[Opendnssec-develop] [OpenDNSSEC] #242: Race condition when receiving multiple NOTIFIES for a zone
OpenDNSSEC
owner-dnssec-trac at kirei.se
Thu May 19 03:47:08 UTC 2011
#242: Race condition when receiving multiple NOTIFIES for a zone
-----------------------------------------------------+----------------------
Reporter: Sebastian Castro <sebastian@…> | Owner: matthijs
Type: defect | Status: new
Priority: major | Component: Signer
Version: 1.2.1 | Keywords:
-----------------------------------------------------+----------------------
We observed a weird behavior in our test system: truncated .axfr files.
In our setup, a signer can receive a zone from two different sources. Each
of this "sources" generates a new zone every hour, so it's perfectly
possible for them to send a NOTIFY message to the signer at the same time
for the same zone.
In 1.2.1, there is no logic to prevent concurrent zone transfers for the
same zone at the same time, which means they will write to the same file
at some point.
We prepared a code to send simultaneous NOTIFY to a signer, and we ended
with messages like this:
May 19 15:13:51 srsov ods-signerd: zone fetcher received NOTIFY for zone
school.nz
May 19 15:13:52 srsov ods-signerd: zone fetcher transferred zone school.nz
serial 2011051921 successfully
May 19 15:13:52 srsov ods-signerd: cmdhandler: zone school.nz scheduled
for immediate re-sign
May 19 15:13:52 srsov ods-signerd: zone fetcher received NOTIFY for zone
school.nz
May 19 15:13:52 srsov ods-signerd: zone fetcher transferred zone school.nz
serial 2011051921 successfully
May 19 15:13:52 srsov ods-signerd: cmdhandler: already performing task for
zone school.nz
In this case, the signing tasklist detects something was going on, but we
have seen other cases where the input zone ends mangled.
This adversely affects our ability to handle disastrous scenarios.
--
Ticket URL: <http://trac.opendnssec.org/ticket/242>
OpenDNSSEC <http://www.opendnssec.org/>
OpenDNSSEC
More information about the Opendnssec-develop
mailing list