On 21 May 2014 10:24:23 BST, Klaus Darilion <klaus.mailingli...@pernau.at> wrote: >> Further, I see that sometimes there are no private records at all. >When >> does this happen? (I never called "rndc signing -clear") > >It seems that this happens when Bind is restarted. > >So, what is the suggested (and reliable) way for external tools to get >the signing status from Bind? I.e. if a key is still used for signing >or >can be deleted? > >Thanks >Klaus
We bodge this by axfr'ing the zone and parsing the rrsig to see which keys are generating which sigs (or not). Nasty and slow, but reliable, and also lets you look for signatures that haven't been regenerated on schedule. -- Sent from my phone with, please excuse brevity and typos _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
