Can't get rid of key
Mark Andrews
marka at isc.org
Wed Mar 11 01:31:13 UTC 2020
and the content of /var/named/keys are?
> On 11 Mar 2020, at 12:06, Alan Batie <alan at peak.org> wrote:
>
> On 3/10/20 5:51 PM, Mark Andrews wrote:
>> So what do you still have related to the zone? Have you examined the
>> contents of those files? Some of them may be binary so grep won’t work.
>> Are you actually looking in the right place. Are you running chroot?
>> Did you really stop named? How is the zone defined in named.conf?
>
> Not chrooted; a dedicated vm; nothing references oldkeys - it didn't
> even exist until I ran into this problem (nothing references those
> subdirs either, but they were in the keys dir)
>
> <ns6.peak.org> [283] # pwd
> /var/named
> <ns6.peak.org> [284] # find . -name cascocom.com
> ./slaves/cascocom.com
> <ns6.peak.org> [285] # find . -name *cascocom.com*
> ./oldkeys/sha1/Kcascocom.com.+005+09675.key
> ./oldkeys/sha1/Kcascocom.com.+005+09675.private
> ./oldkeys/new/Kcascocom.com.+008+65509.private
> ./oldkeys/new/Kcascocom.com.+008+65509.key
> ./oldkeys/new/Kcascocom.com.+008+20544.private
> ./oldkeys/new/Kcascocom.com.+008+20544.key
> ./oldkeys/old/Kcascocom.com.+008+28998.key
> ./oldkeys/old/Kcascocom.com.+008+28998.private
> ./oldkeys/old/Kcascocom.com.+008+30841.key
> ./oldkeys/old/Kcascocom.com.+008+30841.private
> ./slaves/cascocom.com.signed
> ./slaves/cascocom.com
> ./slaves/cascocom.com.jbk
> <ns6.peak.org> [286] # rm slaves/cascocom.com.*
> <ns6.peak.org> [287] # ls slaves/cascocom*
> slaves/cascocom.com
> <ns6.peak.org> [288] # systemctl stop named
> <ns6.peak.org> [289] # ps ax | grep named
> 15709 pts/0 S+ 0:00 grep --color=auto named
> <ns6.peak.org> [290] # systemctl start named
> <ns6.peak.org> [291] # ls slaves/cascocom*
> slaves/cascocom.com slaves/cascocom.com.jbk slaves/cascocom.com.signed
> <ns6.peak.org> [292] # named-compilezone -f raw -F text -o -
> cascocom.com slaves/cascocom.com.signed | head
> zone cascocom.com/IN: loaded serial 2019125927 (DNSSEC signed)
> OK
> cascocom.com. 3600 IN SOA ns1.peak.org. hostmaster.peak.org.
> 2019125927 900 900 604800 3600
> cascocom.com. 3600 IN RRSIG SOA 8 2 3600 20200410002937
> 20200310232937 28998 cascocom.com.
> RTQDpWGWipSbvKpqCdqa1WCSikgpc2rXqBMxOY3Hi7cIseem7Uj1lL4K
> XMu/FoXBJ2sz5wsBHb9zE0O777lJMlHszoP/0o1s22mB+spygR+zW/n4
> +rWt/jvWHBQWhHF1Q3K/LDz0KeaV77xSkBqPOgABbKkeRa4QxCqPVk+t jDk=
> ; resign=20200410002937
> cascocom.com. 3600 IN NS ns1.peak.org.
> cascocom.com. 3600 IN NS ns2.peak.org.
> cascocom.com. 3600 IN RRSIG NS 5 2 3600 20200406201546
> 20200307200000 9675 cascocom.com.
> XDSu5nNT3aXHUVfuEYa5ALokVZsXbXcKkAxjfoxXpdMTRi0YcxZ3za+1
> pTBzu1DcLyC1c8h3W6GI3fHCTfrahQRR1kJ1rKKoS+6xfGqwqsR+qQmZ
> aylUrUFt+VUePeOsVS0MkYorK32GNIc3yYdPItvZcT4DAGp2s+3UsqsU dL4=
> cascocom.com. 3600 IN RRSIG NS 8 2 3600 20200409003642
> 20200310001739 28998 cascocom.com.
> tfzUe76szQARBfTIYzfPFf8X8jPBd/6+Xe/h+y85OYC6TbcpsJLEDQRI
> D9SnpTv8odEmzm+Tj+0jrR5+MXPNrw/Mn2u3tTZGzwlBNROpptdGBdGB
> OoclVgDl0HXOpuKD1GfjO1o5hdoGjMvUNtV0Eb5UNuSEq8qq5KOgMtyR jRI=
> ; resign=20200406201546
> cascocom.com. 3600 IN A 207.55.17.191
> cascocom.com. 3600 IN RRSIG A 5 2 3600 20200406201546
> 20200307200000 9675 cascocom.com.
> Qv0dFWG7AW/zjXz+rFh9O+o98KDP3LvuLfXM10/zZomRuz/s1MZ591OO
> c1Py7/GEK7r6xIwl9PUgd5/4alZWYm5sl/kjqpTHkbADsp04LqzQcRwY
> EMdrGuRuRe9eAJhDcBD306s0xoeceyNRKPZGbPSZKiCMQxjdhteL8toL rj0=
>
> zone "cascocom.com" {
> type slave;
> file "/var/named/slaves/cascocom.com";
> masters {
> 2607:f678::52;
> };
>
> key-directory "/var/named/keys";
> auto-dnssec maintain;
> inline-signing yes;
> };
>
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list