-
Type:
Support
-
Status: Open
-
Priority:
Minor
-
Resolution: Unresolved
-
Affects Version/s: OpenDNSSEC 1.4.7
-
Fix Version/s: None
-
Component/s: Signer
-
Labels:None
-
Environment:
Ubuntu 14.04
Luna SA6 HSM
MySQL backend
Signing of the .nl zonefile took much more time than usual.
Logging:
[ ods-signer sign nl ]
Jan 9 11:10:02 ede1-signp1 check_and_sign nl: signalling ods to start signing
Jan 9 11:10:02 ede1-signp1 check_and_sign nl: handed off signing to ods
...
[ hourly wake-up enforcer ]
Jan 9 11:48:36 ede1-signp1 ods-enforcerd: HSM connection open.
...
Jan 9 11:48:36 ede1-signp1 ods-enforcerd: Sleeping for 3600 seconds.
[ Notify command started ]
Jan 9 11:49:57 ede1-signp1 check_and_publish nl: zonefile script started for tld nl
Traffic to the HSM's from 11:40 to 11:50
atop shows CPU usage of signerd: around 105% from 11:20 to 11:50
STATS:
Jan 9 11:55:16 ede1-signp1 ods-signerd: [STATS] nl 2016010911 RR[count=358 time=2168(sec)] NSEC3[count=181 time=0(sec)] RRSIG[new=25743 reused=4948765 time=140(sec) avg=183(sig/sec)] TOTAL[time=2714(sec)]
Summary:
signing command: 11:10
traffic to HSM's: 11:40 - 11:50
wake-up: 11:48
Notify command: 11:49:57
Usual pattern should be:
signing command: 11:10
traffic to HSM's: 11:10 - 11:20
Notify command: 11:15
wake-up: 11:48
So what happened between 11:10 and 11:40 (when traffic to the HSM's started)?
Loglevel 3, as usual nothing was logged between the handed off to ods and starting the notify command.
The number of new signatures was nearly as usual.