[Opendnssec-user] odd-enforce zapping domains
Hoda Rohani
hoda at nlnetlabs.nl
Mon Sep 26 11:45:32 UTC 2016
Hi David,
After deleting the zones in the enforcer, you need to run 'ods-signer update'. This command forces signer to get the updates, you won't see deleted zones in the signer's queue any more.
Yes, keys remain in the hsm. For deleting keys, you can issue 'ods-hsmutil remove id'.
Regards,
Hoda Rohani
From: Opendnssec-user [mailto:opendnssec-user-bounces at lists.opendnssec.org] On Behalf Of David Peall
Sent: Monday, September 26, 2016 12:31 PM
To: Opendnssec-user at lists.opendnssec.org List <opendnssec-user at lists.opendnssec.org>
Subject: [Opendnssec-user] odd-enforce zapping domains
Hi
Is it possible to rebuild the database for 3 zones that were delete from the database. ods-signer is still signing the 3 domains:
ods-signer zones
There are 3 zones configured
- 1
- 2
- 3
ods-enforcer zone list
Database set to: opendnssec
No zones in database.
zone list completed in 0 seconds.
Keys are still in the HSM.
I need to keep the KSK at minimum the ZSK and RRSIG records can be re-generated.
Regards
—
David Peall
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20160926/5a52facd/attachment.htm>
More information about the Opendnssec-user
mailing list