18 Zář
2018
18 Zář
'18
11:18
Hi Christian,
We plan some speed up of DNSSEC signing, but we have to invent proper design of it
first.
Zone signing consists of more steps and some of them are difficult to parallelize.
Best,
Daniel
On 09/18/2018 10:11 AM, Christian Petrasch wrote:
Hi Daniel,
thanks a lot for the answer..
In my eyes it would be helpful if it could be possible to speed up the signer with more
cores..
But .. in my eyes it is not a showstopper. But a good information for buying the right
processor in a server if we decide to use knot for signing..
If I have a look to your issue I fear that there wouldn't be any modification in this
direction..
best regards
--
Christian Petrasch
Senior System Engineer
DNS/Infrastructure
IT-Services
DENIC eG
Kaiserstraße 75-77
60329 Frankfurt am Main
GERMANY
E-Mail: petrasch(a)denic.de
http://www.denic.de <http://www.denic.de/>
PGP-KeyID: 549BE0AE, Fingerprint: 0E0B 6CBE 5D8C B82B 0B49 DE61 870E 8841 549B E0AE
Angaben nach § 25a Absatz 1 GenG: DENIC eG (Sitz: Frankfurt am Main)
Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr. Jörg Schweiger
Vorsitzender des Aufsichtsrats: Thomas Keller
Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht Frankfurt am Main
Von: daniel.salzman(a)nic.cz
An: "Christian Petrasch" <petrasch(a)denic.de>
Kopie: knot-dns-users(a)lists.nic.cz
Datum: 11.09.2018 20:36
Betreff: Re: [knot-dns-users] signing parameters for number of cores
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Hi Christian,
Unfortunately, the present implementation of zone signing cannot utilize
more CPU cores per one zone. The "background-workers" option is useful
just
for setting the number of different-zone events which are executed
concurrently.
We even have a very old issue on this
https://gitlab.labs.nic.cz/knot/knot-dns/issues/186
Is it a serious limitation for you deployment?
Regards,
Daniel
On 2018-09-11 11:52, Christian Petrasch wrote:
Hi folks,
sorry for the spam.. now with the right subject..
Maybe anybody can help me..
Is there any possibility to sign with more than one core ? The
"background-workers" parameter didn't help...
KnotDNS is using only one core for signing..
thanks a lot
best regards
--
Christian Petrasch
Senior System Engineer
DNS/Infrastructure
IT-Services
DENIC eG
Kaiserstraße 75-77
60329 Frankfurt am Main
GERMANY
E-Mail: petrasch(a)denic.de
Fon: +49 69 27235-429
Fax: +49 69 27235-239
http://www.denic.de <http://www.denic.de/>
PGP-KeyID: 549BE0AE, Fingerprint: 0E0B 6CBE 5D8C B82B 0B49 DE61 870E
8841 549B E0AE
Angaben nach § 25a Absatz 1 GenG: DENIC eG (Sitz: Frankfurt am Main)
Vorstand: Helga Krüger, Martin Küchenthal, Andreas Musielak, Dr.
Jörg Schweiger
Vorsitzender des Aufsichtsrats: Thomas Keller
Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht
Frankfurt am Main