Slow zone signing with ECDSA
Mark Andrews
marka at isc.org
Thu Apr 20 01:43:51 UTC 2017
In message <SN1PR0201MB1903C61397050AB692025776B01B0 at SN1PR0201MB1903.namprd02.p
rod.outlook.com>, "Spain, Dr. Jeffry A." writes:
> > Install and run haveged... The problem is your system doesn't have
> > enough entropy
>
> This was clearly the problem. I built a new test server with haveged
> installed, and the bind9 completed ECDSAP256SHA256 signing in 5 seconds.
> I used 9.11.1 this time since it was just released today.
DSA requires random values as part of the signing process. Really
all CPU's should have real random number sources built into them
and new genuine random values should only be a instruction code away.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list