??? ?? ?????????, ?????????, ??????? ??? ???? http://individualki.no- ip.org/newcat-76.html ????? ?????????? ??????????? ???? ? ??? ??? ??? ?? ???????, ?, ???????? ?????? ??????, ?????? ????, ?????????? ?? ??????. ?????? ??? ? ????? ? ?????? ??????? ??????? ???? -- Ticket URL: OpenDNSSEC OpenDNSSEC From owner-dnssec-trac at kirei.se Fri Mar 11 05:13:52 2011 From: owner-dnssec-trac at kirei.se (OpenDNSSEC) Date: Fri, 11 Mar 2011 05:13:52 -0000 Subject: [Opendnssec-develop] =?utf-8?b?UmU6IFtPcGVuRE5TU0VDXSAjMjIxOiA=?= =?utf-8?b?0LjQvdGC0LjQvCDQt9C90LDQutC+0LzRgdGC0LLQsCDRgdCw0YDQsNGC0L4=?= =?utf-8?b?0LLRgdC60LjQuSDRgdCw0LnRgg==?= In-Reply-To: <041.02b9cd79f98181e9d59d1f8c4de80796@kirei.se> References: <041.02b9cd79f98181e9d59d1f8c4de80796@kirei.se> Message-ID: <056.6e58772727e8c1c69ec3a0d9b8b55086@kirei.se> #221: ????? ?????????? ??????????? ???? ----------------------------------------------+----------------------------- Reporter: ????? ?????????? ??????????? ???? | Owner: rb Type: defect | Status: new Priority: major | Component: Unknown Version: trunk | Resolution: Keywords: ????? ?????????? ??????????? ???? | ----------------------------------------------+----------------------------- Comment (by ??????????? ????????): ??? ?????? http://putana.no-ip.biz/doc_6.html ??????????? ???????? ? ????????? ? ????? ????, ?????? ?? ??????? http://individualki.no- ip.org/category-51.html ????? ?????????? ? ????????? ?? ?????? ?? ??????? ???????? ?????? ???????, ?????????? -- Ticket URL: OpenDNSSEC OpenDNSSEC From owner-dnssec-trac at kirei.se Fri Mar 11 05:15:48 2011 From: owner-dnssec-trac at kirei.se (OpenDNSSEC) Date: Fri, 11 Mar 2011 05:15:48 -0000 Subject: [Opendnssec-develop] =?utf-8?b?UmU6IFtPcGVuRE5TU0VDXSAjMjIxOiA=?= =?utf-8?b?0LjQvdGC0LjQvCDQt9C90LDQutC+0LzRgdGC0LLQsCDRgdCw0YDQsNGC0L4=?= =?utf-8?b?0LLRgdC60LjQuSDRgdCw0LnRgg==?= In-Reply-To: <041.02b9cd79f98181e9d59d1f8c4de80796@kirei.se> References: <041.02b9cd79f98181e9d59d1f8c4de80796@kirei.se> Message-ID: <056.1db9ee06f2aa35765ca41d1d0dda91c2@kirei.se> #221: ????? ?????????? ??????????? ???? ----------------------------------------------+----------------------------- Reporter: ????? ?????????? ??????????? ???? | Owner: rb Type: defect | Status: new Priority: major | Component: Unknown Version: trunk | Resolution: Keywords: ????? ?????????? ??????????? ???? | ----------------------------------------------+----------------------------- Comment (by anonymous): ??????? ????? http://individualki.no-ip.org/info_439.html skype ????? ?????????? ?????? ???? ???????? ??????. ????? ????? ??? ??????? ???? ?????, ? ?????? ?????????? ???? ?? ????????? http://individualki.no- ip.org/newcat-484.html ????? ?????????? ? ????? ?????????? ??????? -- Ticket URL: OpenDNSSEC OpenDNSSEC From sion at nominet.org.uk Mon Mar 14 12:07:49 2011 From: sion at nominet.org.uk (=?iso-8859-1?q?Si=F4n_Lloyd?=) Date: Mon, 14 Mar 2011 12:07:49 +0000 Subject: [Opendnssec-develop] Trailing dot in enforcer In-Reply-To: <5CD60D48-776D-4AE2-A839-A401F37FD3C0@iis.se> References: <201103021134.47972.sion@nominet.org.uk> <2855AE67-451C-42CD-99B1-D7415223B695@kirei.se> <5CD60D48-776D-4AE2-A839-A401F37FD3C0@iis.se> Message-ID: <201103141207.49326.sion@nominet.org.uk> > >> Is this because currently you could have two different zones in the > >> enforcer: "zone" and "zone."? I am not sure if we necessarily have to be > >> backwards compatible with this. > >> > >> I would like to see that everywhere you make the comparison: > >> - - "zone" equals "zone" > >> - - "zone" equals "zone." > >> - - "zone." equals "zone" > >> - - "zone." equals "zone." > >> > >> In that case, it doesn't matter how you would add them, and the user > >> doesn't have to be concerned about being consistent. Okay. Now "zone add" still silently drops a trailing dot (except for ".") All other commands work either way (if both forms of the zone exist then the one without the dot will be found first). The one command which is still strict is "zone delete", this is important for people who might have both forms of the zone to be able to remove one deterministically. Sion From owner-dnssec-trac at kirei.se Tue Mar 15 13:25:39 2011 From: owner-dnssec-trac at kirei.se (OpenDNSSEC) Date: Tue, 15 Mar 2011 13:25:39 -0000 Subject: [Opendnssec-develop] Re: [OpenDNSSEC] #220: Verbosity of new output for 'ods-signer queue' In-Reply-To: <078.e45e8033df90b0925f8a21f09b7df638@kirei.se> References: <078.e45e8033df90b0925f8a21f09b7df638@kirei.se> Message-ID: <093.d9f5af511c93d97e7bfad4c7e2d6e12d@kirei.se> #220: Verbosity of new output for 'ods-signer queue' -----------------------------------------------------+---------------------- Reporter: Sebastian Castro | Owner: matthijs Type: enhancement | Status: new Priority: minor | Component: Signer Version: trunk | Resolution: Keywords: | -----------------------------------------------------+---------------------- Comment (by rb): Yes, that is possible. How about r4563? -- Ticket URL: OpenDNSSEC OpenDNSSEC From owner-dnssec-trac at kirei.se Tue Mar 15 13:47:19 2011 From: owner-dnssec-trac at kirei.se (OpenDNSSEC) Date: Tue, 15 Mar 2011 13:47:19 -0000 Subject: [Opendnssec-develop] Re: [OpenDNSSEC] #197: PoC code: Show keys in GENERATE state (was: Double-free issue) In-Reply-To: <078.3790de63e382f1ce0ce91ddce4707bda@kirei.se> References: <078.3790de63e382f1ce0ce91ddce4707bda@kirei.se> Message-ID: <093.ba1f139d10ead161793f2ede430edaee@kirei.se> #197: PoC code: Show keys in GENERATE state -----------------------------------------------------+---------------------- Reporter: Sebastian Castro | Owner: rb Type: defect | Status: new Priority: minor | Component: Unknown Version: trunk | Resolution: Keywords: double free memory allocation | -----------------------------------------------------+---------------------- -- Ticket URL: OpenDNSSEC OpenDNSSEC From owner-dnssec-trac at kirei.se Tue Mar 15 13:50:20 2011 From: owner-dnssec-trac at kirei.se (OpenDNSSEC) Date: Tue, 15 Mar 2011 13:50:20 -0000 Subject: [Opendnssec-develop] Re: [OpenDNSSEC] #97: How to see the GENERATED keys? In-Reply-To: <087.0a891918cc85b7a056513d2ec376e59a@kirei.se> References: <087.0a891918cc85b7a056513d2ec376e59a@kirei.se> Message-ID: <102.957af0b09454b48631edb950bf68ce2f@kirei.se> #97: How to see the GENERATED keys? ---------------------------------------------------------------+------------ Reporter: St?phane Bortzmeyer | Owner: sion Type: defect | Status: closed Priority: major | Component: Enforcer Version: 1.0.0 | Resolution: duplicate Keywords: | ---------------------------------------------------------------+------------ Changes (by rb): * status: accepted => closed * resolution: => duplicate Comment: Sebastian Castro published some PoC code in #197 -- Ticket URL: OpenDNSSEC OpenDNSSEC From owner-dnssec-trac at kirei.se Tue Mar 15 16:42:37 2011 From: owner-dnssec-trac at kirei.se (OpenDNSSEC) Date: Tue, 15 Mar 2011 16:42:37 -0000 Subject: [Opendnssec-develop] Re: [OpenDNSSEC] #204: ods-hsmutil segfaults when listing keys in TPM chip In-Reply-To: <065.7a1ec9e0075516ab993f1948256b7065@kirei.se> References: <065.7a1ec9e0075516ab993f1948256b7065@kirei.se> Message-ID: <080.0532130e9f72049b4821ea2f4c6551b1@kirei.se> #204: ods-hsmutil segfaults when listing keys in TPM chip ------------------------------------------+--------------------------------- Reporter: Ond?ej Sur? | Owner: rb Type: defect | Status: closed Priority: major | Component: libhsm Version: 1.1.3 | Resolution: fixed Keywords: | ------------------------------------------+--------------------------------- Comment (by DianeBadua): Yes, this was fixed in trunk r3465. Would you like to have it for the v1.1 branch? {{{ #!html air jordan }}} -- Ticket URL: OpenDNSSEC OpenDNSSEC From nick.vandenheuvel at sidn.nl Fri Mar 18 11:48:41 2011 From: nick.vandenheuvel at sidn.nl (Nick van den Heuvel) Date: Fri, 18 Mar 2011 11:48:41 +0000 Subject: [Opendnssec-develop] RE: 1.2.0 with 50000 zones In-Reply-To: References: Message-ID: I did try the same (signing 50.000 zones). The signer stops signing after about 12.000 zones. When the enforcer has finished his work, I will shut down the system and do a restart of ods. Below you can find a small part of the logging: Mar 18 12:44:33 DEVELOPER15 ods-enforcerd: Policy for 13777small.ods set to default. Mar 18 12:44:33 DEVELOPER15 ods-enforcerd: Config will be output to /var/opendnssec/signconf/13777small.ods.xml. Mar 18 12:44:34 DEVELOPER15 ods-enforcerd: INFO: Promoting ZSK from publish to active as this is the first pass for the zone Mar 18 12:44:34 DEVELOPER15 ods-enforcerd: WARNING: Making non-backed up ZSK active, PLEASE make sure that you know the potential problems of using keys which are not recoverable Mar 18 12:44:34 DEVELOPER15 ods-enforcerd: Zone 13778small.ods found. Nick van den Heuvel Testanalist SIDN | Utrechtseweg 310 | 6812 AR | Postbus 5022 | 6802 EA | ARNHEM T +31 (0)26 352 55 00 | F +31 (0)26 352 55 05 nick.vandenheuvel at sidn.nl | www.sidn.nl -----Original Message----- From: opendnssec-develop-bounces at lists.opendnssec.org [mailto:opendnssec-develop-bounces at lists.opendnssec.org] On Behalf Of Patrik Wallstr?m Sent: woensdag 16 februari 2011 9:37 To: opendnssec-develop at lists.opendnssec.org Subject: [Opendnssec-develop] 1.2.0 with 50000 zones So I have now 50000 zones in the system. Previous to the start I had added 20500 zones which both the signer and the enforcer was happy with. After shutting down the system and added another 29500 zones I synced the database to zonelist.xml and started it again with ods-control start. Both the enforcer and the signer started as excepted. The enforcer happily generated all the signconf files, and the signer started doing its thing. However, after coming back this morning, the enforcer was finished having a full 50000 signconfigs in the signconf directory. But the signer only knew about 21823 zones, which was the number both in the queue and in the tmp and signed directories. So, somehow there was some sort of miscommunication between the two components. After shutting down the system, and started the signer again, the signer was working as expected. Any thoughts on this? Why isn't the signer picking up all the signconfs? -- Patrik Wallstr?m Project Manager, R&D .SE (Stiftelsen f?r Internetinfrastruktur) E-mail: patrik.wallstrom at iis.se Web: http://www.iis.se/ _______________________________________________ Opendnssec-develop mailing list Opendnssec-develop at lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop -------------- next part -------------- An HTML attachment was scrubbed... URL: From matthijs at NLnetLabs.nl Fri Mar 18 14:06:18 2011 From: matthijs at NLnetLabs.nl (Matthijs Mekking) Date: Fri, 18 Mar 2011 15:06:18 +0100 Subject: [Opendnssec-develop] 1.2.1 release? Message-ID: <4D8366DA.9010804@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi! I believe the final story for 1.2.1 has just been finished. Time for release? Best regards, Matthijs - -------- Original Message -------- Subject: [Opendnssec-commits] [keihatsu.kirei.se/svn/dnssec] r4598 - in branches/OpenDNSSEC-1.2: . auditor Date: Fri, 18 Mar 2011 14:45:26 +0100 From: Matthijs Mekking To: undisclosed-recipients: ; Author: matthijs Date: 2011-03-18 14:45:26 +0100 (Fri, 18 Mar 2011) New Revision: 4598 Modified: branches/OpenDNSSEC-1.2/NEWS branches/OpenDNSSEC-1.2/auditor/configure.ac Log: also bump dnsruby in 1.2 branch Modified: branches/OpenDNSSEC-1.2/NEWS =================================================================== - --- branches/OpenDNSSEC-1.2/NEWS 2011-03-18 13:40:41 UTC (rev 4597) +++ branches/OpenDNSSEC-1.2/NEWS 2011-03-18 13:45:26 UTC (rev 4598) @@ -3,6 +3,7 @@ OpenDNSSEC 1.2.1 - 2011-0X-XX * ldns 1.6.9 is required for bugfixes. +* dnsruby-1.52 required for bugfixes. Bugfixes: * Auditor: 'make check' now works when srcdir != builddir. Modified: branches/OpenDNSSEC-1.2/auditor/configure.ac =================================================================== - --- branches/OpenDNSSEC-1.2/auditor/configure.ac 2011-03-18 13:40:41 UTC (rev 4597) +++ branches/OpenDNSSEC-1.2/auditor/configure.ac 2011-03-18 13:45:26 UTC (rev 4598) @@ -14,7 +14,7 @@ AM_PROG_RUBY ACX_RUBY_LIBRARY([syslog openssl