Hello Rick, On 02/02/2018 11:18 AM, Rick van Rein wrote: > Hello, > > Knot DNS looks awesome, thanks for that!
Thank you :-) > The benchmarks show a clear picture (for hosting) that the size of zones > doesn't matter, but DNSSEC does. I'm intruiged by the differences with NSD. The upcoming Knot DNS 2.7.0 will bring some performance optimizations which should shrink the differences. > What is less clear, is what form of DNSSEC was used -- online signing, > or just signed for policy refreshes and updates, or signed before it > gets to knotd? This distinction seems important, as it might explain > the structural difference with NSD. > > Also, the documentation speaks of "DNSSEC signing for static zones" but > leaves some doubt if this includes editing of the records using zonec > transactions, or if it relates to rosedb, or something else. > > https://www.knot-dns.cz/docs/2.6/singlehtml/index.html#automatic-dnssec-signing > https://www.knot-dns.cz/docs/2.6/singlehtml/index.html#rosedb-static-resource-records The benchmarks are all about basic server setup - statically pre-signed zones, no active modules (online signing, rosedb), disabled automatic signing... > Other thant his uncertainty (and confusion over the meaning of the > master: parameter) the documentation is a real treat. Thanks for a job > done well! > > > Best wishes, > -Rick Best, Daniel -- https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users