Re: AW: Bind 9, dnssec, and .key .private files physical deletion after the key id becomes deleted from zone (the key becomes outdated)

Hi!! Thanks a lot for your answer!! I tried before the fact of renaming back and rndc sign... but does not work just has removed the error from the log I have changed my key managing code, for not renaming to "-OLD" the ZSK (.key and .private) until have passed at least 2 days from

Re: AW: Bind 9, dnssec, and .key .private files physical deletion after the key id becomes deleted from zone (the key becomes outdated)

egoitz--- via bind-users wrote: > > These are the contents of a cat of the private file I have renamed to > samename.private-OLD : > > Created: 20211031230338 > Publish: 2020220241 > Activate: 2020220341 > Inactive: 20211215230338 > Delete: 20211217230338 Yes, it can be confusing when

Re: AW: Bind 9, dnssec, and .key .private files physical deletion after the key id becomes deleted from zone (the key becomes outdated)

Hi! In the "Bump in wire" dns machine, have finally ended up by fixing the errors. For that purpose I have done a : In the directory of the zone file : - rename the own zonefile to zonefile-NO - rename the zonefile.jbk to zonefile.jbk-NO - rename the zonefile.jnl to zonefile.jnl-NO -

Re: AW: Bind 9, dnssec, and .key .private files physical deletion after the key id becomes deleted from zone (the key becomes outdated)

If you return the -OLD files to it's before name (without -OLD) and you make changes to the zone or perform rndc loadkeys of the zone, error dissapear but still the DNSKEY become outdated Any ideas mates? El 2022-01-24 16:12, ego...@ramattack.net escribió: > I think the problem is that if

Re: AW: Bind 9, dnssec, and .key .private files physical deletion after the key id becomes deleted from zone (the key becomes outdated)

I think the problem is that if you do a : dig +multi @dnssecserver thedomain.thetld dnskey +dnssec | grep 44526 You then see still that key id exists in DNSKEY records (and an RRSIG of that ZSK, the 44526, but outdated). But I don't really understand why because you see the delete date

Re: AW: Bind 9, dnssec, and .key .private files physical deletion after the key id becomes deleted from zone (the key becomes outdated)

In fact... in a domain for whom I have seen these errors, it's arguing about key id 44526 (it's private file) saying "File not found". But if I perform an axfr request of the signed zone with pipe grep the key id, no matches appear... so should not exist rrsigs for that key These are the

Re: AW: Bind 9, dnssec, and .key .private files physical deletion after the key id becomes deleted from zone (the key becomes outdated)

Hi Klaus, Thank you so much for your answer but when Bind deletes a key from a zone, if I remember correctly, there should not be any rrsig still active, signed previously by the deleted key. Isn't it?. So I assume in that case, I should be doing it properly but still see these messages. Am I

AW: Bind 9, dnssec, and .key .private files physical deletion after the key id becomes deleted from zone (the key becomes outdated)

IIRC, Bind needs the key as long as there are signatures in the zone generated by this key. After key deactivation I waited the RRSIG lifetime before deleting them. regards Klaus Von: bind-users Im Auftrag von egoitz--- via bind-users Gesendet: Montag, 24. Jänner 2022 13:00 An: