From e190aef209e080712e71ffc45da62dd9994701e2 Mon Sep 17 00:00:00 2001 From: Jamie Cameron Date: Thu, 3 Jan 2013 14:38:04 -0800 Subject: [PATCH] Don't run un-necessary find command if using /dev/urandom, and make use of urandom optional https://sourceforge.net/tracker/?func=detail&atid=117457&aid=3599214&group_id=17457 --- bind8/bind8-lib.pl | 33 +++++++++++++--------- bind8/config-CentOS-Linux-6.0-* | 1 + bind8/config-Redhat-Enterprise-Linux-6.0-* | 1 + bind8/config-Scientific-Linux-6.0-* | 1 + bind8/config-aix | 1 + bind8/config-cobalt-linux | 1 + bind8/config-coherent-linux | 1 + bind8/config-corel-linux | 1 + bind8/config-debian-linux | 1 + bind8/config-debian-linux-2.2 | 1 + bind8/config-debian-linux-3.0 | 1 + bind8/config-debian-linux-3.1-* | 1 + bind8/config-freebsd-2.1-2.2 | 1 + bind8/config-freebsd-3.0 | 1 + bind8/config-freebsd-3.1-3.5 | 1 + bind8/config-freebsd-4.0-* | 1 + bind8/config-generic-linux | 1 + bind8/config-gentoo-linux | 1 + bind8/config-hpux | 1 + bind8/config-irix | 1 + bind8/config-macos | 1 + bind8/config-macos-1.3-* | 1 + bind8/config-mandrake-linux | 1 + bind8/config-mandrake-linux-10.2-* | 1 + bind8/config-msc-linux | 1 + bind8/config-netbsd | 1 + bind8/config-open-linux | 1 + bind8/config-openbsd-2.5-3.1 | 1 + bind8/config-openbsd-3.2-* | 1 + bind8/config-openmamba-linux | 1 + bind8/config-openserver | 1 + bind8/config-osf1 | 1 + bind8/config-pardus-linux | 1 + bind8/config-redhat-linux | 1 + bind8/config-redhat-linux-10.0 | 1 + bind8/config-redhat-linux-11.0-23.0 | 1 + bind8/config-redhat-linux-24.0-* | 1 + bind8/config-redhat-linux-7.1-9.0 | 1 + bind8/config-slackware-linux | 1 + bind8/config-slackware-linux-8.0-* | 1 + bind8/config-sol-linux | 1 + bind8/config-solaris | 1 + bind8/config-solaris-10-* | 1 + bind8/config-solaris-7-9 | 1 + bind8/config-suse-linux | 1 + bind8/config-suse-linux-8.2 | 1 + bind8/config-suse-linux-9.0-9.2 | 1 + bind8/config-suse-linux-9.3-* | 1 + bind8/config-trustix-linux | 1 + bind8/config-trustix-linux-2.1 | 1 + bind8/config-trustix-linux-2.2-* | 1 + bind8/config-turbo-linux | 1 + bind8/config-united-linux | 1 + bind8/config-unixware | 1 + bind8/config-windows | 1 + bind8/config.info | 1 + 56 files changed, 75 insertions(+), 13 deletions(-) diff --git a/bind8/bind8-lib.pl b/bind8/bind8-lib.pl index 11d29664c..b247cf847 100755 --- a/bind8/bind8-lib.pl +++ b/bind8/bind8-lib.pl @@ -44,7 +44,8 @@ $dnssec_cron_cmd = "$module_config_directory/resign.pl"; $dnssec_dlv_zone = "dlv.isc.org."; @dnssec_dlv_key = ( 257, 3, 5, '"BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URkY62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboMQKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VStTDN0YUuWrBNh"' ); -if ($gconfig{'os_type'} =~ /-linux$/ && -r "/dev/urandom") { +if ($gconfig{'os_type'} =~ /-linux$/ && -r "/dev/urandom" && + !$config{'force_random'}) { $rand_flag = "-r /dev/urandom"; } @@ -3034,10 +3035,13 @@ foreach my $f (readdir(ZONEDIR)) { closedir(ZONEDIR); # Fork a background job to do lots of IO, to generate entropy -local $pid = fork(); -if (!$pid) { - exec("find / -type f >/dev/null 2>&1"); - exit(1); +local $pid; +if (!$rand_flag) { + $pid = fork(); + if (!$pid) { + exec("find / -type f >/dev/null 2>&1"); + exit(1); + } } # Work out zone key size @@ -3056,7 +3060,7 @@ local $out = &backquote_logged( "$config{'keygen'} -a ".quotemeta($alg)." -b ".quotemeta($zonesize). " -n ZONE $rand_flag $dom 2>&1"); if ($?) { - kill('KILL', $pid); + kill('KILL', $pid) if ($pid); return $out; } @@ -3066,13 +3070,13 @@ if (!