Subject: bind9 sucks up ALL bits from /dev/random
To: None <pkgsrc-users@NetBSD.org>
From: Rhialto <rhialto@falu.nl>
List: pkgsrc-users
Date: 09/06/2007 22:28:37
I happened to need some random bits, but /dev/random wouldn't give me
any without me waving my mouse around. So I looked around with "rndctl
-ls" and I saw this:

Source                 Bits Type      Flags
cd1                   47295 disk estimate, collect
cd0                12174606 disk estimate, collect
wd1                22281034 disk estimate, collect
wd0               193908119 disk estimate, collect
fd0                       0 disk estimate, collect
pms0               16522995 tty  estimate, collect
pckbd0              3319637 tty  estimate, collect
rtk0                      0 net  collect
skc0                      0 net  collect
        255350941 bits mixed into pool
                0 bits currently stored in pool (max 4096)
        187974849 bits of entropy discarded due to full pool
         67376092 hard-random bits generated
        710031604 pseudo-random bits generated

Note the "0 bits currently stored in pool".

Some time later the result was this:

then this

Source                 Bits Type      Flags
cd1                   47295 disk estimate, collect
cd0                12174606 disk estimate, collect
wd1                22282442 disk estimate, collect
wd0               193922518 disk estimate, collect
fd0                       0 disk estimate, collect
pms0               16531734 tty  estimate, collect
pckbd0              3323349 tty  estimate, collect
rtk0                      0 net  collect
skc0                      0 net  collect
        255379199 bits mixed into pool
                0 bits currently stored in pool (max 4096)
        187981064 bits of entropy discarded due to full pool
         67398135 hard-random bits generated
        710298073 pseudo-random bits generated

Still 0 bits in the pool, but 255379199 - 255350941 = 28258 had been put
in.

The only one having open /dev/random is named (version bind-9.4.1pl1).

$ fstat|grep random
named    named       7041    5 /          10674 cr--r--r--  random r 

This seems to be a potential problem to me. No singe program should hog
all random bits after all.

-Olaf.
-- 
___ Olaf 'Rhialto' Seibert      -- You author it, and I'll reader it.
\X/ rhialto/at/xs4all.nl        -- Cetero censeo "authored" delendum esse.