/dev/random in chroot jail causing errors with nsupdate of dnssec signed zone
Jack Tavares
j.tavares at F5.com
Thu May 14 06:50:35 UTC 2009
So I posted a couple of message about how my nsupdates
were failing intermittenly when attempting to update a signed zone.
The only error I get in the log is:
14-May-2009 13:17:09.077 client 127.0.0.1#10277: view external: updating zone 'test.net/IN': prerequisites are OK
14-May-2009 13:17:09.077 client 127.0.0.1#10277: view external: signer "update.test.net" approved
14-May-2009 13:17:09.077 client 127.0.0.1#10277: view external: update 'test.net/IN' approved
14-May-2009 13:17:09.077 client 127.0.0.1#10277: view external: updating zone 'test.net/IN': update section prescan OK
14-May-2009 13:17:09.077 client 127.0.0.1#10277: view external: updating zone 'test.net/IN': adding an RR at 'newest4.test.net' A
14-May-2009 13:17:09.084 client 127.0.0.1#10277: view external: updating zone 'test.net/IN': RRSIG/NSEC/NSEC3 update failed: failure
14-May-2009 13:17:09.084 client 127.0.0.1#10277: view external: updating zone 'test.net/IN': rolling back
The keys are generated with RSASHA1 and use -r /dev/urandom
I run named in chroot jail, at /var/named
I created /var/named/dev/random with
mknod -m644 /var/named/dev/random c 1 8
which mimics the major and minor number from the system
ls -lL /dev/random
crw-r--r-- 1 root root 1, 8 May 13 03:27 /dev/random
The nsupdates fail, seemingly randomly.
When I delete this /dev/random from the chroot, they work.
So my question is:
am I setting up the /dev/random incorrectly?
should I not be creating /dev/random? (the how-tos I have seen all talk about
re-creating /dev/null and /dev/random etc)
Note:
I also tried generating the keys not using /dev/urandom, and have the same
inconsistent behavior with the chroot /dev/random present.
--
Jack Tavares
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090513/e26c4b55/attachment.html>
More information about the bind-users
mailing list