2 Úno
2018
2 Úno
'18
16:52
Hello Rick,
On 02/02/2018 11:18 AM, Rick van Rein wrote:
Hello,
Knot DNS looks awesome, thanks for that!
Thank you :-)
The benchmarks show a clear picture (for hosting) that
the size of zones
doesn't matter, but DNSSEC does. I'm intruiged by the differences with NSD.
The upcoming Knot DNS 2.7.0 will bring some performance optimizations
which should shrink the differences.
What is less clear, is what form of DNSSEC was used --
online signing,
or just signed for policy refreshes and updates, or signed before it
gets to knotd? This distinction seems important, as it might explain
the structural difference with NSD.
Also, the documentation speaks of "DNSSEC signing for static zones" but
leaves some doubt if this includes editing of the records using zonec
transactions, or if it relates to rosedb, or something else.
https://www.knot-dns.cz/docs/2.6/singlehtml/index.html#automatic-dnssec-sig…
https://www.knot-dns.cz/docs/2.6/singlehtml/index.html#rosedb-static-resour…
The benchmarks are all about basic server setup - statically pre-signed zones,
no active modules (online signing, rosedb), disabled automatic signing...
Other thant his uncertainty (and confusion over the
meaning of the
master: parameter) the documentation is a real treat. Thanks for a job
done well!
Best wishes,
-Rick
Best,
Daniel