Hi all ,
I had one zone which has about more than one million domains .
Recently noticed that when add a new domain under this zone almost cost
40 minutes .
But the other zones were regular worked , just cost about 1 minutes to
sign one new incoming RR record.(from in-bind throw opendnssec to out-bind).
All zones' config are the same .
Is if one zone more than one million domains will beyond the
opendnssec's control ? (I think 1,000,000 is not a large number for opendnssec)
And I did some change in config file , set re-sign per 5 minutes , but
the result is unsatisfactory ( from in-bind throw opendnssec to out-bind cost
about 20+ minutes).
Performance test for our HSM , result is 2600 RR/S , but from log the
avg is so far from this.
Jan 27 16:42:24 SST03 ods-signerd: [STATS] XX 1453884069 RR[count=1
time=1(sec)] NSEC3[count=0 time=0(sec)] RRSIG[new=9 reused=1035661 time=34(sec)
avg=0(sig/sec)] TOTAL[time=76(sec)]
After check the syslog always met log as :
Jan 27 16:58:13 SST03 ods-signerd: [query] incoming notify for zone
XX
Jan 27 16:58:13 SST03 ods-signerd: [query] ignore notify from
localhost: zone XX transfer in progress
How could I speed up the opendnssec to sign this zone timely ?
Could I deploy the opendnssec into a distributed cluster server to
increase the opendnssec's processing speed?
We used opendnssec version is 1.4.7.
Could anybody please help me to fix this issue together?
With kind regards,
Dean_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
