random-device purpose in DNSSEC

Alexander Gurvitz alex at net-me.net
Sun May 13 21:11:04 UTC 2012

On Fri, May 11, 2012 at 12:57 AM, Mark Andrews <marka at isc.org> wrote:
> > What random device used for ?
> > ... I don't get why signing a zone requires any randomness.
> It doesn't for RSA.  However DSA does require randomness.
>  > Does BIND really needs that entropy, and how much ?
> Yes, if you are using DSA.

Thanks Mark.

My personal conclusions are that as I'll be using RSA only,
I don't need to worry about named.conf random device.
As for key generation, in case I'll need to generate keys frequently,
since it's a hosted-somewhere VPS, my only option is haveged.

Thanks all,

More information about the bind-users mailing list