On Tue, Apr 13, 2010 at 03:28:51PM -0400, Khuu, Linh MicroTech wrote: > I just turned on the dnssec-validation today, and I saw lots of messages: > > 13-Apr-2010 15:17:17.122 dnssec: debug 3: validating @202be918: > 3e77469i48du24agcu5ftfumd6iocmrk.org NSEC3: verify rdataset (keyid=47948): > You must use the keyboard to create entropy, since your system is lacking > /dev/random (or equivalent) ...
Pseudo-random numbers (PRNs) are used a lot in generating crypto keys, such as those used in DNSSEC. I don't know exactly what needs them here - it may also be generating random stuff to be encrypted. The OpenSSL package creates keys using PRNs seeded with "entropy". Under BSD and Linux systems, this comes from /dev/random and/or /dev/urandom. On older versions of Solaris, e.g., these pseudo-devices don't exist, and you need something like the Entropy Gathering Daemon <http://egd.sourceforge.net/> to create enough entropy for PRNs to be generated. The device name for the EGD must be compiled into the software; otherwise, every time it needs entropy, it will ask you to pound randomly on the keyboard until it thinks it has enough entropy. http://en.wikipedia.org/wiki/Entropy_%28computing%29 I hope that this helps! -- /*********************************************************************\ ** ** Joe Yao j...@tux.org - Joseph S. D. Yao ** \*********************************************************************/ _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
