BIND and /var/arandom missing fix

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: <misc@...>

Subject: BIND and /var/arandom missing fix

Date: Thursday, November 1, 2007 - 2:38 pm

I have a server running OpenBSD 4.2-current and acting as a
name server. It always has these messages in the /var/log/daemon
file upon startup:

Oct 27 05:51:38 racine named[3780]: could not open entropy \
source /dev/arandom: file not found
Oct 27 05:51:38 racine named[3780]: using pre-chroot entropy \
source /dev/arandom

That never bothered me, until I needed to use Men and Mice
DNS Server Controller management tools on my OBSD name server,
but that is another story.

Just creating a /var/named/dev/arandom file won't work,
since the partion is mounted as nodev as shown below

/dev/wd0a on / type ffs (local)
/dev/wd0e on /home type ffs (local, nodev, nosuid)
/dev/wd0f on /tmp type ffs (local, nodev, nosuid)
/dev/wd0g on /usr type ffs (local, nodev)
/dev/wd0d on /var type ffs (local, nodev, nosuid)
^^^^^
so I thought I would try creating a separate partition for
/var/named/dev and not using the nodev parameter
I had used all of the drive during inital installation, so I
-went into disklabel -E wd0
- noticed how much space each cylinder took up
- checked to see how large the swap partition was with a 'p m'
- deleted the swap partition, and recreated it 2 megabytes smaller
- created a new partition 2 megabytes in in size
- saved the results
- modified /etc/fstab to mount the new partition as /var/named/dev
without the nodev option

$ mount
/dev/wd0a on / type ffs (local)
/dev/wd0e on /home type ffs (local, nodev, nosuid)
/dev/wd0f on /tmp type ffs (local, nodev, nosuid)
/dev/wd0g on /usr type ffs (local, nodev)
/dev/wd0d on /var type ffs (local, nodev, nosuid)
/dev/wd0h on /var/named/dev type ffs (local, nosuid)

rebooted the computer
-created the devices in /var/named/dev
cd /var/named/dev
/dev.MAKEDEV random

ls -l shows

$ ls -l /var/named/dev
total 0
crw-r--r-- 1 root wheel 45, 4 Oct 27 05:53 arandom
crw-r--r-- 1 root wheel 45, 3 Oct 27 05:53 prandom
crw-r--r-- 1 root wheel 45, 0 Oct 27 05:53 random
crw-r--r-- 1 root wheel 45, 1 Oct 27 05:53 srandom
crw-r--r-- 1 root wheel 45, 2 Oct 27 05:53 urandom

now when I start BIND via the named command, the messages about
/var/arandom missing no loger appear in /var/log/daemon.

My question, have I compromised the security of the name server?

If anyone is interested, I will post my steps in getting Men and Mice
DNS Server Controller running on OpenBSD using linux emulation.

Thanks,
J.D. Carlson

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

BIND and /var/arandom missing fix, J.D. Carlson, (Thu Nov 1, 2:38 pm)

Re: BIND and /var/arandom missing fix , Theo de Raadt, (Thu Nov 1, 3:53 pm)


linux-kernel:
Greg KH	[GIT PATCH] driver core patches against 2.6.24
david	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
David Woodhouse	[PATCH 1/3] firmware: allow firmware files to be built into kernel image
Peter Zijlstra	[PATCH 00/23] per device dirty throttling -v8
git:

linux-netdev:
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
Josip Rodin	bnx2_poll panicking kernel
Patrick McHardy	Re: [GIT]: Networking
openbsd-misc: