From 00028046b489ef12a3de9b66c02e3fd118a89939 Mon Sep 17 00:00:00 2001 From: Casey Marshall Date: Sat, 14 Nov 2015 14:04:04 -0600 Subject: [PATCH] Use /dev/urandom. --- setup/dns.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/dns.sh b/setup/dns.sh index 996c72f2..af1dace9 100755 --- a/setup/dns.sh +++ b/setup/dns.sh @@ -88,13 +88,13 @@ if [ ! -f "$STORAGE_ROOT/dns/dnssec/$algo.conf" ]; then # # `ldns-keygen` outputs the new key's filename to stdout, which # we're capturing into the `KSK` variable. - KSK=$(umask 077; cd $STORAGE_ROOT/dns/dnssec; ldns-keygen -a $algo -b 2048 -k _domain_); + KSK=$(umask 077; cd $STORAGE_ROOT/dns/dnssec; ldns-keygen -r /dev/urandom -a $algo -b 2048 -k _domain_); # Now create a Zone-Signing Key (ZSK) which is expected to be # rotated more often than a KSK, although we have no plans to # rotate it (and doing so would be difficult to do without # disturbing DNS availability.) Omit `-k` and use a shorter key length. - ZSK=$(umask 077; cd $STORAGE_ROOT/dns/dnssec; ldns-keygen -a $algo -b 1024 _domain_); + ZSK=$(umask 077; cd $STORAGE_ROOT/dns/dnssec; ldns-keygen -r /dev/urandom -a $algo -b 1024 _domain_); # These generate two sets of files like: #