Date: Thu, 17 Apr 2003 12:20:28 -0700 From: Gary D Kline <kline@thought.org> To: Matthew Seaman <m.seaman@infracaninophile.co.uk>, Gary D Kline <kline@thought.org>, Kirk Strauser <kirk@strauser.com>, freebsd-questions@freebsd.org Subject: Re: BIND qustionS Message-ID: <20030417192028.GD1844@tao.thought.org> In-Reply-To: <20030417090100.GC90819@happy-idiot-talk.infracaninophi> References: <20030417005140.GA99929@tao.thought.org> <87y929dg36.fsf@pooh.honeypot.net> <20030417063249.GA660@tao.thought.org> <20030417090100.GC90819@happy-idiot-talk.infracaninophi>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 17, 2003 at 10:01:00AM +0100, Matthew Seaman wrote: > On Wed, Apr 16, 2003 at 11:32:49PM -0700, Gary D Kline wrote: > > On Wed, Apr 16, 2003 at 09:15:41PM -0500, Kirk Strauser wrote: > > > At 2003-04-17T00:51:40Z, Gary D Kline <kline@thought.org> writes: > > > > > > > After upgrading to BIND-9.2.2, I bumped into the following output message > > > > that I don't understand. > > > > > > Run `rndc-confgen' to generate the key (and a reasonable rndc.conf to go > > > with it). > > > > > > As roor I'm exec'd rndc-confgen (with various switches). It > > seems to hang, or be sleeping. Do you know what may be happening > > here? > > It's trying to read some random data out of /dev/random, but your > system doesn't have enough sufficiently good entropic sources configured > that it can provide as much as rndc-confgen wants. > > Take a look at: > > i) The '-r' option to rndc-confgen. If you say: > > rndc-confgen -a -r keyboard > > randomness will be derived by your typing at the keyboard. > > ii) The rc.conf 'rand_irqs' variable and the the rndcontrol(8) man > page. To select some good IRQs to use as sources of randomness > look at the 'systat -vmstat' display, specifically the table of > interrupts on the right hand side. Hint: the clk interrupt is no > good for generating randomness as it fires at regular intervals. > Pounding away worked just fine... like PGP:) Could it be that my DNS system was too quiescence for /dev/random? (The uprocessor overheated and the server went down [[ bad fan ]] and I'm treating it with kid gloves. I didn't want to leave rndc-confgen running for very long. Thanks for sharing your insights; perhaps future releases of bind will have better checking and recovery... . gary -- Gary Kline kline@thought.org www.thought.org Public service Unix
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030417192028.GD1844>