1DNSSEC-REVOKE(1)                    BIND 9                    DNSSEC-REVOKE(1)
2
3
4

NAME

6       dnssec-revoke - set the REVOKED bit on a DNSSEC key
7

SYNOPSIS

9       dnssec-revoke  [-hr]  [-v  level]  [-V] [-K directory] [-E engine] [-f]
10       [-R] {keyfile}
11

DESCRIPTION

13       dnssec-revoke reads a DNSSEC key file, sets the REVOKED bit on the  key
14       as  defined in RFC 5011, and creates a new pair of key files containing
15       the now-revoked key.
16

OPTIONS

18       -h     This option emits a usage message and exits.
19
20       -K directory
21              This option sets the directory in which the key files are to re‐
22              side.
23
24       -r     This  option indicates to remove the original keyset files after
25              writing the new keyset files.
26
27       -v level
28              This option sets the debugging level.
29
30       -V     This option prints version information.
31
32       -E engine
33              This option specifies the cryptographic hardware  to  use,  when
34              applicable.
35
36              When  BIND  9 is built with OpenSSL, this needs to be set to the
37              OpenSSL engine identifier that drives the cryptographic acceler‐
38              ator or hardware service module (usually pkcs11).
39
40       -f     This  option  indicates a forced overwrite and causes dnssec-re‐
41              voke to write the new key pair, even if a  file  already  exists
42              matching the algorithm and key ID of the revoked key.
43
44       -R     This  option  prints  the key tag of the key with the REVOKE bit
45              set, but does not revoke the key.
46

SEE ALSO

48       dnssec-keygen(8), BIND 9 Administrator Reference Manual, RFC 5011.
49

AUTHOR

51       Internet Systems Consortium
52

54       2023, Internet Systems Consortium
55
56
57
58
599.18.20                                                       DNSSEC-REVOKE(1)
Impressum