[Opendnssec-user] Trying to purge a key with "unknown key state"

Paul Wouters paul at nohats.ca
Tue Jan 8 20:03:23 UTC 2013

On Tue, 8 Jan 2013, Siôn Lloyd wrote:

>> The problem is that this key is still showing up in the signconf XML
>> file, and is re-introduced when running ods-ksmutl update all.  But it
>> has a wrong algorithm, and it just needs to vanish completely, as it is
>> just breaking the signerd (which also dies upon encountering this)
>> Is there a way to force deletion without knowing the state of the key?
> No; at least not without running SQL against the kasp database... (The
> theory is that we do not want to delete keys if we are not certain that
> they are not being used somewhere else.)
> Does the key show up in a key list command?

Yes it does, and it is also written into the signconf XML. I need this
key to completely vanish to prevent the signer from crashing.


More information about the Opendnssec-user mailing list