From owner-freebsd-questions@FreeBSD.ORG Fri Jan 30 07:34:27 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4702816A4CE for ; Fri, 30 Jan 2004 07:34:27 -0800 (PST) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2BF5543D46 for ; Fri, 30 Jan 2004 07:34:05 -0800 (PST) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost.infracaninophile.co.uk [IPv6:::1])i0UFXojc079040 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 30 Jan 2004 15:33:50 GMT (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)id i0UFXorg079039 for freebsd-questions@freebsd.org; Fri, 30 Jan 2004 15:33:50 GMT (envelope-from matthew) Date: Fri, 30 Jan 2004 15:33:50 +0000 From: Matthew Seaman To: Free BSD Questions list Message-ID: <20040130153350.GA78931@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , Free BSD Questions list References: <20040130152214.GA18353@teddy.fas.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ZPt4rx8FFjLCG7dd" Content-Disposition: inline In-Reply-To: <20040130152214.GA18353@teddy.fas.com> User-Agent: Mutt/1.5.5.1i X-Spam-Status: No, hits=-4.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on happy-idiot-talk.infracaninophile.co.uk Subject: Re: rndc-confgen -a goes off forever X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jan 2004 15:34:27 -0000 --ZPt4rx8FFjLCG7dd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 30, 2004 at 10:22:14AM -0500, stan wrote: > I'm trying to set up bind 9 on a 4.9 STABLE machine. >=20 > Looking in theprots message file, it says tehat I need to generate a sour= ce > of random numberes by using rndc-confgen -a. When I type this command, it > never returns (It's been linke 10 minutes). and to shos that it's not usi= ng > any CPU cycles. I am running this as root. >=20 > What am I doing wrong? Actually it says you need to set up a source of randomness /so that/ rndc-confgen will work in a reasonable amount of time. Take a look at rndcontrol(8) and then at the output of=20 vmstat -i so that you can choose two or three interrupts that occur relatively frequently and enable those as feeds for the entropy source. Nb. don't try enabling the clk or rtc interrupts for this purpose: those tick at regular intervals, and the whole point is to exploit the random spacing between interrupts. Use rndcontrol(8) to turn on the entropy harvesting, and then leave the system to work for a while and gather a bit of entropy. After that rndc-confgen(8) should work fine. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --ZPt4rx8FFjLCG7dd Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAGnledtESqEQa7a0RAnMtAJ0e5UfpMYoRHgzpnGWHEcifkpccqQCdHexh un6TCMS8vshwKGD0TyBSRcE= =/Ygx -----END PGP SIGNATURE----- --ZPt4rx8FFjLCG7dd--