-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Colleagues, This is just a heads up for those users that rely on "sudo" in <NotifyCommands>. It may safe you time on debugging. In my setup I run OpenDNSSEC as 'opendnssec' and NSD as 'bind' therefore I have to use sudo to run 'nsdc reload' when it is wrapped in a <NotifyCommand>. So far so good. But it turns out that on a FreeBSD 8.0 system (with sudo version 1.7.4) you will be bit by a bug in sudo that is described here: http://blog.famzah.net/2010/11/01/sudo-hangs-and-leaves-the-executed-program-as-zombie The way you will notice is that when running the queue command in the ods-signer you will see the zones that are scheduled for signing waiting for a [write]: It is now Tue Apr 26 11:48:37 2011 Working with task [write] on zone geerthe.org While your process table will show something like: root 88049 0.0 0.1 3484 1408 ?? I 11:26AM 0:00.01 /usr/local/bin/sudo /usr/local/sbin/nsdc reload root 88050 0.0 0.0 0 0 ?? Z 11:26AM 0:00.00 <defunct> Whereby the <defunct> line is a give-away for the bug described in the famzah.net blog post. - --Olaf ________________________________________________________ Olaf M. Kolkman NLnet Labs http://www.nlnetlabs.nl/ I will start to use a new PGP key (ID 0x3B6AAA64) at the beginning of May 2011. -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: This message is locally signed. Comment: GPGTools - http://gpgtools.org iEYEARECAAYFAk22lbkACgkQtN/ca3YJIoeN+ACg76kNtdxxT8TOuRas286ZrKvh jK8An0ZopaLIgmU4iIf44GbRBDDSrOVT =q4xp -----END PGP SIGNATURE----- _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
