Hi, I have a multiserver setup with 4 servers - www, mail, db and dns on Ubuntu 18.04. Everything looks fine except operations on DNS server. If I make some change in domains' DNS, it takes more then 10 minutes to process. I have already setup DEBUG mode. In ispconfig.log on dns server I can see these records: Code: 27.03.2020-09:32 - DEBUG - Found 2 changes, starting update process. 27.03.2020-09:32 - DEBUG - Replicated from master: REPLACE INTO `dns_rr` (`id`,`sys_userid`,`sys_groupid`,`sys_perm_user`,`sys_perm_group`,`sys_perm_other`,`server_id`,`zone`,`name`,`type`,`data`,`aux`,`ttl`,`active`,`stamp`,`serial`) VALUES ('8','3','2','riud','riud','','4','1','sometestdomain.com.','CAA','0 issue \"letsencrypt.org\"','0','3600','Y','2020-03-27 09:31:20','2020032701') 27.03.2020-09:32 - DEBUG - Calling function 'rr_insert' from plugin 'bind_plugin' raised by event 'dns_rr_insert'. 27.03.2020-09:32 - DEBUG - safe_exec cmd: named-checkzone 'sometestdomain.com.' '/etc/bind/pri.sometestdomain.com' - return code: 0 27.03.2020-09:32 - DEBUG - Writing BIND domain file: /etc/bind/pri.sometestdomain.com 27.03.2020-09:32 - DEBUG - safe_exec cmd: cd '/etc/bind'; named-checkzone 'sometestdomain.com' '/etc/bind/pri.sometestdomain.com' | egrep -ho '[0-9]{10}' - return code: 0 27.03.2020-09:41 - DEBUG - safe_exec cmd: cd '/etc/bind'; dnssec-signzone -A -e +1382400 -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N increment -o 'sometestdomain.com' -t 'pri.sometestdomain.com' - return code: 0 27.03.2020-09:41 - DEBUG - Writing BIND named.conf.local file: /etc/bind/named.conf.local 27.03.2020-09:41 - DEBUG - Processed datalog_id 31 27.03.2020-09:41 - DEBUG - Replicated from master: REPLACE INTO `dns_soa` (`id`,`sys_userid`,`sys_groupid`,`sys_perm_user`,`sys_perm_group`,`sys_perm_other`,`server_id`,`origin`,`ns`,`mbox`,`serial`,`refresh`,`retry`,`expire`,`minimum`,`ttl`,`active`,`xfer`,`also_notify`,`update_acl`,`dnssec_initialized`,`dnssec_wanted`,`dnssec_last_signed`,`dnssec_info`) VALUES ('1','3','2','riud','ru','','4','sometestdomain.com.','dns.com.','postmaster.dns.com.','2020032703','7200','540','604800','3600','3600','Y','','','','Y','Y','1585297816','DS-Records:\nsometestdomain.com. \n\nDNSKEY-Records:\n; This is a key-signing key, keyid 22869, for sometestdomain.com.\n; Created: 20200327074501 (Fri Mar 27 07:45:01 2020)\n; Publish: 20200327074501 (Fri Mar 27 07:45:01 2020)\n; Activate: 20200327074501 (Fri Mar 27 07:45:01 2020)\nsometestdomain.com. ) 27.03.2020-09:41 - DEBUG - Calling function 'soa_update' from plugin 'bind_plugin' raised by event 'dns_soa_update'. 27.03.2020-09:41 - DEBUG - safe_exec cmd: named-checkzone 'sometestdomain.com.' '/etc/bind/pri.sometestdomain.com' - return code: 0 27.03.2020-09:41 - DEBUG - Writing BIND domain file: /etc/bind/pri.sometestdomain.com 27.03.2020-09:41 - DEBUG - DNSSEC ERROR: We are low on entropy. This could cause server script to fail. Please consider installing package haveged. 27.03.2020-09:41 - WARNING - Falsche Anfrage / Wrong QuerySQL-Query = INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES (4, '32', 'LOGLEVEL_ERR', UNIX_TIMESTAMP(), 'DNSSEC ERROR: We are low on entropy. This could cause server script to fail. Please consider installing package haveged.') -> 1366 (Incorrect integer value: 'LOGLEVEL_ERR' for column 'loglevel' at row 1) 27.03.2020-09:41 - DEBUG - Writing BIND named.conf.local file: /etc/bind/named.conf.local 27.03.2020-09:41 - DEBUG - Processed datalog_id 32 27.03.2020-09:41 - DEBUG - Calling function 'restartBind' from module 'dns_module'. 27.03.2020-09:41 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock There is probably only one interesting thing: Code: DNSSEC ERROR: We are low on entropy. This could cause server script to fail. Please consider installing package haveged. But I have haveged installed. If I switch off DNSSEC, dns operations are at normal speed. Can someone help me with this? Thank a lot in advance.
OK, so I have probably an answer. I have this dns server installed in a linux container (lxc) and it seems haveged won't work here. Is there any way how to get entropy without haveged? If not, I will install dns into KVM where it should work.
Problem is with writing into the file /proc/sys/kernel/random/write_wakeup_threshold which is read only on lxc.
