The signer will sign as many zones as specified by WorkingThreads in the
conf.xml at the same time. These "threads" are distributing the work
of the actual signing over SignerThreads.

If you specify 1 signerthreads and 4 workerthreads (a stupid
configuration, but for clarification), 4 zones will be signed
simultaneously, but it it will generate a signature from each
of these zones alternating (roughly, it isn't absolutely fair).
AXFRs are done by another thread outside of this pool. Of course its
performance might get affected if the other threads very busy.
There is just one thread for transfers, it will use asynchronous I/O
to serve all requests.

However when a zone is getting signed, there is a period in which it
cannot simultanously serve the zone as well. This is being worked
on for the next release of OpenDNSSEC.
The SQL backend is at the moment only used for the enforcer, so there
are no considerations for your signer here. The number of Worker/
Signer threads to use depends on how you do the actual signing.
The signing process is heavily dependent on the speed and concurrency
of creating the signatures. If you have an HSM, you should look
in the documentation there on the optimum number of concurrent
operations it can handle. Experimenting works quite well.

If you are using a software based solution, like SoftHSM that
uses the same processor as the signer daemon uses, in general
you get the best performance setting the number of SignerThreads
to the number of cores. In case of hyperthreading or likewise
technology the number of virtual cores. Setting it one above
the actual number of cores in fact makes the actual throughput
even better, but at the expense of a general less responsive
system, therefor I'd recommend the number of cores to use.

\Berry

Hi Jake,

The signer is able to sign zones concurrently. Each worker in the signer
is able to work on one zone at the time. You can configure the number of
workers in conf.xml

<Signer>
<WorkerThreads>4</WorkerThreads>
</Signer>

Default is 4, but you should configure this indeed to better match your
number of processors, cores per processor, threads per core.

Note there is also something like <SignerThreads>. This is how many
RRSIGs can be created concurrently. The optimal number depends on your
HSM. You can use the utility ods-hsmspeed to test the HSM performance.

Best regards,
Matthijs