Bind 9.5.0-P2, DNSSEC and /dev/random
Mark Andrews
Mark_Andrews at isc.org
Sun Aug 31 00:17:49 UTC 2008
> On Sun, 31 Aug 2008 02:40:36 you wrote:
> > > Hello all-
> > >
> > > The following command-
> > >
> > > /usr/local/sbin/dnssec-keygen -r /dev/random -f KSK -a RSASHA1 -b 1024 -n
> > > ZON E
> > > example.com
> > >
> > > stalls. The system is Slackware Linux 12.1 with kernel 2.6.23-11.
> > >
> > > Michael
> >
> > You need to cause the kernel to gather entropy. The way to
> > do that is to make the kernel do work.
> >
> > e.g.
> > ls -R /
>
> While this does increase the entropy to over 3,000, it still doesn't work (an
> d
> the entropy sinks within a few seconds anyway)
When generating large keys I just keep running "ls -R /" until the
key generation completes. You can also use the keyboard. Install
a hardware random number generator and configure the kernel to use
it (might require a OS change as I don't know if this is supported
under Linux).
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list