This is most definitely not a bug but actually something that amused me; I knew I had chopped the (generated) zone in vi at 5000 lines (with a formatted SOA record), so 4k looked strange:
Maybe 4.9K ? :-) (ed: The fractional value issue has been split out to #460)
I then add three more records, bump the SOA serial to 2, and run cascade zone reload c1.aa:
Status report for zone 'c1.aa' using policy 'csk13-hsm'
✔ Waited for a new version of the c1.aa zone
✔ Loaded version 2
Loaded at 2025-10-09T08:31:18+00:00 (1m 46s ago)
Loaded 160 KB and 5K records from the filesystem in 0 seconds
✔ Auto approving signing of version 2, no checks enabled in policy.
✔ Approval received to sign version 2, signing requested
✔ Signed version 2 as version 1759997164
Signing requested at 2025-10-09T08:06:04+00:00 (27m ago)
Signing started at 2025-10-09T08:17:21+00:00 (15m 42s ago)
Signing finished at 2025-10-09T08:17:21+00:00 (15m 42s ago)
Collected 4K records in 0s, sorted in 0s
Generated 4K NSEC(3) records in 0s
Generated 9K signatures in 11m 17s (14 sig/s)
Inserted signatures in 11m 17s (14 sig/s)
Took 11m 17s in total, using 7 threads
Current action: Finished
✔ Waited for approval to publish version 1759997164
✔ Published version 1759997164
Published zone available on 127.0.0.1:4543
Is this zone signed or being signed? I cannot determine that from the output:
- ✔ Signed version 2 as version 1759997164: for me this means my SOA serial
2 is signed
- Collected 4K records in 0s, sorted in 0s: this, though is still the
4K display, whereas higher up it says 5K records
Signing started / Signing finished seems to indicate signing has finished, but the blinkenlights on my HSM are flashing furiously, so I'm sure the zone is still being signed, and activity in kmip2pkcs11 also indicates that that is the case:
[2025-10-09T10:36:52] [INFO] Processing batch of 1 items from peer 127.0.0.1:43872 on thread Thread { id: ThreadId(29), name: Some("kmip2pkcs11-worker"), .. }
...
This is most definitely not a bug but actually something that amused me; I knew I had chopped the (generated) zone in
viat 5000 lines (with a formatted SOA record), so4klooked strange:Maybe 4.9K ? :-) (ed: The fractional value issue has been split out to #460)
I then add three more records, bump the SOA serial to
2, and runcascade zone reload c1.aa:Is this zone signed or being signed? I cannot determine that from the output:
2is signed4Kdisplay, whereas higher up it says5K recordsSigning started / Signing finished seems to indicate signing has finished, but the blinkenlights on my HSM are flashing furiously, so I'm sure the zone is still being signed, and activity in
kmip2pkcs11also indicates that that is the case: