ods hangs after creation new zsk

On Oct 28th, after creation of a new ZSK, enforcerd and signerd didn't work anymore.
But ps still showed the processes.

Oct 27 14:36:43, output ods-ksmutil key list -v
nl KSK active 2016-12-05 09:38:15 6*****b HSM 21362
nl ZSK active 2012-10-28 19:36:01 3*****4 HSM 37666

So on Oct 28th a zsk rollover started:

Oct 28 12:37:09 signerp2 ods-enforcerd: HSM connection open.
Oct 28 12:37:09 signerp2 ods-enforcerd: Reading config "/etc/opendnssec/conf.xml"
Oct 28 12:37:09 signerp2 ods-enforcerd: Reading config schema "/usr/share/opendnssec/conf.rng"
Oct 28 12:37:09 signerp2 ods-enforcerd: Communication Interval: 3600
Oct 28 12:37:09 signerp2 ods-enforcerd: No DS Submit command supplied
Oct 28 12:37:09 signerp2 ods-enforcerd: SQLite database set to: /var/lib/opendnssec/kasp.db
Oct 28 12:37:09 signerp2 ods-enforcerd: Log User set to: local5
Oct 28 12:37:09 signerp2 ods-enforcerd: Switched log facility to: local5
Oct 28 12:37:09 signerp2 ods-enforcerd: Connecting to Database...
Oct 28 12:37:09 signerp2 ods-enforcerd: Policy default found.
Oct 28 12:37:09 signerp2 ods-enforcerd: Key sharing is Off.
Oct 28 12:37:10 signerp2 ods-enforcerd: Created ZSK size: 1024, alg: 8 with id: 2*****d in repository: HSM and database.
Oct 28 12:37:10 signerp2 ods-enforcerd: zonelist filename set to /etc/opendnssec/zonelist.xml.
Oct 28 12:37:10 signerp2 ods-enforcerd: Zone nl found.
Oct 28 12:37:10 signerp2 ods-enforcerd: Policy for nl set to default.
Oct 28 12:37:10 signerp2 ods-enforcerd: Config will be output to /var/lib/opendnssec/signconf/nl.xml.

After this, no logging of enforcerd nor signerd.
I should expect the lines:
Oct 28 11:37:09 signerp2 ods-enforcerd: Disconnecting from Database...
Oct 28 11:37:09 signerp2 ods-enforcerd: Sleeping for 3600 seconds.

ps showed both daemons, but they didn't work.

Our conf.xml contains:
<NotifyCommand>/usr/local/zonefile/bin/do_publishsignedzone</NotifyCommand>
The zonefile was signed, do_publishsignedzone was already started.

Oct 28 12:28:40 signerp2 do_publishsignedzone: /usr/local/zonefile/bin/do_publishsignedzone started with PID 13136

Actions do_publishsignezone:
check of the signed zonefile,
compile to format raw in the Bind tree,
rndc reload,
ods-ksmutil output to syslog

After completion of do_publish_signedzone ods always writes a STATS line to syslog.

syslog shows the rndc reload command:
Oct 28 12:37:10 signerp2 ods-enforcerd: Config will be output to /var/lib/opendnssec/signconf/nl.xml.
Oct 28 12:37:24 signerp2 do_publishsignedzone: moving zonefile into place
Oct 28 12:37:25 signerp2 named[5886]: received control channel command 'reload'
Oct 28 12:37:25 signerp2 named[5886]: loading configuration from '/etc/named/nl/named.conf'
Oct 28 12:37:25 signerp2 named[5886]: reading built-in trusted keys from file '/etc/bind.keys'
Oct 28 12:37:25 signerp2 named[5886]: using default UDP/IPv4 port range: [1024, 65535]
Oct 28 12:37:25 signerp2 named[5886]: using default UDP/IPv6 port range: [1024, 65535]
Oct 28 12:37:25 signerp2 named[5886]: reloading configuration succeeded
Oct 28 12:37:25 signerp2 named[5886]: reloading zones succeeded
Oct 28 12:37:26 signerp2 logger: /etc/init.d/ns-nl: /usr/local/bind/sbin/rndc -c /etc/named/nl/rndc.conf reload
No further logging, no enforcerd wake-ups.

And the next zonefile:

Oct 28 14:15:03 signerp2 do_zonefile: signalling ods to start signing
no action at all

Only after restart of ODS things began to work again.

I have two questions:

• could this be related to the change in Daylight Saving Time?
  perhaps because of timestamps in kasp.db
• could there be a relationship with the running script do_publishsignedzone?
  the bind-related actions were completed, but the ods-ksmutil command didn't show up in syslog
  nor the STATS line, so do_publishsignedzone never completed within ODS