449287 – dns-keygen undocumented and unhelpful

Bug 449287 - dns-keygen undocumented and unhelpful

Summary: dns-keygen undocumented and unhelpful

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	bind
Sub Component:
Version:	9
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Adam Tkac
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-06-01 20:04 UTC by Jay Levitt
Modified:	2013-04-30 23:39 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2008-06-02 12:17:27 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Jay Levitt 2008-06-01 20:04:00 UTC

Description of problem:

The sample file /usr/share/doc/bind-9.5.0/sample/etc/named.conf includes the
following section:

key ddns_key
{
	algorithm hmac-md5;
	secret "use /usr/sbin/dns-keygen to generate TSIG keys";
};

However, there is no man page for dns-keygen, and it does not respond to -h or
--help options.  I suspect it *may* be obsolete now that bind comes with
dnssec-keygen.  No matter what arguments I give it, it spits out an encrypted
string.  Talk about secure!  (Yeah, I know, it's an MD5 hash, apparently salted.)

Version-Release number of selected component (if applicable):
9.5.0-29.b2.fc9

Suggested fix:

Either 

1. Remove dns-keygen from the package, OR

2a. Add a manpage
2b. Add -h/--help options

Comment 1 Adam Tkac 2008-06-02 12:17:27 UTC

That executable is not part of upstream distribution, we only used it to
generate /etc/rndc.key file. That file is now generated with rndc-confgen -a
utility and dns-keygen is removed.

Fixed in rawhide, I'm not going to fix it in F9. If you want this fixed also in
F9 please reopen this bug. Thanks for your report

Note You need to log in before you can comment on or make changes to this bug.