I'm having trouble with dnssec-keygen on an HP rx2600 running debian on the 2.4.20-mckinley-smp kernel. Unlike other debian platforms, dnssec-keygen stalls reading /dev/random (or /dev/urandom for that matter). If I monitor /proc/sys/kernel/random/entropy_avail, I see the entropy pool drop immeadiately from 4096 to 0 and stay there and the command never completes. This does not happen on other ia32 systems.
I'm building bind from source, bind-9.2.2, using the following config:
./configure --with-openssl --enable-threads --enable-ipv6
I'm using the follwing to generate keys:
dnssec-keygen -a RSA -b 512 -n ZONE my.domain
Another funny thing. If I point to a large file (-r /vmlinuz) for randomness, the command completes and keys generated.
Any idea why /dev/random lack the entropy to supply dnssec-keygen?
--
Jim Harritt <jim.harritt@hp.com>
HP -MSDD SDI CCS Colaboration Services