Hello Rick,

On 02/02/2018 11:18 AM, Rick van Rein wrote:
> Hello,
> Knot DNS looks awesome, thanks for that!

Thank you :-)

> The benchmarks show a clear picture (for hosting) that the size of zones
> doesn't matter, but DNSSEC does.  I'm intruiged by the differences with NSD.

The upcoming Knot DNS 2.7.0 will bring some performance optimizations
which should shrink the differences.

> What is less clear, is what form of DNSSEC was used -- online signing,
> or just signed for policy refreshes and updates, or signed before it
> gets to knotd?  This distinction seems important, as it might explain
> the structural difference with NSD.
> Also, the documentation speaks of "DNSSEC signing for static zones" but
> leaves some doubt if this includes editing of the records using zonec
> transactions, or if it relates to rosedb, or something else.
> https://www.knot-dns.cz/docs/2.6/singlehtml/index.html#automatic-dnssec-signing
> https://www.knot-dns.cz/docs/2.6/singlehtml/index.html#rosedb-static-resource-records

The benchmarks are all about basic server setup - statically pre-signed zones,
no active modules (online signing, rosedb), disabled automatic signing...

> Other thant his uncertainty (and confusion over the meaning of the
> master: parameter) the documentation is a real treat.  Thanks for a job
> done well!
> Best wishes,
>  -Rick



Reply via email to