Discussion:
PRNG not seeded, service won't start
Howard, Christopher
2018-09-17 23:11:59 UTC
Permalink
I'm attempting to upgrade from bind 9.10.4-P8 to 9.12.2-P1 and the service refuses to start. This is on a CentOS 6.10 machine. I ran into the same issue on CentOS 7 and was able to fix it by making sure that rngd is running before the named service starts. That same fix is not working for CentOS 6. I'm at a loss as to how to fix this and Google is failing me now.

The error in the log says:
Sep 17 18:59:08 nsm named[3926]: openssl_link.c:296: fatal error:
Sep 17 18:59:08 nsm named[3926]: OpenSSL pseudorandom number generator cannot be initialized (see the `PRNG not seeded' message in the OpenSSL FAQ)

Does any one have any ideas of what I'm missing or what I can do to resolve this (besides upgrading this box to CentOS 7)?

-Christopher
Alberto Colosi
2018-09-18 07:36:09 UTC
Permalink
are your compiler and libs updated ?



________________________________
From: bind-users <bind-users-***@lists.isc.org> on behalf of Howard, Christopher <Christopher-***@utc.edu>
Sent: Tuesday, September 18, 2018 1:11 AM
To: bind-***@lists.isc.org
Subject: PRNG not seeded, service won't start

I'm attempting to upgrade from bind 9.10.4-P8 to 9.12.2-P1 and the service refuses to start. This is on a CentOS 6.10 machine. I ran into the same issue on CentOS 7 and was able to fix it by making sure that rngd is running before the named service starts. That same fix is not working for CentOS 6. I'm at a loss as to how to fix this and Google is failing me now.

The error in the log says:
Sep 17 18:59:08 nsm named[3926]: openssl_link.c:296: fatal error:
Sep 17 18:59:08 nsm named[3926]: OpenSSL pseudorandom number generator cannot be initialized (see the `PRNG not seeded' message in the OpenSSL FAQ)

Does any one have any ideas of what I'm missing or what I can do to resolve this (besides upgrading this box to CentOS 7)?

-Christopher
Alberto Colosi
2018-09-18 07:52:31 UTC
Permalink
ON INTERNET IS LIKE TO BE LINKED TO RANDOM SEED GENERATION


check


# ls -l /dev/random /dev/urandom
crw-r--r-- 1 root system 39, 0 Jan 22 10:48 /dev/random
crw-r--r-- 1 root system 39, 1 Jan 22 10:48 /dev/urandom



________________________________
From: bind-users <bind-users-***@lists.isc.org> on behalf of Howard, Christopher <Christopher-***@utc.edu>
Sent: Tuesday, September 18, 2018 1:11 AM
To: bind-***@lists.isc.org
Subject: PRNG not seeded, service won't start

I'm attempting to upgrade from bind 9.10.4-P8 to 9.12.2-P1 and the service refuses to start. This is on a CentOS 6.10 machine. I ran into the same issue on CentOS 7 and was able to fix it by making sure that rngd is running before the named service starts. That same fix is not working for CentOS 6. I'm at a loss as to how to fix this and Google is failing me now.

The error in the log says:
Sep 17 18:59:08 nsm named[3926]: openssl_link.c:296: fatal error:
Sep 17 18:59:08 nsm named[3926]: OpenSSL pseudorandom number generator cannot be initialized (see the `PRNG not seeded' message in the OpenSSL FAQ)

Does any one have any ideas of what I'm missing or what I can do to resolve this (besides upgrading this box to CentOS 7)?

-Christopher
Howard, Christopher
2018-09-18 13:42:48 UTC
Permalink
Those are both good. Recent versions of bind are now using OpenSSL for random number generation and not /dev/random or /dev/urandom. Since the old version still works the /dev devices are obviously working.