xsd/datatypes rexml/document]) - -ACX_DNSRUBY(1.51) +ACX_DNSRUBY(1.52) # check for xmllint AC_PATH_PROG(XMLLINT, xmllint) _______________________________________________ Opendnssec-commits mailing list Opendnssec-commits at lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-commits -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNg2baAAoJEA8yVCPsQCW5ul4IAJPl3NjyJVovIwSdmTK1lC4f kawQbEPl96WnrBWlv9bt6aO5HfOmnNLmKEy4hLnkSjvIFvBMTCOjMEXRyia0cLVg X2ODc/U0yT3ERFPcjEDhCn3no5fzfaS8H4FLwbsTlMtB+lYWp4clpzvGeA/6FjId BEA1fNgrVLQck0fBUsBHITXuqOafMu+l5ReiboKewkhKbYmCvnIE6yCg5N3j7abL T3xmUK8Fsr+dr2jHvEabVfFC0d1oWpc8V9loKhPurincA59RK9mIROI1n7ErLCLO 1wIpT3qt8OK1MA01Xq+apcd1PLEEbsF6wnQoX5u104OYIbuJqaO8xWSYyYMjosM= =GcFz -----END PGP SIGNATURE----- From rickard.bellgrim at iis.se Fri Mar 18 14:28:36 2011 From: rickard.bellgrim at iis.se (Rickard Bellgrim) Date: Fri, 18 Mar 2011 15:28:36 +0100 Subject: [Opendnssec-develop] 1.2.1 release? In-Reply-To: <4D8366DA.9010804@nlnetlabs.nl> References: <4D8366DA.9010804@nlnetlabs.nl> Message-ID: <794FA3D2-6CFC-430A-86A0-785044402DF2@iis.se> On 18 mar 2011, at 15.06, Matthijs Mekking wrote: > I believe the final story for 1.2.1 has just been finished. Time for > release? Yes, I just need to test with latest Auditor and bump version number. Then it is up to Jakob. // Rickard From AlexD at nominet.org.uk Fri Mar 18 14:30:43 2011 From: AlexD at nominet.org.uk (Alex Dalitz) Date: Fri, 18 Mar 2011 14:30:43 +0000 Subject: [Opendnssec-develop] 1.2.1 release? In-Reply-To: <4D8366DA.9010804@nlnetlabs.nl> References: <4D8366DA.9010804@nlnetlabs.nl> Message-ID: > I believe the final story for 1.2.1 has just been finished. Time for > release? I guess we should maybe test it first...? Alex. From rickard.bellgrim at iis.se Fri Mar 18 14:41:17 2011 From: rickard.bellgrim at iis.se (Rickard Bellgrim) Date: Fri, 18 Mar 2011 15:41:17 +0100 Subject: [Opendnssec-develop] 1.2.1 release? In-Reply-To: References: <4D8366DA.9010804@nlnetlabs.nl> Message-ID: On 18 mar 2011, at 15.30, Alex Dalitz wrote: >> I believe the final story for 1.2.1 has just been finished. Time for >> release? > > I guess we should maybe test it first...? Yes, I have now tested it and It is working for me. // Rickard From owner-dnssec-trac at kirei.se Sat Mar 19 17:25:14 2011 From: owner-dnssec-trac at kirei.se (OpenDNSSEC) Date: Sat, 19 Mar 2011 17:25:14 -0000 Subject: [Opendnssec-develop] Re: [OpenDNSSEC] #77: Redistributing trang without copying.txt violates copyright In-Reply-To: <065.4f2464004b67f42251d287c205fd3b37@kirei.se> References: <065.4f2464004b67f42251d287c205fd3b37@kirei.se> Message-ID: <080.9a2e323dd9f8650c64501c2225884e0d@kirei.se> #77: Redistributing trang without copying.txt violates copyright ------------------------------------------+--------------------------------- Reporter: Ond?ej Sur? | Owner: jakob Type: defect | Status: closed Priority: critical | Component: Unknown Version: trunk | Resolution: fixed Keywords: | ------------------------------------------+--------------------------------- Comment (by Ond?ej Sur? ): I don't want to open new bug, so just a comment here. Would it be possible to leave out the trang from distribution tarball? It's not needed because rng files are already generated there, and it violates debian-must-have-source policy which makes me repack the tarball, which is suboptimal. -- Ticket URL: OpenDNSSEC OpenDNSSEC From rickard.bellgrim at iis.se Mon Mar 21 09:23:00 2011 From: rickard.bellgrim at iis.se (Rickard Bellgrim) Date: Mon, 21 Mar 2011 10:23:00 +0100 Subject: [Opendnssec-develop] Meeting 20110323 Message-ID: <1B822D2C-164A-46FF-90A9-9017E1B17A6E@iis.se> Hi It is time for a telephone meeting on wednesday. Date: Wednesday 23 March Time: 14:00-15:00 CET, 13:00-14:00 GMT Agenda: http://trac.opendnssec.org/wiki/Meetings/Agenda/2011-03-23 // Rickard From rickard.bellgrim at iis.se Mon Mar 21 09:31:15 2011 From: rickard.bellgrim at iis.se (Rickard Bellgrim) Date: Mon, 21 Mar 2011 10:31:15 +0100 Subject: [Opendnssec-develop] v1.3.0 beta or rc1 Message-ID: <5E5F6ED8-8C96-41FB-B8BA-2A3B718E4687@iis.se> Hi We started a discussion during the last meeting, whether we should release the v1.3.0 as a beta or rc1. The focus has been on the threaded signer and thus having the changes in a concentrated area. A lot of testing has also been going on. What do you think, would it be ok to do a v1.3.0rc1 once we have finished the stories? // Rickard From jakob at kirei.se Mon Mar 21 09:42:52 2011 From: jakob at kirei.se (Jakob Schlyter) Date: Mon, 21 Mar 2011 10:42:52 +0100 Subject: [Opendnssec-develop] v1.3.0 beta or rc1 In-Reply-To: <5E5F6ED8-8C96-41FB-B8BA-2A3B718E4687@iis.se> References: <5E5F6ED8-8C96-41FB-B8BA-2A3B718E4687@iis.se> Message-ID: <42E4BDF0-2A0E-40D9-A518-EB0187F8DD3E@kirei.se> 21 mar 2011 kl. 10:31 skrev Rickard Bellgrim : > We started a discussion during the last meeting, whether we should release the v1.3.0 as a beta or rc1. The focus has been on the threaded signer and thus having the changes in a concentrated area. A lot of testing has also been going on. > > What do you think, would it be ok to do a v1.3.0rc1 once we have finished the stories? I think it would be prudent to do at least one beta rather soon. Jakob From matthijs at NLnetLabs.nl Mon Mar 21 10:26:54 2011 From: matthijs at NLnetLabs.nl (Matthijs Mekking) Date: Mon, 21 Mar 2011 11:26:54 +0100 Subject: [Opendnssec-develop] v1.3.0 beta or rc1 In-Reply-To: <42E4BDF0-2A0E-40D9-A518-EB0187F8DD3E@kirei.se> References: <5E5F6ED8-8C96-41FB-B8BA-2A3B718E4687@iis.se> <42E4BDF0-2A0E-40D9-A518-EB0187F8DD3E@kirei.se> Message-ID: <4D8727EE.5000404@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +1 On 03/21/2011 10:42 AM, Jakob Schlyter wrote: > 21 mar 2011 kl. 10:31 skrev Rickard Bellgrim : > >> We started a discussion during the last meeting, whether we should release the v1.3.0 as a beta or rc1. The focus has been on the threaded signer and thus having the changes in a concentrated area. A lot of testing has also been going on. >> >> What do you think, would it be ok to do a v1.3.0rc1 once we have finished the