Last Modified: Mar 30, 2024
Affected Product(s):
BIG-IP TMOS
Fixed In:
17.1.0
Opened: Nov 15, 2022 Severity: 3-Major
The option /dev/random is deprecated from the rndc-confgen after the BIND upgrade. The keygen.sysinit scripts using the rndc-confgen with the deprecated option /dev/random leading to the failure in creation of the rndc.key file. The ZRD daemon waits for the rndc.key but as the key creation failed the daemon waits for the key creation infinitely and will be in a down state.
The ZRD daemon will be down till the rndc.key is created.
Upgrade the BIND package from 9.11 to 9.16.
Create the key manually without the deprecated option. Run the following command: bigstart stop zrd rm -f /config/rndc.key /usr/sbin/rndc-confgen -t /var/named -a -c /config/rndc.key ln -sf /var/named/config/rndc.key /config/rndc.key chown -f named:named /var/named/config/rndc.key bigstart start zrd
The issue is fixed by removing the deprecated option when generating the rndc.key.