On 05/28/10 13:53, Michelle Konzack wrote:
Hello Evan,
Am 2010-05-28 18:33:14, hacktest Du folgendes herunter:
Operating System is "Debian GNU/Linux 5.0 Lenny" with bind9 in version
1:9.7.0.dfsg.P1-1~bpo50+1
I get the same problem on Ubuntu, which is Debian-based. /dev/random
runs out of entropy rapidly and takes a long time to recover.
I have tries it on Debian Etch, Lenny and Sid with the same result... On
all three machines I have touse "-r /dev/urandom" which is realy weird.
...
:-) I have 38.000 Zones and on my "AMD Sempron 2200+" with 3 GByte of
memory it take arround 40 Second to create ONE signed zone fro a script.
This mean, if I want to sign 38.000 zones it will run 18 days...
If you're planning to do production DNSSEC on Linux you really need to
configure an entropy gathering daemon in order to properly seed your
/dev/random device. You should be able to find resources for doing this
on line, or in a help forum for your particular brand(s) of Linux.
You might also consider evaluating FreeBSD for your name servers, it
comes with properly configured entropy gathering right out of the box,
and our implementation of /dev/random uses a PRNG method that hands out
high-quality "random" bits with very little danger of running out.
hth,
Doug
--
... and that's just a little bit of history repeating.
-- Propellerheads
Improve the effectiveness of your Internet presence with
a domain name makeover! http://SupersetSolutions.com/
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