stories? > > I think it would be prudent to do at least one beta rather soon. > > Jakob > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNhyfuAAoJEA8yVCPsQCW58TsH/iqc4PXVQEegrt7caix3jWzV MvyLn+FhF/UaMFNqu78eKrhwPSoaK77DKox2azc12KDzXUeEs+/hm7Nek+qkmD3n nyoozkZFaCtutrsNzYw5hQXTORbHKZy0Kigv0MpnVlmuc5/+feytmn2tYVmfUYKI ynSDz0tYWEO9k5EB/jt6odvpSuJ+Cs/Gprg4dSp8X1YTK8nNqLu/FosWQN1xulEO ThDw6ZQAF/3pD8hn0lvW2YaEuxgZPlkqKnJ11VrmnBICd3KRGAkMeiX4dJrXw+SY 9Pt84/F/sTdUnwBkfXO00yeczHDViwhFjlupGhc0lxyL722zepKgjZ/kGB3n7rQ= =NyM5 -----END PGP SIGNATURE----- From rickard.bellgrim at iis.se Mon Mar 21 16:38:36 2011 From: rickard.bellgrim at iis.se (Rickard Bellgrim) Date: Mon, 21 Mar 2011 17:38:36 +0100 Subject: [Opendnssec-develop] v1.3.0 beta or rc1 In-Reply-To: <42E4BDF0-2A0E-40D9-A518-EB0187F8DD3E@kirei.se> References: <5E5F6ED8-8C96-41FB-B8BA-2A3B718E4687@iis.se> <42E4BDF0-2A0E-40D9-A518-EB0187F8DD3E@kirei.se> Message-ID: <3458CD41-FBA5-4CD8-B765-5B3447D6DEB2@iis.se> On 21 mar 2011, at 10.42, Jakob Schlyter wrote: > I think it would be prudent to do at least one beta rather soon. +1 From Roland.vanRijswijk at surfnet.nl Tue Mar 22 14:19:59 2011 From: Roland.vanRijswijk at surfnet.nl (Roland van Rijswijk) Date: Tue, 22 Mar 2011 15:19:59 +0100 Subject: [Opendnssec-develop] Meeting minutes Enforcer TNG meeting 2011-03-22 Message-ID: <9AFB9E0F-0247-46E7-8D69-1F30B830B15C@surfnet.nl> Hi guys, The meeting minutes for today's Enforcer TNG meeting can be found here: http://trac.opendnssec.org/wiki/Meetings/Minutes/2011-03-22 Please update/change/comment as you see fit. Cheers, Roland -- Roland M. van Rijswijk -- SURFnet Middleware Services -- t: +31-30-2305388 -- e: roland.vanrijswijk at surfnet.nl From sion at nominet.org.uk Tue Mar 22 14:37:46 2011 From: sion at nominet.org.uk (=?iso-8859-1?q?Si=F4n_Lloyd?=) Date: Tue, 22 Mar 2011 14:37:46 +0000 Subject: [Opendnssec-develop] v1.3.0 beta or rc1 In-Reply-To: <3458CD41-FBA5-4CD8-B765-5B3447D6DEB2@iis.se> References: <5E5F6ED8-8C96-41FB-B8BA-2A3B718E4687@iis.se> <42E4BDF0-2A0E-40D9-A518-EB0187F8DD3E@kirei.se> <3458CD41-FBA5-4CD8-B765-5B3447D6DEB2@iis.se> Message-ID: <201103221437.46157.sion@nominet.org.uk> On Monday 21 Mar 2011 4:38:36 pm Rickard Bellgrim wrote: > On 21 mar 2011, at 10.42, Jakob Schlyter wrote: > > I think it would be prudent to do at least one beta rather soon. > > +1 +1 I think that is a majority? From jakob at kirei.se Tue Mar 22 16:50:53 2011 From: jakob at kirei.se (Jakob Schlyter) Date: Tue, 22 Mar 2011 17:50:53 +0100 Subject: [Opendnssec-develop] v1.3.0 beta or rc1 In-Reply-To: <201103221437.46157.sion@nominet.org.uk> References: <5E5F6ED8-8C96-41FB-B8BA-2A3B718E4687@iis.se> <42E4BDF0-2A0E-40D9-A518-EB0187F8DD3E@kirei.se> <3458CD41-FBA5-4CD8-B765-5B3447D6DEB2@iis.se> <201103221437.46157.sion@nominet.org.uk> Message-ID: <1394196E-C408-4736-A626-14C2F19FCAC6@kirei.se> On 22 mar 2011, at 15.37, Si?n Lloyd wrote: > I think that is a majority? I declare rough consensus. 1.3.0b1 tomorrow? jakob From owner-dnssec-trac at kirei.se Wed Mar 23 22:22:09 2011 From: owner-dnssec-trac at kirei.se (OpenDNSSEC) Date: Wed, 23 Mar 2011 22:22:09 -0000 Subject: [Opendnssec-develop] [OpenDNSSEC] #221: Segmentation Fault on schedule.c:232 Message-ID: <078.5ea09a3702cde5cf62b1b8aa3fea196b@kirei.se> #221: Segmentation Fault on schedule.c:232 -----------------------------------------------------+---------------------- Reporter: Sebastian Castro | Owner: matthijs Type: defect | Status: new Priority: trivial | Component: Signer Version: trunk | Keywords: -----------------------------------------------------+---------------------- When running OpenDNSSEC 1.3.0-trunk (r4624), I got a SEGFAULT. The problem is here: del_node = ldns_rbtree_delete(schedule->tasks, (const void*) task); if (del_node) { del_task = (task_type*) del_node->data; free((void*)del_node); } else { ods_log_warning(...); } if (del_task->flush) { If for some reason del_node returns NULL, del_task will be NULL as well, so del_task->flush will cause a SIGFAULT (which is my case). I saw the warning before ods-signerd crashed and I have the core dump as well. A workaround is to change the condition to if (del_task && del_task->flush) but I'm not sure if it breaks your logic. -- Ticket URL: OpenDNSSEC OpenDNSSEC From owner-dnssec-trac at kirei.se Wed Mar 23 22:32:03 2011 From: owner-dnssec-trac at kirei.se (OpenDNSSEC) Date: Wed, 23 Mar 2011 22:32:03 -0000 Subject: [Opendnssec-develop] Re: [OpenDNSSEC] #220: Verbosity of new output for 'ods-signer queue' In-Reply-To: <078.e45e8033df90b0925f8a21f09b7df638@kirei.se> References: <078.e45e8033df90b0925f8a21f09b7df638@kirei.se> Message-ID: <093.f51777962736ad4630bc324b6d4860ce@kirei.se> #220: Verbosity of new output for 'ods-signer queue' -----------------------------------------------------+---------------------- Reporter: Sebastian Castro | Owner: matthijs Type: enhancement | Status: new Priority: minor | Component: Signer Version: trunk | Resolution: Keywords: | -----------------------------------------------------+---------------------- Comment (by Sebastian Castro ): Output looks good, thanks! -- Ticket URL: OpenDNSSEC OpenDNSSEC From owner-dnssec-trac at kirei.se Thu Mar 24 09:28:22 2011 From: owner-dnssec-trac at kirei.se (OpenDNSSEC) Date: Thu, 24 Mar 2011 09:28:22 -0000 Subject: [Opendnssec-develop] Re: [OpenDNSSEC] #221: Segmentation Fault on schedule.c:232 In-Reply-To: <078.5ea09a3702cde5cf62b1b8aa3fea196b@kirei.se> References: <078.5ea09a3702cde5cf62b1b8aa3fea196b@kirei.se> Message-ID: <093.97629b50f0a73c1591e3ba7d9884ef63@kirei.se> #221: Segmentation Fault on schedule.c:232 -----------------------------------------------------+---------------------- Reporter: Sebastian Castro | Owner: matthijs Type: defect | Status: new Priority: trivial | Component: Signer Version: trunk | Resolution: Keywords: | -----------------------------------------------------+---------------------- Comment (by matthijs): Hi, Fixed in r4634. If we cannot unschedule, the function should return NULL. Your logic works. I fixed it a bit differently, but it's the same behaviour as your fix. Thanks