random-device purpose in DNSSEC
Alexander Gurvitz
alex at net-me.net
Thu May 10 19:41:18 UTC 2012
Hello all.
What random device used for ?
ARM says "Entropy is primarily needed for DNSSEC operations,
such as ... dynamic update of signed zones". I don't get why signing a zone
requires any randomness.
This bothers me as I'm implementing DNSSEC now, and I know that my systems
are low at entropy, and BIND default random-device is /dev/random,
and it (the device) blocks when there's no entropy available.
Does BIND really needs that entropy, and how much ?
Regards,
Alexander Gurvitz,
net-me.net
More information about the bind-users
mailing list