From: Job Snijders <job@instituut.net>
Date: Mon, 21 Dec 2015 15:19:03 +0000 (+0100)
Subject: Change {add,import}-zone-key passive argument to inactive
X-Git-Tag: dnsdist-1.0.0-alpha1~26^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F3070%2Fhead;p=thirdparty%2Fpdns.git

Change {add,import}-zone-key passive argument to inactive

Align the *-zone-key keyword when you don't want to sign, with the
output from show-zone.

This fixes #3069
---

diff --git a/docs/manpages/pdnsutil.1.md b/docs/manpages/pdnsutil.1.md
index fd00594974..45c9c812b1 100644
--- a/docs/manpages/pdnsutil.1.md
+++ b/docs/manpages/pdnsutil.1.md
@@ -49,9 +49,9 @@ supported:
 activate-zone-key *ZONE* *KEY-ID*
 :    Activate a key with id *KEY-ID* within a zone called *ZONE*.
 
-add-zone-key *ZONE* {**KSK**,**ZSK**} [**active**,**passive**] *KEYBITS* *ALGORITHM*
+add-zone-key *ZONE* {**KSK**,**ZSK**} [**active**,**inactive**] *KEYBITS* *ALGORITHM*
 :   Create a new key for zone *ZONE*, and make it a KSK or a ZSK, with the
-    specified algorithm. The key is passive by default, set it to **active** to
+    specified algorithm. The key is inactive by default, set it to **active** to
     immediately use it to sign *ZONE*.
 
 create-bind-db *FILE*
diff --git a/docs/markdown/authoritative/dnssec.md b/docs/markdown/authoritative/dnssec.md
index dd82cf938f..e449ace1aa 100644
--- a/docs/markdown/authoritative/dnssec.md
+++ b/docs/markdown/authoritative/dnssec.md
@@ -170,7 +170,7 @@ If all keys are imported using this tool, a zone will serve mostly identical rec
 # Records, Keys, signatures, hashes within PowerDNSSEC in online signing mode
 Within PowerDNSSEC live signing, keys are stored separately from the zone records. Zone data are only combined with signatures and keys when requests come in over the internet.
 
-Each zone can have a number of keys associated with it, with varying key lengths. Typically 1 or at most 2 of these keys are employed as actual Zone Signing Keys (ZSKs). During normal operations, this means that only 1 ZSK is 'active', and the other is passive.
+Each zone can have a number of keys associated with it, with varying key lengths. Typically 1 or at most 2 of these keys are employed as actual Zone Signing Keys (ZSKs). During normal operations, this means that only 1 ZSK is 'active', and the other is inactive.
 
 Should it be desired to 'roll over' to a new key, both keys can temporarily be active (and used for signing), and after a while the old key can be inactivated. Subsequently it can be removed.
 
diff --git a/docs/markdown/authoritative/howtos.md b/docs/markdown/authoritative/howtos.md
index ce215fc244..694f4c5b69 100644
--- a/docs/markdown/authoritative/howtos.md
+++ b/docs/markdown/authoritative/howtos.md
@@ -30,8 +30,8 @@ this rollover. This HowTo follows the rollover example from the RFCs [Appendix B
 
 We assume the zone name is example.com and is already DNSSEC signed.
 
-Start by adding a new KSK to the zone: `pdnsutil add-zone-key example.com ksk 2048 passive`.
-The "passive" means that the key is not used to sign any ZSK records. This limits
+Start by adding a new KSK to the zone: `pdnsutil add-zone-key example.com ksk 2048 inactive`.
+The "inactive" means that the key is not used to sign any ZSK records. This limits
 the size of `ANY` and DNSKEY responses.
 
 Publish the CDS records: `pdnsutil set-publish-cds example.com`, these records
diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc
index ad8a2c55a2..2fe0ec8b82 100644
--- a/pdns/pdnsutil.cc
+++ b/pdns/pdnsutil.cc
@@ -1399,7 +1399,7 @@ try
     cerr<<"activate-tsig-key ZONE NAME {master|slave}"<<endl;
     cerr<<"                                   Enable TSIG key for a zone"<<endl;
     cerr<<"activate-zone-key ZONE KEY-ID      Activate the key with key id KEY-ID in ZONE"<<endl;
-    cerr<<"add-zone-key ZONE {zsk|ksk} [BITS] [active|passive]"<<endl;
+    cerr<<"add-zone-key ZONE {zsk|ksk} [BITS] [active|inactive]"<<endl;
     cerr<<"             [rsasha1|rsasha256|rsasha512|gost|ecdsa256|ecdsa384";
 #ifdef HAVE_LIBSODIUM
     cerr<<"|experimental-ed25519";
@@ -1436,7 +1436,7 @@ try
     cerr<<"increase-serial ZONE               Increases the SOA-serial by 1. Uses SOA-EDIT"<<endl;
     cerr<<"import-tsig-key NAME ALGORITHM KEY Import TSIG key"<<endl;
     cerr<<"import-zone-key ZONE FILE          Import from a file a private key, ZSK or KSK"<<endl;
-    cerr<<"       [active|passive] [ksk|zsk]  Defaults to KSK and active"<<endl;
+    cerr<<"       [active|inactive] [ksk|zsk]  Defaults to KSK and active"<<endl;
     cerr<<"load-zone ZONE FILE                Load ZONE from FILE, possibly creating zone or atomically"<<endl;
     cerr<<"                                   replacing contents"<<endl;
     cerr<<"list-keys [ZONE]                   List DNSSEC keys for ZONE. When ZONE is unset or \"all\", display all keys for all zones"<<endl;
@@ -1681,7 +1681,7 @@ try
         algorithm = tmp_algo;
       } else if(pdns_iequals(cmds[n], "active")) {
         active=true;
-      } else if(pdns_iequals(cmds[n], "inactive") || pdns_iequals(cmds[n], "passive")) {
+      } else if(pdns_iequals(cmds[n], "inactive") || pdns_iequals(cmds[n], "passive")) { // 'passive' eventually needs to be removed
         active=false;
       } else if(atoi(cmds[n].c_str())) {
         bits = atoi(cmds[n].c_str());
@@ -2015,7 +2015,7 @@ try
   }
   else if(cmds[0]=="import-zone-key") {
     if(cmds.size() < 3) {
-      cerr<<"Syntax: pdnsutil import-zone-key ZONE FILE [ksk|zsk] [active|passive]"<<endl;
+      cerr<<"Syntax: pdnsutil import-zone-key ZONE FILE [ksk|zsk] [active|inactive]"<<endl;
       exit(1);
     }
     string zone=cmds[1];
@@ -2039,7 +2039,7 @@ try
         dpk.d_flags = 257;
       else if(pdns_iequals(cmds[n], "active"))
         active = 1;
-      else if(pdns_iequals(cmds[n], "passive") || pdns_iequals(cmds[n], "inactive"))
+      else if(pdns_iequals(cmds[n], "passive") || pdns_iequals(cmds[n], "inactive")) // passive eventually needs to be removed
         active = 0;
       else { 
         cerr<<"Unknown key flag '"<<cmds[n]<<"'"<<endl;