BIND and /var/arandom missing fix

Thu, 01 Nov 2007 11:47:35 -0800 

I have a server running OpenBSD 4.2-current and acting as a 
name server. It always has these messages in the /var/log/daemon 
file upon startup:

 Oct 27 05:51:38 racine named[3780]: could not open entropy \
 source  /dev/arandom: file not found
 Oct 27 05:51:38 racine named[3780]: using pre-chroot entropy \
 source  /dev/arandom

That never bothered me, until I needed to use Men and Mice 
DNS Server Controller management tools on my OBSD name server, 
but that is another story.

Just creating a /var/named/dev/arandom file won't work, 
since the partion is mounted as nodev as shown below

/dev/wd0a on / type ffs (local)
/dev/wd0e on /home type ffs (local, nodev, nosuid)
/dev/wd0f on /tmp type ffs (local, nodev, nosuid)
/dev/wd0g on /usr type ffs (local, nodev)
/dev/wd0d on /var type ffs (local, nodev, nosuid)
                                   ^^^^^
so I thought I would try creating a separate partition for 
/var/named/dev and not using the nodev parameter
I had used all of the drive during inital installation, so I
-went into disklabel -E wd0
- noticed how much space each cylinder took up 
- checked to see how large the swap partition was with a 'p m'
- deleted the swap partition, and recreated it 2 megabytes smaller
- created a new partition 2 megabytes in in size
- saved the results
- modified /etc/fstab to mount the new partition as /var/named/dev 
without the nodev option

$ mount
/dev/wd0a on / type ffs (local)
/dev/wd0e on /home type ffs (local, nodev, nosuid)
/dev/wd0f on /tmp type ffs (local, nodev, nosuid)
/dev/wd0g on /usr type ffs (local, nodev)
/dev/wd0d on /var type ffs (local, nodev, nosuid)
/dev/wd0h on /var/named/dev type ffs (local, nosuid)

rebooted the computer
-created the devices in /var/named/dev
   cd /var/named/dev
   /dev.MAKEDEV random

ls -l shows

$ ls -l /var/named/dev
total 0
crw-r--r--  1 root  wheel   45,   4 Oct 27 05:53 arandom
crw-r--r--  1 root  wheel   45,   3 Oct 27 05:53 prandom
crw-r--r--  1 root  wheel   45,   0 Oct 27 05:53 random
crw-r--r--  1 root  wheel   45,   1 Oct 27 05:53 srandom
crw-r--r--  1 root  wheel   45,   2 Oct 27 05:53 urandom


now when I start BIND via the named command, the messages about 
/var/arandom missing no loger appear in /var/log/daemon.

My question, have I compromised the security of the name server?

If anyone is interested, I will post my steps in getting Men and Mice 
DNS Server Controller running on OpenBSD using linux emulation.

Thanks,
J.D. Carlson

Reply via email to