signing-threads not work
I tried to dnssec a zone with knot+softhsmv2 and found that it took much longer than opendnssec+softhsmv2, whether I set signing-threads to 1 or equal to my number of cores, run the top command to check the load, the knotd cpu usage stays at 100%. Are there any other parameters that can speed up the signature? Here are the results of my environmental tests
OS: Rocky Linux release 8.8 (Green Obsidian)
CPU: 2 * Intel(R) Xeon(R) CPU E5-2630 v3 @ 2.40GHz
Memory: 96GB
Knot Version: knot-3.2.9
$ wc -l /home/gtld/instances/knot/in/top.txt
5123486 /home/gtld/instances/knot/in/top.txt
$ ls -lth /home/gtld/instances/knot/in/top.txt
-rw-rw---- 1 gtld gtld 238M Sep 1 11:46 /home/gtld/instances/knot/in/top.txtknot log
2023-09-01T14:38:17+0800 info: [top.] DNSSEC, signing started
2023-09-01T15:29:04+0800 info: [top.] DNSSEC, successfully signedknot re-sign
2023-09-05T09:02:15+0800 info: [top.] DNSSEC, key, tag 51581, algorithm RSASHA256, KSK, public, ready, active+
2023-09-05T09:02:15+0800 info: [top.] DNSSEC, key, tag 20194, algorithm RSASHA256, public, active
2023-09-05T09:02:15+0800 info: [top.] DNSSEC, signing started
2023-09-05T09:53:23+0800 info: [top.] DNSSEC, successfully signedopendnssec log
Sep 1 16:33:58 DNSSEC-TEST ods-signerd[32984]: [STATS] top 1693556746 RR[count=5123483 time=78(sec)] NSEC3[count=2305279 time=11(sec)] RRSIG[new=2311115 reused=0 time=372(sec) avg=6212(sig/sec)] TOTAL[time=492(sec)]cat etc/knot.conf
keystore:
- id: "softhsm"
backend: pkcs11
config: "pkcs11:token=testsofthsm;pin-value=000000 /home/gtld/softhsmv2/lib/softhsm/libsofthsm2.so"
key-label: on
policy:
- id: auto
keystore: softhsm
signing-threads: 32
algorithm: rsasha256
zsk-lifetime: 30d
ksk-lifetime: 365d
ksk-size: 2048
zsk-size: 2048
dnskey-ttl: 3600
nsec3: on
top
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
651019 gtld 20 0 24.7g 2.6g 10240 S 100.0 2.7 32:27.59 knotd