So I posted a couple of message about how my nsupdates were failing intermittenly when attempting to update a signed zone.
The only error I get in the log is: 14-May-2009 13:17:09.077 client 127.0.0.1#10277: view external: updating zone 'test.net/IN': prerequisites are OK 14-May-2009 13:17:09.077 client 127.0.0.1#10277: view external: signer "update.test.net" approved 14-May-2009 13:17:09.077 client 127.0.0.1#10277: view external: update 'test.net/IN' approved 14-May-2009 13:17:09.077 client 127.0.0.1#10277: view external: updating zone 'test.net/IN': update section prescan OK 14-May-2009 13:17:09.077 client 127.0.0.1#10277: view external: updating zone 'test.net/IN': adding an RR at 'newest4.test.net' A 14-May-2009 13:17:09.084 client 127.0.0.1#10277: view external: updating zone 'test.net/IN': RRSIG/NSEC/NSEC3 update failed: failure 14-May-2009 13:17:09.084 client 127.0.0.1#10277: view external: updating zone 'test.net/IN': rolling back The keys are generated with RSASHA1 and use -r /dev/urandom I run named in chroot jail, at /var/named I created /var/named/dev/random with mknod -m644 /var/named/dev/random c 1 8 which mimics the major and minor number from the system ls -lL /dev/random crw-r--r-- 1 root root 1, 8 May 13 03:27 /dev/random The nsupdates fail, seemingly randomly. When I delete this /dev/random from the chroot, they work. So my question is: am I setting up the /dev/random incorrectly? should I not be creating /dev/random? (the how-tos I have seen all talk about re-creating /dev/null and /dev/random etc) Note: I also tried generating the keys not using /dev/urandom, and have the same inconsistent behavior with the chroot /dev/random present. -- Jack Tavares
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users