Slow zone signing with ECDSA
Spain, Dr. Jeffry A.
spainj at countryday.net
Wed Apr 19 19:14:40 UTC 2017
I'm testing a bind9 v11.1.0-P5 server signing 8 small zones de novo with ECDSAP256SHA256. The process takes about 12 hours to complete vs. signing with RSASHA256, which is almost immediate, but signing is ultimately successful. The server is running Ubuntu 16.04 LTS with current patches. I don't see any indication of resource starvation. I understand that ECDSAP256SHA256 is more computationally intensive than RSASHA256. Is bind9 throttling the signing process? Is such throttling configurable?
Jeffry A. Spain * Network Administrator
**********************************************************************
Cincinnati Country Day School * 6905 Given Road, Cincinnati, OH 45243-2898
CountryDay.net<http://www.countryday.net/> * 513 979-0299 * 513 527-7632 (f) (UTC-5)
PGP Public Key<https://keyserver.pgp.com/> ID 0xD17AFA13 (4E7B 8F1E F541 43E2 85D3 3638 76AB 9A4B D17A FA13)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170419/9a4a906a/attachment-0001.html>
More information about the bind-users
mailing list