Ticket #415 (closed defect: fixed)
Signing thread died during AXFR of signed domain
| Reported by: | anon | Owned by: | ahu |
|---|---|---|---|
| Priority: | high | Milestone: | |
| Component: | auth | Version: | 3.0 |
| Severity: | major | Keywords: | dnssec master axfr |
| Cc: |
Description
Hi, I have one Master DNS, and two Slaves which serves clients. Master do signing, slaves AXFR presigned domains.
Sometimes, when slave initiated AXFR (or I make AXFR via dig utility), CPU of master pdns go to 100% usage (sometimes 200-300% depending on number of AXFR requests) and monitor mode console get this error:
Signing thread died because of std::exception: Botan: Internal error: Self test failed: RSA private operation check failed
but after one (or more) restart, slaves got domain successfully.
Signed domains are small - AXFR contains only about 24 records including DNSSEC related.
I do some tests. I try dig AXFR for "domain1" repeatedly - without error. Then dig AXFR "domain2" - CPU goes to 100% usage and on monitor console is "signing thread died.....". When i do AXFR of "domain2" once more i got it without error, but CPU is still 100%. I must restart pdns process. After restart, AXFR are sometimes OK, sometimes not. I cannot find any clue, why this error randomly appears.
Problem is when CPU usage is about 260-300%, it doesn't server any AXFR including non-signed domains. I have 4 core CPU and distributor-threads=3
System: FreeBSD 8.2-RELEASE-p2, PostgreSQL backend, Powerdns_3.0_1 from ports.