$single) { "cd ".quotemeta($fn)." && ". "$config{'keygen'} -a ".quotemeta($alg)." -b ".quotemeta($size). " -n ZONE -f KSK $rand_flag $dom 2>&1"); - kill('KILL', $pid); + kill('KILL', $pid) if ($pid); if ($?) { return $out; } } else { - kill('KILL', $pid); + kill('KILL', $pid) if ($pid); } # Get the new keys @@ -3130,10 +3134,13 @@ local ($zonekey) = grep { !$_->{'ksk'} } @keys; $zonekey || return "Could not find DNSSEC zone key"; # Fork a background job to do lots of IO, to generate entropy -local $pid = fork(); -if (!$pid) { - exec("find / -type f >/dev/null 2>&1"); - exit(1); +local $pid; +if (!$rand_flag) { + $pid = fork(); + if (!$pid) { + exec("find / -type f >/dev/null 2>&1"); + exit(1); + } } # Work out zone key size @@ -3146,7 +3153,7 @@ local $out = &backquote_logged( "cd ".quotemeta($dir)." && ". "$config{'keygen'} -a ".quotemeta($alg)." -b ".quotemeta($zonesize). " -n ZONE $rand_flag $dom 2>&1"); -kill('KILL', $pid); +kill('KILL', $pid) if ($pid); if ($?) { return "Failed to generate new zone key : $out"; } diff --git a/bind8/config-CentOS-Linux-6.0-* b/bind8/config-CentOS-Linux-6.0-* index 83dd0673b..0e7d07e78 100644 --- a/bind8/config-CentOS-Linux-6.0-* +++ b/bind8/config-CentOS-Linux-6.0-* @@ -51,3 +51,4 @@ dnssectools_conf=/etc/dnssec-tools/dnssec-tools.conf dnssectools_rollrec=/var/named/system.rollrec dnssectools_keydir=/var/named/dtkeys dnssectools_rollmgr_pidfile=/var/run/rollmgr.pid +force_random=0 diff --git a/bind8/config-Redhat-Enterprise-Linux-6.0-* b/bind8/config-Redhat-Enterprise-Linux-6.0-* index 92d240f5d..d035582ec 100644 --- a/bind8/config-Redhat-Enterprise-Linux-6.0-* +++ b/bind8/config-Redhat-Enterprise-Linux-6.0-* @@ -44,3 +44,4 @@ signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 restart_cmd=restart +force_random=0 diff --git a/bind8/config-Scientific-Linux-6.0-* b/bind8/config-Scientific-Linux-6.0-* index 92d240f5d..d035582ec 100644 --- a/bind8/config-Scientific-Linux-6.0-* +++ b/bind8/config-Scientific-Linux-6.0-* @@ -44,3 +44,4 @@ signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 restart_cmd=restart +force_random=0 diff --git a/bind8/config-aix b/bind8/config-aix index d33211381..a4a8b6903 100644 --- a/bind8/config-aix +++ b/bind8/config-aix @@ -35,3 +35,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-cobalt-linux b/bind8/config-cobalt-linux index 0bc067e68..b11b6eb00 100644 --- a/bind8/config-cobalt-linux +++ b/bind8/config-cobalt-linux @@ -37,3 +37,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-coherent-linux b/bind8/config-coherent-linux index 250926d20..a6ae4918d 100644 --- a/bind8/config-coherent-linux +++ b/bind8/config-coherent-linux @@ -41,3 +41,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-corel-linux b/bind8/config-corel-linux index 0bc067e68..b11b6eb00 100644 --- a/bind8/config-corel-linux +++ b/bind8/config-corel-linux @@ -37,3 +37,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-debian-linux b/bind8/config-debian-linux index 0bc067e68..b11b6eb00 100644 --- a/bind8/config-debian-linux +++ b/bind8/config-debian-linux @@ -37,3 +37,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-debian-linux-2.2 b/bind8/config-debian-linux-2.2 index d3a019902..72c624656 100644 --- a/bind8/config-debian-linux-2.2 +++ b/bind8/config-debian-linux-2.2 @@ -37,3 +37,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-debian-linux-3.0 