[Opendnssec-user] Some issues with OpenDNSSEC 1.3.0 trunk
Matthijs Mekking
matthijs at NLnetLabs.nl
Wed Feb 23 10:57:53 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Sebastian,
On 02/22/2011 05:47 AM, Sebastian Castro wrote:
> Hi,
>
> I'm aware is a little bit too soon to expect a functional version, but
> based on the current trunk version I'd like to report:
>
> - It seems this version is a memory hog. Running on a system with a 1-GB
> memory limit per process, ods-signerd reaches the limit quite fast
> (~30min) when signing a set of zones that includes two relatively large
> ones [*].
I did some analysis and found one small leak (RRs we filter out were not
freed), but that can't surely be the hog. I'll look into it.
> - Also when a big zone is being signed, we get messages
>
> [fifo] unable to push item: max cap reached
The fifo queue, the queue of RRsets that need to be signed, has a
capacity. The worker will keep trying to push the RRset until it
succeeds. This might happen a lot with a big zone. Perhaps the log
message should be not LOG_WARN, because we know that this can occur.
> by thousands... then syslog starts complaining afterwards.
>
> ods-signerd: last message repeated 1850109 times
>
> When reaches this point, the signerd doesn't make any progress and has
> to be killed. We are currently testing with a FIFOQ_MAX_COUNT = 50000
Are you sure it makes no progress? I was able to sign a tld while making
use of the fifo queue.
> - In a few ocassions, we have ended with empty signed zones. A
> 'ods-signer clear', 'ods-signer sign' has helped.
Without the auditor complaining?
Thanks for the report.
Best regards,
Matthijs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJNZOgwAAoJEA8yVCPsQCW5CWUIAKUBabDxDyUYmffkFEno9Mod
w5nZE1BJPhr6cEn1Rgzweo7Q/rhXCD3C5lmQoKw3+1ADoGSopojmvDdLApfv69oK
UeY9ZijV1l0ArUmwKEF/G4klseWD5r/+FpZ5VEpop3V9FJOar8FniqgKqDlMNgWp
UAbAR2Rkyuq3YMuT3cvcl5xnRaeIwwbUWXAkyLWM2Usf95CeWLXhCH6wcQbZaqwB
L1XBeK2vrzMHmP70LQ39o6WtcqmW6rsjY53D8ruX46n8OUcn7SY9ZHRmaMTPDQ7U
NSk7ImM0OneOJmjg2naqRIJjccThRXeIv58+2YZrktqfEdWBmhvGyqrAysXd//4=
=6UDn
-----END PGP SIGNATURE-----
More information about the Opendnssec-user
mailing list