Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consistently use /dev/urandom instead of /dev/random in scripts and docs #81

Merged
merged 1 commit into from Sep 20, 2019

Conversation

@wcawijngaards wcawijngaards merged commit e1e71ea into NLnetLabs:master Sep 20, 2019
1 check passed
1 check passed
continuous-integration/travis-ci/pr The Travis CI build passed
Details
wcawijngaards added a commit that referenced this pull request Sep 20, 2019
- Merge #81 from Maryse47: Consistently use /dev/urandom instead
  of /dev/random in scripts and docs.
@wcawijngaards

This comment has been minimized.

Copy link
Member

wcawijngaards commented Sep 20, 2019

Yes that changed in the implementation where open of dev happened at first in the util/random code, but then moved to the compat with contributed code because the random generators changed in libc('s in BSD and Linux), I guess this is where this could have changed. Having a good supply is important because you do not want the stream of DNS replies cut short by a wait for randomness. Which would be used for generating the 16-bit ID numbers in DNS packets. Hence urandom, by the way. So the changes you suggest are an improvement (in the comments around the code). Thanks! Merged.

@Maryse47 Maryse47 deleted the Maryse47:urandom branch Sep 20, 2019
jedisct1 added a commit to jedisct1/unbound that referenced this pull request Sep 21, 2019
* nlnet/master: (22 commits)
  Changelog entry for NLnetLabs#83 - Merge NLnetLabs#83 from Maryse47: contrib/unbound.service.in: do not fork   into the background.
  unbound.service.in: do not fork into the background
  Changelog entry for NLnetLabs#81. - Merge NLnetLabs#81 from Maryse47: Consistently use /dev/urandom instead   of /dev/random in scripts and docs.
  (Changelog entry for NLnetLabs#82). - Merge NLnetLabs#82 from hardfalcon: Downgrade CAP_NET_ADMIN to CAP_NET_RAW   in unbound.service.
  Downgrade CAP_NET_ADMIN to CAP_NET_RAW in unbound.service
  Consistently use /dev/urandom instead of /dev/random in scripts and docs
  - Merge NLnetLabs#80 from stasic: Improve wording in man page. (Changelog entry for merge)
  Improve wording in man page
  - Fix wrong response ttl for prepended short CNAME ttls, this would   create a wrong zero_ttl response count with serve-expired enabled.
  - Fix for oss-fuzz build warning.
  - Fix fix for NLnetLabs#78 to also free service callback struct.
  - oss-fuzz badge on README.md.
  - Merge pull request NLnetLabs#76 from Maryse47: Improvements and fixes for   systemd unbound.service. (Changelog note for merge of NLnetLabs#76).
  - Fix NLnetLabs#78: Memory leak in outside_network.c.
  Improvements and fixes for systemd unbound.service
  - Use explicit bzero for wiping clear buffer of hash in cachedb,   reported by Eric Sesterhenn from X41 D-Sec.
  - Fix NLnetLabs#72: configure --with-syslog-facility=LOCAL0-7 with default   LOG_DAEMON (as before) can set the syslog facility that the server   uses to log messages.
  - Fix NLnetLabs#71: fix openssl error squelch commit compilation error.
  - squelch DNS over TLS errors 'ssl handshake failed crypto error'   on low verbosity, they show on verbosity 3 (query details), because   there is a high volume and the operator cannot do anything for the   remote failure.  Specifically filters the high volume errors.
  - updated Makefile dependencies.
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.