[Opendnssec-develop] Transient HSM problem handling

Siôn Lloyd sion at nominet.org.uk
Wed Sep 21 15:15:15 UTC 2011

On 21/09/11 09:06, Rick van Rein wrote:
> Aside from the observed behaviour; what is the intended behaviour?
> Would it be correct to state that transient errors mean waiting
> a bit longer and trying again later?  Has this actually been
> considered as a design consideration?  It is definately hairy, as
> delayed HSMs could lead to zones running out of signatures, so
> I can imagine that not making explicit choices design causes
> various kinds of behaviour inside OpenDNSSEC.

I've ported the enforcer code into the 1.3 branch (r5651).

Just to recap; this code checks the context when the enforcer wakes up. 
If it finds it is not valid it tries to reconnect, if this reconnect 
fails then the enforcer will quit.


More information about the Opendnssec-develop mailing list