Bug 449287 - dns-keygen undocumented and unhelpful
Summary: dns-keygen undocumented and unhelpful
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: bind
Version: 9
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Adam Tkac
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-06-01 20:04 UTC by Jay Levitt
Modified: 2013-04-30 23:39 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2008-06-02 12:17:27 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Jay Levitt 2008-06-01 20:04:00 UTC
Description of problem:

The sample file /usr/share/doc/bind-9.5.0/sample/etc/named.conf includes the
following section:

key ddns_key
{
	algorithm hmac-md5;
	secret "use /usr/sbin/dns-keygen to generate TSIG keys";
};

However, there is no man page for dns-keygen, and it does not respond to -h or
--help options.  I suspect it *may* be obsolete now that bind comes with
dnssec-keygen.  No matter what arguments I give it, it spits out an encrypted
string.  Talk about secure!  (Yeah, I know, it's an MD5 hash, apparently salted.)

Version-Release number of selected component (if applicable):
9.5.0-29.b2.fc9

Suggested fix:

Either 

1. Remove dns-keygen from the package, OR

2a. Add a manpage
2b. Add -h/--help options

Comment 1 Adam Tkac 2008-06-02 12:17:27 UTC
That executable is not part of upstream distribution, we only used it to
generate /etc/rndc.key file. That file is now generated with rndc-confgen -a
utility and dns-keygen is removed.

Fixed in rawhide, I'm not going to fix it in F9. If you want this fixed also in
F9 please reopen this bug. Thanks for your report


Note You need to log in before you can comment on or make changes to this bug.