subject:"Bug#854243\: bind9 \- Reads \/dev\/random in named and does not longer answer"

Bug#854243: bind9 - Reads /dev/random in named and does not longer answer

2017-03-10 Thread Michael Gilbert

On Sun, Feb 5, 2017 at 6:47 AM, Bastian Blank wrote:
> bind9 uses /dev/random unconditionally without the possibility to change
> that in the configuration.

It is not entirely unconditional, --with-randomdev can be set at build
time, but admittedly that is not a very friendly solution.

Best wishes,
Mike

Bug#854243: bind9 - Reads /dev/random in named and does not longer answer

2017-02-05 Thread Bastian Blank

Source: bind9
Version: 1:9.10.3.dfsg.P4-11
Severity: grave

bind9 uses /dev/random unconditionally without the possibility to change
that in the configuration.  It uses it for example in dnssec-keygen or
during dnssec key operations in named.  /dev/random can and will block
at random times.  If this happens in named, the whole daemon will cease
to answer any requests.  In my tests this always happens with ECDSA key
operations, which needs randomness.  This is effectively a DoS.

Bastian

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#854243: bind9 - Reads /dev/random in named and does not longer answer

Bug#854243: bind9 - Reads /dev/random in named and does not longer answer

2 matches

Site Navigation

Mail list logo

Footer information