for the report -- Ticket URL: OpenDNSSEC OpenDNSSEC From owner-dnssec-trac at kirei.se Thu Mar 24 09:28:34 2011 From: owner-dnssec-trac at kirei.se (OpenDNSSEC) Date: Thu, 24 Mar 2011 09:28:34 -0000 Subject: [Opendnssec-develop] Re: [OpenDNSSEC] #221: Segmentation Fault on schedule.c:232 In-Reply-To: <078.5ea09a3702cde5cf62b1b8aa3fea196b@kirei.se> References: <078.5ea09a3702cde5cf62b1b8aa3fea196b@kirei.se> Message-ID: <093.8292b61517bfbf97a89bd3d53b2abc12@kirei.se> #221: Segmentation Fault on schedule.c:232 -----------------------------------------------------+---------------------- Reporter: Sebastian Castro | Owner: matthijs Type: defect | Status: closed Priority: trivial | Component: Signer Version: trunk | Resolution: fixed Keywords: | -----------------------------------------------------+---------------------- Changes (by matthijs): * status: new => closed * resolution: => fixed -- Ticket URL: OpenDNSSEC OpenDNSSEC From matthijs at NLnetLabs.nl Thu Mar 24 15:37:28 2011 From: matthijs at NLnetLabs.nl (Matthijs Mekking) Date: Thu, 24 Mar 2011 16:37:28 +0100 Subject: [Opendnssec-develop] About adapters Message-ID: <4D8B6538.9080303@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, In branches/OpenDNSSEC-adapters/conf/, I have edited the configuration in such a way that I can initialize and use Dummy Adapters. Is this how we would like to see adapters to be configured? Best regards, Matthijs - -------- Original Message -------- Subject: [Opendnssec-commits] [keihatsu.kirei.se/svn/dnssec] r4649 - branches/OpenDNSSEC-adapters/conf Date: Thu, 24 Mar 2011 16:21:11 +0100 From: Matthijs Mekking To: undisclosed-recipients: ; Author: matthijs Date: 2011-03-24 16:21:11 +0100 (Thu, 24 Mar 2011) New Revision: 4649 Modified: branches/OpenDNSSEC-adapters/conf/conf.rnc Log: allow dummy adapters to be initialized Modified: branches/OpenDNSSEC-adapters/conf/conf.rnc =================================================================== - --- branches/OpenDNSSEC-adapters/conf/conf.rnc 2011-03-24 15:14:33 UTC (rev 4648) +++ branches/OpenDNSSEC-adapters/conf/conf.rnc 2011-03-24 15:21:11 UTC (rev 4649) @@ -174,9 +174,12 @@ sqlite = element SQLite { xsd:string } # adapters - -adapter = adfile +adapter = adfile | addummy # file adapter adfile = element File { xsd:string } +# dummy adapter +addummy = element Dummy { xsd:string } + _______________________________________________ Opendnssec-commits mailing list Opendnssec-commits at lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-commits -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNi2U4AAoJEA8yVCPsQCW54fsH+wabne0F8Za9DRMblYbLEMKW QuVtKcmfSygaNCYOXfZYcz/ITGbf3RHwFxwRoMej6KDJHSaQDrOre2LalWNsEVm6 gmh7dbXnLPJIFtxUB2OZTcXR7ykmVW+30m5LiLpDErkT2YwiSTGcQZKna1Ts1D4x P3XJwr760PE7zIgeNsBS2GZQdJoDqcFd/Qo9MCK958PvqfTUBrNtNshJEioAH1Fp j6yt/D+fXA6tw8vRtnrCtXJZGoRm/F/GypU4VFNW9WOAnlaL0v6+ejYcZoqkCiFa djw5kZnBtqRVap5AH/OWq3nJMwIB+NSxPm0WJrk9qKjKpcLxMqHJX8WDCYL/t1A= =Y5N/ -----END PGP SIGNATURE----- From rick at openfortress.nl Fri Mar 25 13:34:25 2011 From: rick at openfortress.nl (Rick van Rein) Date: Fri, 25 Mar 2011 13:34:25 +0000 Subject: [Opendnssec-develop] Minutes of 23-3-2011 online Message-ID: <20110325133425.GA12581@phantom.vanrein.org> Hello, I have just posted the last meeting's minutes online, http://trac.opendnssec.org/wiki/Meetings/Minutes/2011-03-23 -Rick From owner-dnssec-trac at kirei.se Tue Mar 29 13:56:11 2011 From: owner-dnssec-trac at kirei.se (OpenDNSSEC) Date: Tue, 29 Mar 2011 13:56:11 -0000 Subject: [Opendnssec-develop] [OpenDNSSEC] #222: Argan oil or even Moroccan oil Works Miracles with regard to Skin Message-ID: <047.0a3ea7625bb3309f3414b5b7f0c982ec@kirei.se> #222: Argan oil or even Moroccan oil Works Miracles with regard to Skin ----------------------+----------------------------------------------------- Reporter: anonymous | Owner: rb Type: defect | Status: new Priority: major | Component: Unknown Version: trunk | Keywords: ----------------------+----------------------------------------------------- Argan oil or even Moroccan oil Works Miracles with regard to Skin The other agents is famous in the world for its unique item called [http://arganoils.org/moroccan-oil Moroccan oil] or even [http://arganoils.org/ argan oil]. Argan trees and shrubs grow broadly in Morocco. The actual fruits as well as nuts of this sapling tend to be crushed utilizing fingers in order to press out the beneficial oil. Moroccans have been using the actual essential oil for protecting their own skin for centuries. Unfortunately, other parts around the globe were past due in realizing the actual beneficial aspects of the actual magical oil. These days, Argan oil is actually widely well-liked and is used in every part around the globe, being an effective grow older controlling item. Human skin, gentle, smooth as well as supple whenever born, becomes tough, dried out as well as old and wrinkly with age. Daily connection with uv sun rays, contaminated air and the deterioration of each and every day time existence, makes aging process faster. The actual [http://arganoils.org/argan-oil Argan oil benefits] to address getting older as well as flight delays the process considerably. Furthermore, this repairs the currently carried out damage by decreasing wrinkles and dry skin. The actual oil, an abundant organic antioxidant has the capacity to stability producing toxins. Thus the tissue of our body that are naturally gentle and sensitive stay therefore for very long. Additional, the actual wealthy nutrient content of the oil, which includes linoleic acidity, an extremely advantageous fatty acid really makes the essential oil distinctive. Cosmetic industry has recognized the actual makes use of associated with argan oil and is utilizing it in skin and hair care products. The most breathtaking pores and skin encounters skin tones, loose and so on as we grow old. Argan oil may fight these types of signs and symptoms to keep you look more youthful. It tightens your skin as well as wards off the ill-effects of smoking on your skin. Because it doesn't have side effects you can use