[Opendnssec-user] Performance of dsseen command and many keys.
Siôn Lloyd
sion at nominet.org.uk
Mon Feb 18 14:31:03 UTC 2013
On 18/02/13 12:09, Erik P. Ostlyngen wrote:
> Hi,
>
> I've been doing some testing with opendnssec on a system with 800
> zones, separate keys for each zone. Since the zones were added
> simultaneously, the keys got ready to be activated at the same time.
>
> It turned out that the ods-ksmutils --dsseen command, which had to be
> run 800 times, was quite slow. It also kept the CPU busy and the kasp
> DB locked for a long time. The reason seemed to be that the --dsseen
> command notified the enforcer that the key data has changed. For each
> notification, the enforcer looped over all the keys to see what had
> changed.
>
> I got around the problem by stopping the enforcer while issuing the
> dsseen commands. Is this the recommended way of dealing with this
> situation, or is it possible to stop the enforcer from being notified
> between all the commands?
>
> Best regards,
> Erik Østlyngen
> UNINETT Norid
>
Hi Erik,
stopping the enforcer while running your multiple dsseen commands is
currently the only way to cope with this sort of situation.
If you like we could create a feature request for adding a flag to not
nudge the enforcer when the dsseen command is issued? Alternatively you
can create a request yourself at https://issues.opendnssec.org , the
advantage there is that you will get notified of progress and versions
that the feature gets added to, etc.
Thank you,
Sion
More information about the Opendnssec-user
mailing list