DNSSEC doesn't work

Discussion in 'Installation/Configuration' started by dioobr, Feb 16, 2017.

  1. dioobr

    dioobr New Member

    My DNS servers aren't generating keys. I noticed in the source code of ISPConfig (bind_plugin.inc.php) the following:
    Code:
            if (file_get_contents('/proc/sys/kernel/random/entropy_avail') < 400) {
                $app->log('DNSSEC ERROR: We are low on entropy. Not generating new Keys for '.$domain.'. Please consider installing package haveged.', LOGLEVEL_WARN);
                echo "DNSSEC ERROR: We are low on entropy. Not generating new Keys for $domain. Please consider installing package haveged.\n";
                return false;
            }
    Checking the contents of the file "/proc/sys/kernel/random/entropy_avail", the value is 134. I have no idea what this is. Can I just change the value of the file and done? any suggestion?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    ensure that you have the software "haveged" installed and that the haveged daemon is started.
     
  3. dioobr

    dioobr New Member

  4. dioobr

    dioobr New Member

    If a server has a mirror server, is DNSSEC turned off?
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes. DNSSEC will not work on mirror servers, it needs to be reimplemented from scratch to support mirrors which is planned for one of the next releases.
     

Share This Page