Hi, when i add a zone to ODS i want it signed on disk immediately. This is why i currently add zones with this command sequence: ods-ksmutil zone add $zone ods-ksmutil update zonelist ods-signer sign $zone
I started developing with ODS1.3.2 and it would sometimes bail on the ods-signer command if i did not run the 'update zonelist' immediately after adding a zone. I recall 'zone not found' errors. It was reproducable and the zonelist update fixed it back then. With 5 zones this is all nice but with plenty more zones the 'update zonelist' command takes quite some time to complete. Or is it the enforcer? The enforcer seems to be triggered through the 'update zonelist' command to process *all* the zones, not just the recently added one. This seems to introduce a deadlock situation if the enforcer finds KSKs to be published, executes <DelegatedSignerSubmitCommand> and the <DSSubCmd> itself wants to use ods-ksmutil to look up stuff. This situation seems to locks up tight on my setup on kasp.db.lock. Oddly, if the normal scheduled enforcer run publishes DS through the exact same <DSSubCmd> this seems to work just fine... Is ODS not designed to do immediate sign after add or am i messing things up here? Should i run something else to satisfy conditions for the sign call? My config is in sqlite3 and stored on an NFS mount, as are all the (un)signed zones. Would switching to MySQL improve this situation at all? Thanks for reading, :) -Sndr. -- | If a chemist dies, you barium. | 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2
signature.asc
Description: Digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
