Posts tagged: dnssec

What to do if dnssec-keygen hangs forever

By , May 2, 2017


On some systems when you are trying to generate dnssec keys using dnssec-keygen, it just hangs (seemingly) forever.

As per Alexander Gurvitz’s post┬áin the Ubuntu forums:

It is NOT a bug.
In order to generate SECURE keys, dnssec-keygen reads /dev/random, which will block until there’s enough entropy available on your system. Some systems have very little entropy and thus dnssec-keygen may take forever.
Possible solutions:
1. apt-get install haveged
haveged daemon supplies lots of entropy to /dev/random.

2. dnssec-keygen -r /dev/urandom
Will use “non-blocking” pseudo-random device (lower security).

3. Move mouse and tap on keyboard – kernel uses this as entropy source.

4. Buy a hardware entropy device.

Easiest/best solution is #1, most expedient if you can’t even do that is #2.