> So, can I just remove the Revoke line (is there an option in
> dnssec-settime to do this?)
"dnssec-settime -R none" can do that. But I gather the key has already
had its REVOKE flag set in the zone, so if you want to get things back to
the status quo, you probably want to purge and restore the key. Something
like this ought to work:
dnssec-settime -R none -I now -D now <key>
rndc loadkeys ksu.edu
sleep 1
dnssec-settime -I <original time> -D <original time> <key>
rndc loadkeys ksu.edu
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