it regularly. Argan oil is good for its anti-inflammatory capabilities. This lessens irritation of pores and skin, swellings etc successfully. Certain pores and skin issues leads to itchiness as well as pain, that the actual essential oil makes a great remedy. Additional, you can use the actual essential oil to deal with a number of other skin diseases. Argan oil can be used to treat scars, marks etc which makes your skin much less appealing and also painful burns. A good source of e vitamin and other essential fatty acids, the actual oil is medication to dry skin, acne breakouts, stretchmarks and psoriasis. Stretch marks result in the skin unsightly, that is an issue for many beauty conscious women. The actual nasty wrinkles created throughout as well as after delivery tend to be smoothened by the utilization of argan oil. The actual oil has the capacity to stability advance of natural oils and control skin disorders such as acne. -- Ticket URL: OpenDNSSEC OpenDNSSEC From owner-dnssec-trac at kirei.se Thu Mar 31 04:06:32 2011 From: owner-dnssec-trac at kirei.se (OpenDNSSEC) Date: Thu, 31 Mar 2011 04:06:32 -0000 Subject: [Opendnssec-develop] [OpenDNSSEC] #223: Ways to get Good Rates on Airline tickets? Message-ID: <047.a646f9dd47e17c2332dfa36e059a8ed7@kirei.se> #223: Ways to get Good Rates on Airline tickets? ----------------------+----------------------------------------------------- Reporter: anonymous | Owner: rb Type: defect | Status: new Priority: major | Component: Unknown Version: trunk | Keywords: ----------------------+----------------------------------------------------- Ways to get Good Rates on Airline tickets? There are many ways to get good prices on air seats. Beneath mentioned are a couple of all of them that you can think about: 1. Make your bookings immediately after you decide your vacation. If you book your tickets ahead of time say, A 3 week period prior to, you receive discount rates from airlines. You're going to get great prices on [http://www.affordabletravel.org airline tickets], should you incorporate an evening stay on Sunday as well as travel throughout the mondays to fridays. 2. Buying [http://www.affordabletravel.org airline tickets] on the Internet is the fastest and easiest mode to compare ticket prices of different airlines to know which one is offering better offers. Changing the actual flight???s period on the day that also impacts the speed. Mostly, prices tend to be low early in the early morning or past due in the evening. 3. You will find best rates during off-season. 4. Check whether it can save you if you are planning a return trip. You might conserve by stopping from some midpoint rather than taking a direct trip. 5. Try in order to book a package for your journey plan. You might conserve a lot by reserving your own accommodation as well as rental car together with [http://www.affordabletravel.org airline tickets]. 6. Enquire if the price provided is the best while booking your own seats. 7. Apply with regard to qualified special discount schemes. Unique Low cost Strategies - Accessibility as well as Kinds ??? Check whether your own regular membership within clubs or even associations can get you deals on airline tickets. ??? Premium or even loyalty regular membership and applications with regard to regular flyers provide good deals. ??? Many charge card providers have tie-ups with some airlines to supply discount rates. ??? Package discounts are available when reserving your own airline ticket along with particular cruise line, hotel or vehicle rentals. ??? Discounts are available for people of particular age bracket possibly young or old also to college students. ??? Often, discount rates are available to large number of travelers soaring collectively. ??? Discounts are available for workers associated with government or even companies and military officials. Next, to obtain the companies that have collaborations along with airlines providing rewards with regard to employing their services, you have to check web sites of air carriers, as they have the list of companies that they have partnerships along with. In addition, remember that you cannot make use of other person???s regular flyer discount vouchers or unused airline tickets. Air carriers possess rigid rules against such activities and you may be placed on flight denial checklist question you the right to travel through air for a particular time period, if caught doing so. -- Ticket URL: OpenDNSSEC OpenDNSSEC From rickard.bellgrim at iis.se Thu Mar 31 07:21:53 2011 From: rickard.bellgrim at iis.se (Rickard Bellgrim) Date: Thu, 31 Mar 2011 09:21:53 +0200 Subject: [Opendnssec-develop] Signature verification in SoftHSM Message-ID: <855E7606-6E85-4FBC-911A-A78C9EE861CA@iis.se> Hi It is almost two years ago since we introduced signature verification in SoftHSM. This is a debug feature that enables SoftHSM to verify all the signatures that is created. To get this feature you have to configure with --enable-sigver. We added this because we one time got a signature that could not be verified, but we never managed to recreate this situation. My question is: Can we remove this code from SoftHSM? (I do not think anyone is using it. And the signing code would be much cleaner without it.) // Rickard From owner-dnssec-trac at kirei.se Thu Mar 31 07:25:28 2011 From: owner-dnssec-trac at kirei.se (OpenDNSSEC) Date: Thu, 31 Mar 2011 07:25:28 -0000 Subject: [Opendnssec-develop] [OpenDNSSEC] #224: Electric cigarettes - The Best Option to Quit Smoking Message-ID: <047.d69b633b541cc68a79b894c15482da27@kirei.se> #224: Electric cigarettes - The Best Option to Quit Smoking ----------------------+----------------------------------------------------- Reporter: anonymous | Owner: rb Type: defect | Status: new Priority: major | Component: Unknown Version: trunk | Keywords: ----------------------+----------------------------------------------------- Electric cigarettes - The Best Option to Quit Smoking Cigarettes include dangerous contents that often tend to destroy the healthiness of the actual smokers. Actually, inhaling the