random-device purpose in DNSSEC

Mark Andrews marka at isc.org
Thu May 10 21:57:40 UTC 2012

In message <CABUciR=m+B45dDZYV2J8z9+Ltvuy4rwH+Kp3e8NjyaHDpY-L7w at mail.gmail.com>
, Alexander Gurvitz writes:
> Hello all.
> What random device used for ?
> ARM says "Entropy is primarily needed for DNSSEC=A0operations,
> such as ... dynamic update of signed zones". I don't get why signing a zone
> requires any randomness.

It doesn't for RSA.  However DSA does require randomness.
> This bothers me as I'm implementing DNSSEC now, and I know that my systems
> are low at entropy, and BIND default random-device is /dev/random,
> and it (the device) blocks when there's no entropy available.
> Does BIND really needs that entropy, and how much ?

Yes, if you are using DSA.
> Regards,
> Alexander Gurvitz,
> net-me.net
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscri=
> be from this list
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list