Hi Miek, On Oct 12, 2012, at 11:10 , Miek Gieben wrote:
> We are debugging an issue we are seeing with our opendnssec setup. As > you can see here: http://www.monshouwer.eu/dnssec-nl-graph/, the time > it takes to resign the nl zone keep increasing until we restart ods. Clearly > visible in the drops in the graph. Thanks for the visualization, its really good. Altho I would like the raw syslog data that I requested from you a few months ago :) so we can verify that you really do restart at each of the drops. I've seen other data about this (.SE) and it is not clear that a drop is an effect of a restart every time. > We're suspecting some kind of memory leak or at least that ods-signerd > keeps enormous amounts of memory around. When profiling with atop, we > gathered that ods-signerd claims 8+GB on startup. We further see extra > allocations in the range of 64M (this memory isn't returned to the OS). > Also once in a while another large chunk of memory is allocated (4G). > Resulting in a memory use of around 15G. This isn't a problem per se, but > our gut feeling is, that ods-signerd does "something" with this memory which > takes up the extra time. Note the text version of the NL zone is about 700 MB. This sounds like normal Signer operations for that size of a zone and usage. The memory increase you see after startup is because the zone gets reread and new/delete records are allocated and after its all read it adds them to the zone structure. This will fragment the memory a lot and that makes the Signer take up more memory after a while. > Also weird is that all this memory is in the resident set, i.e. all memory > allocated is in active use (somehow). Its because its "walked upon" every sign. > And one other thing. It seems ods-signerd does not close it's file > descriptors when daemonizing. We have done a few fixes, along with closing all file descriptors when executing external command, but I'm unsure if they made it into 1.3. We need to look into that. -- Jerry Lundström - OpenDNSSEC Developer http://www.opendnssec.org/
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
