Evan, Evan Hunt wrote: >> How do you manage "managed-keys"?
> BIND 9.7.2 will introduce a command "rndc secroots" that dumps > a list of the current trust anchors for each view to a file. Thanks, good to know. > To remove a key from managed-keys.bind, just remove the initial key > for that name from the managed-keys statement in named.conf and run > "rndc reconfig". Any keys found in managed-keys.bind that don't have > a matching key name in in named.conf are removed. Ok, that's good enough. BTW, does bind keep track of a trust anchor history, i.e. the chain from the configured initial key to the now current TA? Or does it just keep the 'last known good'? Gilles -- Fondation RESTENA - DNS-LU 6, rue Coudenhove-Kalergi L-1359 Luxembourg tel: (+352) 424409 fax: (+352) 422473 _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
