[dns-operations] signing a zone with NSEC3 records.
Stephane Bortzmeyer
bortzmeyer at nic.fr
Thu Sep 10 09:10:36 UTC 2009
On Wed, Sep 09, 2009 at 02:51:20PM -0500,
Jeremy C. Reed <reed at reedmedia.net> wrote
a message of 62 lines which said:
> dd if=/dev/urandom bs=16 count=1 2>/dev/null | hexdump -e \"%08x\"
>
> (I won't discuss how "random" these are,
I will :-) /dev/urandom is pseudo-random, only /dev/random is supposed
to be random (according to the rules of RFC 4086). ('man 4 random' on
Linux.)
On the other hand, /dev/urandom is much faster since it never stalls
while /dev/random may block you while waiting for more entropy.
Hence the /dev/random paradox: when you use dnssec-signzone -r
/dev/random, you get a result faster if the machine is heavily loaded.
More information about the dns-operations
mailing list