if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
+n=`expr $n + 1`
+echo_i "check obsolete options generate warnings ($n)"
+ret=0
+$CHECKCONF warn-random-device.conf > checkconf.out$n 2>/dev/null || ret=1
+grep "option 'random-device' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi
+status=`expr $status + $ret`
rmdir keys
echo_i "exit status: $status"
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ random-device "/dev/urandom";
+};
classify outgoing DNS traffic, on operating systems that support DSCP.
Valid values are 0 through 63. It is not configured by default.
-.. namedconf:statement:: random-device
- :tags: server, security
- :short: Specifies a source of entropy to be used by the server.
-
- This specifies a source of entropy to be used by the server; it is a
- device or file from which to read entropy. If it is a file,
- operations requiring entropy will fail when the file has been
- exhausted.
-
- Entropy is needed for cryptographic operations such as TKEY
- transactions, dynamic update of signed zones, and generation of TSIG
- session keys. It is also used for seeding and stirring the
- pseudo-random number generator which is used for less critical
- functions requiring randomness, such as generation of DNS message
- transaction IDs.
-
- If :any:`random-device` is not specified, or if it is set to ``none``,
- entropy is read from the random number generation function
- supplied by the cryptographic library with which BIND was linked
- (i.e. OpenSSL or a PKCS#11 provider).
-
- The :any:`random-device` option takes effect during the initial
- configuration load at server startup time and is ignored on
- subsequent reloads.
-
.. namedconf:statement:: preferred-glue
:tags: query
:short: Controls the order of glue records in an A or AAAA response.
query\-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
query\-source\-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
querylog <boolean>;
- random\-device ( <quoted_string> | none );
+ random\-device ( <quoted_string> | none ); // obsolete
rate\-limit {
all\-per\-second <integer>;
errors\-per\-second <integer>;
query-source ( ( [ address ] ( <ipv4_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv4_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
query-source-v6 ( ( [ address ] ( <ipv6_address> | * ) [ port ( <integer> | * ) ] ) | ( [ [ address ] ( <ipv6_address> | * ) ] port ( <integer> | * ) ) ) [ dscp <integer> ];
querylog <boolean>;
- random-device ( <quoted_string> | none );
+ random-device ( <quoted_string> | none ); // obsolete
rate-limit {
all-per-second <integer>;
errors-per-second <integer>;
{ "https-port", &cfg_type_uint32, CFG_CLAUSEFLAG_NOTCONFIGURED },
#endif
{ "querylog", &cfg_type_boolean, 0 },
- { "random-device", &cfg_type_qstringornone, 0 },
+ { "random-device", &cfg_type_qstringornone, CFG_CLAUSEFLAG_OBSOLETE },
{ "recursing-file", &cfg_type_qstring, 0 },
{ "recursive-clients", &cfg_type_uint32, 0 },
{ "reuseport", &cfg_type_boolean, 0 },
projects / thirdparty / bind9.git / commitdiff
