BIND qustionS
Gary D Kline
kline at thought.org
Thu Apr 17 12:20:36 PDT 2003
On Thu, Apr 17, 2003 at 10:01:00AM +0100, Matthew Seaman wrote:
> On Wed, Apr 16, 2003 at 11:32:49PM -0700, Gary D Kline wrote:
> > On Wed, Apr 16, 2003 at 09:15:41PM -0500, Kirk Strauser wrote:
> > > At 2003-04-17T00:51:40Z, Gary D Kline <kline at thought.org> writes:
> > >
> > > > After upgrading to BIND-9.2.2, I bumped into the following output message
> > > > that I don't understand.
> > >
> > > Run `rndc-confgen' to generate the key (and a reasonable rndc.conf to go
> > > with it).
> >
> >
> > As roor I'm exec'd rndc-confgen (with various switches). It
> > seems to hang, or be sleeping. Do you know what may be happening
> > here?
>
> It's trying to read some random data out of /dev/random, but your
> system doesn't have enough sufficiently good entropic sources configured
> that it can provide as much as rndc-confgen wants.
>
> Take a look at:
>
> i) The '-r' option to rndc-confgen. If you say:
>
> rndc-confgen -a -r keyboard
>
> randomness will be derived by your typing at the keyboard.
>
> ii) The rc.conf 'rand_irqs' variable and the the rndcontrol(8) man
> page. To select some good IRQs to use as sources of randomness
> look at the 'systat -vmstat' display, specifically the table of
> interrupts on the right hand side. Hint: the clk interrupt is no
> good for generating randomness as it fires at regular intervals.
>
Pounding away worked just fine... like PGP:)
Could it be that my DNS system was too quiescence
for /dev/random? (The uprocessor overheated and
the server went down [[ bad fan ]] and I'm treating
it with kid gloves. I didn't want to leave rndc-confgen
running for very long.
Thanks for sharing your insights; perhaps future
releases of bind will have better checking and
recovery... .
gary
--
Gary Kline kline at thought.org www.thought.org Public service Unix
More information about the freebsd-questions
mailing list