Make add-zone-key default to KSK rather than ZSK.

docs/manpages/pdnsutil.1.rst

@@ -49,7 +49,7 @@ algorithms are supported:
 activate-zone-key *ZONE* *KEY-ID*
     Activate a key with id *KEY-ID* within a zone called *ZONE*.
 add-zone-key *ZONE* [**KSK**,\ **ZSK**] [**active**,\ **inactive**] [**published**,\ **unpublished**] [*KEYBITS*] [*ALGORITHM*]
-    Create a new key for zone *ZONE*, and make it a KSK or a ZSK (default), with
+    Create a new key for zone *ZONE*, and make it a KSK (default) or a ZSK, with
     the specified algorithm. The key is inactive by default, set it to
     **active** to immediately use it to sign *ZONE*. The key is published
     in the zone by default, set it to **unpublished** to keep it from

pdns/pdnsutil.cc

@@ -2924,7 +2924,7 @@ static int unpublishZoneKey(vector<string>& cmds)
 
 static int addZoneKey(vector<string>& cmds)
 {
-  if(cmds.size() < 3 ) {
+  if(cmds.size() < 2 ) {
     cerr << "Syntax: pdnsutil add-zone-key ZONE [zsk|ksk] [BITS] [active|inactive] [rsasha1|rsasha1-nsec3-sha1|rsasha256|rsasha512|ecdsa256|ecdsa384";
 #if defined(HAVE_LIBSODIUM) || defined(HAVE_LIBCRYPTO_ED25519)
     cerr << "|ed25519";
@@ -2934,7 +2934,7 @@ static int addZoneKey(vector<string>& cmds)
 #endif
     cerr << "]"<<endl;
     cerr << endl;
-    cerr << "If zsk|ksk is omitted, add-zone-key makes a key with flags 256 (a 'ZSK')."<<endl;
+    cerr << "If zsk|ksk is omitted, add-zone-key makes a key with flags 257 (a 'KSK')."<<endl;
     return 0;
   }
   DNSSECKeeper dk; //NOLINT(readability-identifier-length)
@@ -2949,7 +2949,7 @@ static int addZoneKey(vector<string>& cmds)
   }
 
   // Try to get algorithm, bits & ksk or zsk from commandline
-  bool keyOrZone=false;
+  bool keyOrZone=true; // default to KSK
   int tmp_algo=0;
   int bits=0;
   int algorithm=-1;