diff --git a/bin/named/server.c b/bin/named/server.c
index 3c71f38049..bd8ef459b2 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -376,7 +376,7 @@ load_configuration(const char *filename) {
 	/*
 	 * Load the TSIG information from the configuration
 	 */
-        result = dns_tsig_init(ns_g_confctx, ns_g_mctx);
+        result = dns_tsig_init(ns_g_lctx, ns_g_confctx, ns_g_mctx);
         if (result != ISC_R_SUCCESS)
                 ns_server_fatal(NS_LOGMODULE_SERVER, ISC_FALSE,
 				"dns_tsig_init() failed: %s",
diff --git a/bin/tests/tkey_test.c b/bin/tests/tkey_test.c
index cecdf47f76..f5e6cbabbc 100644
--- a/bin/tests/tkey_test.c
+++ b/bin/tests/tkey_test.c
@@ -35,6 +35,7 @@
 #include <isc/boolean.h>
 #include <isc/net.h>
 #include <isc/socket.h>
+#include <isc/log.h>
 
 #include "../../isc/util.h"		/* XXX Naughty. */
 
@@ -72,6 +73,7 @@ isc_sockaddr_t address;
 dns_message_t *query, *response, *query2, *response2;
 isc_mem_t *mctx;
 dns_tsigkey_t *tsigkey;
+isc_log_t *log = NULL;
 
 static void
 senddone(isc_task_t *task, isc_event_t *event) {
@@ -299,7 +301,9 @@ main(int argc, char *argv[]) {
 	socketmgr = NULL;
 	RUNTIME_CHECK(isc_socketmgr_create(mctx, &socketmgr) == ISC_R_SUCCESS);
 
-	RUNTIME_CHECK(dns_tsig_init(NULL, mctx) == ISC_R_SUCCESS);
+	RUNTIME_CHECK(isc_log_create(mctx, &log) == ISC_R_SUCCESS);
+	RUNTIME_CHECK(dns_tsig_init(log, NULL, mctx) == ISC_R_SUCCESS);
+	RUNTIME_CHECK(dns_tkey_init(log, NULL, mctx) == ISC_R_SUCCESS);
 
 	argc -= isc_commandline_index;
 	argv += isc_commandline_index;
diff --git a/lib/dns/include/dns/tkey.h b/lib/dns/include/dns/tkey.h
index 61142e399a..d9c897d36a 100644
--- a/lib/dns/include/dns/tkey.h
+++ b/lib/dns/include/dns/tkey.h
@@ -40,11 +40,10 @@ isc_result_t
 dns_tkey_init(isc_log_t *lctx, dns_c_ctx_t *cfg, isc_mem_t *mctx);
 /*
  *	Obtains TKEY configuration information, including default DH key
- *	and default domain.
+ *	and default domain from the configuration, if it's not NULL.
  *
  * 	Requires:
  *		'lctx' is not NULL
- *		'cfg' is not NULL
  *		'mctx' is not NULL
  *
  *	Returns
diff --git a/lib/dns/include/dns/tsig.h b/lib/dns/include/dns/tsig.h
index 56e4694844..16bb5113c9 100644
--- a/lib/dns/include/dns/tsig.h
+++ b/lib/dns/include/dns/tsig.h
@@ -175,11 +175,15 @@ dns_tsigkey_find(dns_tsigkey_t **tsigkey, dns_name_t *name,
 
 
 isc_result_t
-dns_tsig_init(dns_c_ctx_t *confctx, isc_mem_t *mctx);
+dns_tsig_init(isc_log_t *lctx, dns_c_ctx_t *confctx, isc_mem_t *mctx);
 /*
  *	Initializes the TSIG subsystem.  If confctx is not NULL, any
  *	specified keys are loaded.
  *
+ *	Requires:
+ *		'lctx' is not NULL
+ *		'mctx' is not NULL
+
  *	Returns:
  *		ISC_R_SUCCESS
  *		ISC_R_NOMEMORY
diff --git a/lib/dns/tkey.c b/lib/dns/tkey.c
index 5b928775a2..83558a3722 100644
--- a/lib/dns/tkey.c
+++ b/lib/dns/tkey.c
@@ -16,7 +16,7 @@
  */
 
