Bug 449287 - dns-keygen undocumented and unhelpful
dns-keygen undocumented and unhelpful
Product: Fedora
Classification: Fedora
Component: bind (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Adam Tkac
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-06-01 16:04 EDT by Jay Levitt
Modified: 2013-04-30 19:39 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-06-02 08:17:27 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jay Levitt 2008-06-01 16:04:00 EDT
Description of problem:

The sample file /usr/share/doc/bind-9.5.0/sample/etc/named.conf includes the
following section:

key ddns_key
	algorithm hmac-md5;
	secret "use /usr/sbin/dns-keygen to generate TSIG keys";

However, there is no man page for dns-keygen, and it does not respond to -h or
--help options.  I suspect it *may* be obsolete now that bind comes with
dnssec-keygen.  No matter what arguments I give it, it spits out an encrypted
string.  Talk about secure!  (Yeah, I know, it's an MD5 hash, apparently salted.)

Version-Release number of selected component (if applicable):

Suggested fix:


1. Remove dns-keygen from the package, OR

2a. Add a manpage
2b. Add -h/--help options
Comment 1 Adam Tkac 2008-06-02 08:17:27 EDT
That executable is not part of upstream distribution, we only used it to
generate /etc/rndc.key file. That file is now generated with rndc-confgen -a
utility and dns-keygen is removed.

Fixed in rawhide, I'm not going to fix it in F9. If you want this fixed also in
F9 please reopen this bug. Thanks for your report

Note You need to log in before you can comment on or make changes to this bug.