Re: [knot-dns-users] Knot and OpenSC "use_file_caching" - possible ?

Hi Laura, not answering your question, but might you check out the configuration option https://www.knot-dns.cz/docs/3.0/singlehtml/index.html#background-workers and set it to 1 (one), in order to avoid signing processes for different zones running in parallel ? Libor Dne 10. 08. 21 v 18:29 Laura Smith napsal(a): > I am working on a Knot deployment that uses Nitrokey HSM[1] as a PKCS11 platform. > > As you might imagine, for a small USB device, the Nitrokey is not exactly the most performant HSM in the world. > > My configuration works great with one or two test zones. But when I start ramping up the number of zones, I start seeing weird problems with Knot (e.g. " blocked zone update due to open control transaction" errors ... which don't seem to be errors because my code debug shows the "zone-commit" being run, but it still leaves the Knot database in a weird corrupt state where I cannot even "conf-unset" a domain even if it is clearly existing in "conf-read"). > > Looking around the internet, it seems "OpenSC use_file_caching " might be the answer[2]. Does Knot support this ? > > [1] https://www.nitrokey.com/files/doc/Nitrokey_HSM_factsheet.pdf > > [2]https://support.nitrokey.com/t/slow-initialization-of-nitrokey-hsm/2906/6