key dir massive
Edwardo Garcia
wdgarc88 at gmail.com
Thu Dec 22 04:01:40 UTC 2022
Hi,
I recently upgraded from 9.16 to latest version and changed a zone, ran
verisign test and it said all good, so changed my zones from auto maintain
dnssec to dnssec policy default, what a nightmare, most our zones vanished
few hours later for a day, and it create new keys for everything, this bug
i saw was fixed many versions ago, should it not see my have keys and
re-use them (keys were made a year ago on current at the time v9.11, we
upgrade to 9.16 in July and no issue till these option name change rubbish.
I was warned by colleagues not to do this as they too say migration
nightmares, but I am my own person and now I regret not listening their
advise.
Now I think is under control, once identifying the current key set, is it
safe to manually delete all the others keys privates and states, except the
current one, and will any of that DS change again?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20221222/8cf4ef3e/attachment.htm>
More information about the bind-users
mailing list