Can't get rid of key

Alan Batie alan at peak.org
Wed Mar 11 01:06:58 UTC 2020 

On 3/10/20 5:51 PM, Mark Andrews wrote:
> So what do you still have related to the zone?  Have you examined the
> contents of those files?  Some of them may be binary so grep won’t work.
> Are you actually looking in the right place.  Are you running chroot?
> Did you really stop named?  How is the zone defined in named.conf?

Not chrooted; a dedicated vm; nothing references oldkeys - it didn't
even exist until I ran into this problem (nothing references those
subdirs either, but they were in the keys dir)

<ns6.peak.org> [283] # pwd
/var/named
<ns6.peak.org> [284] # find . -name cascocom.com
./slaves/cascocom.com
<ns6.peak.org> [285] # find . -name *cascocom.com*
./oldkeys/sha1/Kcascocom.com.+005+09675.key
./oldkeys/sha1/Kcascocom.com.+005+09675.private
./oldkeys/new/Kcascocom.com.+008+65509.private
./oldkeys/new/Kcascocom.com.+008+65509.key
./oldkeys/new/Kcascocom.com.+008+20544.private
./oldkeys/new/Kcascocom.com.+008+20544.key
./oldkeys/old/Kcascocom.com.+008+28998.key
./oldkeys/old/Kcascocom.com.+008+28998.private
./oldkeys/old/Kcascocom.com.+008+30841.key
./oldkeys/old/Kcascocom.com.+008+30841.private
./slaves/cascocom.com.signed
./slaves/cascocom.com
./slaves/cascocom.com.jbk
<ns6.peak.org> [286] # rm slaves/cascocom.com.*
<ns6.peak.org> [287] # ls slaves/cascocom*
slaves/cascocom.com
<ns6.peak.org> [288] # systemctl stop named
<ns6.peak.org> [289] # ps ax | grep named
15709 pts/0    S+     0:00 grep --color=auto named
<ns6.peak.org> [290] # systemctl start named
<ns6.peak.org> [291] # ls slaves/cascocom*
slaves/cascocom.com  slaves/cascocom.com.jbk  slaves/cascocom.com.signed
<ns6.peak.org> [292] # named-compilezone -f raw -F text -o -
cascocom.com slaves/cascocom.com.signed | head
zone cascocom.com/IN: loaded serial 2019125927 (DNSSEC signed)
OK
cascocom.com.				      3600 IN SOA	ns1.peak.org. hostmaster.peak.org.
2019125927 900 900 604800 3600
cascocom.com.				      3600 IN RRSIG	SOA 8 2 3600 20200410002937
20200310232937 28998 cascocom.com.
RTQDpWGWipSbvKpqCdqa1WCSikgpc2rXqBMxOY3Hi7cIseem7Uj1lL4K
XMu/FoXBJ2sz5wsBHb9zE0O777lJMlHszoP/0o1s22mB+spygR+zW/n4
+rWt/jvWHBQWhHF1Q3K/LDz0KeaV77xSkBqPOgABbKkeRa4QxCqPVk+t jDk=
; resign=20200410002937
cascocom.com.				      3600 IN NS	ns1.peak.org.
cascocom.com.				      3600 IN NS	ns2.peak.org.
cascocom.com.				      3600 IN RRSIG	NS 5 2 3600 20200406201546
20200307200000 9675 cascocom.com.
XDSu5nNT3aXHUVfuEYa5ALokVZsXbXcKkAxjfoxXpdMTRi0YcxZ3za+1
pTBzu1DcLyC1c8h3W6GI3fHCTfrahQRR1kJ1rKKoS+6xfGqwqsR+qQmZ
aylUrUFt+VUePeOsVS0MkYorK32GNIc3yYdPItvZcT4DAGp2s+3UsqsU dL4=
cascocom.com.				      3600 IN RRSIG	NS 8 2 3600 20200409003642
20200310001739 28998 cascocom.com.
tfzUe76szQARBfTIYzfPFf8X8jPBd/6+Xe/h+y85OYC6TbcpsJLEDQRI
D9SnpTv8odEmzm+Tj+0jrR5+MXPNrw/Mn2u3tTZGzwlBNROpptdGBdGB
OoclVgDl0HXOpuKD1GfjO1o5hdoGjMvUNtV0Eb5UNuSEq8qq5KOgMtyR jRI=
; resign=20200406201546
cascocom.com.				      3600 IN A		207.55.17.191
cascocom.com.				      3600 IN RRSIG	A 5 2 3600 20200406201546
20200307200000 9675 cascocom.com.
Qv0dFWG7AW/zjXz+rFh9O+o98KDP3LvuLfXM10/zZomRuz/s1MZ591OO
c1Py7/GEK7r6xIwl9PUgd5/4alZWYm5sl/kjqpTHkbADsp04LqzQcRwY
EMdrGuRuRe9eAJhDcBD306s0xoeceyNRKPZGbPSZKiCMQxjdhteL8toL rj0=

zone "cascocom.com" {
        type slave;
        file "/var/named/slaves/cascocom.com";
        masters {
                2607:f678::52;
        };

        key-directory "/var/named/keys";
        auto-dnssec maintain;
        inline-signing yes;
};



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4036 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200310/37cb805a/attachment-0001.bin>

More information about the bind-users mailing list