1DNSSEC-REVOKE(8) BIND9 DNSSEC-REVOKE(8)
2
3
4
6 dnssec-revoke - set the REVOKED bit on a DNSSEC key
7
9 dnssec-revoke [-hr] [-v level] [-V] [-K directory] [-E engine] [-f]
10 [-R] {keyfile}
11
13 dnssec-revoke reads a DNSSEC key file, sets the REVOKED bit on the key
14 as defined in RFC 5011, and creates a new pair of key files containing
15 the now-revoked key.
16
18 -h
19 Emit usage message and exit.
20
21 -K directory
22 Sets the directory in which the key files are to reside.
23
24 -r
25 After writing the new keyset files remove the original keyset
26 files.
27
28 -v level
29 Sets the debugging level.
30
31 -V
32 Prints version information.
33
34 -E engine
35 Specifies the cryptographic hardware to use, when applicable.
36
37 When BIND is built with OpenSSL PKCS#11 support, this defaults to
38 the string "pkcs11", which identifies an OpenSSL engine that can
39 drive a cryptographic accelerator or hardware service module. When
40 BIND is built with native PKCS#11 cryptography
41 (--enable-native-pkcs11), it defaults to the path of the PKCS#11
42 provider library specified via "--with-pkcs11".
43
44 -f
45 Force overwrite: Causes dnssec-revoke to write the new key pair
46 even if a file already exists matching the algorithm and key ID of
47 the revoked key.
48
49 -R
50 Print the key tag of the key with the REVOKE bit set but do not
51 revoke the key.
52
54 dnssec-keygen(8), BIND 9 Administrator Reference Manual, RFC 5011.
55
57 Internet Systems Consortium, Inc.
58
60 Copyright © 2009, 2011, 2014-2016, 2018 Internet Systems Consortium,
61 Inc. ("ISC")
62
63
64
65ISC 2014-01-15 DNSSEC-REVOKE(8)