[Opendnssec-user] Resigning period issue

刘硕 shuoleo at 126.com
Wed Jul 4 01:34:07 UTC 2012 

Hi Matthijs,
I have a zone with "lab" policy in kasp.xml, and its default Resign period is "PT10M", but I find the log shows the signing is not continuous,bellow is a brief of the log:
$ cat /var/log/messages | grep "STATS" 
Jul  4 05:13:05 CST-BJ-104 ods-signerd: [STATS] example RR[count=0 time=0(sec)] NSEC[count=0 time=0(sec)] RRSIG[new=3 reused=2 time=0(sec) avg=0(sig/sec)] TOTAL[time=0(sec)] 
Jul  4 05:33:05 CST-BJ-104 ods-signerd: [STATS] example RR[count=0 time=0(sec)] NSEC[count=0 time=0(sec)] RRSIG[new=3 reused=2 time=0(sec) avg=0(sig/sec)] TOTAL[time=0(sec)] 
Jul  4 05:33:05 CST-BJ-104 ods-signerd: [STATS] example RR[count=1 time=0(sec)] NSEC[count=0 time=0(sec)] RRSIG[new=2 reused=3 time=0(sec) avg=0(sig/sec)] TOTAL[time=0(sec)] 

Jul  4 05:43:05 CST-BJ-104 ods-signerd: [STATS] example RR[count=0 time=0(sec)] NSEC[count=0 time=0(sec)] RRSIG[new=2 reused=3 time=0(sec) avg=0(sig/sec)] TOTAL[time=0(sec)] 
Jul  4 06:03:05 CST-BJ-104 ods-signerd: [STATS] example RR[count=0 time=0(sec)] NSEC[count=0 time=0(sec)] RRSIG[new=2 reused=3 time=0(sec) avg=0(sig/sec)] TOTAL[time=0(sec)] 
Jul  4 06:13:05 CST-BJ-104 ods-signerd: [STATS] example RR[count=0 time=0(sec)] NSEC[count=0 time=0(sec)] RRSIG[new=3 reused=2 time=0(sec) avg=0(sig/sec)] TOTAL[time=0(sec)] 
Jul  4 06:23:05 CST-BJ-104 ods-signerd: [STATS] example RR[count=0 time=0(sec)] NSEC[count=0 time=0(sec)] RRSIG[new=2 reused=3 time=0(sec) avg=0(sig/sec)] TOTAL[time=0(sec)] 
Jul  4 06:33:06 CST-BJ-104 ods-signerd: [STATS] example RR[count=1 time=0(sec)] NSEC[count=0 time=0(sec)] RRSIG[new=2 reused=3 time=0(sec) avg=0(sig/sec)] TOTAL[time=0(sec)] 
Jul  4 06:43:06 CST-BJ-104 ods-signerd: [STATS] example RR[count=0 time=0(sec)] NSEC[count=0 time=0(sec)] RRSIG[new=3 reused=2 time=0(sec) avg=0(sig/sec)] TOTAL[time=0(sec)] 
Jul  4 07:03:06 CST-BJ-104 ods-signerd: [STATS] example RR[count=0 time=0(sec)] NSEC[count=0 time=0(sec)] RRSIG[new=2 reused=3 time=0(sec) avg=0(sig/sec)] TOTAL[time=0(sec)] 
Jul  4 07:13:06 CST-BJ-104 ods-signerd: [STATS] example RR[count=0 time=0(sec)] NSEC[count=0 time=0(sec)] RRSIG[new=3 reused=2 time=0(sec) avg=0(sig/sec)] TOTAL[time=0(sec)] 
Jul  4 07:23:06 CST-BJ-104 ods-signerd: [STATS] example RR[count=0 time=0(sec)] NSEC[count=0 time=0(sec)] RRSIG[new=2 reused=3 time=0(sec) avg=0(sig/sec)] TOTAL[time=0(sec)] 
Jul  4 07:33:06 CST-BJ-104 ods-signerd: [STATS] example RR[count=0 time=0(sec)] NSEC[count=0 time=0(sec)] RRSIG[new=2 reused=3 time=0(sec) avg=0(sig/sec)] TOTAL[time=0(sec)] 
