GitLab

Summary

The documentation for dnssec-keygen is not up to date for rsa key max length

BIND version used

err, named -V does not return anything. is it supposed to work ? no matter. FTR, it's named 9.11.3+dfsg-1ubuntu1 from UBUNTU 18.04 LTS but I don't think it matters since git cloning the code today shows that this issue still exists

Steps to reproduce

man dnssec-keygen

What is the current bug behavior?

displays: -b keysize Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSA keys must be between 512 and 2048 bits

What is the expected correct behavior?

-b keysize Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSA keys must be between 512 and 4096 bits

see bin/dnssec/dnssec-keygen.c:#define MAX_RSA 4096 /* should be long enough... */

indeed using -b 4096 is accepted and it works.

html documentation has the same problem