case DST_ALG_NSEC3RSASHA1:
case DST_ALG_RSASHA256:
case DST_ALG_RSASHA512:
- if ((kskflag & DNS_KEYFLAG_KSK) != 0) {
- size = 2048;
- } else {
- size = 1024;
- }
+ size = 2048;
if (verbose > 0) {
fprintf(stderr, "key size not "
"specified; defaulting"
</para>
<para>
If the key size is not specified, some algorithms have
- pre-defined defaults. For example, RSA keys for use as
- DNSSEC zone signing keys have a default size of 1024 bits;
- RSA keys for use as key signing keys (KSKs, generated with
- <option>-f KSK</option>) default to 2048 bits.
+ pre-defined defaults. For instance, RSA keys have a default
+ size of 2048 bits.
</para>
</listitem>
</varlistentry>
projects / thirdparty / bind9.git / commitdiff
