Can't get rid of key

Mark Andrews marka at isc.org
Wed Mar 11 01:31:13 UTC 2020


and the content of /var/named/keys are?

> On 11 Mar 2020, at 12:06, Alan Batie <alan at peak.org> wrote:
> 
> On 3/10/20 5:51 PM, Mark Andrews wrote:
>> So what do you still have related to the zone?  Have you examined the
>> contents of those files?  Some of them may be binary so grep won’t work.
>> Are you actually looking in the right place.  Are you running chroot?
>> Did you really stop named?  How is the zone defined in named.conf?
> 
> Not chrooted; a dedicated vm; nothing references oldkeys - it didn't
> even exist until I ran into this problem (nothing references those
> subdirs either, but they were in the keys dir)
> 
> <ns6.peak.org> [283] # pwd
> /var/named
> <ns6.peak.org> [284] # find . -name cascocom.com
> ./slaves/cascocom.com
> <ns6.peak.org> [285] # find . -name *cascocom.com*
> ./oldkeys/sha1/Kcascocom.com.+005+09675.key
> ./oldkeys/sha1/Kcascocom.com.+005+09675.private
> ./oldkeys/new/Kcascocom.com.+008+65509.private
> ./oldkeys/new/Kcascocom.com.+008+65509.key
> ./oldkeys/new/Kcascocom.com.+008+20544.private
> ./oldkeys/new/Kcascocom.com.+008+20544.key
> ./oldkeys/old/Kcascocom.com.+008+28998.key
> ./oldkeys/old/Kcascocom.com.+008+28998.private
> ./oldkeys/old/Kcascocom.com.+008+30841.key
> ./oldkeys/old/Kcascocom.com.+008+30841.private
> ./slaves/cascocom.com.signed
> ./slaves/cascocom.com
> ./slaves/cascocom.com.jbk
> <ns6.peak.org> [286] # rm slaves/cascocom.com.*
> <ns6.peak.org> [287] # ls slaves/cascocom*
> slaves/cascocom.com
> <ns6.peak.org> [288] # systemctl stop named
> <ns6.peak.org> [289] # ps ax | grep named
> 15709 pts/0    S+     0:00 grep --color=auto named
> <ns6.peak.org> [290] # systemctl start named
> <ns6.peak.org> [291] # ls slaves/cascocom*
> slaves/cascocom.com  slaves/cascocom.com.jbk  slaves/cascocom.com.signed
> <ns6.peak.org> [292] # named-compilezone -f raw -F text -o -
> cascocom.com slaves/cascocom.com.signed | head
> zone cascocom.com/IN: loaded serial 2019125927 (DNSSEC signed)
> OK
> cascocom.com.				      3600 IN SOA	ns1.peak.org. hostmaster.peak.org.
> 2019125927 900 900 604800 3600
> cascocom.com.				      3600 IN RRSIG	SOA 8 2 3600 20200410002937
> 20200310232937 28998 cascocom.com.
> RTQDpWGWipSbvKpqCdqa1WCSikgpc2rXqBMxOY3Hi7cIseem7Uj1lL4K
> XMu/FoXBJ2sz5wsBHb9zE0O777lJMlHszoP/0o1s22mB+spygR+zW/n4
> +rWt/jvWHBQWhHF1Q3K/LDz0KeaV77xSkBqPOgABbKkeRa4QxCqPVk+t jDk=
> ; resign=20200410002937
> cascocom.com.				      3600 IN NS	ns1.peak.org.
> cascocom.com.				      3600 IN NS	ns2.peak.org.
> cascocom.com.				      3600 IN RRSIG	NS 5 2 3600 20200406201546
> 20200307200000 9675 cascocom.com.
> XDSu5nNT3aXHUVfuEYa5ALokVZsXbXcKkAxjfoxXpdMTRi0YcxZ3za+1
> pTBzu1DcLyC1c8h3W6GI3fHCTfrahQRR1kJ1rKKoS+6xfGqwqsR+qQmZ
> aylUrUFt+VUePeOsVS0MkYorK32GNIc3yYdPItvZcT4DAGp2s+3UsqsU dL4=
> cascocom.com.				      3600 IN RRSIG	NS 8 2 3600 20200409003642
> 20200310001739 28998 cascocom.com.
> tfzUe76szQARBfTIYzfPFf8X8jPBd/6+Xe/h+y85OYC6TbcpsJLEDQRI
> D9SnpTv8odEmzm+Tj+0jrR5+MXPNrw/Mn2u3tTZGzwlBNROpptdGBdGB
> OoclVgDl0HXOpuKD1GfjO1o5hdoGjMvUNtV0Eb5UNuSEq8qq5KOgMtyR jRI=
> ; resign=20200406201546
> cascocom.com.				      3600 IN A		207.55.17.191
> cascocom.com.				      3600 IN RRSIG	A 5 2 3600 20200406201546
> 20200307200000 9675 cascocom.com.
> Qv0dFWG7AW/zjXz+rFh9O+o98KDP3LvuLfXM10/zZomRuz/s1MZ591OO
> c1Py7/GEK7r6xIwl9PUgd5/4alZWYm5sl/kjqpTHkbADsp04LqzQcRwY
> EMdrGuRuRe9eAJhDcBD306s0xoeceyNRKPZGbPSZKiCMQxjdhteL8toL rj0=
> 
> zone "cascocom.com" {
>        type slave;
>        file "/var/named/slaves/cascocom.com";
>        masters {
>                2607:f678::52;
>        };
> 
>        key-directory "/var/named/keys";
>        auto-dnssec maintain;
>        inline-signing yes;
> };
> 
> 
> 

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org



More information about the bind-users mailing list