pdnsutil add-zone-key: clarify ZSK default

diff --git a/docs/manpages/pdnsutil.1.rst b/docs/manpages/pdnsutil.1.rst
index 24aed6617922b419ff01a335f1991206c2533ee3..9649979042feed3359e9679c009e1c0978856e44 100644 (file)
--- a/docs/manpages/pdnsutil.1.rst
+++ b/docs/manpages/pdnsutil.1.rst
@@ -48,8 +48,8 @@ algorithms are supported:
 
 activate-zone-key *ZONE* *KEY-ID*
     Activate a key with id *KEY-ID* within a zone called *ZONE*.
-add-zone-key *ZONE* {**KSK**,\ **ZSK**} [**active**,\ **inactive**] [**published**,\ **unpublished**] *KEYBITS* *ALGORITHM*
-    Create a new key for zone *ZONE*, and make it a KSK or a ZSK, with
+add-zone-key *ZONE* [**KSK**,\ **ZSK**] [**active**,\ **inactive**] [**published**,\ **unpublished**] *KEYBITS* *ALGORITHM*
+    Create a new key for zone *ZONE*, and make it a KSK or a ZSK (default), with
     the specified algorithm. The key is inactive by default, set it to
     **active** to immediately use it to sign *ZONE*. The key is published
     in the zone by default, set it to **unpublished** to keep it from

diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc
index a5c99b19d09b9e85719903426ff544b5a159fc1a..f27a449c081491eef98a9a2be3586c2dd26104fd 100644 (file)
--- a/pdns/pdnsutil.cc
+++ b/pdns/pdnsutil.cc
@@ -2673,7 +2673,7 @@ try
 
   else if (cmds.at(0) == "add-zone-key") {
     if(cmds.size() < 3 ) {
-      cerr << "Syntax: pdnsutil add-zone-key ZONE zsk|ksk [BITS] [active|inactive] [rsasha1|rsasha1-nsec3-sha1|rsasha256|rsasha512|ecdsa256|ecdsa384";
+      cerr << "Syntax: pdnsutil add-zone-key ZONE [zsk|ksk] [BITS] [active|inactive] [rsasha1|rsasha1-nsec3-sha1|rsasha256|rsasha512|ecdsa256|ecdsa384";
 #if defined(HAVE_LIBSODIUM) || defined(HAVE_LIBDECAF) || defined(HAVE_LIBCRYPTO_ED25519)
       cerr << "|ed25519";
 #endif
@@ -2681,6 +2681,8 @@ try
       cerr << "|ed448";
 #endif
       cerr << "]"<<endl;
+      cerr << endl;
+      cerr << "If zsk|ksk is omitted, add-zone-key makes a key with flags 256 (a 'ZSK')."<<endl;
       return 0;
     }
     DNSName zone(cmds.at(1));