[BIND] RE: KSK Rollover

Mark Elkins mje at posix.co.za
Fri Sep 7 17:05:09 UTC 2018

I'm aware of: rndc managed-keys status
I'm also aware of:  rndc secroots -

(a Hypen at the end of "rndc secroots" will send output to stdout)

I'm just not sure how long the 'hyphen' argument has been around for but
vaguely remember a similar discussion from long ago.
It looks like someone else also asked the same question but wasn't
allowed to change the default behaviour. :-(

So, if you are having issues running "rndc secroots", a quick suggestion
would be to try appending a 'hyphen' ('-') as an additional argument and
see if that helps.

On 09/07/2018 06:46 PM, Tony Finch wrote:
> Mark Elkins <mje at posix.co.za> wrote:
>> I kinda also wonder why the command simply doesn't output to stdout by
>> default.
> Historical reasons :-) BIND 9.11 and later have `rndc managed-keys` which
> is rather more user-friendly. I get the impression that the root rollover
> guides are using `rndc secroots` because that works in all the versions
> that support RFC 5011 so it ends up being simpler to explain.
> Tony.

Mark James ELKINS  -  Posix Systems - (South) Africa
mje at posix.co.za       Tel: +27.128070590  Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za

More information about the bind-users mailing list