"OTHER\n");
fprintf(stderr, " (DNSKEY generation defaults to ZONE\n");
fprintf(stderr, " -p protocol: default: 3 [dnssec]\n");
- fprintf(stderr, " -t type: "
- "AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
- "(default: AUTHCONF)\n");
fprintf(stderr, " -y: permit keys that might collide\n");
fprintf(stderr, " -v verbose level\n");
fprintf(stderr, " -V: print version information\n");
int
main(int argc, char **argv) {
char *algname = NULL, *freeit = NULL;
- char *nametype = NULL, *type = NULL;
+ char *nametype = NULL;
const char *directory = NULL;
const char *predecessor = NULL;
dst_key_t *prevkey = NULL;
}
break;
case 't':
- type = isc_commandline_argument;
+ fatal("The -t option has been deprecated.");
break;
case 'v':
verbose = strtol(isc_commandline_argument, &endp, 0);
}
}
- if (type != NULL && (options & DST_TYPE_KEY) != 0) {
- if (strcasecmp(type, "NOAUTH") == 0) {
- flags |= DNS_KEYTYPE_NOAUTH;
- } else if (strcasecmp(type, "NOCONF") == 0) {
- flags |= DNS_KEYTYPE_NOCONF;
- } else if (strcasecmp(type, "NOAUTHCONF") == 0) {
- flags |= (DNS_KEYTYPE_NOAUTH |
- DNS_KEYTYPE_NOCONF);
- } else if (strcasecmp(type, "AUTHCONF") == 0) {
- /* nothing */
- } else {
- fatal("invalid type %s", type);
- }
- }
-
if (!oldstyle && prepub > 0) {
if (setpub && setact && (activate - prepub) < publish) {
fatal("Activation and publication dates "
if (nametype != NULL) {
fatal("-S and -n cannot be used together");
}
- if (type != NULL) {
- fatal("-S and -t cannot be used together");
- }
if (setpub || unsetpub) {
fatal("-S and -P cannot be used together");
}
Synopsis
~~~~~~~~
-:program:`dnssec-keyfromlabel` {**-l** label} [**-3**] [**-a** algorithm] [**-A** date/offset] [**-c** class] [**-D** date/offset] [**-D** sync date/offset] [**-f** flag] [**-G**] [**-I** date/offset] [**-i** interval] [**-k**] [**-K** directory] [**-L** ttl] [**-M** tag_min:tag_max] [**-n** nametype] [**-P** date/offset] [**-P** sync date/offset] [**-p** protocol] [**-R** date/offset] [**-S** key] [**-t** type] [**-v** level] [**-V**] [**-y**] {name}
+:program:`dnssec-keyfromlabel` {**-l** label} [**-3**] [**-a** algorithm] [**-A** date/offset] [**-c** class] [**-D** date/offset] [**-D** sync date/offset] [**-f** flag] [**-G**] [**-I** date/offset] [**-i** interval] [**-k**] [**-K** directory] [**-L** ttl] [**-M** tag_min:tag_max] [**-n** nametype] [**-P** date/offset] [**-P** sync date/offset] [**-p** protocol] [**-R** date/offset] [**-S** key] [**-v** level] [**-V**] [**-y**] {name}
Description
~~~~~~~~~~~
set to the activation date minus the prepublication interval, which
defaults to 30 days.
-.. option:: -t type
-
- This option indicates the type of the key. ``type`` must be one of AUTHCONF,
- NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH refers
- to the ability to authenticate data, and CONF to the ability to encrypt
- data.
