[Bug 963368] Re: dnssec-keygen takes forever to generate a keyfile
Alexander Gurvitz
alex at net-me.net
Sun Dec 2 10:11:24 UTC 2012
It is NOT a bug.
In order to generate SECURE keys, dnssec-keygen reads /dev/random, which
will block until there's enough entropy available on your system. Some
systems have very little entropy and thus dnssec-keygen may take
forever.
Possible solutions:
1. apt-get install haveged
haveged daemon supplies lots of entropy to /dev/random.
2. dnssec-keygen -r /dev/urandom
Will use "non-blocking" pseudo-random device (lower security).
3. Move mouse and tap on keyboard - kernel uses this as entropy source.
4. Buy a hardware entropy device.
** Changed in: bind9 (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in Ubuntu.
https://bugs.launchpad.net/bugs/963368
Title:
dnssec-keygen takes forever to generate a keyfile
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/963368/+subscriptions
More information about the Ubuntu-server-bugs
mailing list