diff --git a/CHANGES b/CHANGES
index c847acedbf..83744ae8df 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,8 @@
+3086.	[bug]		Running dnssec-settime -f on an old-style key will
+			now force an update to the new key format even if no
+			other change has been specified, using "-P now -A now"
+			as default values.  [RT #22474]
+
 3085.	[func]		New '-R' option in dnssec-signzone forces removal
 			of signatures which have not yet expired but
 			were generated by a key that no longer exists.
diff --git a/bin/dnssec/dnssec-settime.c b/bin/dnssec/dnssec-settime.c
index 9703919f4e..ca04e63435 100644
--- a/bin/dnssec/dnssec-settime.c
+++ b/bin/dnssec/dnssec-settime.c
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-settime.c,v 1.30 2011/03/17 23:47:29 tbox Exp $ */
+/* $Id: dnssec-settime.c,v 1.31 2011/03/21 15:56:35 each Exp $ */
 
 /*! \file */
 
@@ -237,7 +237,6 @@ main(int argc, char **argv) {
 				ttl = 0;
 			else
 				ttl = strtottl(isc_commandline_argument);
-			changed = ISC_TRUE;
 			setttl = ISC_TRUE;
 			break;
 		case 'v':
@@ -526,6 +525,19 @@ main(int argc, char **argv) {
 	if (setttl)
 		dst_key_setttl(key, ttl);
 
+	/*
+	 * No metadata changes were made but we're forcing an upgrade
+	 * to the new format anyway: use "-P now -A now" as the default
+	 */
+	if (force && !changed) {
+		dst_key_settime(key, DST_TIME_PUBLISH, now);
+		dst_key_settime(key, DST_TIME_ACTIVATE, now);
+		changed = ISC_TRUE;
+	}
+
+	if (!changed && setttl)
+		changed = ISC_TRUE;
+
 	/*
 	 * Print out time values, if -p was used.
 	 */
diff --git a/bin/dnssec/dnssec-settime.docbook b/bin/dnssec/dnssec-settime.docbook
index 3528187a00..e69a48f957 100644
--- a/bin/dnssec/dnssec-settime.docbook
+++ b/bin/dnssec/dnssec-settime.docbook
@@ -17,7 +17,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dnssec-settime.docbook,v 1.13 2011/03/17 23:47:29 tbox Exp $ -->
+<!-- $Id: dnssec-settime.docbook,v 1.14 2011/03/21 15:56:35 each Exp $ -->
 <refentry id="man.dnssec-settime">
   <refentryinfo>
     <date>July 15, 2009</date>
@@ -100,7 +100,9 @@
             fail when attempting to update a legacy key.  With this option,
             the key will be recreated in the new format, but with the
             original key data retained.  The key's creation date will be
-            set to the present time. 
+            set to the present time.  If no other values are specified, 
+            then the key's publication and activation dates will also 
+            be set to the present time.
 	  </para>
         </listitem>
       </varlistentry>
diff --git a/bin/tests/system/metadata/clean.sh b/bin/tests/system/metadata/clean.sh
index c77b7e6a7d..c1d7017d09 100644
--- a/bin/tests/system/metadata/clean.sh
+++ b/bin/tests/system/metadata/clean.sh
@@ -14,10 +14,10 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: clean.sh,v 1.3 2009/11/30 23:48:02 tbox Exp $
+# $Id: clean.sh,v 1.4 2011/03/21 15:56:35 each Exp $
 
 rm -f K* dsset-* *.signed *.new random.data
 rm -f zsk.key ksk.key parent.ksk.key parent.zsk.key 
 rm -f pending.key rolling.key standby.key inact.key
-rm -f prerev.key postrev.key
+rm -f prerev.key postrev.key oldstyle.key
 rm -f keys sigs
diff --git a/bin/tests/system/metadata/setup.sh b/bin/tests/system/metadata/setup.sh
index 7fa6b60765..2b75c10a8f 100644
--- a/bin/tests/system/metadata/setup.sh
+++ b/bin/tests/system/metadata/setup.sh
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: setup.sh,v 1.3 2009/11/30 23:48:02 tbox Exp $
+# $Id: setup.sh,v 1.4 2011/03/21 15:56:35 each Exp $
 
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
@@ -66,3 +66,6 @@ echo $pzsk > parent.zsk.key
 pksk=`$KEYGEN -q -r $RANDFILE -fk $pzone`
 echo $pksk > parent.ksk.key
 
+oldstyle=`$KEYGEN -Cq -r $RANDFILE $pzone`
+echo $oldstyle > oldstyle.key
+
diff --git a/bin/tests/system/metadata/tests.sh b/bin/tests/system/metadata/tests.sh
index 6f8addec8c..e29d8f7eb8 100644
--- a/bin/tests/system/metadata/tests.sh
+++ b/bin/tests/system/metadata/tests.sh
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: tests.sh,v 1.7 2011/03/05 23:52:30 tbox Exp $
+# $Id: tests.sh,v 1.8 2011/03/21 15:56:35 each Exp $
 
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
@@ -134,5 +134,16 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+echo "I:checking update of an old-style key"
+ret=0
+# printing metadata should not work with an old-style key
+$SETTIME -pall `cat oldstyle.key` > /dev/null 2>&1 && ret=1
+$SETTIME -f `cat oldstyle.key` > /dev/null 2>&1 || ret=1
+# but now it should
+$SETTIME -pall `cat oldstyle.key` > /dev/null 2>&1 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:exit status: $status"
 exit $status