On 18/02/13 12:09, Erik P. Ostlyngen wrote: > Hi, > > I've been doing some testing with opendnssec on a system with 800 > zones, separate keys for each zone. Since the zones were added > simultaneously, the keys got ready to be activated at the same time. > > It turned out that the ods-ksmutils --dsseen command, which had to be > run 800 times, was quite slow. It also kept the CPU busy and the kasp > DB locked for a long time. The reason seemed to be that the --dsseen > command notified the enforcer that the key data has changed. For each > notification, the enforcer looped over all the keys to see what had > changed. > > I got around the problem by stopping the enforcer while issuing the > dsseen commands. Is this the recommended way of dealing with this > situation, or is it possible to stop the enforcer from being notified > between all the commands? > > Best regards, > Erik Østlyngen > UNINETT Norid >
Hi Erik, stopping the enforcer while running your multiple dsseen commands is currently the only way to cope with this sort of situation. If you like we could create a feature request for adding a flag to not nudge the enforcer when the dsseen command is issued? Alternatively you can create a request yourself at https://issues.opendnssec.org , the advantage there is that you will get notified of progress and versions that the feature gets added to, etc. Thank you, Sion _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
