DNS_KEYTYPE_NOKEY is only applicable to KEY

author Mark Andrews <marka@isc.org>

Tue, 25 Mar 2025 03:15:37 +0000 (14:15 +1100)

committer Evan Hunt <each@isc.org>

Tue, 25 Mar 2025 07:04:36 +0000 (00:04 -0700)
author Mark Andrews <marka@isc.org>
Tue, 25 Mar 2025 03:15:37 +0000 (14:15 +1100)
committer Evan Hunt <each@isc.org>
Tue, 25 Mar 2025 07:04:36 +0000 (00:04 -0700)
diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c

index 7e6d2d30dc48a425d9185c55d4d8bc0c29ec592d..44008bbce5a777c51a7991319813a88a8da2b7ca 100644 (file)
--- a/bin/dnssec/dnssec-keygen.c
+++ b/bin/dnssec/dnssec-keygen.c
@@ -631,7 +631,9 @@ keygen(keygen_ctx_t *ctx, isc_mem_t *mctx, int argc, char **argv) {
                 break;
         }
  
-       if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) {
+       if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY &&
+           (ctx->options & DST_TYPE_KEY) != 0)
+       {
                 null_key = true;
         }
author	Mark Andrews <marka@isc.org>
	Tue, 25 Mar 2025 03:15:37 +0000 (14:15 +1100)
committer	Evan Hunt <each@isc.org>
	Tue, 25 Mar 2025 07:04:36 +0000 (00:04 -0700)