In message <4b18a8f75a6384449755bc7784073e93603b776...@exch11.olympus.f5net.com >, Jack Tavares writes: > One other thing: > when I remove /dev/random from the chroot, bind just uses the > pre-chroot /dev/random > 14-May-2009 14:09:51.065 could not open entropy source /dev/random: file no= > t found > 14-May-2009 14:09:51.065 using pre-chroot entropy source /dev/random > which is groovy. > So I guess I dont need the chroot random, but I would still like > to know why using the chrooted /dev/random causes this problem.
Some versions of OpenSSL do unconditional RSA blinding and this uses /dev/random. RSA blinding is needed when you are establishing a encrypted connection such as with SSL. It is not needed when generating RRSIG's and we disable it when we can. I suspect that /dev/random is not returning enough random data and that the RSA blinding operation is failing as a result. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users