Question about message "your system is lacking dev/random (or equivalent)"
Mark Andrews
marka at isc.org
Thu Apr 15 00:53:04 UTC 2010
In message <0808710B26E7E541AD135BE9553CFB6896C1B3ADAF at HQ-EC-02.ba.ad.ssa.gov>,
"Khuu, Linh MicroTech" writes:
> I just turned on the dnssec-validation today, and I saw lots of messages:
>
> 13-Apr-2010 15:17:17.122 dnssec: debug 3: validating @202be918: 3e77469i4=
> 8du24agcu5ftfumd6iocmrk.org NSEC3: verify rdataset (keyid=3D47948): You mus=
> t use the keyboard to create entropy, since your system is lacking
> /dev/random (or equivalent)
This is like the linker stuffed up. "You must ... (or equivalent)"
is not the textual description of a result code. It is a message
that can be emitted by the command line tools used to generate keys.
Named doesn't call this bit of code. If you are using shared
libraries I would be checking that named is finding the right version
of the shared library.
> 13-Apr-2010 15:26:35.016 dnssec: debug 3: validating @202bd638: usps.gov DN=
> SKEY: verify rdataset (keyid=3D10539): You must use the keyboard to create =
> entropy, since your system is lacking
> /dev/random (or equivalent)
>
> 13-Apr-2010 15:26:37.385 dnssec: debug 3: validating @202c0e28: usps.gov =
> SOA: verify rdataset (keyid=3D43133): You must use the keyboard to create e=
> ntropy, since your system is lacking
> /dev/random (or equivalent)
>
> Is this a problem with dnssec on my DNS server?
>
> Linh Khuu
> Network Security Specialist
> MicroTech ESS Contract
> Office: 410-966-0798
> Pager: 410-232-2350
> Email: Linh.Khuu at ssa.gov
> =20
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list