[Opendnssec-user] Removing old keys and policies

Hoda Rohani hoda at nlnetlabs.nl
Mon Aug 21 07:37:19 UTC 2017


On 19-08-17 17:07, Julian Brost wrote:
> Hi,
> I'm currently running OpenDNSSEC 2.1.3 and after some experimenting, I
> now want to remove some old policies and keys. Some of the testing has
> already been done using version 1.4 or 2.0 and the installation was
> upgraded.
> When I try to remove the old policy "lab2", I get this error:
> # ods-enforcer policy import -r
> [...]
> Unable to delete policy lab2, there are still hsm keys using this policy!
> However, there is no zone left using that policy and trying to purge its
> keys doesn't succeed either:
> # ods-enforcer key purge -p lab2
> No zones on policy lab2
> No keys to purge

Didn't expect that.

> What's the best way to proceed in this situation? Are there any tools
> that can help me? Is it safe to manually remove keys from the table
> "hsmKey" in the database after stopping OpenDNSSEC?
I'd like to see your database. Is it possible to send it privately to me?

> Regards,
> Julian

Best regards,
Hoda Rohani

> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

More information about the Opendnssec-user mailing list