• Evan Hunt's avatar
    [master] completed and corrected the crypto-random change · 24172bd2
    Evan Hunt authored
    4724.	[func]		By default, BIND now uses the random number
    			functions provided by the crypto library (i.e.,
    			OpenSSL or a PKCS#11 provider) as a source of
    			randomness rather than /dev/random.  This is
    			suitable for virtual machine environments
    			which have limited entropy pools and lack
    			hardware random number generators.
    
    			This can be overridden by specifying another
    			entropy source via the "random-device" option
    			in named.conf, or via the -r command line option;
    			however, for functions requiring full cryptographic
    			strength, such as DNSSEC key generation, this
    			cannot be overridden. In particular, the -r
    			command line option no longer has any effect on
    			dnssec-keygen.
    
    			This can be disabled by building with
    			"configure --disable-crypto-rand".
    			[RT #31459] [RT #46047]
    24172bd2
server.c 389 KB