 /*
- * $Id: tkey.c,v 1.8 1999/10/29 05:41:49 marka Exp $
+ * $Id: tkey.c,v 1.9 1999/10/29 13:56:55 bwelling Exp $
  * Principal Author: Brian Wellington
  */
 
@@ -77,9 +77,11 @@ dns_tkey_init(isc_log_t *lctx, dns_c_ctx_t *cfg, isc_mem_t *mctx) {
 	RUNTIME_CHECK(tkey_dhkey == NULL);
 
 	REQUIRE(lctx != NULL);
-	REQUIRE(cfg != NULL);
 	REQUIRE(mctx != NULL);
 
+	if (cfg == NULL)
+		return (ISC_R_SUCCESS);
+
 	s = NULL;
 	result = dns_c_ctx_gettkeydhkey(lctx, cfg, &s, &n);
 	if (result == ISC_R_NOTFOUND)
diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c
index c87505f330..2ee73b7dea 100644
--- a/lib/dns/tsig.c
+++ b/lib/dns/tsig.c
@@ -16,7 +16,7 @@
  */
 
 /*
- * $Id: tsig.c,v 1.26 1999/10/28 23:13:42 bwelling Exp $
+ * $Id: tsig.c,v 1.27 1999/10/29 13:56:56 bwelling Exp $
  * Principal Author: Brian Wellington
  */
 
@@ -937,7 +937,7 @@ dns_tsigkey_find(dns_tsigkey_t **tsigkey, dns_name_t *name,
 }
 
 static isc_result_t
-add_initial_keys(dns_c_ctx_t *confctx, isc_mem_t *mctx) {
+add_initial_keys(dns_c_kdeflist_t *list, isc_mem_t *mctx) {
 	isc_lex_t *lex = NULL;
 	dns_c_kdeflist_t *list;
 	dns_c_kdef_t *key;
@@ -945,7 +945,6 @@ add_initial_keys(dns_c_ctx_t *confctx, isc_mem_t *mctx) {
 	int secretlen = 0;
 	isc_result_t ret;
 
-	list = confctx->keydefs;
 	key = ISC_LIST_HEAD(list->keydefs);
 	while (key != NULL) {
 		dns_name_t keyname;
@@ -1031,11 +1030,15 @@ add_initial_keys(dns_c_ctx_t *confctx, isc_mem_t *mctx) {
 }
 
 isc_result_t
-dns_tsig_init(dns_c_ctx_t *confctx, isc_mem_t *mctx) {
+dns_tsig_init(isc_log_t *lctx, dns_c_ctx_t *confctx, isc_mem_t *mctx) {
 	isc_buffer_t hmacsrc, namebuf;
 	isc_result_t ret;
 	dns_name_t hmac_name;
 	unsigned char data[32];
+	dns_c_kdeflist_t *keylist = NULL;
+
+	REQUIRE(lctx != NULL);
+	REQUIRE(mctx != NULL);
 
         ret = isc_rwlock_init(&tsiglock, 0, 0);
         if (ret != ISC_R_SUCCESS) {
@@ -1064,9 +1067,11 @@ dns_tsig_init(dns_c_ctx_t *confctx, isc_mem_t *mctx) {
 	if (ret != ISC_R_SUCCESS)
 		goto failure;
 
-	if (confctx != NULL && confctx->keydefs != NULL) {
-		ret = add_initial_keys(confctx, mctx);
-		if (ret != ISC_R_SUCCESS)
+	if (confctx != NULL) {
+		ret = dns_c_ctx_getkdeflist(lctx, confctx, &keylist);
+		if (ret == ISC_R_SUCCESS)
+			ret = add_initial_keys(keylist, mctx);
+		else if (ret != ISC_R_NOTFOUND)
 			goto failure;
 	}