X-RT-Original-Encoding: utf-8
MIME-Version: 1.0
In-Reply-To: <rt-4.4.1-49214-1505851568-605.0-0-0@isc.org>
References: <rt-4.4.1-49214-1505851568-605.0-0-0@isc.org>
 <RT-Ticket-46047@isc.org>
X-Mailer: MIME-tools 5.508 (Entity 5.508)
Content-Transfer-Encoding: binary
Content-Type: text/plain; charset="utf-8"
Message-ID: <rt-4.4.1-32717-1506618673-1137.46047-0-0@isc.org>
X-RT-Interface: Web
Content-Disposition: inline
RT-Send-CC:
Content-Length: 1231

Merged. The CHANGES note has been revised to read:

4724.   [func]          By default, BIND now uses the random number
                        functions provided by the crypto library (i.e.,
                        OpenSSL or a PKCS#11 provider) as a source of
                        randomness rather than /dev/random.  This is
                        suitable for virtual machine environments
                        which have limited entropy pools and lack
                        hardware random number generators.

                        This can be overridden by specifying another
                        entropy source via the "random-device" option
                        in named.conf, or via the -r command line option;
                        however, for functions requiring full cryptographic
                        strength, such as DNSSEC key generation, this
                        cannot be overridden. In particular, the -r
                        command line option no longer has any effect on
                        dnssec-keygen.

                        This can be disabled by building with
                        "configure --disable-crypto-rand".
                        [RT #31459] [RT #46047]