<div dir="ltr">Hi!<div><br></div><div>I have 4 DNS servers all running BIND 9.8.2 (the CentOS 6.5 package). One is configured as the master for about 100 zones. The other 3 are slaves for those 100 zones. On the master the amount of entropy reported by "cat /proc/sys/kernel/random/entropy_avail" was around 150. On the slaves it hovered around 90.</div>
<div><br></div><div>Is there a technical reason for the difference?</div><div><br></div><div>There is a graph of one of the slaves here: <a href="http://serverfault.com/questions/582908/entropy-deprivation-on-bind-named-servers" target="_blank">http://serverfault.com/questions/582908/entropy-deprivation-on-bind-named-servers</a></div>
<div><br></div><div>Note: I've since enabled "rngd" and the available entropy hovers around 2k. So there problem is "solved" that way, but it still makes me very concerned that the amount of entropy in use was so different. There is no DNSSEC configured, no incremenal zone transfers (just notifications sent from the master to all slaves). </div>
<div><br></div><div>Anyone have any theories on why this might be?</div><div><br></div><div>Thanks in advance,</div><div>Tom</div><div><br></div><div><br></div><div>The specific version is:</div><div><br></div><div># named -V</div>
<div>BIND 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE'<br>
</div><div>using OpenSSL version: OpenSSL 1.0.1e 11 Feb 2013</div><div>using libxml2 version: 2.7.6</div><div><div><br></div>-- <br>Email: <a href="mailto:tal@whatexit.org" target="_blank">tal@whatexit.org</a> Work: tlimoncelli@StackOverflow.com<br>
Skype: YesThatTom<br>Blog: <a href="http://EverythingSysadmin.com" target="_blank">http://EverythingSysadmin.com</a>
</div><div><br></div></div>