1DNSSEC-REVOKE(8)                    BIND 9                    DNSSEC-REVOKE(8)
2
3
4

NAME

6       dnssec-revoke - set the REVOKED bit on a DNSSEC key
7

SYNOPSIS

9       dnssec-revoke  [-hr]  [-v  level]  [-V] [-K directory] [-E engine] [-f]
10       [-R] {keyfile}
11

DESCRIPTION

13       dnssec-revoke reads a DNSSEC key file, sets the REVOKED bit on the  key
14       as  defined in RFC 5011, and creates a new pair of key files containing
15       the now-revoked key.
16

OPTIONS

18       -h     This option emits a usage message and exits.
19
20       -K directory
21              This option sets the directory in which the key files are to re‐
22              side.
23
24       -r     This  option indicates to remove the original keyset files after
25              writing the new keyset files.
26
27       -v level
28              This option sets the debugging level.
29
30       -V     This option prints version information.
31
32       -E engine
33              This option specifies the cryptographic hardware  to  use,  when
34              applicable.
35
36              When  BIND  9 is built with OpenSSL, this needs to be set to the
37              OpenSSL engine identifier that drives the cryptographic acceler‐
38              ator  or  hardware service module (usually pkcs11). When BIND is
39              built with native PKCS#11 cryptography (--enable-native-pkcs11),
40              it  defaults  to the path of the PKCS#11 provider library speci‐
41              fied via --with-pkcs11.
42
43       -f     This option indicates a forced overwrite and  causes  dnssec-re‐
44              voke  to  write  the new key pair, even if a file already exists
45              matching the algorithm and key ID of the revoked key.
46
47       -R     This option prints the key tag of the key with  the  REVOKE  bit
48              set, but does not revoke the key.
49

SEE ALSO

51       dnssec-keygen(8), BIND 9 Administrator Reference Manual, RFC 5011.
52

AUTHOR

54       Internet Systems Consortium
55
57       2021, Internet Systems Consortium
58
59
60
61
629.16.16-RH                                                    DNSSEC-REVOKE(8)
Impressum