DNSSEC Generating Zone Key hanging
Bill Owens
owens at nysernet.org
Sun Apr 22 00:28:46 UTC 2012
On Sun, Apr 22, 2012 at 01:11:55AM +0100, Damian Myerscough wrote:
> Hello,
> I was setting up BIND DNSSEC and when I issue the following command the
> process never finishes.
> dnssec-keygen -a RSASHA1 -b 1024 -n ZONE example.com
> I straced the process and noticed the following messages
> write(2, "Generating key pair.", 20Generating key pair.) = 20
> gettimeofday({1335044641, 756413}, NULL) = 0
> read(3, "s\2161\363\364<\1s1\343\311\212\1", 64) = 13
> read(3, 0x7fffcac9c960, 51) = -1 EAGAIN (Resource temporarily
> unavailable)
> select(4, [3], [], NULL, NULL) = 1 (in [3])
> read(3, "p\32\254\352$\264:\22", 51) = 8
> read(3, 0x7fffcac9c960, 43) = -1 EAGAIN (Resource temporarily
> unavailable)
> select(4, [3], [], NULL, NULL) = 1 (in [3])
> read(3, "\370\270\363IE\342X\343", 43) = 8
> read(3, 0x7fffcac9c960, 35) = -1 EAGAIN (Resource temporarily
> unavailable)
> select(4, [3], [], NULL, NULL) = 1 (in [3])
> My machine is a virtual host, does anyone have any ideas what resource is
> temporarily unavailable.
/dev/random - VMs, with no keyboard or mouse, don't accumulate enough entropy to keep /dev/random full. Installing haveged would probably help; or consider generating keys on a machine with a decent amount of entropy and securely moving them to your VM.
Bill.
More information about the bind-users
mailing list