Hi, I've been doing some testing with opendnssec on a system with 800 zones, separate keys for each zone. Since the zones were added simultaneously, the keys got ready to be activated at the same time.
It turned out that the ods-ksmutils --dsseen command, which had to be run 800 times, was quite slow. It also kept the CPU busy and the kasp DB locked for a long time. The reason seemed to be that the --dsseen command notified the enforcer that the key data has changed. For each notification, the enforcer looped over all the keys to see what had changed. I got around the problem by stopping the enforcer while issuing the dsseen commands. Is this the recommended way of dealing with this situation, or is it possible to stop the enforcer from being notified between all the commands? Best regards, Erik Østlyngen UNINETT Norid _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
