dnssec-keygen is waiting endless...
Michelle Konzack
linux4michelle at tamay-dogan.net
Fri May 28 20:53:48 UTC 2010
Hello Evan,
Am 2010-05-28 18:33:14, hacktest Du folgendes herunter:
> > Operating System is "Debian GNU/Linux 5.0 Lenny" with bind9 in version
> > 1:9.7.0.dfsg.P1-1~bpo50+1
>
> I get the same problem on Ubuntu, which is Debian-based. /dev/random
> runs out of entropy rapidly and takes a long time to recover.
I have tries it on Debian Etch, Lenny and Sid with the same result... On
all three machines I have touse "-r /dev/urandom" which is realy weird.
> Using "dnssec-keygen -r /dev/urandom" will make it finish much
> faster, but that uses a pseudo-random number generator instead of true
> randomness, so it's not the best choice from the paranoid crypto viewpoint.
> I often use it for test zones and such. If I needed a proper bulletproof
> key on an Ubuntu box, and I didn't want to wait a long time for it, I'd
> probably generate the key on some other system and copy it over.
:-) I have 38.000 Zones and on my "AMD Sempron 2200+" with 3 GByte of
memory it take arround 40 Second to create ONE signed zone fro a script.
This mean, if I want to sign 38.000 zones it will run 18 days...
Thanks, Greetings and nice Day/Evening
Michelle Konzack
--
##################### Debian GNU/Linux Consultant ######################
Development of Intranet and Embedded Systems with Debian GNU/Linux
itsystems at tdnet France EURL itsystems at tdnet UG (limited liability)
Owner Michelle Konzack Owner Michelle Konzack
Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France 77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix
<http://www.itsystems.tamay-dogan.net/> <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/> <http://www.can4linux.org/>
Jabber linux4michelle at jabber.ccc.de
ICQ #328449886
Linux-User #280138 with the Linux Counter, http://counter.li.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.pgp
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100528/7a76d303/attachment.bin>
More information about the bind-users
mailing list