Hi Gaolei, On 09-02-17 03:41, [email protected] wrote: > I had one zone which has about more than 15,000,000 domains . > Recently noticed that when add a new domain under this zone almost > cost 10 minutes . ... > We used opendnssec version is 1.4.10 > Could anybody please help me to fix this issue together?
Sadly this is a problem for OpenDNSSEC at the moment. The signer doesn't scale well for very large zones. It is not the signing performance per se, it will sign a large zone just fine, but a problem in handling updates in such zones. It is very high on our wishlist to straighten this out. We will work on this as our main goal for OpenDNSSEC 2.2 and 2.3. I can imagine these updates get quicker a bit when using nsec instead of nsec3. But for big improvements we'll have to wait the development. Other than that check the signers memory consumption and make sure the OS doesn't need to swap. Also, the signer will write out all kinds of backup/temporary files in /var/opendnssec. Make sure those files are on fast storage. Best regards, Yuri
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
