[dns-operations] signing a zone with NSEC3 records.

Stephane Bortzmeyer bortzmeyer at nic.fr
Thu Sep 10 09:10:36 UTC 2009

On Wed, Sep 09, 2009 at 02:51:20PM -0500,
 Jeremy C. Reed <reed at reedmedia.net> wrote 
 a message of 62 lines which said:

>   dd if=/dev/urandom bs=16 count=1 2>/dev/null | hexdump -e \"%08x\"
> (I won't discuss how "random" these are, 

I will :-) /dev/urandom is pseudo-random, only /dev/random is supposed
to be random (according to the rules of RFC 4086). ('man 4 random' on

On the other hand, /dev/urandom is much faster since it never stalls
while /dev/random may block you while waiting for more entropy.

Hence the /dev/random paradox: when you use dnssec-signzone -r
/dev/random, you get a result faster if the machine is heavily loaded.

More information about the dns-operations mailing list