From: Evan Hunt <each@isc.org>
Date: Tue, 25 Mar 2025 23:49:11 +0000 (+0000)
Subject: rem: usr: Remove unnecessary options in dnssec-keygen and dnssec-keyfromlabel
X-Git-Tag: v9.21.7~25
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b0f8b443c9fdb43f9b4d4801047b47dd286325de;p=thirdparty%2Fbind9.git

rem: usr: Remove unnecessary options in dnssec-keygen and dnssec-keyfromlabel

The `dnssec-keygen` utility (and `dnssec-keyfromlabel`, which was derived from it) had several options dating to the time when keys in DNS were still experimental and not fully specified, and when `dnssec-keygen` had the additional function of generating TSIG keys, which are now generated by `tsig-keygen`. These options are no longer necessary in the modern DNSSEC environment, and have been removed.

The removed options are:
- `-t` (key type), which formerly set flags to disable confidentiality or authentication support in a key; these are no longer used.
- `-n` (name type), which is now always set to "ZONE" for DNSKEY and "HOST" for KEY.
- `-p` (protocol), which is now always set to 3 (DNSSEC); no other value has ever been defined.
- `-s` (signatory field), which was never fully defined.
- `-d` (digest bits), which is meaningful only for TSIG keys.

Merge branch 'each-remove-keygen-options' into 'main'

See merge request isc-projects/bind9!10262
---

b0f8b443c9fdb43f9b4d4801047b47dd286325de