[Opendnssec-user] Some issues with OpenDNSSEC 1.3.0 trunk
matthijs at NLnetLabs.nl
Wed Feb 23 10:57:53 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
On 02/22/2011 05:47 AM, Sebastian Castro wrote:
> I'm aware is a little bit too soon to expect a functional version, but
> based on the current trunk version I'd like to report:
> - It seems this version is a memory hog. Running on a system with a 1-GB
> memory limit per process, ods-signerd reaches the limit quite fast
> (~30min) when signing a set of zones that includes two relatively large
> ones [*].
I did some analysis and found one small leak (RRs we filter out were not
freed), but that can't surely be the hog. I'll look into it.
> - Also when a big zone is being signed, we get messages
> [fifo] unable to push item: max cap reached
The fifo queue, the queue of RRsets that need to be signed, has a
capacity. The worker will keep trying to push the RRset until it
succeeds. This might happen a lot with a big zone. Perhaps the log
message should be not LOG_WARN, because we know that this can occur.
> by thousands... then syslog starts complaining afterwards.
> ods-signerd: last message repeated 1850109 times
> When reaches this point, the signerd doesn't make any progress and has
> to be killed. We are currently testing with a FIFOQ_MAX_COUNT = 50000
Are you sure it makes no progress? I was able to sign a tld while making
use of the fifo queue.
> - In a few ocassions, we have ended with empty signed zones. A
> 'ods-signer clear', 'ods-signer sign' has helped.
Without the auditor complaining?
Thanks for the report.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Opendnssec-user