On Wed, 10 Mar 2021 20:26:44 +0100 Michael Grimm via Opendnssec-user <opendnssec-user@lists.opendnssec.org> wrote:
> Hi, Hello Michael, > I updated to OpenDNSSEC 2.1.8 today, and found a lot of … > > [hsm_key_factory_get_key] removing key > 1a0ff0971e71b7de02685c762da272bb from HSM > > … in my ods' logfile. > > I do assume that this has to do with what is mentioned in the release > notes: > > This release of 2.1.8 fixes a number of bugs related to the > purging of keys, ... > > Correct? Yes, that is correct. > And, I found out (while investigating) that my SoftHSM repository is > huge … > > dns2> ls -al /var/lib/softhsm/tokens/x-y-z/ | wc > 9692 96912 910872 > > … that a … > > dns2> ods-hsmutil list > > Listing keys in all repositories. > > … hangs "forever" (1 hour at least). > > Hmm, is this something to worry about? Depending on your ZSK-rollover frequency it might be that there are still a lot of old keys in the HSM which OpenDNSSEC has no information any longer. > I am 3 days prior ZSK rollovers of several domains. > Besides that huge repository, everything looks normal to me. When everything looks normal, it seems to me that it should continue to work normally. -- Stefan Ubbink DNS & Systems Engineer Present: Mon, Tue, Wed, Fri SIDN | Meander 501 | 6825 MD | ARNHEM | The Netherlands T +31 (0)26 352 55 00 https://www.sidn.nl
pgpb8iXIM9CKp.pgp
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
