Hello, Knot DNS looks awesome, thanks for that!
The benchmarks show a clear picture (for hosting) that the size of zones doesn't matter, but DNSSEC does. I'm intruiged by the differences with NSD. What is less clear, is what form of DNSSEC was used -- online signing, or just signed for policy refreshes and updates, or signed before it gets to knotd? This distinction seems important, as it might explain the structural difference with NSD. Also, the documentation speaks of "DNSSEC signing for static zones" but leaves some doubt if this includes editing of the records using zonec transactions, or if it relates to rosedb, or something else. https://www.knot-dns.cz/docs/2.6/singlehtml/index.html#automatic-dnssec-signing https://www.knot-dns.cz/docs/2.6/singlehtml/index.html#rosedb-static-resource-records Other thant his uncertainty (and confusion over the meaning of the master: parameter) the documentation is a real treat. Thanks for a job done well! Best wishes, -Rick -- https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users