random-device purpose in DNSSEC

Alexander Gurvitz alex at net-me.net
Thu May 10 19:41:18 UTC 2012

Hello all.

What random device used for ?
ARM says "Entropy is primarily needed for DNSSEC operations,
such as ... dynamic update of signed zones". I don't get why signing a zone
requires any randomness.

This bothers me as I'm implementing DNSSEC now, and I know that my systems
are low at entropy, and BIND default random-device is /dev/random,
and it (the device) blocks when there's no entropy available.

Does BIND really needs that entropy, and how much ?

Alexander Gurvitz,

More information about the bind-users mailing list