Hello, wow, that did the trick. I didn't think of this at all. It -after all- appeared to be VERY obvious. I don't know why I overlooked this possibilty.
THANK YOU! Am 20.06.2025 um 19:03 schrieb Crist Clark:
Do you have a <zonefile>.signed file that BIND created? To be 100%, shutdown named, kill that file, then restart. But removing the file and just doing an rndc reload on the zone may be enough. On Fri, Jun 20, 2025 at 7:20 AM Florian Piekert via bind-users <bind-users@lists.isc.org <mailto:bind-users@lists.isc.org>> wrote: Dear all, I have tried some faulty ways to setup dnssec for some of my domains about a month ago. This resulted in the creation of several ZSK, KSK and CSK dnssec keys (and files) until I got a configuration that actually was working as it should. Due to proper ignorance and non-knowledge I deleted those files somewhen in between while trying. After a while I got a correct working setup (using the default *facepalm*). Although I have then successfully managed to get the correct key setup into the DS with the root tld zones, I have mysterious DNSKEY entries on my bind installations for these particular domains that I do not seem to get rid of. I do not have the initially created key files anymore, they are nowhere referenced in bind configuration of the zones or anywhere in bind. I even deleted the /var/lib/bind/ directory contents of the master and secondaries, restarted all bind binaries. They are still there. And yes, I shutdown all binds, deleted the files, restarted them again. Still somewhere existing. How do I get these obsolete entries removed?
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
