Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 693402

Summary: net-dns/bind-9.15.2 - named: OpenSSL pseudorandom number generator cannot be initialized (see the `PRNG not seeded' message in the OpenSSL FAQ)
Product: Gentoo Linux Reporter: Martin <m_gentoobug>
Component: Current packagesAssignee: Mikle Kolyada (RETIRED) <zlogene>
Status: RESOLVED OBSOLETE    
Severity: normal CC: chutzpah, jstein, m_gentoobug
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Martin 2019-09-03 11:49:18 UTC 
This continues on from the bug reported earlier for net-dns/bind-9.12.2_p2-r1:

Bug 673746 - net-dns/bind-9.12.2_p2-r1 - named: OpenSSL pseudorandom number generator cannot be initialized (see the `PRNG not seeded' message in the OpenSSL FAQ)

https://bugs.gentoo.org/show_bug.cgi?id=673746


Reproducible always.

After a clean install, named fails to start:


emerge -vDNu net-dns/bind
emerge --config '=net-dns/bind-9.15.2'

The install and config complete without reported error.

However, there is no "/chroot/dns/dev/urandom" created.

Note that is required for named ("net-dns/bind-9.15.2") to start.

The workaround is to run:

cd /chroot/dns/dev
mknod urandom c 1 9

"named" can then be started fine.


FYI:

The system log start errors reported when trying to start without "/chroot/dns/dev/urandom" are:

named[3181]: openssl_link.c:164: fatal error:
named[3181]: OpenSSL pseudorandom number generator cannot be initialized (see the `PRNG not seeded' message in the OpenSSL FAQ)
named[3181]: exiting (due to fatal error in library)
/etc/init.d/named[3179]: start-stop-daemon: failed to start `/usr/sbin/named'


Thanks,

Regards,
Martin


Reproducible: Always

Steps to Reproduce:
1. emerge -vDNu =net-dns/bind-9.15.2
2. emerge --config '=net-dns/bind-9.15.2'
3. rc-service named start
Actual Results:  
named fails to start, as reported in the system log for example:

named[3181]: openssl_link.c:164: fatal error:
named[3181]: OpenSSL pseudorandom number generator cannot be initialized (see the `PRNG not seeded' message in the OpenSSL FAQ)
named[3181]: exiting (due to fatal error in library)
/etc/init.d/named[3179]: start-stop-daemon: failed to start `/usr/sbin/named'





Expected Results:  
named to start without error

The fix is to add the special device:

"/chroot/dns/dev/urandom"

For example, run as root:

cd /chroot/dns/dev
mknod urandom c 1 9


Note that on a server, multiple other services depend upon named successfully starting. Especially so when that server is serving a LAN of many other machines...
Comment 1 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2021-03-19 12:26:31 UTC 
seems to bi fixed in 9.16.x long ago, 9.15.x is no longer maintained. Feel free to reopen if something bad is still happening.