b/bind8/config-debian-linux-3.0 index a9acdcb46..892e538f3 100644 --- a/bind8/config-debian-linux-3.0 +++ b/bind8/config-debian-linux-3.0 @@ -40,3 +40,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-debian-linux-3.1-* b/bind8/config-debian-linux-3.1-* index 3ae02e3fe..d315f1059 100644 --- a/bind8/config-debian-linux-3.1-* +++ b/bind8/config-debian-linux-3.1-* @@ -41,3 +41,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-freebsd-2.1-2.2 b/bind8/config-freebsd-2.1-2.2 index f82cb33ea..ec2c05866 100644 --- a/bind8/config-freebsd-2.1-2.2 +++ b/bind8/config-freebsd-2.1-2.2 @@ -37,3 +37,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-freebsd-3.0 b/bind8/config-freebsd-3.0 index 4d527fd07..343008574 100644 --- a/bind8/config-freebsd-3.0 +++ b/bind8/config-freebsd-3.0 @@ -37,3 +37,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-freebsd-3.1-3.5 b/bind8/config-freebsd-3.1-3.5 index 0bc067e68..b11b6eb00 100644 --- a/bind8/config-freebsd-3.1-3.5 +++ b/bind8/config-freebsd-3.1-3.5 @@ -37,3 +37,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-freebsd-4.0-* b/bind8/config-freebsd-4.0-* index 4d527fd07..343008574 100644 --- a/bind8/config-freebsd-4.0-* +++ b/bind8/config-freebsd-4.0-* @@ -37,3 +37,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-generic-linux b/bind8/config-generic-linux index cc47bb988..3df9d85e1 100644 --- a/bind8/config-generic-linux +++ b/bind8/config-generic-linux @@ -38,3 +38,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-gentoo-linux b/bind8/config-gentoo-linux index f0f6ecbf5..da0d95b64 100644 --- a/bind8/config-gentoo-linux +++ b/bind8/config-gentoo-linux @@ -40,3 +40,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-hpux b/bind8/config-hpux index 0bc067e68..b11b6eb00 100644 --- a/bind8/config-hpux +++ b/bind8/config-hpux @@ -37,3 +37,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-irix b/bind8/config-irix index 0bc067e68..b11b6eb00 100644 --- a/bind8/config-irix +++ b/bind8/config-irix @@ -37,3 +37,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-macos b/bind8/config-macos index 74f44d61f..e0a1d5f20 100644 --- a/bind8/config-macos +++ b/bind8/config-macos @@ -37,3 +37,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-macos-1.3-* b/bind8/config-macos-1.3-* index d5fc10ea1..3bc62ebb1 100644 --- a/bind8/config-macos-1.3-* +++ b/bind8/config-macos-1.3-* @@ -38,3 +38,4 @@ signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 pid_file=/var/run/named/named.pid /private/var/run/named/named.pid +force_random=0 diff --git a/bind8/config-mandrake-linux b/bind8/config-mandrake-linux index c27a25eda..043cece39 100644 --- a/bind8/config-mandrake-linux +++ b/bind8/config-mandrake-linux @@ -40,3 +40,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-mandrake-linux-10.2-* b/bind8/config-mandrake-linux-10.2-* index c96c2ab2e..c703884f4 100644 --- a/bind8/config-mandrake-linux-10.2-* +++ b/bind8/config-mandrake-linux-10.2-* @@ -40,3 +40,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-msc-linux b/bind8/config-msc-linux index c2254fd05..5e1707eff 100644 --- a/bind8/config-msc-linux +++ b/bind8/config-msc-linux @@ -39,3 +39,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-netbsd b/bind8/config-netbsd index 4d527fd07..343008574 100644 --- a/bind8/config-netbsd +++ b/bind8/config-netbsd @@ -37,3 +37,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-open-linux b/bind8/config-open-linux