PRNG not seeded, service won't start
Howard, Christopher
Christopher-Howard at utc.edu
Tue Sep 18 13:42:48 UTC 2018
Those are both good. Recent versions of bind are now using OpenSSL for random number generation and not /dev/random or /dev/urandom. Since the old version still works the /dev devices are obviously working.
-Christopher
On Tue, 2018-09-18 at 07:52 +0000, Alberto Colosi wrote:
ON INTERNET IS LIKE TO BE LINKED TO RANDOM SEED GENERATION
check
# ls -l /dev/random /dev/urandom
crw-r--r-- 1 root system 39, 0 Jan 22 10:48 /dev/random
crw-r--r-- 1 root system 39, 1 Jan 22 10:48 /dev/urandom
________________________________
From: bind-users <bind-users-bounces at lists.isc.org> on behalf of Howard, Christopher <Christopher-Howard at utc.edu>
Sent: Tuesday, September 18, 2018 1:11 AM
To: bind-users at lists.isc.org
Subject: PRNG not seeded, service won't start
I'm attempting to upgrade from bind 9.10.4-P8 to 9.12.2-P1 and the service refuses to start. This is on a CentOS 6.10 machine. I ran into the same issue on CentOS 7 and was able to fix it by making sure that rngd is running before the named service starts. That same fix is not working for CentOS 6. I'm at a loss as to how to fix this and Google is failing me now.
The error in the log says:
Sep 17 18:59:08 nsm named[3926]: openssl_link.c:296: fatal error:
Sep 17 18:59:08 nsm named[3926]: OpenSSL pseudorandom number generator cannot be initialized (see the `PRNG not seeded' message in the OpenSSL FAQ)
Does any one have any ideas of what I'm missing or what I can do to resolve this (besides upgrading this box to CentOS 7)?
-Christopher
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org<mailto:bind-users at lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180918/e04e1ac0/attachment.html>
More information about the bind-users
mailing list