I'm working on a script that automatically renews DNS keys:
https://bitbucket.org/gordonmessmer/update-dns-keys/src
After new keys are introduced, and after the old key has expired, the
old keys are removed (at job, lines 122 and 123). When the expired keys
are removed from the filesystem, named begins to complain:
zone dragonsdawn.net/IN/local_resolver (signed): Key
dragonsdawn.net/RSASHA256/37038 missing or inactive and has no
replacement: retaining signatures.
I've tried running "rndc loadkeys '$zone' in public" afterward, but
named continues to log that error. What's the expected behavior for
handling expired keys? Can we not remove them until the server is
restarted (which does clear the error)?
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
