bind-9.9.5 regression test error
Doug Barton
dougb at dougbarton.us
Wed Feb 12 21:59:28 UTC 2014
On 02/12/2014 11:16 AM, Christoph Moench-Tegeder wrote:
> ## Bruce Dubbs (bruce.dubbs at gmail.com):
>
>> I've been trying to run the regression tests for bind-9.9.5 and keep
>> getting lots of timeouts and errors in the system/inline test.
>
> I saw the same symptoms when packaging/testing bind-9.9.5. I traced
> the issue to processes blocking in read() from /dev/random - so
> adding --with-randomdev=/dev/urandom to configure's arguments made
> all tests pass.
If you don't have enough random bits on your system to run these simple
tests, your /dev/random is seriously underpopulated, and likely a
security risk. You should definitely not put BIND in production compiled
with the option you mention above.
For Linux systems haveged is a fairly painless way to populate your
entropy pool, which should be fine for BIND. There are of course other
more complicated methods as well for higher-security requirements.
Doug
PS for Mark, When I was maintaining BIND for FreeBSD I always ran the
unit tests before I put a new version live. :)
More information about the bind-users
mailing list