GitLab

I observe what for me is a slightly misleading diagnostic when BIND (9.16.4) deletes a revoked key from managed-keys.bind:

managed-keys-zone: Revoked key 53742 for zone . missing: deleting from managed keys database

It says missing, but in fact is isn't: 53742 is still in the zone:

.                       60 IN DNSKEY 385 3 8 (
                                AwEAAaCmQX9L+/G3j3wOJYG55AfUA3mSEl8sCpwU1X58
                                8fRVkvm9tjy00FXJFI6okAIerPOlnmNaV/s5ySY0wot9
                                O8c655G6ajbiwP55paE35oSOEZL+jAbW6/WRh9Y+Mxat
                                AhJAjmauVUQqWcEfZ61x9T4G91RevT5pXmwUGB/fVRTx
                                I8T3vdN2ycv45wHczGxqXYThel6R/V1RWHBQkqRZqqQV
                                tIfyPZz9risEtnhp6IzTJGBesDkIZVIsIc2DZ5g3FqBw
                                /Xr0SQiko06HiZIT4z29MTHrIbnrzvXQkejSBRQX+Nal
                                0sxFV7ZeXqMhmQWSiAhNuR4ypcRa7lhq57WDIM8=
                                ) ; revoked KSK; alg = RSASHA256 ; key id = 53742

I wonder whether something along the lines of

Revoked key 53742 for zone . is no longer required: deleting from managed keys database

would be clearer?