From owner-freebsd-questions@FreeBSD.ORG Thu Apr 17 02:01:13 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 823F237B401 for ; Thu, 17 Apr 2003 02:01:13 -0700 (PDT) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 090DC43F75 for ; Thu, 17 Apr 2003 02:01:12 -0700 (PDT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [127.0.0.1]) h3H910MT091593 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 17 Apr 2003 10:01:00 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)h3H910Jg091592; Thu, 17 Apr 2003 10:01:00 +0100 (BST) (envelope-from matthew) Date: Thu, 17 Apr 2003 10:01:00 +0100 From: Matthew Seaman To: Gary D Kline Message-ID: <20030417090100.GC90819@happy-idiot-talk.infracaninophi> Mail-Followup-To: Matthew Seaman , Gary D Kline , Kirk Strauser , freebsd-questions@freebsd.org References: <20030417005140.GA99929@tao.thought.org> <87y929dg36.fsf@pooh.honeypot.net> <20030417063249.GA660@tao.thought.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jL2BoiuKMElzg3CS" Content-Disposition: inline In-Reply-To: <20030417063249.GA660@tao.thought.org> User-Agent: Mutt/1.5.4i X-Spam-Status: No, hits=-38.8 required=5.0 tests=EMAIL_ATTRIBUTION,IN_REP_TO,PGP_SIGNATURE_2, QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES, USER_AGENT_MUTT version=2.53 X-Spam-Checker-Version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp) cc: freebsd-questions@freebsd.org Subject: Re: BIND qustionS X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Apr 2003 09:01:13 -0000 --jL2BoiuKMElzg3CS Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Apr 16, 2003 at 11:32:49PM -0700, Gary D Kline wrote: > On Wed, Apr 16, 2003 at 09:15:41PM -0500, Kirk Strauser wrote: > > At 2003-04-17T00:51:40Z, Gary D Kline writes: > >=20 > > > After upgrading to BIND-9.2.2, I bumped into the following output mes= sage > > > that I don't understand. > >=20 > > Run `rndc-confgen' to generate the key (and a reasonable rndc.conf to go > > with it). >=20 >=20 > As roor I'm exec'd rndc-confgen (with various switches). It > seems to hang, or be sleeping. Do you know what may be happening > here? It's trying to read some random data out of /dev/random, but your system doesn't have enough sufficiently good entropic sources configured that it can provide as much as rndc-confgen wants. Take a look at: i) The '-r' option to rndc-confgen. If you say: rndc-confgen -a -r keyboard randomness will be derived by your typing at the keyboard. ii) The rc.conf 'rand_irqs' variable and the the rndcontrol(8) man page. To select some good IRQs to use as sources of randomness look at the 'systat -vmstat' display, specifically the table of interrupts on the right hand side. Hint: the clk interrupt is no good for generating randomness as it fires at regular intervals. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --jL2BoiuKMElzg3CS Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+nm1MdtESqEQa7a0RApzKAJ944+OacUn7G8AnLKA6xZKmmIG6LQCfXFeu jPKyiNiXRdMeST+t2iVXqmk= =pO6i -----END PGP SIGNATURE----- --jL2BoiuKMElzg3CS--