One other thing: when I remove /dev/random from the chroot, bind just uses the pre-chroot /dev/random 14-May-2009 14:09:51.065 could not open entropy source /dev/random: file not found 14-May-2009 14:09:51.065 using pre-chroot entropy source /dev/random which is groovy. So I guess I dont need the chroot random, but I would still like to know why using the chrooted /dev/random causes this problem.
-- Jack Tavares AIM: jacktavares SKYPE: jackandkaddee Reminder: I am at GMT+2, 10 hours AHEAD of Seattle. My workweek is Sunday-Thursday. Email sent to me Thursday afternoon (PST) may not be viewed until Sunday morning (GMT+2). ________________________________ From: bind-users-boun...@lists.isc.org [bind-users-boun...@lists.isc.org] On Behalf Of Jack Tavares [j.tava...@f5.com] Sent: Thursday, May 14, 2009 09:50 To: bind-users@lists.isc.org Subject: /dev/random in chroot jail causing errors with nsupdate of dnssec signed zone So I posted a couple of message about how my nsupdates were failing intermittenly when attempting to update a signed zone. The only error I get in the log is: 14-May-2009 13:17:09.077 client 127.0.0.1#10277: view external: updating zone 'test.net/IN': prerequisites are OK 14-May-2009 13:17:09.077 client 127.0.0.1#10277: view external: signer "update.test.net" approved 14-May-2009 13:17:09.077 client 127.0.0.1#10277: view external: update 'test.net/IN' approved 14-May-2009 13:17:09.077 client 127.0.0.1#10277: view external: updating zone 'test.net/IN': update section prescan OK 14-May-2009 13:17:09.077 client 127.0.0.1#10277: view external: updating zone 'test.net/IN': adding an RR at 'newest4.test.net' A 14-May-2009 13:17:09.084 client 127.0.0.1#10277: view external: updating zone 'test.net/IN': RRSIG/NSEC/NSEC3 update failed: failure 14-May-2009 13:17:09.084 client 127.0.0.1#10277: view external: updating zone 'test.net/IN': rolling back The keys are generated with RSASHA1 and use -r /dev/urandom I run named in chroot jail, at /var/named I created /var/named/dev/random with mknod -m644 /var/named/dev/random c 1 8 which mimics the major and minor number from the system ls -lL /dev/random crw-r--r-- 1 root root 1, 8 May 13 03:27 /dev/random The nsupdates fail, seemingly randomly. When I delete this /dev/random from the chroot, they work. So my question is: am I setting up the /dev/random incorrectly? should I not be creating /dev/random? (the how-tos I have seen all talk about re-creating /dev/null and /dev/random etc) Note: I also tried generating the keys not using /dev/urandom, and have the same inconsistent behavior with the chroot /dev/random present. -- Jack Tavares
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users