-Christopher


On Tue, 2018-09-18 at 07:52 +0000, Alberto Colosi wrote:

ON INTERNET IS LIKE TO BE LINKED TO RANDOM SEED GENERATION


check


# ls -l /dev/random /dev/urandom

crw-r--r-- 1 root system 39, 0 Jan 22 10:48 /dev/random

crw-r--r-- 1 root system 39, 1 Jan 22 10:48 /dev/urandom



________________________________
From: bind-users <bind-users-***@lists.isc.org> on behalf of Howard, Christopher <Christopher-***@utc.edu>
Sent: Tuesday, September 18, 2018 1:11 AM
To: bind-***@lists.isc.org
Subject: PRNG not seeded, service won't start

I'm attempting to upgrade from bind 9.10.4-P8 to 9.12.2-P1 and the service refuses to start. This is on a CentOS 6.10 machine. I ran into the same issue on CentOS 7 and was able to fix it by making sure that rngd is running before the named service starts. That same fix is not working for CentOS 6. I'm at a loss as to how to fix this and Google is failing me now.

The error in the log says:
Sep 17 18:59:08 nsm named[3926]: openssl_link.c:296: fatal error:
Sep 17 18:59:08 nsm named[3926]: OpenSSL pseudorandom number generator cannot be initialized (see the `PRNG not seeded' message in the OpenSSL FAQ)

Does any one have any ideas of what I'm missing or what I can do to resolve this (besides upgrading this box to CentOS 7)?

-Christopher


_______________________________________________

Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list


bind-users mailing list

bind-***@lists.isc.org<mailto:bind-***@lists.isc.org>

https://lists.isc.org/mailman/listinfo/bind-users
Tony Finch
2018-09-18 08:33:51 UTC
Permalink
Post by Howard, Christopher
Does any one have any ideas of what I'm missing or what I can do to
resolve this (besides upgrading this box to CentOS 7)?
Try setting `random-device "/dev/urandom";` in `named.conf`.

See https://gitlab.isc.org/isc-projects/bind9/commit/24172bd2eeba91441ab1c65d2717b0692309244a

Tony.
--
f.anthony.n.finch <***@dotat.at> http://dotat.at/
Trafalgar: Variable 3 in northwest, otherwise northerly 4 or 5. Slight or
moderate, occasionally rough in north until later. Fair. Good.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Howard, Christopher
2018-09-18 13:44:20 UTC
Permalink
I found that link previously and tried it. It didn't complain about that not being a valid setting, but it didn't change the outcome. I'm beginning to believe I may just have to upgrade to CentOS 7. It needs to be done at some point anyway, I just didn't want to do it now.

-Christopher


On Tue, 2018-09-18 at 09:33 +0100, Tony Finch wrote:

Howard, Christopher <Christopher-***@utc.edu<mailto:Christopher-***@utc.edu>> wrote:


Does any one have any ideas of what I'm missing or what I can do to

resolve this (besides upgrading this box to CentOS 7)?


Try setting `random-device "/dev/urandom";` in `named.conf`.


See https://gitlab.isc.org/isc-projects/bind9/commit/24172bd2eeba91441ab1c65d2717b0692309244a


Tony.
Howard, Christopher
2018-09-20 18:27:01 UTC
Permalink
I'm not the only one! Whew, I thought I was losing my mind.

I have rngd and haveged running and there is large pool of entropy and I still can't get newer versions of bind to start. Very frustrating.

-Christopher


On Thu, 2018-09-20 at 20:14 +0200, Reindl Harald wrote:

OK, this is *really* foolish


on a heavily used machine with 2 days uptime, rngd and haveged there is

*for sure* enough random


bind-9.11.4-8.P1.fc28.x86_64 just found on Fedora koji


Sep 20 20:08:17 srv-rhsoft named[988479]:

../../../lib/dns/openssl_link.c:294: fatal error:

Sep 20 20:08:17 srv-rhsoft named[988479]: OpenSSL pseudorandom number

generator cannot be initialized (see the `PRNG not seeded' message in

the OpenSSL FAQ)

Sep 20 20:08:17 srv-rhsoft named[988479]: exiting (due to fatal error in

library)


who the hell does such invasive obviously not proper tested changes in

minor updates?


Am 18.09.18 um 15:44 schrieb Howard, Christopher:

I found that link previously and tried it. It didn't complain about that

not being a valid setting, but it didn't change the outcome. I'm

beginning to believe I may just have to upgrade to CentOS 7. It needs to

be done at some point anyway, I just didn't want to do it now.


-Christopher



On Tue, 2018-09-18 at 09:33 +0100, Tony Finch wrote:

Howard, Christopher <Christopher-***@utc.edu<mailto:Christopher-***@utc.edu> <mailto:Christopher-***@utc.edu<mailto:Christopher-***@utc.edu>>> wrote:


Does any one have any ideas of what I'm missing or what I can do to

resolve this (besides upgrading this box to CentOS 7)?


