On 21.05.2014 12:39, Phil Mayers wrote: > On 21 May 2014 10:24:23 BST, Klaus Darilion <klaus.mailingli...@pernau.at> > wrote: >>> Further, I see that sometimes there are no private records at all. >> When >>> does this happen? (I never called "rndc signing -clear") >> >> It seems that this happens when Bind is restarted. >> >> So, what is the suggested (and reliable) way for external tools to get >> the signing status from Bind? I.e. if a key is still used for signing >> or >> can be deleted? >> >> Thanks >> Klaus > > We bodge this by axfr'ing the zone and parsing the rrsig to see which keys > are generating which sigs (or not). Nasty and slow, but reliable, and also > lets you look for signatures that haven't been regenerated on schedule.
That's actually what I wanted to avoid. I thought there will be an "API" or similar to get the signing status of the zone and thought that the private records will solve my troubles, but it seems I was wrong. I think I will do something similar - not nice if you have plenty of zones ... thanks Klaus _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
