On 02/22/2017 10:44 AM, Jakob Schlyter wrote:
>> how do you find/export the public key for a specified CKA_ID?
>
> You can't do that as each CKA_ID may be allocated to DNSKEY in different
> zones.
>
> jakob
Then I'm missing something ...
How _do_ you manually clean up a mis-published key from both observer & its
'match' in the ods DB?
E.g., if @ an external observer, I identify a DNSKEY I want removed,
dig DNSKEY example.com | grep 257
example.com. 300 IN DNSKEY 257 3 14 YJ9...
example.com. 300 IN DNSKEY 257 3 14
UWB... <====== WANT TO PURGE THIS KEY
Which one of these
ods-enforcer key list -d
Keys:
Zone: Key role: DS:
DNSKEY: RRSIGDNSKEY: RRSIG: Pub: Act: Id:
example.com KSK
unretentive omnipresent omnipresent NA 1 1 d2f...
example.com KSK
unretentive hidden hidden NA 0 0 9f1...
example.com KSK
unretentive hidden hidden NA 0 0 50d...
example.com KSK
unretentive hidden hidden NA 0 0 f90...
example.com KSK
unretentive hidden hidden NA 0 0 4f8...
example.com ZSK NA
hidden NA hidden 0 0 081...
example.com KSK rumoured
omnipresent omnipresent NA 1 1 850...
example.com ZSK NA
omnipresent NA unretentive 1 0 b5f...
example.com ZSK NA
omnipresent NA rumoured 1 1 853...
do I delete/purge ?
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