Try setting `random-device "/dev/urandom";` in `named.conf`.


See https://gitlab.isc.org/isc-projects/bind9/commit/24172bd2eeba91441ab1c65d2717b0692309244a
Howard, Christopher
2018-09-21 02:33:35 UTC
Permalink
I’ve downgraded as well, but at some point the last working version will be end of life. Hopefully you get somewhere with your bug report.

-Christopher

On Sep 20, 2018, at 3:02 PM, Reindl Harald <***@thelounge.net<mailto:***@thelounge.net>> wrote:

well, i just downgraded since it's a resolver without dnssec at all

https://bugzilla.redhat.com/show_bug.cgi?id=1631515

Am 20.09.18 um 20:27 schrieb Howard, Christopher:
I'm not the only one! Whew, I thought I was losing my mind.

I have rngd and haveged running and there is large pool of entropy and I
still can't get newer versions of bind to start. Very frustrating.

-Christopher


On Thu, 2018-09-20 at 20:14 +0200, Reindl Harald wrote:
OK, this is *really* foolish

on a heavily used machine with 2 days uptime, rngd and haveged there is
*for sure* enough random

bind-9.11.4-8.P1.fc28.x86_64 just found on Fedora koji

Sep 20 20:08:17 srv-rhsoft named[988479]:
../../../lib/dns/openssl_link.c:294: fatal error:
Sep 20 20:08:17 srv-rhsoft named[988479]: OpenSSL pseudorandom number
generator cannot be initialized (see the `PRNG not seeded' message in
the OpenSSL FAQ)
Sep 20 20:08:17 srv-rhsoft named[988479]: exiting (due to fatal error in
library)

who the hell does such invasive obviously not proper tested changes in
minor updates?

Am 18.09.18 um 15:44 schrieb Howard, Christopher:
I found that link previously and tried it. It didn't complain about that
not being a valid setting, but it didn't change the outcome. I'm
beginning to believe I may just have to upgrade to CentOS 7. It needs to
be done at some point anyway, I just didn't want to do it now.

-Christopher


On Tue, 2018-09-18 at 09:33 +0100, Tony Finch wrote:
Howard, Christopher <Christopher-***@utc.edu <mailto:Christopher-***@utc.edu> <mailto:Christopher-***@utc.edu <mailto:Christopher-***@utc.edu>>> wrote:

Does any one have any ideas of what I'm missing or what I can do to
resolve this (besides upgrading this box to CentOS 7)?

Try setting `random-device "/dev/urandom";` in `named.conf`.

See https://gitlab.isc.org/isc-projects/bind9/commit/24172bd2eeba91441ab1c65d2717b0692309244a
Howard, Christopher
2018-09-18 13:41:29 UTC
Permalink
I've tried this one. It doesn't work. There is plenty of entropy on the box, but it still won't start with the same error.

-Christopher


On Tue, 2018-09-18 at 01:22 +0200, Reindl Harald wrote:

https://wiki.archlinux.org/index.php/Haveged


Am 18.09.18 um 01:11 schrieb Howard, Christopher:

I'm attempting to upgrade from bind 9.10.4-P8 to 9.12.2-P1 and the

service refuses to start. This is on a CentOS 6.10 machine. I ran into

the same issue on CentOS 7 and was able to fix it by making sure that

rngd is running before the named service starts. That same fix is not

working for CentOS 6. I'm at a loss as to how to fix this and Google is

failing me now.


The error in the log says:

Sep 17 18:59:08 nsm named[3926]: openssl_link.c:296: fatal error:

Sep 17 18:59:08 nsm named[3926]: OpenSSL pseudorandom number generator

cannot be initialized (see the `PRNG not seeded' message in the OpenSSL FAQ)


Does any one have any ideas of what I'm missing or what I can do to

resolve this (besides upgrading this box to CentOS 7)?
Continue reading on narkive:
Search results for 'PRNG not seeded, service won't start' (Questions and Answers)
6
replies
Professional help to find out about possible trojan?
started 2012-08-26 11:12:34 UTC
security
Loading...