2195. [func] dnssec-keygen now defaults to nametype "ZONE"

                        when generating DNSKEYs. [RT #16954]

diff --git a/CHANGES b/CHANGES
index 6fc5263bdf021f86cc81d5fcb65f18b5a162b632..a2cd9b4d02aaea0b497088a8e00d707a972f1c73 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2195.  [func]          dnssec-keygen now defaults to nametype "ZONE"
+                       when generating DNSKEYs. [RT #16954]
+
 2194.  [bug]           Close journal before calling 'done' in xfrin.c.
 
        --- 9.5.0a5 released ---

diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c
index ab6f06dc9f09d3ba1d0feb763c4994ae11f9b3c6..81243999d3a1ed394953b76d10ffdf73b661a79a 100644 (file)
--- a/bin/dnssec/dnssec-keygen.c
+++ b/bin/dnssec/dnssec-keygen.c
@@ -16,7 +16,7 @@
  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-keygen.c,v 1.76 2007/05/21 02:47:25 marka Exp $ */
+/* $Id: dnssec-keygen.c,v 1.77 2007/06/18 01:03:13 marka Exp $ */
 
 /*! \file */
 
@@ -61,7 +61,7 @@ dsa_size_ok(int size) {
 static void
 usage(void) {
        fprintf(stderr, "Usage:\n");
-       fprintf(stderr, "    %s -a alg -b bits -n type [options] name\n\n",
+       fprintf(stderr, "    %s -a alg -b bits [-n type] [options] name\n\n",
                program);
        fprintf(stderr, "Version: %s\n", VERSION);
        fprintf(stderr, "Required options:\n");
@@ -78,6 +78,7 @@ usage(void) {
        fprintf(stderr, "        HMAC-SHA384:\t[1..384]\n");
        fprintf(stderr, "        HMAC-SHA512:\t[1..512]\n");
        fprintf(stderr, "    -n nametype: ZONE | HOST | ENTITY | USER | OTHER\n");
+       fprintf(stderr, "        (DNSKEY generation defaults to ZONE\n");
        fprintf(stderr, "    name: owner of the key\n");
        fprintf(stderr, "Other options:\n");
        fprintf(stderr, "    -c <class> (default: IN)\n");
@@ -363,11 +364,13 @@ main(int argc, char **argv) {
        if (alg != DNS_KEYALG_DH && generator != 0)
                fatal("specified DH generator for a non-DH key");
 
-       if (nametype == NULL)
-               fatal("no nametype specified");
-       if (strcasecmp(nametype, "zone") == 0)
+       if (nametype == NULL) {
+               if ((options & DST_TYPE_KEY) != 0) /* KEY / HMAC */
+                       fatal("no nametype specified");
+               flags |= DNS_KEYOWNER_ZONE;     /* DNSKEY */
+       } else if (strcasecmp(nametype, "zone") == 0)
                flags |= DNS_KEYOWNER_ZONE;
-       else if ((options & DST_TYPE_KEY) != 0) { /* KEY */
+       else if ((options & DST_TYPE_KEY) != 0) { /* KEY / HMAC */
                if (strcasecmp(nametype, "host") == 0 ||
                         strcasecmp(nametype, "entity") == 0)
                        flags |= DNS_KEYOWNER_ENTITY;
@@ -380,7 +383,7 @@ main(int argc, char **argv) {
 
        rdclass = strtoclass(classname);
 
-       if ((options & DST_TYPE_KEY) != 0)  /* KEY */
+       if ((options & DST_TYPE_KEY) != 0)  /* KEY / HMAC */
                flags |= signatory;
        else if ((flags & DNS_KEYOWNER_ZONE) != 0) /* DNSKEY */
                flags |= ksk;

diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook
index 49d87c93458c399d544a377d404e531f673cd929..ba8d1ae53dfc97d9edfc2ac36571b077cd98f086 100644 (file)
--- a/bin/dnssec/dnssec-keygen.docbook
+++ b/bin/dnssec/dnssec-keygen.docbook
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dnssec-keygen.docbook,v 1.17 2007/05/09 01:32:08 marka Exp $ -->
+<!-- $Id: dnssec-keygen.docbook,v 1.18 2007/06/18 01:03:13 marka Exp $ -->
 <refentry id="man.dnssec-keygen">
   <refentryinfo>
     <date>June 30, 2000</date>
@@ -129,8 +129,8 @@
             zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
             a host (KEY)),
             USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
-            These values are
-            case insensitive.
+            These values are case insensitive.  Defaults to ZONE for DNSKEY
+           generation.
           </para>
         </listitem>
       </varlistentry>