I set up my (authoritative) BIND nameserver for DNSSEC and installed one ZSK for my currently only zone. In order to test if I can use multiple ZSKs for a single zone, I generated a new key pair and copied that into the same folder like the first key pair. After doing a reload, the server found the new ZSK key pair and signed the zone with both ZSKs.
Now I noticed that I don't need two ZSKs at the same time and thought that I could delete the new ZSK the same way I added it and deleted the corresponding files in the configuration directory.
Unfortunately, this didn't remove the newer ZSK from the system and after a reload the nameserver is missing the files and is still responding with both ZSKs over DNS.
Now my question is, how can I remove BIND's knowledge of the second ZSK and return to signing with a single ZSK?