be one of RSASHA1, NSEC3RSASHA1, RSASHA256, RSASHA512,
ECDSAP256SHA256, ECDSAP384SHA384, ED25519, or ED448.
- If no algorithm is specified, RSASHA1 is used by default
- unless the :option:`-3` option is specified, in which case NSEC3RSASHA1
- is used instead. (If :option:`-3` is used and an algorithm is
- specified, that algorithm is checked for compatibility with
- NSEC3.)
-
These values are case-insensitive. In some cases, abbreviations are
supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 for
ECDSAP384SHA384. If RSASHA1 is specified along with the :option:`-3`
option, then NSEC3RSASHA1 is used instead.
- Since BIND 9.12.0, this option is mandatory except when using the
+ This option is mandatory except when using the
:option:`-S` option, which copies the algorithm from the predecessory key.
- Previously, the default for newly generated keys was RSASHA1.
+
+ .. versionchanged:: 9.12.0
+ The default value RSASHA1 for newly generated keys was removed.
.. option:: -3
be one of RSASHA1, NSEC3RSASHA1, RSASHA256, RSASHA512,
ECDSAP256SHA256, ECDSAP384SHA384, ED25519, or ED448.
.sp
-If no algorithm is specified, RSASHA1 is used by default
-unless the \fI\%\-3\fP option is specified, in which case NSEC3RSASHA1
-is used instead. (If \fI\%\-3\fP is used and an algorithm is
-specified, that algorithm is checked for compatibility with
-NSEC3.)
-.sp
These values are case\-insensitive. In some cases, abbreviations are
supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 for
ECDSAP384SHA384. If RSASHA1 is specified along with the \fI\%\-3\fP
option, then NSEC3RSASHA1 is used instead.
.sp
-Since BIND 9.12.0, this option is mandatory except when using the
+This option is mandatory except when using the
\fI\%\-S\fP option, which copies the algorithm from the predecessory key.
-Previously, the default for newly generated keys was RSASHA1.
+.sp
+Changed in version 9.12.0: The default value RSASHA1 for newly generated keys was removed.
+
.UNINDENT
.INDENT 0.0
.TP