[Opendnssec-develop] Key necromancy?

Siôn Lloyd sion at nominet.org.uk
Wed Sep 7 14:39:50 UTC 2011

On 07/09/11 14:47, Jakob Schlyter wrote:
> During the training, the following events could be observed:
> - Add a new zone
> - Add keys (broken keys, so student changes his mind)
> - Remove zone to start over. Keys gone.
> - Add zone again
> - Import new keys (old keys gone, new set of keys looking good)
> ... wait a while ...
> - Old keys suddenly resurrected and associated with zone.
> oops?

Certainly seems like an oops.

Is this all within the enforcer (we are not looking at old copies of 

Currently we do not delete keys that are in the generate state, the 
theory being that they have never been published and so should be good 
for use with another zone. Is it these keys that are coming back?


More information about the Opendnssec-develop mailing list