unable to generate KSK key file

[mgrant0]

I'm running zonesigner like this:

zonesigner -genkeys example.com example.com.signed

I'm seeing the following fatal error:

dnssec-keygen: fatal: The -r option has been deprecated.
System random data is always used.

dnssec-keygen: fatal: The -r option has been deprecated.
System random data is always used.

dnssec-keygen: fatal: The -r option has been deprecated.
System random data is always used.

unable to generate KSK key file

I traced this down to the option random being set in /etc/dnssec-tools/dnssec-tools.conf. So I commented the random /dev/urandom line out, but if it's not set there, it takes its default from /usr/share/perl5/Net/DNS/SEC/Tools/defaults.pm. I couldn't find a way to unset the random option such that it doesn't set it to /dev/urandom.

However, the -r option is deprecated. Lines 763-767 of zonesigner should probably be removed:

	if($random ne "")
	{
		$opts{'random'} = $random;
		$random = "-r $random";
	}

and these lines too probably should be removed:

	#
	# If a new random-number generator is wanted, then we'll get it now.
	#
	if(defined($opts{'new_random'}))
	{
		$random = "-r $opts{'new_random'}";
		$opts{'random'} = $opts{'new_random'};
		delete($opts{'new_random'});
		keyrec_delval($zone,'new_random');
	}

and $random removed from line 1774

$cmdopts = "$kgopts $random $alg $ksize";

and the docs updated.