In message <4b18a8f75a6384449755bc7784073e93603b776...@exch11.olympus.f5net.com
>, Jack Tavares writes:
> One other thing:
> when I remove /dev/random from the chroot, bind just uses the
> pre-chroot /dev/random
> 14-May-2009 14:09:51.065 could not open entropy source /dev/random: file no=
> t found
> 14-May-2009 14:09:51.065 using pre-chroot entropy source /dev/random
> which is groovy.
> So I guess I dont need the chroot random, but I would still like
> to know why using the chrooted /dev/random causes this problem.
Some versions of OpenSSL do unconditional RSA blinding and
this uses /dev/random. RSA blinding is needed when you are
establishing a encrypted connection such as with SSL. It
is not needed when generating RRSIG's and we disable it
when we can.
I suspect that /dev/random is not returning enough random
data and that the RSA blinding operation is failing as a
result.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
