dnssec-keygen is waiting endless...
Evan Hunt
each at isc.org
Fri May 28 18:33:14 UTC 2010
> Operating System is "Debian GNU/Linux 5.0 Lenny" with bind9 in version
> 1:9.7.0.dfsg.P1-1~bpo50+1
I get the same problem on Ubuntu, which is Debian-based. /dev/random
runs out of entropy rapidly and takes a long time to recover.
Using "dnssec-keygen -r /dev/urandom" will make it finish much
faster, but that uses a pseudo-random number generator instead of true
randomness, so it's not the best choice from the paranoid crypto viewpoint.
I often use it for test zones and such. If I needed a proper bulletproof
key on an Ubuntu box, and I didn't want to wait a long time for it, I'd
probably generate the key on some other system and copy it over.
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list