[Opendnssec-user] removing zone, and general performances issues

Matthijs Mekking matthijs at nlnetlabs.nl
Wed Oct 16 06:31:42 UTC 2013


On 10/12/2013 03:50 PM, Mathieu Arnold wrote:
> Hi,
> Today, I removed a zone, changed something one another one, and asked for
> the other one to be resigned, I was waiting for the changes to propagate,
> and as it was not happening fast enough for me, I went to have a look,
> and...
> It seems that removing a zone forces the signer to reread all the zones
> configurations. It seems quite a strange idea to do that to begin with, but
> now, with the number of zones I have (>1500) it takes ages,  (a bit like
> the signer takes ages to launch,) so, I wonder, would it be possible to not
> do that as I don't really see the point for it. I don't know how the signer
> works internally, and how it stores the zones configuration, but there
> should be an easier when than rescanning all of them when you only want to
> remove one.

You are right: If the signer sees changes in the zonefile, it will
reschedule zones to reread the zone configuration. We should only have
to do that for zones that have been added or updated.

I opened a ticket for this and made you the reporter:

Best regards,

> On another thought, many ods-ksmutil commands do HUP the enforcer, even
> some that really do not need to, like ds-seen, and as it takes about 4
> minutes to go through all the zones when it has nothing to do, and more
> than one hour when it does a rollover on all zones, I was wondering if
> there could be a command line argument to ask not to HUP it, because, say,
> I'm doing something on more than one zone at a time, and I'd rather wait
> for all those to be done and notify the enforcer afterwards (or even wait
> for it to do its regular run) than having it forcefuly HUPed.

More information about the Opendnssec-user mailing list