dnssec remove keys from zone

Question

is there a way to remove all dnssec related stuff from a zone on a running bind server?

I configured bind like like here described.

If i use rndc signing -clear all domain.tld nothng happens to the zone.

If i delete the dnssec signed zone via rndc delzone domain.tld and recreate it via rndc addzone domain.tld ... , the domain.tld.jnl file with the related dnssec data will be automaticly recreated and the zone is dnssec signed again.

How can i remove all dnssec related data from a zone with rndc ?

score 1 · Accepted Answer · answered Dec 22 '15 at 08:07

(i use the inline-signing option to auto sign the zones in another file called {Zonename}.signed)

To remove all DNSSEC related Data of the Zone u have to remove the {ZoneName}.signed and {ZoneName}.jnl file of the Zone.

Remove also all the Key Files of the Zone (which should be in the keys - Directory) - otherwhise bind9 will autoresign the Zone.

After all the deletion it would be the clear way to rndc delzone {ZoneName} and reinititate the unsigned Zone with rndc addzone {Options without DNSSEC}

dnssec remove keys from zone

1 Answers1