diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c
index 976b3c6d9c..e88c289aed 100644
--- a/lib/dns/rdata.c
+++ b/lib/dns/rdata.c
@@ -606,13 +606,6 @@ check_private(isc_buffer_t *source, dns_secalg_t alg) {
 
 		RETERR(dns_name_fromwire(dns_fixedname_initname(&fixed), source,
 					 DNS_DECOMPRESS_DEFAULT, NULL));
-		/*
-		 * There should be a public key or signature after the key name.
-		 */
-		isc_buffer_activeregion(source, &sr);
-		if (sr.length == 0) {
-			return ISC_R_UNEXPECTEDEND;
-		}
 	} else if (alg == DNS_KEYALG_PRIVATEOID) {
 		/*
 		 * Check that we can extract the OID from the start of the
@@ -629,10 +622,6 @@ check_private(isc_buffer_t *source, dns_secalg_t alg) {
 			RETERR(DNS_R_FORMERR);
 		}
 		ASN1_OBJECT_free(obj);
-		/* There should be a public key or signature after the OID. */
-		if (in >= sr.base + sr.length) {
-			return ISC_R_UNEXPECTEDEND;
-		}
 	}
 	return ISC_R_SUCCESS;
 }
diff --git a/tests/dns/rdata_test.c b/tests/dns/rdata_test.c
index 6ce3b10660..96b3140fc6 100644
--- a/tests/dns/rdata_test.c
+++ b/tests/dns/rdata_test.c
@@ -2043,9 +2043,9 @@ ISC_RUN_TEST_IMPL(key) {
 		WIRE_INVALID(0xc0, 0x00, 0x00, 0x00, 0x00),
 		WIRE_INVALID(0x00, 0x00, 0x00, 0x00),
 		WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00),
-		/* PRIVATEDNS example. */
-		WIRE_INVALID(0x00, 0x00, 0x00, 253, 0x07, 'e', 'x', 'a', 'm',
-			     'p', 'l', 'e', 0x00),
+		/* PRIVATEDNS example. without key data */
+		WIRE_VALID(0x00, 0x00, 0x00, 253, 0x07, 'e', 'x', 'a', 'm', 'p',
+			   'l', 'e', 0x00),
 		/* PRIVATEDNS example. + keydata */
 		WIRE_VALID(0x00, 0x00, 0x00, 253, 0x07, 'e', 'x', 'a', 'm', 'p',
 			   'l', 'e', 0x00, 0x00),
@@ -2053,9 +2053,9 @@ ISC_RUN_TEST_IMPL(key) {
 		WIRE_INVALID(0x00, 0x00, 0x00, 253, 0xc0, 0x00, 0x00),
 		/* PRIVATEOID */
 		WIRE_INVALID(0x00, 0x00, 0x00, 254, 0x00),
-		/* PRIVATEOID 1.3.6.1.4.1.2495 */
-		WIRE_INVALID(0x00, 0x00, 0x00, 254, 0x06, 0x07, 0x2b, 0x06,
-			     0x01, 0x04, 0x01, 0x93, 0x3f),
+		/* PRIVATEOID 1.3.6.1.4.1.2495 without key data */
+		WIRE_VALID(0x00, 0x00, 0x00, 254, 0x06, 0x07, 0x2b, 0x06, 0x01,
+			   0x04, 0x01, 0x93, 0x3f),
 		/* PRIVATEOID 1.3.6.1.4.1.2495 + keydata */
 		WIRE_VALID(0x00, 0x00, 0x00, 254, 0x06, 0x07, 0x2b, 0x06, 0x01,
 			   0x04, 0x01, 0x93, 0x3f, 0x00),
@@ -2068,7 +2068,7 @@ ISC_RUN_TEST_IMPL(key) {
 		WIRE_SENTINEL()
 	};
 	text_ok_t text_ok[] = { /* PRIVATEDNS example. */
-				TEXT_INVALID("0 0 253 B2V4YW1wbGUA"),
+				TEXT_VALID("0 0 253 B2V4YW1wbGUA"),
 				/* PRIVATEDNS example. + keydata */
 				TEXT_VALID("0 0 253 B2V4YW1wbGUAAA=="),
 				/* PRIVATEDNS compression pointer. */
@@ -2076,7 +2076,7 @@ ISC_RUN_TEST_IMPL(key) {
 				/* PRIVATEOID */
 				TEXT_INVALID("0 0 254 AA=="),
 				/* PRIVATEOID 1.3.6.1.4.1.2495 */
-				TEXT_INVALID("0 0 254 BgcrBgEEAZM/"),
+				TEXT_VALID("0 0 254 BgcrBgEEAZM/"),
 				/* PRIVATEOID 1.3.6.1.4.1.2495 + keydata */
 				TEXT_VALID("0 0 254 BgcrBgEEAZM/AA=="),
 				/* PRIVATEOID malformed OID - high-bit set on