error when removing expired key files
Gordon Messmer
gordon.messmer at gmail.com
Sat May 6 21:45:42 UTC 2017
I'm working on a script that automatically renews DNS keys:
https://bitbucket.org/gordonmessmer/update-dns-keys/src
After new keys are introduced, and after the old key has expired, the
old keys are removed (at job, lines 122 and 123). When the expired keys
are removed from the filesystem, named begins to complain:
zone dragonsdawn.net/IN/local_resolver (signed): Key
dragonsdawn.net/RSASHA256/37038 missing or inactive and has no
replacement: retaining signatures.
I've tried running "rndc loadkeys '$zone' in public" afterward, but
named continues to log that error. What's the expected behavior for
handling expired keys? Can we not remove them until the server is
restarted (which does clear the error)?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170506/2d8ed6d6/attachment.html>
More information about the bind-users
mailing list