<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <p>Just a thought - if this is a virtual server (a memory size of 2

      GB is both suspicious and low), you are probably running out of

      "random" entropy. You need "random" data to generate keys with -

      which in a virtual server, may be slow for the kernel to generate.</p>

    <p>i.e. - how long does it take to generate keys using the BIND

      tool:-       dnssec-keygen -a RSASHA256 -b 2048 -n ZONE -f KSK

      example.com<br>

      Try that a few times in succession. If its not basically instant -

      that's your problem.</p>

    <p>Solution:  Install the 'haveged' package,

      <a class="moz-txt-link-abbreviated" href="http://www.irisa.fr/caps/projects/hipsor">www.irisa.fr/caps/projects/hipsor</a><br>

    </p>

    <br>

    <div class="moz-cite-prefix">On 24/11/2017 21:08, Luciano Minuchin

      wrote:<br>

    </div>

    <blockquote type="cite"

cite="mid:CAPc+vasjYZy=7Jyf1cM3nTVQD=cFKrS3=xQcVEtpYq4uLq7ukw@mail.gmail.com">

      <div dir="ltr">1.3hs to sign a zone whit 1.5Mb of size.

        <div>This is normal?<br>

        </div>

      </div>

      <div class="gmail_extra"><br>

        <div class="gmail_quote">2017-11-23 18:02 GMT-03:00 Luciano

          Minuchin <span dir="ltr"><<a

              href="mailto:luciano.minuchin@gmail.com" target="_blank"

              moz-do-not-send="true">luciano.minuchin@gmail.com</a>></span>:<br>

          <blockquote class="gmail_quote" style="margin:0 0 0

            .8ex;border-left:1px #ccc solid;padding-left:1ex">

            <div dir="ltr">

              <div>Hi, I'm doing performance tests verifying the times

                in signing zones.</div>

              <div>I understand that it will depend a lot on the

                Hardware but with zones of 1.5MB (4000 registers

                approximately) the times are extremely long.</div>

              <div>In my case the Hardware is 2 CPU and 2 GB Ram</div>

              <div><br>

              </div>

              <div>Do you have time statistics?</div>

              <div><br>

              </div>

              <div><br>

              </div>

              <div>Thanks.</div>

              <span class="HOEnZb"><font color="#888888">

                  <div>Luciano.</div>

                  <div><br>

                  </div>

                  <div><br>

                  </div>

                </font></span></div>

          </blockquote>

        </div>

        <br>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

Opendnssec-user mailing list

<a class="moz-txt-link-abbreviated" href="mailto:Opendnssec-user@lists.opendnssec.org">Opendnssec-user@lists.opendnssec.org</a>

<a class="moz-txt-link-freetext" href="https://lists.opendnssec.org/mailman/listinfo/opendnssec-user">https://lists.opendnssec.org/mailman/listinfo/opendnssec-user</a>

</pre>

    </blockquote>

    <br>

    <pre class="moz-signature" cols="72">-- 

Mark James ELKINS  -  Posix Systems - (South) Africa

<a class="moz-txt-link-abbreviated" href="mailto:mje@posix.co.za">mje@posix.co.za</a>       Tel: +27.128070590  Cell: +27.826010496

For fast, reliable, low cost Internet in ZA: <a class="moz-txt-link-freetext" href="https://ftth.posix.co.za">https://ftth.posix.co.za</a>

</pre>

  </body>

</html>