I'm running the BIND9 on AIX 5.3. My OS does have /dev/random and /dev/urandom.
# odmget CuDvDr | grep -p random CuDvDr: resource = "ddins" value1 = "random" value2 = "34" value3 = "" crw-r--r-- 1 root system 34, 0 Feb 26 2009 random crw-r--r-- 1 root system 34, 1 Feb 26 2009 urandom I'm running BIND9 on 4 DNS servers with same build, same OS. 2 of DNS servers are running with no problem. The other 2 show error in the dnssec log: 13-Apr-2010 15:17:17.122 dnssec: debug 3: validating @202be918: 3e77469i48du24agcu5ftfumd6iocmrk.org NSEC3: verify rdataset (keyid=47948): You must use the keyboard to create entropy, since your system is lacking /dev/random (or equivalent) Linh Khuu -----Original Message----- From: Warren Kumari [mailto:war...@kumari.net] Sent: Tuesday, April 13, 2010 3:43 PM To: Khuu, Linh MicroTech Cc: 'bind-users@lists.isc.org' Subject: Re: Question about message "your system is lacking dev/random (or equivalent)" On Apr 13, 2010, at 3:28 PM, Khuu, Linh MicroTech wrote: > I just turned on the dnssec-validation today, and I saw lots of > messages: > > 13-Apr-2010 15:17:17.122 dnssec: debug 3: validating @202be918: > 3e77469i48du24agcu5ftfumd6iocmrk.org NSEC3: verify rdataset > (keyid=47948): You must use the keyboard to create entropy, since > your system is lacking > /dev/random (or equivalent) > > 13-Apr-2010 15:26:35.016 dnssec: debug 3: validating @202bd638: > usps.gov DNSKEY: verify rdataset (keyid=10539): You must use the > keyboard to create entropy, since your system is lacking > /dev/random (or equivalent) > > 13-Apr-2010 15:26:37.385 dnssec: debug 3: validating @202c0e28: > usps.gov SOA: verify rdataset (keyid=43133): You must use the > keyboard to create entropy, since your system is lacking > /dev/random (or equivalent) > > Is this a problem with dnssec on my DNS server? Did you build BIND yourself? When BIND starts does it log anything like: "--with-randomdev=<something>"? What operating system, etc? You haven't really provided very much useful information in your question... DNSSEC needs entropy for signing -- it believes that your system does not provide a useful source of entropy (do you have a /dev/random?) and so it want you to add some. This is not a BIND problem, it is an OS (or more likely configuration issue). W > > Linh Khuu > Network Security Specialist > MicroTech ESS Contract > Office: 410-966-0798 > Pager: 410-232-2350 > Email: linh.k...@ssa.gov > > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- If the bad guys have copies of your MD5 passwords, then you have way bigger problems than the bad guys having copies of your MD5 passwords. -- Richard A Steenbergen
PGP.sig
Description: PGP signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users