Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 19 Nov 2002 14:47:28 +0000
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        freebsd-questions@FreeBSD.ORG
Subject:   Re: problem with bind and rndc
Message-ID:  <20021119144728.GA41329@happy-idiot-talk.infracaninophi>
In-Reply-To: <Pine.LNX.4.21.0211190732040.815-100000@slacknet.slacknet.com>
References:  <Pine.LNX.4.21.0211190732040.815-100000@slacknet.slacknet.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Nov 19, 2002 at 07:34:05AM -0700, RJ45 wrote:

> I installed new bind9 from the ports collection.
> I have FreeBSD 4.7 STABLE.
> The program /usr/local/sbin/rndc-confgen should generate the rndc.conf
> file for me and the rndc-confgen -a  should generate a key fiule.
> the problem is that issuing the command /usr/local/sbin/rndc-confgen
> actually does nothing. The process goes to sleep and nothing happens...
> anyone has some clue about it ?

Sounds like it's blocking while waiting for /dev/random.  You need to
generate more randomness --- generally the kernel random number
generator keys off various interrupts, so plonking on the keyboard or
slinging a few packets across the network while you're waiting might
help.  

You can optimise the randomness collection by setting the rc.conf
'rand_irqs' variable to a list of irqs that see quite a bit of
activity.  To tell what irqs to use, look at the output of vmstat -i:

    % vmstat -i
    interrupt                   total       rate
    pcm0 irq10                 167517          0
    de0 irq11                  123060          0
    mux irq5                   375110          1
    fdc0 irq6                       2          0
    atkbd0 irq1                135100          0
    psm0 irq12                1066199          3
    clk irq0                 31997147         99
    Total                    33864135        105

and pick the irqs corresponding to devices that get the most action.
Don't use the clock interrupt (here irq0) as a regular tick is useless
for generating random data...

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
                                                      Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021119144728.GA41329>