I'm rebuilding some DNS boxes and for the life of me I can't remember what I installed that drastically speeds up the dnssec-keygen process.
Would anyone know what this might have been or a way I could find out on the current box?
dnssec-keygen -a RSASHA256 -b 2048 -n ZONE ......
dnssec-keygen -f KSK -a RSASHA256 -b 4096 -n ZONE .....
dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N INCREMENT -o ..... -t .....
It'd be helpful if you showed us exactly what you're doing. But taking a guess, you're using -r /dev/random for your entropy, which blocks when the pool is empty, and that tends to happen very quickly on servers without KVM. You can attach a hardware entropy source, you can use /dev/urandom, or you can generate the keys on a desktop machine (which has you there to provide a much deeper entropy pool) then copy them across.
@Tsukasa: I know that this should be a comment, but I do not have 50 reputation, so I cannot comment. Anyway, your proposed solution is the recommended solution and is the solution that I have used many times both on Fedora 27 and 29, for which the code needs to be:
yum install haveged
systemctl restart haveged
systemctl enable haveged
The above will ensure that haveged is installed, running, and automatically started following any reboot of the system ...and, yes (for the odd pedant wanting to mark me down for having the temerity to reference a different distro), I am aware that the OP's distro is Ubuntu; but the point is that haveged is the solution and that it can additionally be used on Fedora / RHEL too, thereby helping other people with a like issue who might not be using Ubuntu.