On Apr 13, 2010, at 3:28 PM, Khuu, Linh MicroTech wrote:
I just turned on the dnssec-validation today, and I saw lots of
messages:
13-Apr-2010 15:17:17.122 dnssec: debug 3: validating @202be918:
3e77469i48du24agcu5ftfumd6iocmrk.org NSEC3: verify rdataset
(keyid=47948): You must use the keyboard to create entropy, since
your system is lacking
/dev/random (or equivalent)
13-Apr-2010 15:26:35.016 dnssec: debug 3: validating @202bd638:
usps.gov DNSKEY: verify rdataset (keyid=10539): You must use the
keyboard to create entropy, since your system is lacking
/dev/random (or equivalent)
13-Apr-2010 15:26:37.385 dnssec: debug 3: validating @202c0e28:
usps.gov SOA: verify rdataset (keyid=43133): You must use the
keyboard to create entropy, since your system is lacking
/dev/random (or equivalent)
Is this a problem with dnssec on my DNS server?
Did you build BIND yourself? When BIND starts does it log anything
like: "--with-randomdev=<something>"?
What operating system, etc? You haven't really provided very much
useful information in your question...
DNSSEC needs entropy for signing -- it believes that your system does
not provide a useful source of entropy (do you have a /dev/random?)
and so it want you to add some. This is not a BIND problem, it is an
OS (or more likely configuration issue).
W
Linh Khuu
Network Security Specialist
MicroTech ESS Contract
Office: 410-966-0798
Pager: 410-232-2350
Email: linh.k...@ssa.gov
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
If the bad guys have copies of your MD5 passwords, then you have way
bigger problems than the bad guys having copies of your MD5 passwords.
-- Richard A Steenbergen
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