index 3a07a8620..f9c0c8fbd 100644 --- a/bind8/config-open-linux +++ b/bind8/config-open-linux @@ -39,3 +39,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-openbsd-2.5-3.1 b/bind8/config-openbsd-2.5-3.1 index 0bc067e68..b11b6eb00 100644 --- a/bind8/config-openbsd-2.5-3.1 +++ b/bind8/config-openbsd-2.5-3.1 @@ -37,3 +37,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-openbsd-3.2-* b/bind8/config-openbsd-3.2-* index 0e2aad035..78d3a6e9d 100644 --- a/bind8/config-openbsd-3.2-* +++ b/bind8/config-openbsd-3.2-* @@ -38,3 +38,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-openmamba-linux b/bind8/config-openmamba-linux index 3a07a8620..f9c0c8fbd 100644 --- a/bind8/config-openmamba-linux +++ b/bind8/config-openmamba-linux @@ -39,3 +39,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-openserver b/bind8/config-openserver index 0bc067e68..b11b6eb00 100644 --- a/bind8/config-openserver +++ b/bind8/config-openserver @@ -37,3 +37,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-osf1 b/bind8/config-osf1 index 0bc067e68..b11b6eb00 100644 --- a/bind8/config-osf1 +++ b/bind8/config-osf1 @@ -37,3 +37,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-pardus-linux b/bind8/config-pardus-linux index 6c5bad7ab..1079fc21a 100644 --- a/bind8/config-pardus-linux +++ b/bind8/config-pardus-linux @@ -42,3 +42,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-redhat-linux b/bind8/config-redhat-linux index 3a07a8620..f9c0c8fbd 100644 --- a/bind8/config-redhat-linux +++ b/bind8/config-redhat-linux @@ -39,3 +39,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-redhat-linux-10.0 b/bind8/config-redhat-linux-10.0 index 098ab562c..4842fdaeb 100644 --- a/bind8/config-redhat-linux-10.0 +++ b/bind8/config-redhat-linux-10.0 @@ -44,3 +44,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-redhat-linux-11.0-23.0 b/bind8/config-redhat-linux-11.0-23.0 index b09c01e6d..e859f6535 100644 --- a/bind8/config-redhat-linux-11.0-23.0 +++ b/bind8/config-redhat-linux-11.0-23.0 @@ -44,3 +44,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-redhat-linux-24.0-* b/bind8/config-redhat-linux-24.0-* index 52d623804..ab1581233 100644 --- a/bind8/config-redhat-linux-24.0-* +++ b/bind8/config-redhat-linux-24.0-* @@ -44,3 +44,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-redhat-linux-7.1-9.0 b/bind8/config-redhat-linux-7.1-9.0 index e869a8591..9e1ace2a9 100644 --- a/bind8/config-redhat-linux-7.1-9.0 +++ b/bind8/config-redhat-linux-7.1-9.0 @@ -40,3 +40,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-slackware-linux b/bind8/config-slackware-linux index 0bc067e68..b11b6eb00 100644 --- a/bind8/config-slackware-linux +++ b/bind8/config-slackware-linux @@ -37,3 +37,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-slackware-linux-8.0-* b/bind8/config-slackware-linux-8.0-* index 6bfd17cef..f1839f123 100644 --- a/bind8/config-slackware-linux-8.0-* +++ b/bind8/config-slackware-linux-8.0-* @@ -38,3 +38,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-sol-linux b/bind8/config-sol-linux index 8ef287282..3ec011755 100644 --- a/bind8/config-sol-linux +++ b/bind8/config-sol-linux @@ -40,3 +40,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-solaris b/bind8/config-solaris index 7b1d7bad6..da926b27f 100644 --- a/bind8/config-solaris +++ b/bind8/config-solaris @@ -38,3 +38,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-solaris-10-* b/bind8/config-solaris-10-* index 123ece7be..bb196d9be 