Jul  4 07:33:06 CST-BJ-104 ods-signerd: [STATS] example RR[count=1 time=0(sec)] NSEC[count=0 time=0(sec)] RRSIG[new=1 reused=4 time=0(sec) avg=0(sig/sec)] TOTAL[time=0(sec)] 
Jul  4 07:53:06 CST-BJ-104 ods-signerd: [STATS] example RR[count=0 time=0(sec)] NSEC[count=0 time=0(sec)] RRSIG[new=3 reused=2 time=0(sec) avg=0(sig/sec)] TOTAL[time=0(sec)] 
Jul  4 08:03:06 CST-BJ-104 ods-signerd: [STATS] example RR[count=0 time=0(sec)] NSEC[count=0 time=0(sec)] RRSIG[new=2 reused=3 time=0(sec) avg=0(sig/sec)] TOTAL[time=0(sec)] 
Jul  4 08:13:06 CST-BJ-104 ods-signerd: [STATS] example RR[count=0 time=0(sec)] NSEC[count=0 time=0(sec)] RRSIG[new=2 reused=3 time=0(sec) avg=0(sig/sec)] TOTAL[time=0(sec)] 
Jul  4 08:23:06 CST-BJ-104 ods-signerd: [STATS] example RR[count=0 time=0(sec)] NSEC[count=0 time=0(sec)] RRSIG[new=3 reused=2 time=0(sec) avg=0(sig/sec)] TOTAL[time=0(sec)] 
Jul  4 08:33:06 CST-BJ-104 ods-signerd: [STATS] example RR[count=0 time=0(sec)] NSEC[count=0 time=0(sec)] RRSIG[new=2 reused=3 time=0(sec) avg=0(sig/sec)] TOTAL[time=0(sec)] 
Jul  4 08:43:06 CST-BJ-104 ods-signerd: [STATS] example RR[count=0 time=0(sec)] NSEC[count=0 time=0(sec)] RRSIG[new=2 reused=3 time=0(sec) avg=0(sig/sec)] TOTAL[time=0(sec)] 
Jul  4 08:53:06 CST-BJ-104 ods-signerd: [STATS] example RR[count=0 time=0(sec)] NSEC[count=0 time=0(sec)] RRSIG[new=2 reused=3 time=0(sec) avg=0(sig/sec)] TOTAL[time=0(sec)] 
Jul  4 09:03:06 CST-BJ-104 ods-signerd: [STATS] example RR[count=0 time=0(sec)] NSEC[count=0 time=0(sec)] RRSIG[new=2 reused=3 time=0(sec) avg=0(sig/sec)] TOTAL[time=0(sec)] 
Jul  4 09:09:58 CST-BJ-104 ods-signerd: [STATS] example RR[count=1 time=0(sec)] NSEC[count=0 time=0(sec)] RRSIG[new=3 reused=2 time=0(sec) avg=0(sig/sec)] TOTAL[time=0(sec)] 
Jul  4 09:19:58 CST-BJ-104 ods-signerd: [STATS] example RR[count=0 time=0(sec)] NSEC[count=0 time=0(sec)] RRSIG[new=2 reused=3 time=0(sec) avg=0(sig/sec)] TOTAL[time=0(sec)]  

As can be seen from above, at some time signing process doesn't work ,such as 05:23:05,05:53:05,etc.And at 05:33:05, there are even two signing record!
I don't know what's the problem, if the automatic resigning doesn't do its work as expected, I would like to add the ods-signer command in crontab,but I don't think it's a good idea, because there would be an situation that both the crontab and the opendnssec's signerd sign the zone file. Any ideas?

Thank you all!

Best regards,
  Stuart



Stuart Lau
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20120704/b0e0b4b6/attachment.htm>

More information about the Opendnssec-user mailing list