Groups | Search | Server Info | Keyboard shortcuts | Login | Register
Groups > comp.protocols.dns.bind > #16047
| From | Evan Hunt <each@isc.org> |
|---|---|
| Newsgroups | comp.protocols.dns.bind |
| Subject | Re: how to revert signed db zone file to unsgined plain text (remove dnssec keys) |
| Date | 2020-08-09 22:38 +0000 |
| Message-ID | <mailman.799.1597012681.942.bind-users@lists.isc.org> (permalink) |
| References | <9010d1a0-fc3c-3fc3-c94e-bfcae79fab57@powercraft.nl> <20200809025114.GA46379@isc.org> <26a3b5cb-f2a8-8bdc-b190-5216fbacd6c8@powercraft.nl> <20200809223844.GA56529@isc.org> |
On Sun, Aug 09, 2020 at 12:03:22PM +0200, Jelle de Jong wrote: > Thank you for your reply, there are still a lot of ; resign=20200802123322 > lines, but it does clean up a lot better, sorted on record type it would > become useful, ideas? > > Is there no clean named command to do this output? Everything starting with ";" is a comment. Run it through "named-compilezone" again, perhaps with "-s relative" this time (I used "-s full" before because it makes processing with awk easier). The result should be be free of comments and canonically sorted. "named" can do this automatically if you dynamically update a zone and remove the DNSKEY rrset. I think "dnssec-signzone -SPRQ" would do it if you marked the keys as deleted with "dnssec-settime" first; I haven't tested this, but it should. But I think the awk trick is probably the most straightforward way. -- Evan Hunt -- each@isc.org Internet Systems Consortium, Inc.
Back to comp.protocols.dns.bind | Previous | Next | Find similar
Re: how to revert signed db zone file to unsgined plain text (remove dnssec keys) Evan Hunt <each@isc.org> - 2020-08-09 22:38 +0000
csiph-web