upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-09 11:22:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Remove -d option from dnssec-keygen

Browse source 
The -d (digestbits) option was only applicable to HMAC keys, which
are no longer created by dnssec-keygen. The option can be removed.
This commit is contained in:
Evan Hunt 2025-03-15 12:07:42 -07:00
parent 622f108366
commit 529bdd1028
2 changed files with 2 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
bin/dnssec/dnssec-keygen.c
View file

@ -87,7 +87,6 @@ struct keygen_ctx {
uint16_t tag_max;
dns_rdataclass_t rdclass;
int options;
int dbits;
dns_ttl_t ttl;
bool wantzsk;
bool wantksk;
@ -563,8 +562,6 @@ keygen(keygen_ctx_t *ctx, isc_mem_t *mctx, int argc, char **argv) {
algstr, isc_result_totext(ret));
}
dst_key_setbits(key, ctx->dbits);
/*
* Set key timing metadata (unless using -C)
*
@ -838,10 +835,7 @@ main(int argc, char **argv) {
classname = isc_commandline_argument;
break;
case 'd':
ctx.dbits = strtol(isc_commandline_argument, &endp, 10);
if (*endp != '\0' || ctx.dbits < 0) {
fatal("-d requires a non-negative number");
}
fatal("The -d option has been deprecated.");
break;
case 'E':
fatal("%s", isc_result_totext(DST_R_NOENGINE));

9
bin/dnssec/dnssec-keygen.rst
View file

@ -21,7 +21,7 @@ dnssec-keygen: DNSSEC key generation tool
Synopsis
~~~~~~~~
:program:`dnssec-keygen` [**-3**] [**-A** date/offset] [**-a** algorithm] [**-b** keysize] [**-C**] [**-c** class] [**-D** date/offset] [**-d** bits] [**-D** sync date/offset] [**-f** flag] [**-F**] [**-G**] [**-h**] [**-I** date/offset] [**-i** interval] [**-K** directory] [**-k** policy] [**-L** ttl] [**-l** file] [**-M** tag_min:tag_max] [**-P** date/offset] [**-P** sync date/offset] [**-p** protocol] [**-q**] [**-R** date/offset] [**-S** key] [**-s** strength] [**-T** rrtype] [**-V**] [**-v** level] {name}
:program:`dnssec-keygen` [**-3**] [**-A** date/offset] [**-a** algorithm] [**-b** keysize] [**-C**] [**-c** class] [**-D** date/offset] [**-D** sync date/offset] [**-f** flag] [**-F**] [**-G**] [**-h**] [**-I** date/offset] [**-i** interval] [**-K** directory] [**-k** policy] [**-L** ttl] [**-l** file] [**-M** tag_min:tag_max] [**-P** date/offset] [**-P** sync date/offset] [**-p** protocol] [**-q**] [**-R** date/offset] [**-S** key] [**-s** strength] [**-T** rrtype] [**-V**] [**-v** level] {name}
Description
~~~~~~~~~~~
@ -87,13 +87,6 @@ Options
This option indicates that the DNS record containing the key should have the
specified class. If not specified, class IN is used.
.. option:: -d bits
This option specifies the key size in bits. For the algorithms RSASHA1, NSEC3RSASA1, RSASHA256, and
RSASHA512 the key size must be between 1024 and 4096 bits; DH size is between 128
and 4096 bits. This option is ignored for algorithms ECDSAP256SHA256,
ECDSAP384SHA384, ED25519, and ED448.
.. option:: -f flag
This option sets the specified flag in the flag field of the KEY/DNSKEY record.