How to remove all signatures from zonefile (inline signing trouble after upgrading to 9.20)
Benoit Panizzon
benoit.panizzon at imp.ch
Fri Dec 12 15:56:05 UTC 2025
Hi Team
Of course I was also hit in the face be the inline-signing change when
using dnssec policies.
https://kb.isc.org/docs/bind-920-changes#runtime-configuration
resulting in broken validation chains etc.
I would like to start over with the affected signed zones.
I made sure to commit all changes back to the file with rndc sync -clean
And now I would like to start over by removing all signatures from the
zone file and properly use inline-signing=yes with unsigned base files.
dnssec-signzone can remove -Q inactive key or -R unpublished keys
But I found no option to remove all signatures. How do I get to a
pristine zone file without dnssec from a file with signatures?
Mit freundlichen Grüssen
-Benoît Panizzon-
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________
More information about the bind-users
mailing list