-
.. option:: -v level
This option sets the debugging level.
dns_keystore_t *keystore;
char *algname;
char *nametype;
- char *type;
int protocol;
int size;
uint16_t tag_min;
"records with (default: 0)\n");
fprintf(stderr, " -T <rrtype>: DNSKEY | KEY (default: DNSKEY; "
"use KEY for SIG(0))\n");
- fprintf(stderr, " -t <type>: "
- "AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
- "(default: AUTHCONF)\n");
fprintf(stderr, " -h: print usage and exit\n");
fprintf(stderr, " -m <memory debugging mode>:\n");
fprintf(stderr, " usage | trace | record\n");
}
}
- if (ctx->type != NULL && (ctx->options & DST_TYPE_KEY) != 0) {
- if (strcasecmp(ctx->type, "NOAUTH") == 0) {
- flags |= DNS_KEYTYPE_NOAUTH;
- } else if (strcasecmp(ctx->type, "NOCONF") == 0) {
- flags |= DNS_KEYTYPE_NOCONF;
- } else if (strcasecmp(ctx->type, "NOAUTHCONF") == 0) {
- flags |= (DNS_KEYTYPE_NOAUTH |
- DNS_KEYTYPE_NOCONF);
- if (ctx->size < 0) {
- ctx->size = 0;
- }
- } else if (strcasecmp(ctx->type, "AUTHCONF") == 0) {
- /* nothing */
- } else {
- fatal("invalid type %s", ctx->type);
- }
- }
-
if (ctx->size < 0) {
switch (ctx->alg) {
case DST_ALG_RSASHA1:
if (ctx->nametype != NULL) {
fatal("-S and -n cannot be used together");
}
- if (ctx->type != NULL) {
- fatal("-S and -t cannot be used together");
- }
if (ctx->setpub || ctx->unsetpub) {
fatal("-S and -P cannot be used together");
}
fatal("invalid DNSKEY protocol: %d", ctx->protocol);
}
- if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) {
- if (ctx->size > 0) {
- fatal("specified null key with non-zero size");
- }
- }
-
switch (ctx->alg) {
case DNS_KEYALG_RSASHA1:
case DNS_KEYALG_NSEC3RSASHA1:
if (strcasecmp(isc_commandline_argument, "KEY") == 0) {
ctx.options |= DST_TYPE_KEY;
} else if (strcasecmp(isc_commandline_argument,
- "DNSKE"
- "Y") == 0)
+ "DNSKEY") == 0)
{
/* default behavior */
} else {
}
break;
case 't':
- ctx.type = isc_commandline_argument;
+ fatal("The -t option has been deprecated.");
break;
case 'v':
endp = NULL;
Synopsis
~~~~~~~~
-:program:`dnssec-keygen` [**-3**] [**-A** date/offset] [**-a** algorithm] [**-b** keysize] [**-C**] [**-c** class] [**-D** date/offset] [**-d** bits] [**-D** sync date/offset] [**-f** flag] [**-F**] [**-G**] [**-h**] [**-I** date/offset] [**-i** interval] [**-K** directory] [**-k** policy] [**-L** ttl] [**-l** file] [**-M** tag_min:tag_max] [**-n** nametype] [**-P** date/offset] [**-P** sync date/offset] [**-p** protocol] [**-q**] [**-R** date/offset] [**-S** key] [**-s** strength] [**-T** rrtype] [**-t** type] [**-V**] [**-v** level] {name}
+:program:`dnssec-keygen` [**-3**] [**-A** date/offset] [**-a** algorithm] [**-b** keysize] [**-C**] [**-c** class] [**-D** date/offset] [**-d** bits] [**-D** sync date/offset] [**-f** flag] [**-F**] [**-G**] [**-h**] [**-I** date/offset] [**-i** interval] [**-K** directory] [**-k** policy] [**-L** ttl] [**-l** file] [**-M** tag_min:tag_max] [**-n** nametype] [**-P** date/offset] [**-P** sync date/offset] [**-p** protocol] [**-q**] [**-R** date/offset] [**-S** key] [**-s** strength] [**-T** rrtype] [**-V**] [**-v** level] {name}
Description
~~~~~~~~~~~
DNSSEC algorithm, but it can be overridden to KEY for use with
SIG(0).
-.. option:: -t type
-
- This option indicates the type of the key for use with :option:`-T KEY <-T>`. ``type``
- must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default
- is AUTHCONF. AUTH refers to the ability to authenticate data, and
- CONF to the ability to encrypt data.
-
.. option:: -V
This option prints version information.
projects / thirdparty / bind9.git / commitdiff
