PRNG not seeded, service won't start

[Howard, Christopher]

Those are both good. Recent versions of bind are now using OpenSSL for random number generation and not /dev/random or /dev/urandom. Since the old version still works the /dev devices are obviously working.

-Christopher


On Tue, 2018-09-18 at 07:52 +0000, Alberto Colosi wrote:

ON INTERNET IS LIKE TO BE LINKED TO RANDOM SEED GENERATION


check


# ls -l /dev/random /dev/urandom

crw-r--r-- 1 root system 39, 0 Jan 22 10:48 /dev/random

crw-r--r-- 1 root system 39, 1 Jan 22 10:48 /dev/urandom



________________________________
From: bind-users <bind-users-bounces at lists.isc.org> on behalf of Howard, Christopher <Christopher-Howard at utc.edu>
Sent: Tuesday, September 18, 2018 1:11 AM
To: bind-users at lists.isc.org
Subject: PRNG not seeded, service won't start

I'm attempting to upgrade from bind 9.10.4-P8 to 9.12.2-P1 and the service refuses to start. This is on a CentOS 6.10 machine. I ran into the same issue on CentOS 7 and was able to fix it by making sure that rngd is running before the named service starts. That same fix is not working for CentOS 6. I'm at a loss as to how to fix this and Google is failing me now.

The error in the log says:
Sep 17 18:59:08 nsm named[3926]: openssl_link.c:296: fatal error:
Sep 17 18:59:08 nsm named[3926]: OpenSSL pseudorandom number generator cannot be initialized (see the `PRNG not seeded' message in the OpenSSL FAQ)

Does any one have any ideas of what I'm missing or what I can do to resolve this (besides upgrading this box to CentOS 7)?

-Christopher


_______________________________________________

Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list


bind-users mailing list

bind-users at lists.isc.org<mailto:bind-users at lists.isc.org>

https://lists.isc.org/mailman/listinfo/bind-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180918/e04e1ac0/attachment.html>