PRNG not seeded, service won't start
Howard, Christopher
Christopher-Howard at utc.edu
Fri Sep 21 02:33:35 UTC 2018
I’ve downgraded as well, but at some point the last working version will be end of life. Hopefully you get somewhere with your bug report.
-Christopher
On Sep 20, 2018, at 3:02 PM, Reindl Harald <h.reindl at thelounge.net<mailto:h.reindl at thelounge.net>> wrote:
well, i just downgraded since it's a resolver without dnssec at all
https://bugzilla.redhat.com/show_bug.cgi?id=1631515
Am 20.09.18 um 20:27 schrieb Howard, Christopher:
I'm not the only one! Whew, I thought I was losing my mind.
I have rngd and haveged running and there is large pool of entropy and I
still can't get newer versions of bind to start. Very frustrating.
-Christopher
On Thu, 2018-09-20 at 20:14 +0200, Reindl Harald wrote:
OK, this is *really* foolish
on a heavily used machine with 2 days uptime, rngd and haveged there is
*for sure* enough random
bind-9.11.4-8.P1.fc28.x86_64 just found on Fedora koji
Sep 20 20:08:17 srv-rhsoft named[988479]:
../../../lib/dns/openssl_link.c:294: fatal error:
Sep 20 20:08:17 srv-rhsoft named[988479]: OpenSSL pseudorandom number
generator cannot be initialized (see the `PRNG not seeded' message in
the OpenSSL FAQ)
Sep 20 20:08:17 srv-rhsoft named[988479]: exiting (due to fatal error in
library)
who the hell does such invasive obviously not proper tested changes in
minor updates?
Am 18.09.18 um 15:44 schrieb Howard, Christopher:
I found that link previously and tried it. It didn't complain about that
not being a valid setting, but it didn't change the outcome. I'm
beginning to believe I may just have to upgrade to CentOS 7. It needs to
be done at some point anyway, I just didn't want to do it now.
-Christopher
On Tue, 2018-09-18 at 09:33 +0100, Tony Finch wrote:
Howard, Christopher <Christopher-Howard at utc.edu <mailto:Christopher-Howard at utc.edu> <mailto:Christopher-Howard at utc.edu <mailto:Christopher-Howard at utc.edu>>> wrote:
Does any one have any ideas of what I'm missing or what I can do to
resolve this (besides upgrading this box to CentOS 7)?
Try setting `random-device "/dev/urandom";` in `named.conf`.
See https://gitlab.isc.org/isc-projects/bind9/commit/24172bd2eeba91441ab1c65d2717b0692309244a
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180921/fe7119bd/attachment-0001.html>
More information about the bind-users
mailing list