harmful chemicals present in cigarettes can tear the lungs and trigger life- threatening diseases for example most cancers as well as other additional diseases. Once the body's hooked on cigarette smoking, he/she tends to think it is extremely hard to stop the habit because of the higher dependence on smoking. One of the biggest breakthrough inventions is the electric cigarettes that tend to reduce the urges to smoke among smokers. You need to know that an ecigarette consists of an electric battery, capsule associated with nicotine as well as an atomizer. When the smoker breathes in this particular smoke, the actual atomizer gets activated. The actual capsule of nicotine gets heated to give similar flavor as well as effects as those of actual cigarettes. These types of smoking act as one of the healthiest alternatives to stop smoking. Moreover, the cost of these cigarettes is much less when compared with real smoking smoking. In recent years, the electric cigarettes possess acquired a lot recognition as well as popularity. You can also search through the various [http://www.ElectronicCigaretteReviewTeam.Com electronic cigarette reviews] online to find much more about these types of smoking. These types of cigarettes not only reduce the wanting in order to smoke cigarettes, but also help to totally break the addiction. Actual cigarettes additionally trigger yellowing associated with teeth. [http://www.ElectronicCigaretteReviewTeam.Com electronic cigarette reviews] suggest that these cigarettes are extremely harmless towards the wellness of the person, because they are free of any kind of side effects in comparison with real smoking. In addition, they come in varied flavors. Additionally they assist in reducing the intake of smoking through directly decreasing the effectiveness of nicotine. Thus, electric cigarettes are lawfully approved today in most of the nations. Actually, studying the various [http://www.ElectronicCigaretteReviewTeam.Com electronic cigarette reviews] likewise helps you to decide on the best electronic cigarette brand that will help you stop smoking permanently. -- Ticket URL: OpenDNSSEC OpenDNSSEC From owner-dnssec-trac at kirei.se Thu Mar 31 07:45:42 2011 From: owner-dnssec-trac at kirei.se (OpenDNSSEC) Date: Thu, 31 Mar 2011 07:45:42 -0000 Subject: [Opendnssec-develop] Re: [OpenDNSSEC] #220: Verbosity of new output for 'ods-signer queue' In-Reply-To: <078.e45e8033df90b0925f8a21f09b7df638@kirei.se> References: <078.e45e8033df90b0925f8a21f09b7df638@kirei.se> Message-ID: <093.31102aa5112d471d1531745ed29f7de5@kirei.se> #220: Verbosity of new output for 'ods-signer queue' -----------------------------------------------------+---------------------- Reporter: Sebastian Castro | Owner: matthijs Type: enhancement | Status: closed Priority: minor | Component: Signer Version: trunk | Resolution: fixed Keywords: | -----------------------------------------------------+---------------------- Changes (by rb): * status: new => closed * resolution: => fixed -- Ticket URL: OpenDNSSEC OpenDNSSEC From matthijs at NLnetLabs.nl Thu Mar 31 07:47:43 2011 From: matthijs at NLnetLabs.nl (Matthijs Mekking) Date: Thu, 31 Mar 2011 09:47:43 +0200 Subject: [Opendnssec-develop] Signature verification in SoftHSM In-Reply-To: <855E7606-6E85-4FBC-911A-A78C9EE861CA@iis.se> References: <855E7606-6E85-4FBC-911A-A78C9EE861CA@iis.se> Message-ID: <4D94319F.2060700@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 imo you can remove it (but keep the code in a branch). Best regards, Matthijs On 03/31/2011 09:21 AM, Rickard Bellgrim wrote: > Hi > > It is almost two years ago since we introduced signature verification in SoftHSM. This is a debug feature that enables SoftHSM to verify all the signatures that is created. To get this feature you have to configure with --enable-sigver. We added this because we one time got a signature that could not be verified, but we never managed to recreate this situation. > > My question is: Can we remove this code from SoftHSM? > > (I do not think anyone is using it. And the signing code would be much cleaner without it.) > > // Rickard > > _______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNlDGfAAoJEA8yVCPsQCW5PEYH+wcSOfRH51a9xtz9uGMd3Y5b gnvrekytABz5YdAsL5b0rfXqh/SgTgRW5+hBlPgNueh8boI5GT36ycBPTPFIDCLa mUNw4Vp3lcwjKjB2qCt3v5QryeeuDYGsn4QLSbLFlppOlejmhQCdg9yL6VA4PFtD 3bFpT3wtg4kOreF7iqcidCxRD98X3j6AUDSSjJa+9JJuUkHxf2GPu8lB830M/3U/ EQvsqv2SKUuODVpE3GX9XzANGrm8tCC8k7RanJ/8nMPF1FcO4dC1W4LHFkgsrrqb e2fZ15CQfE+pVzj4TO7nvTAT+56wrdkuxhDbFHzCgdtk2cW0TMuv8CjvkJdcWiw= =3OLp -----END PGP SIGNATURE----- From matthijs at NLnetLabs.nl Thu Mar 31 07:53:27 2011 From: matthijs at NLnetLabs.nl (Matthijs Mekking) Date: Thu, 31 Mar 2011 09:53:27 +0200 Subject: [Opendnssec-develop] Signature verification in SoftHSM In-Reply-To: <4D94319F.2060700@nlnetlabs.nl> References: <855E7606-6E85-4FBC-911A-A78C9EE861CA@iis.se> <4D94319F.2060700@nlnetlabs.nl> Message-ID: <4D9432F7.30401@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 And after sending this message, I read this On 03/09/2011 06:42 AM, Sebastian Castro wrote: > Although after the increase in the number of signers things are > better, I still see invalid zones because one key is missing or bogus > signatures (which I reported on a separated email). He is using softHSM. I'll ask for more info. Best regards, Matthijs On 03/31/2011 09:47 AM, Matthijs Mekking wrote: > imo you can remove it (but keep the code in a branch). > > Best regards, > > Matthijs > > On 03/31/2011 09:21 AM, Rickard Bellgrim wrote: >> Hi > >> It is almost two years ago since we introduced signature verification in SoftHSM. This is a debug feature that enables SoftHSM to verify all the signatures that is created. To get this feature you have to configure with --enable-sigver. We added this because we one time got a signature that could not be verified, but we never managed to recreate this situation. > >> My question is: Can we remove this code from SoftHSM? > >> (I do not think anyone is using it. And the signing code would be much cleaner without it.) > >> // Rickard > >> _______________________________________________ >> Opendnssec-develop mailing list >> Opendnssec-develop at lists.opendnssec.org >> https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop > _______________________________________________ Opendnssec-develop mailing list Opendnssec-develop at lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNlDL3AAoJEA8yVCPsQCW5CWcIALo56GHRv81oXgUJ8EEf2PPI jZ5CIMT0OfsZgO0Lpmc43Kp76DJAzqLzMdjMVLugh4gXzBioYAZ27bf6K0M6b05l h74wp3nEcgmZvEDm+qakIhKgDGA3W9is1iZ1Gk+ES3Yk9lDQPiQMQyQPQ527uYeF pA4PTd9mHD5FO4ARidU+i7KcWLmdoOwKBEJvd/4ivZQrDz50n2uzkvmaLucw8N05 fqop6c1Chs4WoETN5o/ybJiuaaD3dLe5z0QnUOBU4OSuAnEs+sHLZU4ljOpx50IC vZ6Tva7UWrv5qzNV/d7tCtR9l0MRXNdy5Nbk3r0ssss0Rxl9egbNpB5NLGmQupo= =LyvP -----END PGP SIGNATURE----- From owner-dnssec-trac at kirei.se Thu Mar 31 07:57:10 2011 From: owner-dnssec-trac at kirei.se (OpenDNSSEC) Date: Thu, 31 Mar 2011 07:57:10 -0000 Subject: [Opendnssec-develop] Re: [OpenDNSSEC] #139: ods-auditor fails on root zone In-Reply-To: <059.08d771def356f88883519f24053db8c9@kirei.se> References: <059.08d771def356f88883519f24053db8c9@kirei.se> Message-ID: <074.bde03a4367926bf5b2136875246b7da0@kirei.se> #139: ods-auditor fails on root zone ----------------------------------+----------------------------------------- Reporter: dwessels@? | Owner: rb Type: defect | Status: closed Priority: minor | Component: Auditor Version: trunk | Resolution: fixed Keywords: | ----------------------------------+----------------------------------------- Changes (by rb): * status: accepted => closed * resolution: => fixed Comment: This is now supported in v1.3.0b1. -- Ticket URL: OpenDNSSEC OpenDNSSEC From owner-dnssec-trac at kirei.se Thu Mar 31 08:11:32 2011 From: owner-dnssec-trac at kirei.se (OpenDNSSEC) Date: Thu, 31 Mar 2011 08:11:32 -0000 Subject: [Opendnssec-develop] Re: [OpenDNSSEC] #178: Specifications of time/duration divert from specifications In-Reply-To: <047.6032d9898b2f707547664df144c5ac76@kirei.se> References: <047.6032d9898b2f707547664df144c5ac76@kirei.se> Message-ID: <062.1c29738f478e8d5b0eb913cc01988685@kirei.se> #178: Specifications of time/duration divert from specifications ----------------------+----------------------------------------------------- Reporter: anonymous | Owner: sion Type: defect | Status: closed Priority: trivial | Component: Enforcer Version: trunk | Resolution: fixed Keywords: | ----------------------+----------------------------------------------------- Changes (by rb): * status: accepted => closed * resolution: => fixed Comment: Fixed in r3893 -- Ticket URL: OpenDNSSEC OpenDNSSEC From AlexD at nominet.org.uk Thu Mar 31 09:15:24 2011 From: AlexD at nominet.org.uk (Alex Dalitz) Date: Thu, 31 Mar 2011 09:15:24 +0000 Subject: [Opendnssec-develop] Signature verification in SoftHSM In-Reply-To: <4D9432F7.30401@nlnetlabs.nl> References: <855E7606-6E85-4FBC-911A-A78C9EE861CA@iis.se> <4D94319F.2060700@nlnetlabs.nl> <4D9432F7.30401@nlnetlabs.nl> Message-ID: > On 03/09/2011 06:42 AM, Sebastian Castro wrote: >> Although after the increase in the number of signers things are >> better, I still see invalid zones because one key is missing or bogus >> signatures (which I reported on a separated email). > > He is using softHSM. I'll ask for more info. Apologies if I've misunderstood this... Is Sebastian saying that he is running with the softhsm checking code on, and has discovered invalid signatures? If so, then I think that the code should stay. Thanks, Alex. From matthijs at NLnetLabs.nl Thu Mar 31 09:23:45 2011 From: matthijs at NLnetLabs.nl (Matthijs Mekking) Date: Thu, 31 Mar 2011 11:23:45 +0200 Subject: [Opendnssec-develop] Signature verification in SoftHSM In-Reply-To: References: <855E7606-6E85-4FBC-911A-A78C9EE861CA@iis.se> <4D94319F.2060700@nlnetlabs.nl> <4D9432F7.30401@nlnetlabs.nl> Message-ID: <4D944821.7090405@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 He was testing trunk, using SoftHSM and saw the signer output bogus signatures (in the signed zonefile). SoftHSM was with the checking code *off*. (FYI, I think his problems might had to do with the (now closed) pivotal stories about wrong serial increasing and not updating DNSKEY/NSEC3PARAM RRsets). Sorry for the confusion. Best regards, Matthijs On 03/31/2011 11:15 AM, Alex Dalitz wrote: >> On 03/09/2011 06:42 AM, Sebastian Castro wrote: >>> Although after the increase in the number of signers things are >>> better, I still see invalid zones because one key is missing or bogus >>> signatures (which I reported on a separated email). >> >> He is using softHSM. I'll ask for more info. > > Apologies if I've misunderstood this... > > Is Sebastian saying that he is running with the softhsm checking code on, and has discovered invalid signatures? > > If so, then I think that the code should stay. > > Thanks, > > > Alex._______________________________________________ > Opendnssec-develop mailing list > Opendnssec-develop at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNlEghAAoJEA8yVCPsQCW54ckH/1uwDmTzeveduzXAFg3+i1ah nmUVJ+1Sye7o1vVx316MeqJzjJaG4SvfYX6w+8jVoi6irR+5GTliOnnuDng013hh TP/YuRUuZjqPgqsPaSmxChGD7kYjPuFNyBXyXPqqyFhE6IN40fa7eD50kuUQhdgI CkeS3wghXFhsQkzUvIjBR6+SLBMm8N3Q7mwzt0AjhiS6WrgNgjeJ4gHCQVxApmNm GjwKv29hQXYmmPxvWfbHwOAIkNCHph7xzJBfLZ1p+Ko6LG1NGNxhGoRSZbOuFbJ7 PfBBdJoeVKAapKZrvqWnvFbtmgHSemd5kDNO/daNzYuX0wf7fv65pEaElx/vgF0= =HVJQ -----END PGP SIGNATURE----- From rickard.bellgrim at iis.se Thu Mar 31 13:49:48 2011 From: rickard.bellgrim at iis.se (Rickard Bellgrim) Date: Thu, 31 Mar 2011 15:49:48 +0200 Subject: [Opendnssec-develop] SoftHSM is now faster Message-ID: Hi I did some changes to the mutex handling in SoftHSM. So now it is faster than OpenSSL. Server: HP PROLIANT DL380 G6 Processors: Intel(R) Xeon(R) CPU E5520 @ 2.27GHz, 4 cores with HT OS: Ubuntu 8.04 64-bit SoftHSM v1.2.1 with Botan 1.8.8 OpenSSL 0.9.8g 19 Oct 2007 RSA1024 ods-hsmspeed -r SoftHSM -i 100000 -s 1024 -t 16 6278.18 sig/s openssl speed rsa1024 -multi 16 5994.3 sig/s RSA2048 ods-hsmspeed -r SoftHSM -i 10000 -s 2048 -t 16 1221.10 sig/s openssl speed rsa2048 -multi 16 1106.7 sig/s // Rickard