Bind 9.11/RHEL7 Server Freezes FUTEX_WAKE_PRIVATE
Ondřej Surý
ondrej at isc.org
Tue Aug 2 10:27:28 UTC 2022
Just use /dev/urandom as random device after reading a single byte from /dev/random to ensure the CSPRNG has been seeded.
The unsuitability of /dev/urandom for cryptographic purposes is just a myth. You are more likely affected by seeding all the instances from the same seed saved in the image than anything else.
Ondřej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
> On 2. 8. 2022, at 0:29, Grant Taylor via bind-users <bind-users at lists.isc.org> wrote:
> On 8/1/22 4:21 PM, Greg Choules via bind-users wrote:
>> Off the top of my head, could it be this?
>> random-device
>> ...
>> BIND will need a good source of randomness for crypto operations.
>
> Drive by plug: If it is lack of entropy, try installing and running Haveged. At least as a troubleshooting aid.
>
>
>
> --
> Grant. . . .
> unix || die
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list