[Opendnssec-user] dendency wrong in ubuntu packages
Ondřej Surý
ondrej at sury.org
Wed Dec 14 09:54:45 UTC 2016
On Wed, Dec 14, 2016, at 08:40, Jaap Akkerhuis wrote:
> Ondřej Surý writes:
>
> > networks, mounts are ok, but how you are going to make sure that a
> > remote MySQL server is available from within a local init system?
> >
> > > Is it unreasonable for OpenDNSSEC to require certain resources to be
> > > available before starting?
> >
> > With remote MySQL you cannot be even sure that MySQL is available for
> > a full run time of OpenDNSSEC, as there might be network breakages,
> > database might disconnect you due to capacity reasons, etc., the
> > server might be located after a HA proxy not handling TCP connection
> > handovers.
> >
> > So any software that rely on another networking server must be able to
> > cope with unavailability of the networked service.
> >
> > E.g. instead of failing to start when MySQL is not available, it
> > should refuse to run the first operation in the queue until it is
> > connected, etc.
>
> So you are saing that it should try to connect to the database and
> other need resources if any, before it becomes functional.
I think I am saying the exact opposite :), or we just don't understand
each other.
What I am trying to say is that every database operation should be
blocking (with timeout) and it should include "connect/reconnect"
operation.
Thus in case of opendnssec-signer, the signerd should start, enter the
main loop and try to connect to database only after it needs to. If the
database connection fails, it should report the error and back off for
some predefined time, and try to connect again.
Cheers,
--
Ondřej Surý <ondrej at sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware,
fast DNS(SEC) resolver
Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro
pečení chleba všeho druhu
More information about the Opendnssec-user
mailing list