dnssec-keygen is waiting endless...

Michelle Konzack linux4michelle at tamay-dogan.net
Fri May 28 20:53:48 UTC 2010 

Hello Evan,

Am 2010-05-28 18:33:14, hacktest Du folgendes herunter:
> > Operating System is "Debian GNU/Linux 5.0 Lenny" with bind9 in version
> > 1:9.7.0.dfsg.P1-1~bpo50+1
> 
> I get the same problem on Ubuntu, which is Debian-based.  /dev/random
> runs out of entropy rapidly and takes a long time to recover.

I have tries it on Debian Etch, Lenny and Sid with the same result... On
all three machines I have touse "-r /dev/urandom" which is realy weird.

> Using "dnssec-keygen -r /dev/urandom" will make it finish much
> faster, but that uses a pseudo-random number generator instead of true
> randomness, so it's not the best choice from the paranoid crypto viewpoint.
> I often use it for test zones and such.  If I needed a proper bulletproof
> key on an Ubuntu box, and I didn't want to wait a long time for it, I'd
> probably generate the key on some other system and copy it over.

:-)   I have 38.000 Zones and on my "AMD Sempron 2200+" with 3 GByte  of
memory it take arround 40 Second to create ONE signed zone fro a script.

This mean, if I want to sign 38.000 zones it will run 18 days...

Thanks, Greetings and nice Day/Evening
    Michelle Konzack

-- 
##################### Debian GNU/Linux Consultant ######################
   Development of Intranet and Embedded Systems with Debian GNU/Linux

itsystems at tdnet France EURL       itsystems at tdnet UG (limited liability)
Owner Michelle Konzack            Owner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz                 Kinzigstraße 17
67100 Strasbourg/France           77694 Kehl/Germany
Tel: +33-6-61925193 mobil         Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix

<http://www.itsystems.tamay-dogan.net/>  <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/>         <http://www.can4linux.org/>

Jabber linux4michelle at jabber.ccc.de
ICQ    #328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.pgp
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100528/7a76d303/attachment.bin>

More information about the bind-users mailing list