[Opendnssec-user] ods-signerd unresponsive/crashes

Michael Braunoeder mib at nic.at
Tue Dec 20 10:52:53 UTC 2011


I'm running OpenDNSSEC 1.3.3 on a 64-bit-Debian 6.0 (packages backported 
manually from unstable). The zone to be signed is transfered via 
zonefetcher, signed and loaded on a local nameserver, the keys are 
stored in a HSM (Thales ncipher).

After running a lot of test without any problems (including an endless 
loop signing (start a new sign-run after completing the last one) we 
moved to semi-production where I noticed 2 problems:

- One of the 2 running ods-signerd processes sometimes crashes with this 
error messages:

 > kernel: [444495.143165] ods-signerd[1939] trap stack segment 
ip:41a1c6 sp:7fa3a855be00 error:0

If I kill the remaining one and restart the signerd, the signing start 
automatically and completes without any problems (it complains about 
corrupted backup files)

I tried to change the worker- and signer threads (I started with 4 
worker and 8 signer threads, but the problem also occurs with 1 worker 
and 1 signer thread) but that didn't help.

- Today I noticed a new problem: The zonefetcher receives the notify 
about a new zone, axfrs the zone and starts the signer, but the signer 
didn't sign. Later on the same game again, the zonefetcher receives a 
notify, starts the signer but the signer doesn't sign (without any error 
message in the logfile). But from now on, the zonefetcher doesn't react 
to notifies anymore. It seems, that the zonefetcher had 2 open signer 
sessions and ignores additional notifies. I tried to start the signer 
manually via "ods-signer sign <zone>" but the command hangs and didn't 
return. No errors where logged in the logfiles.

Do you have any idea how to solve this 2 issues?

Thanks in advance and Best,

More information about the Opendnssec-user mailing list