dnssec-keygen not responding
Torsten Segner
torsten at segner.eu
Wed Nov 30 09:01:26 UTC 2011
Am Wed, 30 Nov 2011 09:40:44 +0100
schrieb Adam Tkac <atkac at redhat.com>:
> On Wed, Nov 30, 2011 at 12:18:04AM -0500, Alan Clegg wrote:
> > On 11/30/2011 12:15 AM, vishesh kumar wrote:
> > > Hi All
> > >
> > > I am trying to generate keys for signing vishesh.com
> > > <http://vishesh.com> domain using following command (for testing purpose)
> > >
> > > dnssec-keygen -a RSASHA1 -b 768 -n ZONE vishesh.com <http://vishesh.com>.
> > >
> > > But its not responding , i waited around 30 minutes but there is no result
> > >
> > > Operating system is RHEL6 on VirtualBox 4.1
> >
> > You don't have enough entropy in the virtual environment. You can (if
> > you understand the issues surrounding it), use /dev/urandom as your
> > random source, or look at installing something like haveged
> > (http://freecode.com/projects/haveged) to solve the problem.
>
> Another good solution is to pass "-r keyboard" to dnssec-keygen.
>
> Regards, Adam
>
In RHEL there is a RPM package called unuran.
It's a random number generator daemon using either a piece of hardware or /dev/urandom as source. Running this will provide enough entropy to create lots of keys.
More information about the bind-users
mailing list