[SUPPORT-102] Signer sometimes reverts to AXFR and signs full zone again - OpenDNSSEC

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: OpenDNSSEC 1.4.2
Fix Version/s: OpenDNSSEC 1.4.4
Component/s: Signer
Labels:
None
Environment:

RHEL 6

Description

Signer getting notifies from unsigned zone which is updated frequently - every minute.
Most times the signing stats show that an IXFR has been performed and only the new records processed:
Dec 3 01:31:58 signer ods-signerd: [STATS] example.com RR[count=7 time=3(sec)] NSEC3[count=0 time=0(sec)] RRSIG[new=1 reused=16470 time=15(sec) avg=0(sig/sec)] TOTAL[time=138(sec)]
BUT, sometimes it seems to do an AXFR and re-process all records:
Dec 3 01:36:11 signer ods-signerd: [STATS] example.com RR[count=4294967293 time=3(sec)] NSEC3[count=0 time=0(sec)] RRSIG[new=1 reused=16470 time=14(sec) avg=0(sig/sec)] TOTAL[time=132(sec)]
Note the RR count is huge - every record processed.
This happens approx 1 in 20 signings. Will upload logs with verbose=5. ANy more would show all records and be huge!

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

ods-signerd.20131203.log.gz
766 kB
2013-12-04 12:27

Activity

People

Assignee:: Matthijs Mekking

Reporter:: Andy Holdaway

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2013-12-04 12:21

Updated:: 2014-04-07 11:13

Resolved:: 2014-04-07 11:13