What is the right way ... or maybe I should be asking IS there a right way ... to change a zone that has been signed by inline signing (i.e. with "inline-signing yes; auto-dnssec maintain;" in it zone statement) to unsigned?
When I change the zone statement to remove the inline signing part, and update the SOA serial in the zone file for good measure, and then do either "rndc reload" or "rndc reconfig", I get messages like named[22954]: general: error: zone playground.test/IN: journal rollforward failed: journal out of sync with zone named[22954]: general: error: zone playground.test/IN: not loaded due to errors. and the zone goes into SERVFAIL state. The only way I found out of this was to remove the [zone-file].signed and [zone-file].signed.jnl files manually, and *then* do "rndc reconfig". Surely there must be something better than that? -- Chris Thompson Email: c...@cam.ac.uk _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
