dnssec-keygen hangs

Bug #650721 reported by Mark Sobell on 2010-09-28
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
bind9 (Ubuntu)
Low
Unassigned

Bug Description

Binary package hint: bind9

I am running under vmware. The following command never completes. ps shows no cpu time.

/usr/sbin/dnssec-keygen -a HMAC-MD5 -b 512 -n HOST keyname

ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: bind9utils 1:9.7.1.dfsg.P2-2
ProcVersionSignature: Ubuntu 2.6.35-22.33-generic 2.6.35.4
Uname: Linux 2.6.35-22-generic i686
Architecture: i386
Date: Tue Sep 28 16:19:18 2010
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Beta i386 (20100901.1)
ProcEnviron:
 LANG=en_US.utf8
 SHELL=/bin/bash
SourcePackage: bind9

Mark Sobell (mark-sobell) wrote :
Thierry Carrez (ttx) wrote :

I think it's rather really slow to complete. It probably gathers entropy and VMs are notoriously bad at this. Does generating artificial i/o activity helps in solving that ?

Changed in bind9 (Ubuntu):
importance: Undecided → Low
status: New → Incomplete

Very good, thanks!
I ran rsync on / and the command completed almost
immediately.
I will put a note in my book to that effect.

--
  Mark

On Wednesday, September 29, 2010 07:37:45 am you wrote:
> I think it's rather really slow to complete. It probably
> gathers entropy and VMs are notoriously bad at this.
> Does generating artificial i/o activity helps in solving
> that ?
>
> ** Changed in: bind9 (Ubuntu)
> Importance: Undecided => Low
>
> ** Changed in: bind9 (Ubuntu)
> Status: New => Incomplete

Thierry Carrez (ttx) on 2010-09-30
Changed in bind9 (Ubuntu):
status: Incomplete → Invalid

Another way to get faster keys in vmware:
use ``/dev/urandom´´ for entropy. ``/dev/urandom´´ gives lot av data.

dnssec-keygen -r /dev/urandom -a RSASHA1 -b 4096 -n ZONE -f KSK zonename

You should know that ``/dev/random´´ is a more great noise pattern than ``/dev/urandom´´. In theory /dev/random to provide a better securitylevel. But in practice, I have not seen any evidence of it's true.

Good luck / Anders.

JaccoH (jacco) wrote :

urandom is just as bad without entropy. You best use haveged. Perhaps it should be a dependency?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers