egoitz--- via bind-users <bind-users@lists.isc.org> wrote:
>
> These are the contents of a cat of the private file I have renamed to
> samename.private-OLD :
>
> Created: 20211031230338
> Publish: 20211110220241
> Activate: 20211110220341
> Inactive: 20211215230338
> Delete: 20211217230338

Yes, it can be confusing when the state of the key files doesn't match the
state of the zone.

I think you said you have renamed all your key files back to their usual
non-OLD names. Good; that is necessary if named is still looking for a key
file even if it shouldn't need it any more.

Then, try running `rndc sign <zone>`, to make named reload the keys. I
think that should also get it to make whatever updates might be necessary.

Then look at the logs to see if there are errors, and look at the DNSKEY
RRset (with its RRSIGs) to make sure it matches what you expect.

If that doesn't get things straightened out then, um, dunno :-)

I guess it is possible to get into a muddle if you try to move a key out
of the way very soon after its delete time. By default, named does key
maintenance infrequently, so I guess if you move the key after its
deletion time but before the next key maintenance cycle, things will get
out of sync. But I have not checked whether my guess is right or not.

Tony.
-- 
f.anthony.n.finch  <d...@dotat.at>  https://dotat.at/
St Davids Head to Great Orme Head, including St Georges Channel:
Variable 2 to 4. Smooth or slight. Fair. Good.

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to