[Opendnssec-user] Re: enforcer-ng produces suspicious number of ZSKs

Petr Spacek pspacek at redhat.com
Thu Mar 13 12:12:21 UTC 2014


On 13.3.2014 11:34, Yuri Schaeffer wrote:
> Woops, my reply did not make it to the list. Take 2:
>
>> As a side-effect, I have found another bug (I guess):
>> I have terminated ods-enforcer from the previous example with SIGINT
>> (Ctrl+C) because I was impatient and not willing to wait for 2190 new
> ZSKs.
>
> I suppose you pulled it from our Git repository recently, can you tell
> me what commit you are on? About a week ago some code was committed [0]
> touching relevant code.

Copy&paste from the first message in this thread:
I have built enforcer-ng myself from git, HEAD 
d7ba5fa96bcd8e6e6744e89d11fa2da88f7572c7.

I'm using SoftHSM v2 built from git, HEAD 
c893d407b789e81e2d9fab5b112cc59648ba644a. It is configured with "db" backend.

> I think what is happening is that on startup the enforcer-ng will
> restart filling its pool of pregenerated keys. I suppose at that time
I didn't restart enforcer daemon, I just pressed Ctrl+C and then ran another 
enforcer command.

> you did not change the <AutomaticKeyGenerationPeriod> yet?

No, I'm using conf.xml from the repo - I have just configured SoftHSM and 
commented out signer configuration because I don't plan to use it.

> [0]
> https://github.com/opendnssec/opendnssec/commit/20c4fa58c00b42d88c84a9ae4efcc23cd6c898ce

-- 
Petr Spacek  @  Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: conf.xml
Type: text/xml
Size: 2294 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140313/a82012fa/attachment.xml>


More information about the Opendnssec-user mailing list