[Opendnssec-user] Trying to purge a key with "unknown key state"
Paul Wouters
paul at nohats.ca
Tue Jan 8 20:03:23 UTC 2013
On Tue, 8 Jan 2013, Siôn Lloyd wrote:
>> The problem is that this key is still showing up in the signconf XML
>> file, and is re-introduced when running ods-ksmutl update all. But it
>> has a wrong algorithm, and it just needs to vanish completely, as it is
>> just breaking the signerd (which also dies upon encountering this)
>> Is there a way to force deletion without knowing the state of the key?
>>
>
> No; at least not without running SQL against the kasp database... (The
> theory is that we do not want to delete keys if we are not certain that
> they are not being used somewhere else.)
>
> Does the key show up in a key list command?
Yes it does, and it is also written into the signconf XML. I need this
key to completely vanish to prevent the signer from crashing.
Paul
More information about the Opendnssec-user
mailing list