Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 236942 - dnssec-keygen refuses to generate keys
dnssec-keygen refuses to generate keys
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: bind (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: Adam Tkac
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-04-18 12:20 EDT by Tim W.
Modified: 2013-04-30 19:35 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-05-02 12:06:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Tim W. 2007-04-18 12:20:25 EDT 
Description of problem:
The dnssec-keygen key generation utility refuses to generate keys using many of
the supported (according to the man page) algorithms.

Version-Release number of selected component (if applicable):
[root@executor ~]# rpm -qa | grep bind
bind-utils-9.3.4-3.fc6
system-config-bind-4.0.1-2.fc6
bind-libs-9.3.4-3.fc6
bind-9.3.4-3.fc6
ypbind-1.19-6.fc6


How reproducible:
always

Steps to Reproduce:
1.Run the command line as root: 
[root@executor ~]# dnssec-keygen -a RSASHA1 -b 512 -n HOST executor.mylan.lan
2.Observe the error message:  "dnssec-keygen: invalid DNSKEY nametype HOST"
3.Run the command line as root:
[root@executor ~]# dnssec-keygen -a HMAC-MD5 -b 512 -n HOST executor.mylan.lan
4.Observe successful key generation


Actual results:
With RSASHA1, DSA, and presumably more (these were the only two I tested before
I hit success with HMAC-MD5), the command throws an error. 

Expected results:
I expected a key to be generated using the specified algorithm

Additional info:
I found this bug showing up elsewhere:
http://bugs.donarmstrong.com/cgi-bin/bugreport.cgi?bug=332988
Comment 1 Adam Tkac 2007-05-02 12:06:22 EDT 
Of course that "dnssec-keygen -a RSASHA1 -b 512 -n HOST executor.mylan.lan"
fails because name type isn't allowed to DNSKEY. Please see dnssec-keygen
manpage (especially -n option to allowed keytype/nametype pairs and -k option -
it generated KEY instead DNSKEY). "dnssec-keygen -a RSASHA1 -b 512 -n HOST -k
executor.mylan.lan" works perfectly.

Regards, Adam
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.