From 28080ce601883f0e15fdc6ded1a20cb7d41f6039 Mon Sep 17 00:00:00 2001
From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Tue, 19 Sep 2017 16:28:16 +0200
Subject: [PATCH] Fix doc and message nits

---
 docs/http-api/endpoint-cryptokeys.rst |  2 +-
 docs/settings.rst                     | 64 ++++++++++++++++-----------
 pdns/common_startup.cc                |  6 +--
 pdns/pdnsutil.cc                      |  4 +-
 4 files changed, 43 insertions(+), 33 deletions(-)

diff --git a/docs/http-api/endpoint-cryptokeys.rst b/docs/http-api/endpoint-cryptokeys.rst
index ffb7fc61e..ce35115b2 100644
--- a/docs/http-api/endpoint-cryptokeys.rst
+++ b/docs/http-api/endpoint-cryptokeys.rst
@@ -19,7 +19,7 @@ These endpoints allow for the manipulation of DNSSEC crypto material.
 
   if ``content``, ``bits`` and ``algo`` are null, a key will be generated based
   on the :ref:`setting-default-ksk-algorithm` and :ref:`setting-default-ksk-size`
-  sttings for a KSK and the :ref:`setting-default-zsk-algorithm` and :ref:`setting-default-zsk-size`
+  settings for a KSK and the :ref:`setting-default-zsk-algorithm` and :ref:`setting-default-zsk-size`
   options for a ZSK.
 
   :param server_id: The name of the server
diff --git a/docs/settings.rst b/docs/settings.rst
index a0d2fe4d7..f67f185c2 100644
--- a/docs/settings.rst
+++ b/docs/settings.rst
@@ -281,24 +281,29 @@ Operate as a daemon.
 -  Default: ecdsa256
 
 .. versionchanged:: 4.1.0
-  Renamed from ``default-ksk-algorithms``. Does no longer support multiple algorithm names.
+  Renamed from ``default-ksk-algorithms``. No longer supports multiple algorithm names.
 
 The algorithm that should be used for the KSK when running
-:doc:`pdnsutil secure-zone <manpages/pdnsutil.1>`. Must be one
-of: 
-
-* rsamd5 
-* dh 
-* dsa 
-* ecc 
-* rsasha1 
-* rsasha256 
+:doc:`pdnsutil secure-zone <manpages/pdnsutil.1>` or using the :doc:`Zone API endpoint <http-api/endpoint-zones>`
+to enable DNSSEC. Must be one of:
+
+* rsamd5
+* dh
+* dsa
+* ecc
+* rsasha1
+* rsasha256
 * rsasha512
-* ecc-gost 
-* ecdsa256 (ECDSA P-256 with SHA256) 
-* ecdsa384 (ECDSA P-384 with SHA384) 
+* ecc-gost
+* ecdsa256 (ECDSA P-256 with SHA256)
+* ecdsa384 (ECDSA P-384 with SHA384)
 * ed25519
 
+.. note::
+  Actual supported algorithms depend on the crypto-libraries
+  PowerDNS was compiled against. To check the supported DNSSEC algoritms
+  in your build of PowerDNS, run ``pdnsutil list-algorithms``.
+
 .. _setting-default-ksk-size:
 
 ``default-ksk-size``
@@ -308,7 +313,7 @@ of:
 -  Default: whichever is default for `default-ksk-algorithm`_
 
 The default keysize for the KSK generated with :doc:`pdnsutil secure-zone <dnssec/pdnsutil>`.
-Only relevant for algorithms with non-fixed keysizes (like RSA)
+Only relevant for algorithms with non-fixed keysizes (like RSA).
 
 .. _setting-default-soa-name:
 
@@ -375,21 +380,26 @@ TTL to use when none is provided.
   Renamed from ``default-zsk-algorithms``. Does no longer support multiple algorithm names.
 
