Hi, I found this project quite promising, but I would like to configure dnssec_keydir and storage per zone . Now all keys and db files are in one directory, that is probably OK if you have couple of zones, also if they are very big, but we have configured about 48k zones(this can be configured to tree and separated by includes), which means at start 48.000 db files and 48.000x4 = 192.000 DNSSEC key files(later when rotating keys it can be even more). It is probably acceptable when accessing db files, because I did not found any directory crawling here, but only from performance point of view, not from administrator's (backups/listing/quick fixes etc). I thing problem is in dnssec_keydir, becouse of way how keys are filtered(libknot/dnssec/zone-keys.c method knot_load_zone_keys) by name and included or removed from zone. Also as I understand updating(insert/delete inodes) large directories can harm performance of updating a lot. I think It will often block listing of files for key searching, slowdown parallel writing to directories etc. Also crawling large array for few keys for zone(192k lines for 4 files). Compare: one dnssec_keydir /data: list whole directory 192k for find 4 lines per zone dnssec_keydir /data/e/ex/exa/exam/example.com/K* (this structure is example and can be configurable by dnssec_keydir variable in zone, think of it as emulating some sort of binary tree): 6 x access to sub directory+ list only one directory for 4 lines (max 6-8 when rotating) I attached patch, which I believe solve this with little performance penalty and little more memory usage(only for those which want tree structure for example). About structure it should not be created on demand, but precreated by administrator/script . I believe it can save lots of time and disk io. At the end I may be totally wrong, I did not made any tests yet. Kamil -- Kamil Sopko Dodavatel technické podpory pro savana.cz s.r.o. Lounská 983/43, 405 02 Děčín VI-Letná Telefon: +420 478 472 100 Provozní doba: PO-PÁ 8-118 hod a SO-NE 9-12 hod Web: www.savana.cz