DNSSEC: recover from missing keys

Klaus Darilion klaus.mailinglists at pernau.at
Fri May 16 14:26:20 UTC 2014


During rollover testing I quite often delete keys without properly
settings the timestamps in the keys - it is testing only.

This leads to such errors:

error reading private key file example.com/NSEC3RSASHA1/64337: file not

To recover and restart my testing I:
- remove the zone from the config
- rndc reconfig
- delete the signed zone and journal files
- ad the zone to the config
- rndc reconfig

This works but is cumbersome. Is there a method to instruct Bind to just
remove all references to the missing keys and start a fresh signing with
the existing keys?


More information about the bind-users mailing list