2195. [func] dnssec-keygen now defaults to nametype "ZONE"

when generating DNSKEYs. [RT #16954]
2026-05-28 04:34:54 -04:00 · 2007-06-18 01:03:13 +00:00 · 2007-06-18 01:03:13 +00:00 · bf45f72ed3
commit bf45f72ed3
parent 7643153c58
3 changed files with 16 additions and 10 deletions
--- a/3
+++ b/3
@ -1,3 +1,6 @@
+2195.	[func]		dnssec-keygen now defaults to nametype "ZONE"
+			when generating DNSKEYs. [RT #16954]
+
 2194.	[bug]		Close journal before calling 'done' in xfrin.c.

 	--- 9.5.0a5 released ---
--- a/bin/dnssec/dnssec-keygen.c
+++ b/bin/dnssec/dnssec-keygen.c
@ -16,7 +16,7 @@
 * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: dnssec-keygen.c,v 1.76 2007/05/21 02:47:25 marka Exp $ */
+/* $Id: dnssec-keygen.c,v 1.77 2007/06/18 01:03:13 marka Exp $ */

 /*! \file */

@ -61,7 +61,7 @@ dsa_size_ok(int size) {
 static void
 usage(void) {
 	fprintf(stderr, "Usage:\n");
-	fprintf(stderr, "    %s -a alg -b bits -n type [options] name\n\n",
+	fprintf(stderr, "    %s -a alg -b bits [-n type] [options] name\n\n",
 		program);
 	fprintf(stderr, "Version: %s\n", VERSION);
 	fprintf(stderr, "Required options:\n");
@ -78,6 +78,7 @@ usage(void) {
 	fprintf(stderr, "        HMAC-SHA384:\t[1..384]\n");
 	fprintf(stderr, "        HMAC-SHA512:\t[1..512]\n");
 	fprintf(stderr, "    -n nametype: ZONE | HOST | ENTITY | USER | OTHER\n");
+	fprintf(stderr, "        (DNSKEY generation defaults to ZONE\n");
 	fprintf(stderr, "    name: owner of the key\n");
 	fprintf(stderr, "Other options:\n");
 	fprintf(stderr, "    -c <class> (default: IN)\n");
@ -363,11 +364,13 @@ main(int argc, char **argv) {
 	if (alg != DNS_KEYALG_DH && generator != 0)
 		fatal("specified DH generator for a non-DH key");

-	if (nametype == NULL)
-		fatal("no nametype specified");
-	if (strcasecmp(nametype, "zone") == 0)
+	if (nametype == NULL) {
+		if ((options & DST_TYPE_KEY) != 0) /* KEY / HMAC */
+			fatal("no nametype specified");
+		flags |= DNS_KEYOWNER_ZONE;	/* DNSKEY */
+	} else if (strcasecmp(nametype, "zone") == 0)
 		flags |= DNS_KEYOWNER_ZONE;
-	else if ((options & DST_TYPE_KEY) != 0)	{ /* KEY */
+	else if ((options & DST_TYPE_KEY) != 0)	{ /* KEY / HMAC */
 		if (strcasecmp(nametype, "host") == 0 ||
 			 strcasecmp(nametype, "entity") == 0)
 			flags |= DNS_KEYOWNER_ENTITY;
@ -380,7 +383,7 @@ main(int argc, char **argv) {

 	rdclass = strtoclass(classname);

-	if ((options & DST_TYPE_KEY) != 0)  /* KEY */
+	if ((options & DST_TYPE_KEY) != 0)  /* KEY / HMAC */
 		flags |= signatory;
 	else if ((flags & DNS_KEYOWNER_ZONE) != 0) /* DNSKEY */
 		flags |= ksk;
--- a/bin/dnssec/dnssec-keygen.docbook
+++ b/bin/dnssec/dnssec-keygen.docbook
@ -18,7 +18,7 @@
 - PERFORMANCE OF THIS SOFTWARE.
 -->

-<!-- $Id: dnssec-keygen.docbook,v 1.17 2007/05/09 01:32:08 marka Exp $ -->
+<!-- $Id: dnssec-keygen.docbook,v 1.18 2007/06/18 01:03:13 marka Exp $ -->
 <refentry id="man.dnssec-keygen">
  <refentryinfo>
    <date>June 30, 2000</date>
@ -129,8 +129,8 @@
            zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
            a host (KEY)),
            USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
-            These values are
-            case insensitive.
+            These values are case insensitive.  Defaults to ZONE for DNSKEY
+	    generation.
          </para>
        </listitem>
      </varlistentry>