How to remove all signatures from zonefile (inline signing trouble after upgrading to 9.20)
Crist Clark
cjc+bind-users at pumpky.net
Fri Dec 12 17:30:48 UTC 2025
Had the same question last May. Didn’t find a way with BIND tools,
https://lists.isc.org/mailman/htdig/bind-users/2025-May/109848.html
On Fri, Dec 12, 2025 at 7:56 AM Benoit Panizzon <benoit.panizzon at imp.ch>
wrote:
> Hi Team
>
> Of course I was also hit in the face be the inline-signing change when
> using dnssec policies.
>
> https://kb.isc.org/docs/bind-920-changes#runtime-configuration
>
> resulting in broken validation chains etc.
>
> I would like to start over with the affected signed zones.
>
> I made sure to commit all changes back to the file with rndc sync -clean
>
> And now I would like to start over by removing all signatures from the
> zone file and properly use inline-signing=yes with unsigned base files.
>
> dnssec-signzone can remove -Q inactive key or -R unpublished keys
>
> But I found no option to remove all signatures. How do I get to a
> pristine zone file without dnssec from a file with signatures?
>
> Mit freundlichen Grüssen
>
> -Benoît Panizzon-
> --
> I m p r o W a r e A G - Leiter Commerce Kunden
> ______________________________________________________
>
> Zurlindenstrasse 29
> <https://www.google.com/maps/search/Zurlindenstrasse+29?entry=gmail&source=g>
> Tel +41 61 826 93 00
> CH-4133 Pratteln Fax +41 61 826 93 01
> Schweiz Web http://www.imp.ch
> ______________________________________________________
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20251212/6089bc30/attachment.htm>
More information about the bind-users
mailing list