The patch seems to have been generated from a more recent bind
tree in which `ns_g_lctx` was renamed `named_g_lctx`. So the
patch uses the `named_g_lctx` name, but the rest of server.c
in bind-9.11 still uses the name `ns_g_lctx`, so if you compile
with --disable-crypto-rand, the build actually fails with an
undeclared name error.
4724. [func] By default, BIND now uses the random number
functions provided by the crypto library (i.e.,
OpenSSL or a PKCS#11 provider) as a source of
randomness rather than /dev/random. This is
suitable for virtual machine environments
which have limited entropy pools and lack
hardware random number generators.
This can be overridden by specifying another
entropy source via the "random-device" option
in named.conf, or via the -r command line option;
however, for functions requiring full cryptographic
strength, such as DNSSEC key generation, this
cannot be overridden. In particular, the -r
command line option no longer has any effect on
dnssec-keygen.
This can be disabled by building with
"configure --disable-crypto-rand".
[RT #31459] [RT #46047]