DNS_KEYTYPE_NOKEY is only applicable to KEY

author Mark Andrews <marka@isc.org>

Tue, 25 Mar 2025 03:15:37 +0000 (14:15 +1100)

committer Evan Hunt <each@isc.org>

Tue, 25 Mar 2025 06:52:02 +0000 (23:52 -0700)
author Mark Andrews <marka@isc.org>
Tue, 25 Mar 2025 03:15:37 +0000 (14:15 +1100)
committer Evan Hunt <each@isc.org>
Tue, 25 Mar 2025 06:52:02 +0000 (23:52 -0700)
diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c

index 071e1351ec81e71352169bcda9211b893bfcdefc..1b1be2c8aa8532b65eff8cda7daf7555dc87bc02 100644 (file)
--- a/bin/dnssec/dnssec-keygen.c
+++ b/bin/dnssec/dnssec-keygen.c
@@ -596,7 +596,9 @@ keygen(keygen_ctx_t *ctx, isc_mem_t *mctx, int argc, char **argv) {
                 break;
         }
  
-       if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) {
+       if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY &&
+           (ctx->options & DST_TYPE_KEY) != 0)
+       {
                 null_key = true;
         }
author	Mark Andrews <marka@isc.org>
	Tue, 25 Mar 2025 03:15:37 +0000 (14:15 +1100)
committer	Evan Hunt <each@isc.org>
	Tue, 25 Mar 2025 06:52:02 +0000 (23:52 -0700)