> So, is there: > A: an easy way to figure out what keyfiles are no longer being used / > referenced? > B: a simpler way to recover from this when one *does* make a boo boo?
What a fun evening. For the sake of interest, which version of bind is in use? With regard to item A, how about executing the following from your key directory: for f in *.private; do echo; echo $f; dnssec-settime -p all "$f"; done Any key file for which the Inactive time is in the past would not be needed for signing. Bind would publish it in the zone if the key file were present and the Delete time were in the future (and the Publish time in the past). Any key for which the Delete time is in the past would not need to be retained in the key directory, as it would not be needed for publication or signing. With regard to B, I don't understand why restoring the deleted key files didn't fix the problem, and so will leave further comment to the experts. Jeffry A. Spain Network Administrator Cincinnati Country Day School _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
