[Opendnssec-user] Some issues with OpenDNSSEC 1.3.0 trunk

Sebastian Castro sebastian at nzrs.net.nz
Tue Feb 22 04:47:37 UTC 2011


I'm aware is a little bit too soon to expect a functional version, but
based on the current trunk version I'd like to report:

- It seems this version is a memory hog. Running on a system with a 1-GB
memory limit per process, ods-signerd reaches the limit quite fast
(~30min) when signing a set of zones that includes two relatively large
ones [*].

- Also when a big zone is being signed, we get messages

[fifo] unable to push item: max cap reached

by thousands... then syslog starts complaining afterwards.

ods-signerd: last message repeated 1850109 times

When reaches this point, the signerd doesn't make any progress and has
to be killed. We are currently testing with a FIFOQ_MAX_COUNT = 50000

- In a few ocassions, we have ended with empty signed zones. A
'ods-signer clear', 'ods-signer sign' has helped.

[*] Large zones: around 50,000 resource records on the unsigned zone,
delegation centric, few DS records, NSEC3 Opt-out.

I hope it helps...
Sebastian Castro
DNS Specialist
.nz Registry Services (New Zealand Domain Name Registry Limited)
desk: +64 4 495 2337
mobile: +64 21 400535

More information about the Opendnssec-user mailing list