Bugzilla – Bug 198
unbound.conf man page considered harmful
Last modified: 2008-07-21 10:01:48 CEST
The man page for unbound.conf has a default configuration that chroots the server.
However, unless the chroot includes /dev/random, the only entropy used is the time (actually, the pid, too, but the log is misleading). This is obviously bad.
I added the following to the manpage
# make sure unbound can access entropy from inside the chroot.
# i.e. mount --bind -n /dev/random /etc/unbound/dev/random
# and mount --bind -n /dev/log /etc/unbound/dev/log
What is misleading about the log?
The log says time only is used as the seed, but the pid is too (and the thread ID, but not much entropy there).
In fact, generally, log messages often seem to be generated rather far away from the error (or info) they are logging, for example many of the "out of memory" errors are logged when some function returns NULL rather than when malloc() fails, which seems prone to inaccurate logging.
Oh, and on your man page "i.e." should be "e.g." and your example is (I assume) Linux specific, so you might want to say so.
I improved the entropy warning message, and added linux specific comment to the manpage (also gave a hint for BSD usage).
Thank you for your comments,