1DNSSEC-REVOKE(8)                     BIND9                    DNSSEC-REVOKE(8)
2
3
4

NAME

6       dnssec-revoke - Set the REVOKED bit on a DNSSEC key
7

SYNOPSIS

9       dnssec-revoke [-hr] [-v level] [-K directory] [-E engine] [-f] [-R]
10                     {keyfile}
11

DESCRIPTION

13       dnssec-revoke reads a DNSSEC key file, sets the REVOKED bit on the key
14       as defined in RFC 5011, and creates a new pair of key files containing
15       the now-revoked key.
16

OPTIONS

18       -h
19           Emit usage message and exit.
20
21       -K directory
22           Sets the directory in which the key files are to reside.
23
24       -r
25           After writing the new keyset files remove the original keyset
26           files.
27
28       -v level
29           Sets the debugging level.
30
31       -E engine
32           Use the given OpenSSL engine. When compiled with PKCS#11 support it
33           defaults to pkcs11; the empty name resets it to no engine.
34
35       -f
36           Force overwrite: Causes dnssec-revoke to write the new key pair
37           even if a file already exists matching the algorithm and key ID of
38           the revoked key.
39
40       -R
41           Print the key tag of the key with the REVOKE bit set but do not
42           revoke the key.
43

SEE ALSO

45       dnssec-keygen(8), BIND 9 Administrator Reference Manual, RFC 5011.
46

AUTHOR

48       Internet Systems Consortium
49

COPYRIGHT

51       Copyright © 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
52
53
54
55BIND9                            June 1, 2009                 DNSSEC-REVOKE(8)