[Pdns-users] Do I need to run pdnssec <something> when removing a zone?

Peter van Dijk peter.van.dijk at powerdns.com
Mon Mar 2 10:02:21 UTC 2015

Hello Nick,

On 27 Feb 2015, at 19:27 , Nick Williams <nicholas at nicholaswilliams.net> wrote:

> I've recently enabled DNSSEC with the MySQL backend. I'm using the MySQL Backend for everything (including storage of zones/records). If I remove a zone completely from the MySQL domains/records tables (all data deleted), do I need to also A) Run pdnssec <something>, B) delete anything else from MySQL, or C) both?

You could (A) use pdnssec to remove the keys, unset nsec3, etc., but it would be tedious yet non-exhaustive. Instead, if you’re doing DELETEs in MySQL anyway, clean out domainmetadata and cryptokeys based on the domain_id - and while you’re at it, perhaps clean up in the comments table as well.

Kind regards,
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/

More information about the Pdns-users mailing list