diff --git a/NEWS b/NEWS
index 434ccafa..9479ea1a 100644
--- a/NEWS
+++ b/NEWS
@@ -16,6 +16,9 @@
    - `sq key adopt` sets the key's creation time to the current time
      (while respecting `--time`) if `--creation-time` is not
      specified, and the key's time is the Unix epoch.
+   - To select the type of generated DNS resource records a new switch
+     has been introduced.  `sq network dane generate --type generic`
+     replaces the old `--generic` flag.
 * Changes in 0.38.0
 ** Notable changes
    - New subcommand `sq key subkey delete` to delete secret key
diff --git a/src/cli/network/dane.rs b/src/cli/network/dane.rs
index 8cb6d4cc..e20e360e 100644
--- a/src/cli/network/dane.rs
+++ b/src/cli/network/dane.rs
@@ -61,7 +61,7 @@ emitted.  If multiple user IDs map to one email address, then all \
 matching user IDs are included in the emitted certificates.
 
 By default, OPENPGPKEY resource records are emitted.  If your DNS \
-server doesn't understand those, use `--generic` to emit generic \
+server doesn't understand those, use `--type generic` to emit generic \
 records instead.
 ",
     after_help = GENERATE_EXAMPLES,
@@ -95,11 +95,15 @@ pub struct GenerateCommand {
         help = "Try to shrink the certificates to this size",
     )]
     pub size_limit: usize,
+
     #[clap(
-        long = "generic",
-        help = "Emit generic resource records [default: OPENPGPKEY records]",
+        long = "type",
+        value_name = "TYPE",
+        default_value = "openpgp",
+        help = "Change the emitted resource record type",
     )]
-    pub generic: bool,
+    pub typ: ResourceRecordType,
+
     #[clap(
         long = "skip",
         help = "Skip expired certificates and those that do not have \
@@ -108,6 +112,14 @@ pub struct GenerateCommand {
     pub skip: bool,
 }
 
+#[derive(clap::ValueEnum, Clone, Copy, Debug, Default, PartialEq, Eq)]
+pub enum ResourceRecordType {
+    #[default]
+    #[clap(name = "openpgp")]
+    OpenPGP,
+    Generic,
+}
+
 #[derive(Debug, Args)]
 #[clap(
     about = "Retrieve certificates using DANE",
diff --git a/src/commands/network.rs b/src/commands/network.rs
index 17945a98..78508550 100644
--- a/src/commands/network.rs
+++ b/src/commands/network.rs
@@ -1220,11 +1220,17 @@ pub fn dispatch_dane(mut sq: Sq, c: cli::network::dane::Command)
                     e @ Err(_) if ! c.skip => e?,
                     _ => continue,
                 };
-                match if c.generic {
-                    dane::generate_generic(&vc, &c.domain, c.ttl, c.size_limit)
-                } else {
-                    dane::generate(&vc, &c.domain, c.ttl, c.size_limit)
-                } {
+
+                use cli::network::dane::ResourceRecordType;
+                let r = match c.typ {
+                    ResourceRecordType::OpenPGP =>
+                        dane::generate(&vc, &c.domain, c.ttl, c.size_limit),
+                    ResourceRecordType::Generic =>
+                        dane::generate_generic(&vc, &c.domain, c.ttl,
+                                               c.size_limit),
+                };
+
+                match r {
                     Ok(records) =>
                         records.iter().for_each(|r| println!("{}", r)),
                     Err(e) =>