ZSK rollover weirdness
Evan Hunt
each at isc.org
Fri Sep 6 22:30:39 UTC 2013
> So, can I just remove the Revoke line (is there an option in
> dnssec-settime to do this?)
"dnssec-settime -R none" can do that. But I gather the key has already
had its REVOKE flag set in the zone, so if you want to get things back to
the status quo, you probably want to purge and restore the key. Something
like this ought to work:
dnssec-settime -R none -I now -D now <key>
rndc loadkeys ksu.edu
sleep 1
dnssec-settime -I <original time> -D <original time> <key>
rndc loadkeys ksu.edu
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list