1DNSSEC-REVOKE(8)                     BIND9                    DNSSEC-REVOKE(8)
2
3
4

NAME

6       dnssec-revoke - set the REVOKED bit on a DNSSEC key
7

SYNOPSIS

9       dnssec-revoke [-hr] [-v level] [-V] [-K directory] [-E engine] [-f]
10                     [-R] {keyfile}
11

DESCRIPTION

13       dnssec-revoke reads a DNSSEC key file, sets the REVOKED bit on the key
14       as defined in RFC 5011, and creates a new pair of key files containing
15       the now-revoked key.
16

OPTIONS

18       -h
19           Emit usage message and exit.
20
21       -K directory
22           Sets the directory in which the key files are to reside.
23
24       -r
25           After writing the new keyset files remove the original keyset
26           files.
27
28       -v level
29           Sets the debugging level.
30
31       -V
32           Prints version information.
33
34       -E engine
35           Specifies the cryptographic hardware to use, when applicable.
36
37           When BIND is built with OpenSSL PKCS#11 support, this defaults to
38           the string "pkcs11", which identifies an OpenSSL engine that can
39           drive a cryptographic accelerator or hardware service module. When
40           BIND is built with native PKCS#11 cryptography
41           (--enable-native-pkcs11), it defaults to the path of the PKCS#11
42           provider library specified via "--with-pkcs11".
43
44       -f
45           Force overwrite: Causes dnssec-revoke to write the new key pair
46           even if a file already exists matching the algorithm and key ID of
47           the revoked key.
48
49       -R
50           Print the key tag of the key with the REVOKE bit set but do not
51           revoke the key.
52

SEE ALSO

54       dnssec-keygen(8), BIND 9 Administrator Reference Manual, RFC 5011.
55

AUTHOR

57       Internet Systems Consortium, Inc.
58
60       Copyright © 2009, 2011, 2014-2016, 2018-2020 Internet Systems
61       Consortium, Inc. ("ISC")
62
63
64
65ISC                               2014-01-15                  DNSSEC-REVOKE(8)
Impressum