Change {add,import}-zone-key passive argument to inactive

Align the *-zone-key keyword when you don't want to sign, with the
output from show-zone.

This fixes #3069

diff --git a/docs/manpages/pdnsutil.1.md b/docs/manpages/pdnsutil.1.md
index fd005949746a209e99e90da6495d101af6c00c5d..45c9c812b1c4aede5ad5f6ccdfceb8b5420a69a7 100644 (file)
--- a/docs/manpages/pdnsutil.1.md
+++ b/docs/manpages/pdnsutil.1.md
@@ -49,9 +49,9 @@ supported:
 activate-zone-key *ZONE* *KEY-ID*
 :    Activate a key with id *KEY-ID* within a zone called *ZONE*.
 
-add-zone-key *ZONE* {**KSK**,**ZSK**} [**active**,**passive**] *KEYBITS* *ALGORITHM*
+add-zone-key *ZONE* {**KSK**,**ZSK**} [**active**,**inactive**] *KEYBITS* *ALGORITHM*
 :   Create a new key for zone *ZONE*, and make it a KSK or a ZSK, with the
-    specified algorithm. The key is passive by default, set it to **active** to
+    specified algorithm. The key is inactive by default, set it to **active** to
     immediately use it to sign *ZONE*.
 
 create-bind-db *FILE*

diff --git a/docs/markdown/authoritative/dnssec.md b/docs/markdown/authoritative/dnssec.md
index dd82cf938fc77ea32bcb84ffb13e33f62e0f6e8d..e449ace1aaf9d942a981651b2ff801d982a1761a 100644 (file)
--- a/docs/markdown/authoritative/dnssec.md
+++ b/docs/markdown/authoritative/dnssec.md
@@ -170,7 +170,7 @@ If all keys are imported using this tool, a zone will serve mostly identical rec
 # Records, Keys, signatures, hashes within PowerDNSSEC in online signing mode
 Within PowerDNSSEC live signing, keys are stored separately from the zone records. Zone data are only combined with signatures and keys when requests come in over the internet.
 
-Each zone can have a number of keys associated with it, with varying key lengths. Typically 1 or at most 2 of these keys are employed as actual Zone Signing Keys (ZSKs). During normal operations, this means that only 1 ZSK is 'active', and the other is passive.
+Each zone can have a number of keys associated with it, with varying key lengths. Typically 1 or at most 2 of these keys are employed as actual Zone Signing Keys (ZSKs). During normal operations, this means that only 1 ZSK is 'active', and the other is inactive.
 
 Should it be desired to 'roll over' to a new key, both keys can temporarily be active (and used for signing), and after a while the old key can be inactivated. Subsequently it can be removed.
 

diff --git a/docs/markdown/authoritative/howtos.md b/docs/markdown/authoritative/howtos.md
index ce215fc244df64f061cdf0c8e22e4b79fbf88cb0..694f4c5b694e7f11188cb2ad7ec237ad89e42447 100644 (file)
--- a/docs/markdown/authoritative/howtos.md
+++ b/docs/markdown/authoritative/howtos.md
@@ -30,8 +30,8 @@ this rollover. This HowTo follows the rollover example from the RFCs [Appendix B
 
 We assume the zone name is example.com and is already DNSSEC signed.
 
-Start by adding a new KSK to the zone: `pdnsutil add-zone-key example.com ksk 2048 passive`.
-The "passive" means that the key is not used to sign any ZSK records. This limits
+Start by adding a new KSK to the zone: `pdnsutil add-zone-key example.com ksk 2048 inactive`.
+The "inactive" means that the key is not used to sign any ZSK records. This limits
 the size of `ANY` and DNSKEY responses.
 
 Publish the CDS records: `pdnsutil set-publish-cds example.com`, these records

diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc
index ad8a2c55a254fc460fbbaafaafc7a5b0737d54e4..2fe0ec8b82c518b02fd49074d3f1c6faa5eae342 100644 (file)
--- a/pdns/pdnsutil.cc
+++ b/pdns/pdnsutil.cc
@@ -1399,7 +1399,7 @@ try
     cerr<<"activate-tsig-key ZONE NAME {master|slave}"<<endl;
     cerr<<"                                   Enable TSIG key for a zone"<<endl;
     cerr<<"activate-zone-key ZONE KEY-ID      Activate the key with key id KEY-ID in ZONE"<<endl;
-    cerr<<"add-zone-key ZONE {zsk|ksk} [BITS] [active|passive]"<<endl;
+    cerr<<"add-zone-key ZONE {zsk|ksk} [BITS] [active|inactive]"<<endl;
     cerr<<"             [rsasha1|rsasha256|rsasha512|gost|ecdsa256|ecdsa384";
 #ifdef HAVE_LIBSODIUM
     cerr<<"|experimental-ed25519";
@@ -1436,7 +1436,7 @@ try
     cerr<<"increase-serial ZONE               Increases the SOA-serial by 1. Uses SOA-EDIT"<<endl;
     cerr<<"import-tsig-key NAME ALGORITHM KEY Import TSIG key"<<endl;
     cerr<<"import-zone-key ZONE FILE          Import from a file a private key, ZSK or KSK"<<endl;
-    cerr<<"       [active|passive] [ksk|zsk]  Defaults to KSK and active"<<endl;
+    cerr<<"       [active|inactive] [ksk|zsk]  Defaults to KSK and active"<<endl;
     cerr<<"load-zone ZONE FILE                Load ZONE from FILE, possibly creating zone or atomically"<<endl;
     cerr<<"                                   replacing contents"<<endl;
     cerr<<"list-keys [ZONE]                   List DNSSEC keys for ZONE. When ZONE is unset or \"all\", display all keys for all zones"<<endl;
@@ -1681,7 +1681,7 @@ try
         algorithm = tmp_algo;
       } else if(pdns_iequals(cmds[n], "active")) {
         active=true;
-      } else if(pdns_iequals(cmds[n], "inactive") || pdns_iequals(cmds[n], "passive")) {
+      } else if(pdns_iequals(cmds[n], "inactive") || pdns_iequals(cmds[n], "passive")) { // 'passive' eventually needs to be removed
         active=false;
       } else if(atoi(cmds[n].c_str())) {
         bits = atoi(cmds[n].c_str());
@@ -2015,7 +2015,7 @@ try
   }
   else if(cmds[0]=="import-zone-key") {
     if(cmds.size() < 3) {
-      cerr<<"Syntax: pdnsutil import-zone-key ZONE FILE [ksk|zsk] [active|passive]"<<endl;
+      cerr<<"Syntax: pdnsutil import-zone-key ZONE FILE [ksk|zsk] [active|inactive]"<<endl;
       exit(1);
     }
     string zone=cmds[1];
@@ -2039,7 +2039,7 @@ try
         dpk.d_flags = 257;
       else if(pdns_iequals(cmds[n], "active"))
         active = 1;
-      else if(pdns_iequals(cmds[n], "passive") || pdns_iequals(cmds[n], "inactive"))
+      else if(pdns_iequals(cmds[n], "passive") || pdns_iequals(cmds[n], "inactive")) // passive eventually needs to be removed
         active = 0;
       else { 
         cerr<<"Unknown key flag '"<<cmds[n]<<"'"<<endl;