Discussion:
[Opendnssec-user] Times to Sign Zone
Luciano Minuchin
2017-11-23 21:02:59 UTC
Permalink
Hi, I'm doing performance tests verifying the times in signing zones.
I understand that it will depend a lot on the Hardware but with zones of
1.5MB (4000 registers approximately) the times are extremely long.
In my case the Hardware is 2 CPU and 2 GB Ram

Do you have time statistics?


Thanks.
Luciano.
Luciano Minuchin
2017-11-24 19:08:50 UTC
Permalink
1.3hs to sign a zone whit 1.5Mb of size.
This is normal?
Post by Luciano Minuchin
Hi, I'm doing performance tests verifying the times in signing zones.
I understand that it will depend a lot on the Hardware but with zones of
1.5MB (4000 registers approximately) the times are extremely long.
In my case the Hardware is 2 CPU and 2 GB Ram
Do you have time statistics?
Thanks.
Luciano.
Thomas E.
2017-11-24 19:24:43 UTC
Permalink
Hi Luciano,

are you using SoftHSM? If so, wich version? You can use ods-hsmspeed for
perfomance tesing.

You will find Information here:

https://wiki.opendnssec.org/display/SoftHSM/v1+Performance

//thomas
Post by Luciano Minuchin
1.3hs to sign a zone whit 1.5Mb of size.
This is normal?
Hi, I'm doing performance tests verifying the times in signing zones.
I understand that it will depend a lot on the Hardware but with
zones of 1.5MB (4000 registers approximately) the times are
extremely long.
In my case the Hardware is 2 CPU and 2 GB Ram
Do you have time statistics?
Thanks.
Luciano.
_______________________________________________
Opendnssec-user mailing list
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
Luciano Minuchin
2017-11-24 19:52:41 UTC
Permalink
Good information Thomas

- i Interactions, is the number of lines in the zone file? or the number
of domains?


Thanks!.
Post by Thomas E.
Hi Luciano,
are you using SoftHSM? If so, wich version? You can use ods-hsmspeed for
perfomance tesing.
https://wiki.opendnssec.org/display/SoftHSM/v1+Performance
//thomas
Post by Luciano Minuchin
1.3hs to sign a zone whit 1.5Mb of size.
This is normal?
Hi, I'm doing performance tests verifying the times in signing zones.
I understand that it will depend a lot on the Hardware but with
zones of 1.5MB (4000 registers approximately) the times are
extremely long.
In my case the Hardware is 2 CPU and 2 GB Ram
Do you have time statistics?
Thanks.
Luciano.
_______________________________________________
Opendnssec-user mailing list
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
_______________________________________________
Opendnssec-user mailing list
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
Jakob Schlyter
2017-11-24 21:35:33 UTC
Permalink
-i is the number of iterations, i.e., the number of crypto operations to run for testing (per thread).


jakob
Mark Elkins
2017-11-25 07:19:51 UTC
Permalink
Just a thought - if this is a virtual server (a memory size of 2 GB is
both suspicious and low), you are probably running out of "random"
entropy. You need "random" data to generate keys with - which in a
virtual server, may be slow for the kernel to generate.

i.e. - how long does it take to generate keys using the BIND tool:-
      dnssec-keygen -a RSASHA256 -b 2048 -n ZONE -f KSK example.com
Try that a few times in succession. If its not basically instant -
that's your problem.

Solution:  Install the 'haveged' package, www.irisa.fr/caps/projects/hipsor
Post by Luciano Minuchin
1.3hs to sign a zone whit 1.5Mb of size.
This is normal?
2017-11-23 18:02 GMT-03:00 Luciano Minuchin
Hi, I'm doing performance tests verifying the times in signing zones.
I understand that it will depend a lot on the Hardware but with
zones of 1.5MB (4000 registers approximately) the times are
extremely long.
In my case the Hardware is 2 CPU and 2 GB Ram
Do you have time statistics?
Thanks.
Luciano.
_______________________________________________
Opendnssec-user mailing list
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
--
Mark James ELKINS - Posix Systems - (South) Africa
***@posix.co.za Tel: +27.128070590 Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
Continue reading on narkive:
Loading...