[Opendnssec-user] Some issues with OpenDNSSEC 1.3.0 trunk

Matthijs Mekking matthijs at NLnetLabs.nl
Wed Feb 23 10:57:53 UTC 2011

Hash: SHA1

Hi Sebastian,

On 02/22/2011 05:47 AM, Sebastian Castro wrote:
> Hi,
> I'm aware is a little bit too soon to expect a functional version, but
> based on the current trunk version I'd like to report:
> - It seems this version is a memory hog. Running on a system with a 1-GB
> memory limit per process, ods-signerd reaches the limit quite fast
> (~30min) when signing a set of zones that includes two relatively large
> ones [*].

I did some analysis and found one small leak (RRs we filter out were not
freed), but that can't surely be the hog. I'll look into it.

> - Also when a big zone is being signed, we get messages
> [fifo] unable to push item: max cap reached

The fifo queue, the queue of RRsets that need to be signed, has a
capacity. The worker will keep trying to push the RRset until it
succeeds. This might happen a lot with a big zone. Perhaps the log
message should be not LOG_WARN, because we know that this can occur.

> by thousands... then syslog starts complaining afterwards.
> ods-signerd: last message repeated 1850109 times
> When reaches this point, the signerd doesn't make any progress and has
> to be killed. We are currently testing with a FIFOQ_MAX_COUNT = 50000

Are you sure it makes no progress? I was able to sign a tld while making
use of the fifo queue.

> - In a few ocassions, we have ended with empty signed zones. A
> 'ods-signer clear', 'ods-signer sign' has helped.

Without the auditor complaining?

Thanks for the report.

Best regards,
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


More information about the Opendnssec-user mailing list