Just use /dev/urandom as random device after reading a single byte from /dev/random to ensure the CSPRNG has been seeded.
The unsuitability of /dev/urandom for cryptographic purposes is just a myth. You are more likely affected by seeding all the instances from the same seed saved in the image than anything else. Ondřej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 2. 8. 2022, at 0:29, Grant Taylor via bind-users > <bind-users@lists.isc.org> wrote: > On 8/1/22 4:21 PM, Greg Choules via bind-users wrote: >> Off the top of my head, could it be this? >> random-device >> ... >> BIND will need a good source of randomness for crypto operations. > > Drive by plug: If it is lack of entropy, try installing and running Haveged. > At least as a troubleshooting aid. > > > > -- > Grant. . . . > unix || die > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
