[Opendnssec-user] Removing old keys and policies
Julian Brost
julian at 0x4a42.net
Sat Aug 19 15:07:54 UTC 2017
Hi,
I'm currently running OpenDNSSEC 2.1.3 and after some experimenting, I
now want to remove some old policies and keys. Some of the testing has
already been done using version 1.4 or 2.0 and the installation was
upgraded.
When I try to remove the old policy "lab2", I get this error:
# ods-enforcer policy import -r
[...]
Unable to delete policy lab2, there are still hsm keys using this policy!
However, there is no zone left using that policy and trying to purge its
keys doesn't succeed either:
# ods-enforcer key purge -p lab2
No zones on policy lab2
No keys to purge
What's the best way to proceed in this situation? Are there any tools
that can help me? Is it safe to manually remove keys from the table
"hsmKey" in the database after stopping OpenDNSSEC?
Regards,
Julian
More information about the Opendnssec-user
mailing list