On Mon, 6 Jan 2025 20:08:44 +0100 Daniel Salzman via knot-dns-users <knot-dns-users@lists.nic.cz> wrote:
> Hi Thomas, Hello Thomas, > Unfortunately, we don't have experience with cloud-based HSMs, but > this one > https://docs.aws.amazon.com/cloudhsm/latest/userguide/pkcs11-library.html > appears to be feasible. We have done some test with the AWS CloudHSM, but the performance was not good enough for our big .nl zone. (This was by using OpenDNSSEC, but I do not think that matters much.) With 1 AWS HSM, we saw an average of 262 sig/sec. With 2 AWS HSMs, we saw the average increase to 524 sig/sec. I hope this helps in you search. > On 1/6/25 15:46, Thomas Kuechenthal wrote: > > Hi Guys, > > > > a happy new year to all of you! > > > > Due to policy reasons we need to make knot use a HSM in the future. > > Is anybody successfully using some cloud based HSM services like > > Google Cloud HSM for DNSSEC signing? > > > > Any information is helpful, thanks! > > > > BR > > Thomas -- Stefan Ubbink DNS & Systems Engineer Present: Mon, Tue, Wed, Fri SIDN | Meander 501 | 6825 MD | ARNHEM | The Netherlands T +31 (0)26 352 55 00 https://www.sidn.nl
pgphTUONPjiS0.pgp
Description: OpenPGP digital signature
--
