From f095d22adf36121fbb8d8a523bedce739eaa9fe3 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Tue, 25 Mar 2025 14:15:37 +1100 Subject: [PATCH] DNS_KEYTYPE_NOKEY is only applicable to KEY (cherry picked from commit 53c6721abc49746d91e61a5bb2cbbea24d64dd72) --- bin/dnssec/dnssec-keygen.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c index 7e6d2d30dc..44008bbce5 100644 --- a/bin/dnssec/dnssec-keygen.c +++ b/bin/dnssec/dnssec-keygen.c @@ -631,7 +631,9 @@ keygen(keygen_ctx_t *ctx, isc_mem_t *mctx, int argc, char **argv) { break; } - if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) { + if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY && + (ctx->options & DST_TYPE_KEY) != 0) + { null_key = true; }