BIND 9 is an open source DNS software system including an authoritative server, a recursive resolver and related utilities.
@dev-aaront-org_gitlab Hi, are you there? I would like to run something through you... and perhaps you might have an idea.
The BIND 9.11 included a custom OpenSSL patch that added pkcs11 engine - this is of course not sustainable in a long run, so the patch has been dropped, and libp11 engine_pkcs11 or native-pkcs11 is being recommended.
Now the problem is that for some people (running AEP Keyper load-balancer) it seems that the HSMs are underutilized compared to the custom-OpenSSL-patch in both cases (engine_pkcs11 and native-pkcs11). I honestly have no clue where to start debugging this problem, so any hints or insights would be appreciated.