 The algorithm that should be used for the ZSK when running
-:doc:`pdnsutil secure-zone <manpages/pdnsutil.1>`. Must be one
-of: 
-
-* rsamd5 
-* dh 
-* dsa 
-* ecc 
-* rsasha1 
-* rsasha256 
+:doc:`pdnsutil secure-zone <manpages/pdnsutil.1>` or using the :doc:`Zone API endpoint <http-api/endpoint-zones>`
+to enable DNSSEC. Must be one of:
+
+* rsamd5
+* dh
+* dsa
+* ecc
+* rsasha1
+* rsasha256
 * rsasha512
-* ecc-gost 
-* ecdsa256 (ECDSA P-256 with SHA256) 
-* ecdsa384 (ECDSA P-384 with SHA384) 
+* ecc-gost
+* ecdsa256 (ECDSA P-256 with SHA256)
+* ecdsa384 (ECDSA P-384 with SHA384)
 * ed25519
 
+.. note::
+  Actual supported algorithms depend on the crypto-libraries
+  PowerDNS was compiled against. To check the supported DNSSEC algoritms
+  in your build of PowerDNS, run ``pdnsutil list-algorithms``.
+
 .. _setting-default-zsk-size:
 
 ``default-zsk-size``
@@ -399,7 +409,7 @@ of:
 -  Default: 0 (automatic default for `default-zsk-algorithm`_)
 
 The default keysize for the ZSK generated with :doc:`pdnsutil secure-zone <dnssec/pdnsutil>`.
-Only relevant for algorithms with non-fixed keysizes (like RSA)
+Only relevant for algorithms with non-fixed keysizes (like RSA).
 
 .. _setting-direct-dnskey:
 
diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index 336426a86..28867457f 100644
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -184,9 +184,9 @@ void declareArguments()
 
   ::arg().setSwitch("traceback-handler","Enable the traceback handler (Linux only)")="yes";
   ::arg().setSwitch("direct-dnskey","Fetch DNSKEY RRs from backend during DNSKEY synthesis")="no";
-  ::arg().set("default-ksk-algorithm","Default KSK algorithms")="ecdsa256";
+  ::arg().set("default-ksk-algorithm","Default KSK algorithm")="ecdsa256";
   ::arg().set("default-ksk-size","Default KSK size (0 means default)")="0";
-  ::arg().set("default-zsk-algorithm","Default ZSK algorithms")="";
+  ::arg().set("default-zsk-algorithm","Default ZSK algorithm")="";
   ::arg().set("default-zsk-size","Default ZSK size (0 means default)")="0";
   ::arg().set("max-nsec3-iterations","Limit the number of NSEC3 hash iterations")="500"; // RFC5155 10.3
 
@@ -533,7 +533,7 @@ void mainthread()
     if (algo == -1)
       L<<Logger::Warning<<"Warning: default-"<<algotype<<"-algorithm set to unknown algorithm: "<<::arg()["default-"+algotype+"-algorithm"]<<endl;
     else if (algo <= 10 && size == 0)
-      L<<Logger::Warning<<"Warning: default-"<<algotype<<"-algorithm is set to an algorithm("<<::arg()["default-"+algotype+"-algorithm"]<<") that requires a non-zero default-"<<algotype<<"-size!"<<endl;
+      L<<Logger::Warning<<"Warning: default-"<<algotype<<"-algorithm is set to an algorithm ("<<::arg()["default-"+algotype+"-algorithm"]<<") that requires a non-zero default-"<<algotype<<"-size!"<<endl;
   }
 
   // NOW SAFE TO CREATE THREADS!
diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc
index f6b43bc22..278a8a617 100644
--- a/pdns/pdnsutil.cc
+++ b/pdns/pdnsutil.cc
@@ -80,9 +80,9 @@ void loadMainConfig(const std::string& configdir)
   string configname=::arg()["config-dir"]+"/"+s_programname+".conf";
   cleanSlashes(configname);
 
-  ::arg().set("default-ksk-algorithm","Default KSK algorithms")="ecdsa256";
+  ::arg().set("default-ksk-algorithm","Default KSK algorithm")="ecdsa256";
   ::arg().set("default-ksk-size","Default KSK size (0 means default)")="0";
-  ::arg().set("default-zsk-algorithm","Default ZSK algorithms")="";
+  ::arg().set("default-zsk-algorithm","Default ZSK algorithm")="";
   ::arg().set("default-zsk-size","Default ZSK size (0 means default)")="0";
   ::arg().set("default-soa-edit","Default SOA-EDIT value")="";
   ::arg().set("default-soa-edit-signed","Default SOA-EDIT value for signed zones")="";
-- 
2.40.0