100644 --- a/bind8/config-solaris-10-* +++ b/bind8/config-solaris-10-* @@ -38,3 +38,4 @@ keygen=/usr/bin/dnssec-keygen signzone=/usr/bin/dnssec-signzone checkconf=/usr/bin/named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-solaris-7-9 b/bind8/config-solaris-7-9 index 9fa0f5f19..1e8930516 100644 --- a/bind8/config-solaris-7-9 +++ b/bind8/config-solaris-7-9 @@ -37,3 +37,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-suse-linux b/bind8/config-suse-linux index 2a4b1793f..bd40bb619 100644 --- a/bind8/config-suse-linux +++ b/bind8/config-suse-linux @@ -37,3 +37,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-suse-linux-8.2 b/bind8/config-suse-linux-8.2 index f68325cc1..929c2aba0 100644 --- a/bind8/config-suse-linux-8.2 +++ b/bind8/config-suse-linux-8.2 @@ -42,3 +42,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-suse-linux-9.0-9.2 b/bind8/config-suse-linux-9.0-9.2 index 672b44018..99ca6bd86 100644 --- a/bind8/config-suse-linux-9.0-9.2 +++ b/bind8/config-suse-linux-9.0-9.2 @@ -43,3 +43,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-suse-linux-9.3-* b/bind8/config-suse-linux-9.3-* index e13265f22..213909174 100644 --- a/bind8/config-suse-linux-9.3-* +++ b/bind8/config-suse-linux-9.3-* @@ -45,3 +45,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-trustix-linux b/bind8/config-trustix-linux index 7f4b2e50f..24befd4a8 100644 --- a/bind8/config-trustix-linux +++ b/bind8/config-trustix-linux @@ -44,3 +44,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-trustix-linux-2.1 b/bind8/config-trustix-linux-2.1 index 20fd54633..b7e55530d 100644 --- a/bind8/config-trustix-linux-2.1 +++ b/bind8/config-trustix-linux-2.1 @@ -44,3 +44,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-trustix-linux-2.2-* b/bind8/config-trustix-linux-2.2-* index 400301b62..5d4b21303 100644 --- a/bind8/config-trustix-linux-2.2-* +++ b/bind8/config-trustix-linux-2.2-* @@ -44,3 +44,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-turbo-linux b/bind8/config-turbo-linux index f7d4cdad9..a4db45681 100644 --- a/bind8/config-turbo-linux +++ b/bind8/config-turbo-linux @@ -37,3 +37,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-united-linux b/bind8/config-united-linux index 24351e6e5..3b7377f73 100644 --- a/bind8/config-united-linux +++ b/bind8/config-united-linux @@ -40,3 +40,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-unixware b/bind8/config-unixware index 378addb57..223921469 100644 --- a/bind8/config-unixware +++ b/bind8/config-unixware @@ -38,3 +38,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config-windows b/bind8/config-windows index c56b01287..1d7bfd2b8 100755 --- a/bind8/config-windows +++ b/bind8/config-windows @@ -55,3 +55,4 @@ keygen=dnssec-keygen signzone=dnssec-signzone checkconf=named-checkconf other_slaves=1 +force_random=0 diff --git a/bind8/config.info b/bind8/config.info index 3667cca0f..58d43b106 100644 --- a/bind8/config.info +++ b/bind8/config.info @@ -42,6 +42,7 @@ ipv6_mode=Domain for reverse IPv6 addresses,1,1-ip6.arpa,0-ip6.int confirm_zone=Confirm before deleting zones?,1,1-Yes,0-No confirm_rec=Confirm before deleting records?,1,1-Yes,0-No free_nets=IP networks for free addresses,3,Automatic +force_random=Entropy source for DNSSEC keys,1,1-/dev/random (Secure but slow),0-/dev/urandom (Possibly insecure but fast) line2.5=Cluster slave servers,11 this_ip=Default master server IP for remote slave zones,3,IP address of hostname