dnssec-keygen not responding

Torsten Segner torsten at segner.eu
Wed Nov 30 09:01:26 UTC 2011


Am Wed, 30 Nov 2011 09:40:44 +0100
schrieb Adam Tkac <atkac at redhat.com>:

> On Wed, Nov 30, 2011 at 12:18:04AM -0500, Alan Clegg wrote:
> > On 11/30/2011 12:15 AM, vishesh kumar wrote:
> > > Hi All
> > > 
> > > I am trying to generate keys for signing vishesh.com
> > > <http://vishesh.com> domain using following command (for testing purpose)
> > > 
> > > dnssec-keygen -a RSASHA1 -b 768 -n ZONE vishesh.com <http://vishesh.com>.
> > > 
> > > But its not responding , i waited around 30 minutes but there is no result
> > > 
> > > Operating system is RHEL6 on VirtualBox 4.1
> > 
> > You don't have enough entropy in the virtual environment.  You can (if
> > you understand the issues surrounding it), use /dev/urandom as your
> > random source, or look at installing something like haveged
> > (http://freecode.com/projects/haveged) to solve the problem.
> 
> Another good solution is to pass "-r keyboard" to dnssec-keygen.
> 
> Regards, Adam
> 

In RHEL there is a RPM package called unuran. 
It's a random number generator daemon using either a piece of hardware or /dev/urandom as source. Running this will provide enough entropy to create lots of keys.



More information about the bind-users mailing list