DNS_KEYTYPE_NOKEY is only applicable to KEY

author Mark Andrews <marka@isc.org>

Tue, 25 Mar 2025 03:15:37 +0000 (14:15 +1100)

committer Evan Hunt <each@isc.org>

Tue, 25 Mar 2025 06:38:25 +0000 (06:38 +0000)
author Mark Andrews <marka@isc.org>
Tue, 25 Mar 2025 03:15:37 +0000 (14:15 +1100)
committer Evan Hunt <each@isc.org>
Tue, 25 Mar 2025 06:38:25 +0000 (06:38 +0000)
diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c

index 849dd177d4bc888cbdac286e1154034e22fac7c3..973e9c13747e124363c27c5c749c13b89788a51c 100644 (file)
--- a/bin/dnssec/dnssec-keygen.c
+++ b/bin/dnssec/dnssec-keygen.c
@@ -588,7 +588,9 @@ keygen(keygen_ctx_t *ctx, isc_mem_t *mctx, int argc, char **argv) {
                 break;
         }
  
-       if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) {
+       if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY &&
+           (ctx->options & DST_TYPE_KEY) != 0)
+       {
                 null_key = true;
         }
author	Mark Andrews <marka@isc.org>
	Tue, 25 Mar 2025 03:15:37 +0000 (14:15 +1100)
committer	Evan Hunt <each@isc.org>
	Tue, 25 Mar 2025 06:38:25 +0000 (06:38 +0000)