On 02/12/2014 11:16 AM, Christoph Moench-Tegeder wrote:
## Bruce Dubbs (bruce.du...@gmail.com):
I've been trying to run the regression tests for bind-9.9.5 and keep
getting lots of timeouts and errors in the system/inline test.
I saw the same symptoms when packaging/testing bind-9.9.5. I traced
the issue to processes blocking in read() from /dev/random - so
adding --with-randomdev=/dev/urandom to configure's arguments made
all tests pass.
If you don't have enough random bits on your system to run these simple
tests, your /dev/random is seriously underpopulated, and likely a
security risk. You should definitely not put BIND in production compiled
with the option you mention above.
For Linux systems haveged is a fairly painless way to populate your
entropy pool, which should be fine for BIND. There are of course other
more complicated methods as well for higher-security requirements.
Doug
PS for Mark, When I was maintaining BIND for FreeBSD I always ran the
unit tests before I put a new version live. :)
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
