It seems that ISPConfig3 checks for entropy availability to be below 200 and also 400 per the following file, /usr/local/ispconfig/server/bind_plugin.inc.php
.
Line 93 and line 210 check for entropy availability.
Line 93, inside function soa_dnssec_create()
:
if (file_get_contents('/proc/sys/kernel/random/entropy_avail') < 400) { $app->log('DNSSEC ERROR: We are low on entropy. Not generating new Keys for '.$domain.'. Please consider installing package haveged.', LOGLEVEL_WARN); echo "DNSSEC ERROR: We are low on entropy. Not generating new Keys for $domain. Please consider installing package haveged.\n"; return false; }
Line 210, inside function soa_dnssec_update()
:
if (file_get_contents('/proc/sys/kernel/random/entropy_avail') < 200) { $app->log('DNSSEC ERROR: We are low on entropy. This could cause server script to fail. Please consider installing package haveged.', LOGLEVEL_ERROR); echo "DNSSEC ERROR: We are low on entropy. This could cause server script to fail. Please consider installing package haveged.\n"; return false; }
My problem seems to be entropy_avail is 256.
Researching this, I found this Unix StackExchange article, kernel 5.10.119 caused the values of /proc/sys/kernel/random/entropy_avail and poolsize to be 256 – Unix & Linux Stack Exchange, that describes a recent change in the Linux Kernel 5.10.119.
I am currently on Linux kernel 5.10.127-1 (2022-06-30).
To work-around this, I adjusted the checks to both be 200, instead of one being 200 and the other 400 (on creation of DNSSEC records).
I was able to successfully generate the DNSSEC for my zone and issue /usr/local/ispconfig/server/server.sh
without additional error.
This is probably NOT the best way to handle this… but I’m not sure what else to do at this point.