Op 16-10-12 10:18, 刘硕 schreef: > Hi, > > We are testing managing a thousand zones with OpenDNSSEC1.4.0b1 with > Mysql, but SoftHSM can only connected with Sqlite,right? > > Is it suitable for all the zones to share the same ZSK/KSK? Would this > cause some other some operation problems? Or should I just turn the > <ShareKeys> > on? But I suppose a thousand zones use the same key pairs seems > abnormal, right? What would you guys do? > I don't know how many keys SoftHSM can hold, but is it wise for it to > hold thousands of keys? > > What's your opinion on managing thousands of zones?
I don't think you need to worry. While I only have 300 zones to manage I have never experienced the interface to the SoftHSM as a bottleneck. You could define multiple SoftHSM-files but I'm not sure if that will improve anything at all. There is nothing inherently wrong with many zones sharing the same key, it's more about ease of management. Both systems (shared and unshared) have their advantages. My suggestion would be to just try it. -- Casper Gielen <[email protected]> | LIS UNIX PGP fingerprint = 16BD 2C9F 8156 C242 F981 63B8 2214 083C F80E 4AF7 Universiteit van Tilburg | Postbus 90153, 5000 LE Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
