Re: inactivating and deleting DNSSEC keys

2013-10-09 Thread David Newman
On 10/9/13 1:24 PM, Mark Andrews wrote: >> In UTC terms, we've already passed the key's deletion date. Can I >> retroactively extend the key's deletion date? > > Yes. The files are not removed. You will need to tell named to re-read > the .private file using "rndc signzone" after setting the ti

Re: inactivating and deleting DNSSEC keys

2013-10-09 Thread Mark Andrews
In message <525590bd.8030...@networktest.com>, David Newman writes: > > > On 10/8/13 5:54 PM, Mark Andrews wrote: > > In message <52548a5d.3070...@networktest.com>, David Newman writes: > >> bind 9.9.4 > >> > >> How to troubleshoot issues when keys are supposed to be invalidated or > >> deleted

Re: inactivating and deleting DNSSEC keys

2013-10-09 Thread David Newman
On 10/8/13 5:54 PM, Mark Andrews wrote: > In message <52548a5d.3070...@networktest.com>, David Newman writes: >> bind 9.9.4 >> >> How to troubleshoot issues when keys are supposed to be invalidated or >> deleted on specific dates, but aren't? >> >> In this case, a KSK was supposed to be inactivat

Re: inactivating and deleting DNSSEC keys

2013-10-08 Thread Mark Andrews
In message <52548a5d.3070...@networktest.com>, David Newman writes: > bind 9.9.4 > > How to troubleshoot issues when keys are supposed to be invalidated or > deleted on specific dates, but aren't? > > In this case, a KSK was supposed to be inactivated on 29 September 2013 > and deleted on 9 Octo

Re: inactivating and deleting DNSSEC keys

2013-10-08 Thread David Newman
On 10/8/13 3:51 PM, Alan Clegg wrote: > > On Oct 8, 2013, at 6:42 PM, David Newman > wrote: > >> bind 9.9.4 >> >> How to troubleshoot issues when keys are supposed to be >> invalidated or deleted on specific dates, but aren't? >> >> In this case, a KSK was supposed to be inactivated on 29 >

Re: inactivating and deleting DNSSEC keys

2013-10-08 Thread Alan Clegg
On Oct 8, 2013, at 6:51 PM, Alan Clegg wrote: > On Oct 8, 2013, at 6:42 PM, David Newman wrote: >> >> Problem is, dig says the key is still active, and will be until 29 >> October 2013: >> >> $ dig networktest.com @localhost +multi rrsig | grep 56989 >> >> 201310

Re: inactivating and deleting DNSSEC keys

2013-10-08 Thread Alan Clegg
On Oct 8, 2013, at 6:42 PM, David Newman wrote: > bind 9.9.4 > > How to troubleshoot issues when keys are supposed to be invalidated or > deleted on specific dates, but aren't? > > In this case, a KSK was supposed to be inactivated on 29 September 2013 > and deleted on 9 October 2013. > > Fro

inactivating and deleting DNSSEC keys

2013-10-08 Thread David Newman
bind 9.9.4 How to troubleshoot issues when keys are supposed to be invalidated or deleted on specific dates, but aren't? In this case, a KSK was supposed to be inactivated on 29 September 2013 and deleted on 9 October 2013. >From the .key file: ; This is a key-signing key, keyid 56989, for netw