[Opendnssec-user] Re: enforcer-ng produces suspicious number of ZSKs
Petr Spacek
pspacek at redhat.com
Thu Mar 13 12:12:21 UTC 2014
On 13.3.2014 11:34, Yuri Schaeffer wrote:
> Woops, my reply did not make it to the list. Take 2:
>
>> As a side-effect, I have found another bug (I guess):
>> I have terminated ods-enforcer from the previous example with SIGINT
>> (Ctrl+C) because I was impatient and not willing to wait for 2190 new
> ZSKs.
>
> I suppose you pulled it from our Git repository recently, can you tell
> me what commit you are on? About a week ago some code was committed [0]
> touching relevant code.
Copy&paste from the first message in this thread:
I have built enforcer-ng myself from git, HEAD
d7ba5fa96bcd8e6e6744e89d11fa2da88f7572c7.
I'm using SoftHSM v2 built from git, HEAD
c893d407b789e81e2d9fab5b112cc59648ba644a. It is configured with "db" backend.
> I think what is happening is that on startup the enforcer-ng will
> restart filling its pool of pregenerated keys. I suppose at that time
I didn't restart enforcer daemon, I just pressed Ctrl+C and then ran another
enforcer command.
> you did not change the <AutomaticKeyGenerationPeriod> yet?
No, I'm using conf.xml from the repo - I have just configured SoftHSM and
commented out signer configuration because I don't plan to use it.
> [0]
> https://github.com/opendnssec/opendnssec/commit/20c4fa58c00b42d88c84a9ae4efcc23cd6c898ce
--
Petr Spacek @ Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: conf.xml
Type: text/xml
Size: 2294 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140313/a82012fa/attachment.xml>
More information about the Opendnssec-user
mailing list