[Opendnssec-user] odd-enforce zapping domains
David Peall
david at dnservices.co.za
Mon Sep 26 11:05:57 UTC 2016
Hi
I’ve been looking around I’m using the following to extract the DNSKEY values out of the HSM and match them to the zone files so I can re link them in the database.
KSK - ods-hsmutil dnskey <id> test 257 8
ZSK - ods-hsmutil dnskey <id> test 257 8
The rest of the database looks fairly straight forward if there is any heads up I’d appreciate it.
Regards
—
David Peall
> On 26 Sep 2016, at 12:30 PM, David Peall <david at dnservices.co.za> wrote:
>
> Hi
>
> Is it possible to rebuild the database for 3 zones that were delete from the database. ods-signer is still signing the 3 domains:
>
> ods-signer zones
> There are 3 zones configured
> - 1
> - 2
> - 3
>
> ods-enforcer zone list
> Database set to: opendnssec
> No zones in database.
> zone list completed in 0 seconds.
>
> Keys are still in the HSM.
>
> I need to keep the KSK at minimum the ZSK and RRSIG records can be re-generated.
>
> Regards
> —
> David Peall
>
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20160926/81f389ad/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4354 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20160926/81f389ad/attachment.bin>
More information about the Opendnssec-user
mailing list