activate-zone-key *ZONE* *KEY-ID*
Activate a key with id *KEY-ID* within a zone called *ZONE*.
add-zone-key *ZONE* [**KSK**,\ **ZSK**] [**active**,\ **inactive**] [**published**,\ **unpublished**] [*KEYBITS*] [*ALGORITHM*]
- Create a new key for zone *ZONE*, and make it a KSK or a ZSK (default), with
+ Create a new key for zone *ZONE*, and make it a KSK (default) or a ZSK, with
the specified algorithm. The key is inactive by default, set it to
**active** to immediately use it to sign *ZONE*. The key is published
in the zone by default, set it to **unpublished** to keep it from
``ixfrdist`` now binds listening sockets with `IPV6_V6ONLY set`, which means that ``[::]`` no longer accepts IPv4 connections.
If you want to listen on both IPv4 and IPv6, you need to add a line with ``0.0.0.0`` to the ``listen`` section of your ixfrdist configuration.
+pdnsutil behaviour changes
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+A few changes of behaviour have been implemented in ``pdnsutil``.
+
+* The ``add-zone-key`` command used to default to creating a ZSK,
+ if no key type was given. This default has changed to KSK.
+
4.8.0 to 4.9.0
--------------
static int addZoneKey(vector<string>& cmds)
{
- if(cmds.size() < 3 ) {
+ if(cmds.size() < 2 ) {
cerr << "Syntax: pdnsutil add-zone-key ZONE [zsk|ksk] [BITS] [active|inactive] [rsasha1|rsasha1-nsec3-sha1|rsasha256|rsasha512|ecdsa256|ecdsa384";
#if defined(HAVE_LIBSODIUM) || defined(HAVE_LIBCRYPTO_ED25519)
cerr << "|ed25519";
#endif
cerr << "]"<<endl;
cerr << endl;
- cerr << "If zsk|ksk is omitted, add-zone-key makes a key with flags 256 (a 'ZSK')."<<endl;
+ cerr << "If zsk|ksk is omitted, add-zone-key makes a key with flags 257 (a 'KSK')."<<endl;
return 0;
}
DNSSECKeeper dk; //NOLINT(readability-identifier-length)
}
// Try to get algorithm, bits & ksk or zsk from commandline
- bool keyOrZone=false;
+ bool keyOrZone=true; // default to KSK
int tmp_algo=0;
int bits=0;
int algorithm=-1;
projects / thirdparty / pdns.git / commitdiff
