do not stupidly delete ZSK files

[David Newman]

On 7/29/15 6:24 PM, Evan Hunt wrote:
> On Wed, Jul 29, 2015 at 05:56:20PM -0700, David Newman wrote:
>> 29-Jul-2015 17:18:19.439 general: warning:
>> dns_dnssec_keylistfromrdataset: error reading private key file
>> example.com/RSASHA256/36114: file not found
> 
> Delete that key from the DNSKEY rrset in the zone and reload.
> 
> If it's a dynamic zone, freeze it first, then edit the zone file,
> delete the key, increase the serial number, and thaw it.
> 
> If it's not dynamic, same instructions, but without the freezing
> and thawing.

Thanks very much.

It's a static zone. The zone file did not have the key in it.

I dumped the signed file like this:

named-compilezone -f raw -F text -o example.com.text example.com
example.com.db.signed

Then incremented the serial number and copied that over to the zone file
(after making a backup copy).

Same complaint in the log when reloading, though.

What else is required to get rid of this nonexistent key?

Thanks again

dn


in named.conf:

       zone "example.com" in {
                type master;
                file "dynamic/example.com/example.com.db";
                allow-query { any; };
                allow-transfer { external-xfer; };
                notify yes;
                key-directory "managed-keys/example.com";
                inline-signing yes;
                auto-dnssec maintain;
        };