Hi,
I'm running OpenDNSSEC 1.3.3 on a 64-bit-Debian 6.0 (packages backported
manually from unstable). The zone to be signed is transfered via
zonefetcher, signed and loaded on a local nameserver, the keys are
stored in a HSM (Thales ncipher).
After running a lot of test without any problems (including an endless
loop signing (start a new sign-run after completing the last one) we
moved to semi-production where I noticed 2 problems:
- One of the 2 running ods-signerd processes sometimes crashes with this
error messages:
> kernel: [444495.143165] ods-signerd[1939] trap stack segment
ip:41a1c6 sp:7fa3a855be00 error:0
If I kill the remaining one and restart the signerd, the signing start
automatically and completes without any problems (it complains about
corrupted backup files)
I tried to change the worker- and signer threads (I started with 4
worker and 8 signer threads, but the problem also occurs with 1 worker
and 1 signer thread) but that didn't help.
- Today I noticed a new problem: The zonefetcher receives the notify
about a new zone, axfrs the zone and starts the signer, but the signer
didn't sign. Later on the same game again, the zonefetcher receives a
notify, starts the signer but the signer doesn't sign (without any error
message in the logfile). But from now on, the zonefetcher doesn't react
to notifies anymore. It seems, that the zonefetcher had 2 open signer
sessions and ignores additional notifies. I tried to start the signer
manually via "ods-signer sign <zone>" but the command hangs and didn't
return. No errors where logged in the logfiles.
Do you have any idea how to solve this 2 issues?
Thanks in advance and Best,
Michael
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
