[Opendnssec-user] Some issues with OpenDNSSEC 1.3.0 trunk
Sebastian Castro
sebastian at nzrs.net.nz
Tue Feb 22 04:47:37 UTC 2011
Hi,
I'm aware is a little bit too soon to expect a functional version, but
based on the current trunk version I'd like to report:
- It seems this version is a memory hog. Running on a system with a 1-GB
memory limit per process, ods-signerd reaches the limit quite fast
(~30min) when signing a set of zones that includes two relatively large
ones [*].
- Also when a big zone is being signed, we get messages
[fifo] unable to push item: max cap reached
by thousands... then syslog starts complaining afterwards.
ods-signerd: last message repeated 1850109 times
When reaches this point, the signerd doesn't make any progress and has
to be killed. We are currently testing with a FIFOQ_MAX_COUNT = 50000
- In a few ocassions, we have ended with empty signed zones. A
'ods-signer clear', 'ods-signer sign' has helped.
[*] Large zones: around 50,000 resource records on the unsigned zone,
delegation centric, few DS records, NSEC3 Opt-out.
I hope it helps...
--
Sebastian Castro
DNS Specialist
.nz Registry Services (New Zealand Domain Name Registry Limited)
desk: +64 4 495 2337
mobile: +64 21 400535
More information about the Opendnssec-user
mailing list