Question about message your system is lacking dev/random (or equivalent)
I just turned on the dnssec-validation today, and I saw lots of messages: 13-Apr-2010 15:17:17.122 dnssec: debug 3: validating @202be918: 3e77469i48du24agcu5ftfumd6iocmrk.org NSEC3: verify rdataset (keyid=47948): You must use the keyboard to create entropy, since your system is lacking /dev/random (or equivalent) 13-Apr-2010 15:26:35.016 dnssec: debug 3: validating @202bd638: usps.gov DNSKEY: verify rdataset (keyid=10539): You must use the keyboard to create entropy, since your system is lacking /dev/random (or equivalent) 13-Apr-2010 15:26:37.385 dnssec: debug 3: validating @202c0e28: usps.gov SOA: verify rdataset (keyid=43133): You must use the keyboard to create entropy, since your system is lacking /dev/random (or equivalent) Is this a problem with dnssec on my DNS server? Linh Khuu Network Security Specialist MicroTech ESS Contract Office: 410-966-0798 Pager: 410-232-2350 Email: linh.k...@ssa.gov PGP.sig Description: PGP signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Question about message your system is lacking dev/random (or equivalent)
On Apr 13, 2010, at 3:28 PM, Khuu, Linh MicroTech wrote: I just turned on the dnssec-validation today, and I saw lots of messages: 13-Apr-2010 15:17:17.122 dnssec: debug 3: validating @202be918: 3e77469i48du24agcu5ftfumd6iocmrk.org NSEC3: verify rdataset (keyid=47948): You must use the keyboard to create entropy, since your system is lacking /dev/random (or equivalent) 13-Apr-2010 15:26:35.016 dnssec: debug 3: validating @202bd638: usps.gov DNSKEY: verify rdataset (keyid=10539): You must use the keyboard to create entropy, since your system is lacking /dev/random (or equivalent) 13-Apr-2010 15:26:37.385 dnssec: debug 3: validating @202c0e28: usps.gov SOA: verify rdataset (keyid=43133): You must use the keyboard to create entropy, since your system is lacking /dev/random (or equivalent) Is this a problem with dnssec on my DNS server? Did you build BIND yourself? When BIND starts does it log anything like: --with-randomdev=something? What operating system, etc? You haven't really provided very much useful information in your question... DNSSEC needs entropy for signing -- it believes that your system does not provide a useful source of entropy (do you have a /dev/random?) and so it want you to add some. This is not a BIND problem, it is an OS (or more likely configuration issue). W Linh Khuu Network Security Specialist MicroTech ESS Contract Office: 410-966-0798 Pager: 410-232-2350 Email: linh.k...@ssa.gov ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- If the bad guys have copies of your MD5 passwords, then you have way bigger problems than the bad guys having copies of your MD5 passwords. -- Richard A Steenbergen ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Question about message your system is lacking dev/random (or equivalent)
Perhaps you have configured it to run in a chroot jail and have not fully outfitted the chroot with /dev/random this is old, but looks to be accurate, at least when talking about the /dev/random file on linux. You didn't even specify what OS you are running on: http://tldp.org/HOWTO/Chroot-BIND-HOWTO-2.html -Original Message- From: bind-users-bounces+j.tavares=f5@lists.isc.org [mailto:bind-users-bounces+j.tavares=f5@lists.isc.org] On Behalf Of Warren Kumari Sent: Tuesday, April 13, 2010 12:43 PM To: Khuu, Linh MicroTech Cc: 'bind-users@lists.isc.org' Subject: Re: Question about message your system is lacking dev/random (or equivalent) On Apr 13, 2010, at 3:28 PM, Khuu, Linh MicroTech wrote: I just turned on the dnssec-validation today, and I saw lots of messages: 13-Apr-2010 15:17:17.122 dnssec: debug 3: validating @202be918: 3e77469i48du24agcu5ftfumd6iocmrk.org NSEC3: verify rdataset (keyid=47948): You must use the keyboard to create entropy, since your system is lacking /dev/random (or equivalent) 13-Apr-2010 15:26:35.016 dnssec: debug 3: validating @202bd638: usps.gov DNSKEY: verify rdataset (keyid=10539): You must use the keyboard to create entropy, since your system is lacking /dev/random (or equivalent) 13-Apr-2010 15:26:37.385 dnssec: debug 3: validating @202c0e28: usps.gov SOA: verify rdataset (keyid=43133): You must use the keyboard to create entropy, since your system is lacking /dev/random (or equivalent) Is this a problem with dnssec on my DNS server? Did you build BIND yourself? When BIND starts does it log anything like: --with-randomdev=something? What operating system, etc? You haven't really provided very much useful information in your question... DNSSEC needs entropy for signing -- it believes that your system does not provide a useful source of entropy (do you have a /dev/random?) and so it want you to add some. This is not a BIND problem, it is an OS (or more likely configuration issue). W Linh Khuu Network Security Specialist MicroTech ESS Contract Office: 410-966-0798 Pager: 410-232-2350 Email: linh.k...@ssa.gov ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- If the bad guys have copies of your MD5 passwords, then you have way bigger problems than the bad guys having copies of your MD5 passwords. -- Richard A Steenbergen ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: rdns for /20
On 4/13/2010 6:42 PM, Jason Davis wrote: Hello, Is their an easy way to rdns a /20. I can only find examples for a /24 You need to create individual zones for each /24. -- ... and that's just a little bit of history repeating. -- Propellerheads Improve the effectiveness of your Internet presence with a domain name makeover!http://SupersetSolutions.com/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
