Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 09-08-2004, 10:05 AM   #1
Registered: Jun 2003
Posts: 52

Rep: Reputation: 15
dnssec-keygen hangs

dnssec-keygen -a hmac-md5 -b 256 -n user rndc

rndc is a valid user, dnssec-keygen hangs basically forever, consuming 0.0 CPU and 0.1 MEM. This is on a dual Xeon with 2.5GB of memory. Its been running for at least the last 15 minutes. No errors, nothing in syslog, just sits there.

Anyone run into this before?

Last edited by jon3k; 09-08-2004 at 10:42 AM.
Old 08-23-2015, 04:22 PM   #2
Red Squirrel
Senior Member
Registered: Dec 2003
Distribution: Mint 20.1 on workstation, Debian 11 on servers
Posts: 1,326

Rep: Reputation: 54
I'm getting the same thing, and not finding anything on google. Anyone? This is the command I'm trying (from a tutorial)

 dnssec-keygen -a HMAC-MD5 -b 512 -n HOST update_key
It just hangs forever and does nothing.

Thanks in advance.
Old 08-23-2015, 05:06 PM   #3
Red Squirrel
Senior Member
Registered: Dec 2003
Distribution: Mint 20.1 on workstation, Debian 11 on servers
Posts: 1,326

Rep: Reputation: 54
Well from further googling I did manage to find something that is interesting, so the way this command seems to work is that it requires some activity to be happening on the system, I'm not sure exactly the nature of the activity but I'm guessing disk and/or memory. Such activity seems to affect the output of /dev/random which dnssec uses. I did hexdump /dev/random and got nothing. I then did a system update as it's the first thing that came to mind to generate something random and then I started getting output in /dev/random and the dnssec-keygen command finished. Which draws an interesting thought, since this command requires the user to perform some activity on the server could the nature of this activity actually affect how secure the key is? Ex: a system update is not truly random, as someone who really knows what they're doing could probably figure out what changed if they can find out the last time I updated before doing that update as any system will get the same files, thus probably the same key.

When I do this on my web server (I'm doing it on a local test server right now) I imagine there will be more randomness going on though due to general traffic.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
bind - dnssec jsheffie Linux - Networking 0 07-28-2005 10:22 AM
How to ssh-keygen? Baran Linux - Networking 5 04-26-2005 02:40 PM
Linuxant hcf keygen? n00b2themax Linux - Newbie 3 01-29-2005 11:49 PM
no dnssec for debian ruben0076 Linux - Networking 2 01-18-2005 06:07 AM
ssh-keygen problem mijohnst Linux - Networking 5 07-20-2004 01:00 PM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 11:40 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration