[Pdns-users] Do I need to run pdnssec <something> when removing a zone?
Peter van Dijk
peter.van.dijk at powerdns.com
Mon Mar 2 10:02:21 UTC 2015
Hello Nick,
On 27 Feb 2015, at 19:27 , Nick Williams <nicholas at nicholaswilliams.net> wrote:
> I've recently enabled DNSSEC with the MySQL backend. I'm using the MySQL Backend for everything (including storage of zones/records). If I remove a zone completely from the MySQL domains/records tables (all data deleted), do I need to also A) Run pdnssec <something>, B) delete anything else from MySQL, or C) both?
You could (A) use pdnssec to remove the keys, unset nsec3, etc., but it would be tedious yet non-exhaustive. Instead, if you’re doing DELETEs in MySQL anyway, clean out domainmetadata and cryptokeys based on the domain_id - and while you’re at it, perhaps clean up in the comments table as well.
Kind regards,
--
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
More information about the Pdns-users
mailing list