From: Mark Andrews Date: Mon, 18 Jun 2007 01:03:13 +0000 (+0000) Subject: 2195. [func] dnssec-keygen now defaults to nametype "ZONE" X-Git-Tag: v9.5.0a6~36 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bf45f72ed319628eebce60c368177320943d001f;p=thirdparty%2Fbind9.git 2195. [func] dnssec-keygen now defaults to nametype "ZONE" when generating DNSKEYs. [RT #16954] --- diff --git a/CHANGES b/CHANGES index 6fc5263bdf0..a2cd9b4d02a 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +2195. [func] dnssec-keygen now defaults to nametype "ZONE" + when generating DNSKEYs. [RT #16954] + 2194. [bug] Close journal before calling 'done' in xfrin.c. --- 9.5.0a5 released --- diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c index ab6f06dc9f0..81243999d3a 100644 --- a/bin/dnssec/dnssec-keygen.c +++ b/bin/dnssec/dnssec-keygen.c @@ -16,7 +16,7 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-keygen.c,v 1.76 2007/05/21 02:47:25 marka Exp $ */ +/* $Id: dnssec-keygen.c,v 1.77 2007/06/18 01:03:13 marka Exp $ */ /*! \file */ @@ -61,7 +61,7 @@ dsa_size_ok(int size) { static void usage(void) { fprintf(stderr, "Usage:\n"); - fprintf(stderr, " %s -a alg -b bits -n type [options] name\n\n", + fprintf(stderr, " %s -a alg -b bits [-n type] [options] name\n\n", program); fprintf(stderr, "Version: %s\n", VERSION); fprintf(stderr, "Required options:\n"); @@ -78,6 +78,7 @@ usage(void) { fprintf(stderr, " HMAC-SHA384:\t[1..384]\n"); fprintf(stderr, " HMAC-SHA512:\t[1..512]\n"); fprintf(stderr, " -n nametype: ZONE | HOST | ENTITY | USER | OTHER\n"); + fprintf(stderr, " (DNSKEY generation defaults to ZONE\n"); fprintf(stderr, " name: owner of the key\n"); fprintf(stderr, "Other options:\n"); fprintf(stderr, " -c (default: IN)\n"); @@ -363,11 +364,13 @@ main(int argc, char **argv) { if (alg != DNS_KEYALG_DH && generator != 0) fatal("specified DH generator for a non-DH key"); - if (nametype == NULL) - fatal("no nametype specified"); - if (strcasecmp(nametype, "zone") == 0) + if (nametype == NULL) { + if ((options & DST_TYPE_KEY) != 0) /* KEY / HMAC */ + fatal("no nametype specified"); + flags |= DNS_KEYOWNER_ZONE; /* DNSKEY */ + } else if (strcasecmp(nametype, "zone") == 0) flags |= DNS_KEYOWNER_ZONE; - else if ((options & DST_TYPE_KEY) != 0) { /* KEY */ + else if ((options & DST_TYPE_KEY) != 0) { /* KEY / HMAC */ if (strcasecmp(nametype, "host") == 0 || strcasecmp(nametype, "entity") == 0) flags |= DNS_KEYOWNER_ENTITY; @@ -380,7 +383,7 @@ main(int argc, char **argv) { rdclass = strtoclass(classname); - if ((options & DST_TYPE_KEY) != 0) /* KEY */ + if ((options & DST_TYPE_KEY) != 0) /* KEY / HMAC */ flags |= signatory; else if ((flags & DNS_KEYOWNER_ZONE) != 0) /* DNSKEY */ flags |= ksk; diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook index 49d87c93458..ba8d1ae53df 100644 --- a/bin/dnssec/dnssec-keygen.docbook +++ b/bin/dnssec/dnssec-keygen.docbook @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> - + June 30, 2000 @@ -129,8 +129,8 @@ zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). - These values are - case insensitive. + These values are case insensitive. Defaults to ZONE for DNSKEY + generation.