Firstly use dnssec-settime to manage the removal of the keys from the zone.
Named
periodically scans the key directory to see if a key has been marked to change
state.
Note a key should not be remove from a zone while there are still RRSIGs that
where
generated from it in the zone or in
Hi all,
I have several ZSKs in one zone, but only one is being
used for signing.
The others seem to be relicts from earlier rollovers.
I would like to delete the unused DNSKEY RRs via nsupdate,
but how can I identify a DNSKEY by label ?
The zone has not yet been converted to dnssec-policy but
2 matches
Mail list logo