From: Mark Andrews <marka@isc.org>
Date: Tue, 25 Mar 2025 03:15:37 +0000 (+1100)
Subject: DNS_KEYTYPE_NOKEY is only applicable to KEY
X-Git-Tag: v9.21.7~30^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=53c6721abc49746d91e61a5bb2cbbea24d64dd72;p=thirdparty%2Fbind9.git

DNS_KEYTYPE_NOKEY is only applicable to KEY
---

diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c
index 849dd177d4b..973e9c13747 100644
--- a/bin/dnssec/dnssec-keygen.c
+++ b/bin/dnssec/dnssec-keygen.c
@@ -588,7 +588,9 @@ keygen(keygen_ctx_t *ctx, isc_mem_t *mctx, int argc, char **argv) {
 		break;
 	}
 
-	if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) {
+	if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY &&
+	    (ctx->options & DST_TYPE_KEY) != 0)
+	{
 		null_key = true;
 	}