From: Mark Andrews <marka@isc.org>
Date: Tue, 25 Mar 2025 03:15:37 +0000 (+1100)
Subject: DNS_KEYTYPE_NOKEY is only applicable to KEY
X-Git-Tag: v9.18.36~11^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f095d22adf36121fbb8d8a523bedce739eaa9fe3;p=thirdparty%2Fbind9.git

DNS_KEYTYPE_NOKEY is only applicable to KEY

(cherry picked from commit 53c6721abc49746d91e61a5bb2cbbea24d64dd72)
---

diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c
index 7e6d2d30dc4..44008bbce5a 100644
--- a/bin/dnssec/dnssec-keygen.c
+++ b/bin/dnssec/dnssec-keygen.c
@@ -631,7 +631,9 @@ keygen(keygen_ctx_t *ctx, isc_mem_t *mctx, int argc, char **argv) {
 		break;
 	}
 
-	if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) {
+	if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY &&
+	    (ctx->options & DST_TYPE_KEY) != 0)
+	{
 		null_key = true;
 	}