dnssec-revoke (8)
Leading comments
Copyright (C) 2009, 2011, 2014 Internet Systems Consortium, Inc. ("ISC")
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIR...
NAME
dnssec-revoke - Set the REVOKED bit on a DNSSEC keySYNOPSIS
- dnssec-revoke [-hr] [-v level] [-V] [-K directory] [-E engine] [-f] [-R] {keyfile}
DESCRIPTION
dnssec-revoke
OPTIONS
-h
- Emit usage message and exit.
-K directory
- Sets the directory in which the key files are to reside.
-r
- After writing the new keyset files remove the original keyset files.
-v level
- Sets the debugging level.
-V
- Prints version information.
-E engine
-
Specifies the cryptographic hardware to use, when applicable.
When BIND is built with OpenSSL PKCS#11 support, this defaults to the string "pkcs11", which identifies an OpenSSL engine that can drive a cryptographic accelerator or hardware service module. When BIND is built with native PKCS#11 cryptography (--enable-native-pkcs11), it defaults to the path of the PKCS#11 provider library specified via "--with-pkcs11".
-f
- Force overwrite: Causes dnssec-revoke to write the new key pair even if a file already exists matching the algorithm and key ID of the revoked key.
-R
- Print the key tag of the key with the REVOKE bit set but do not revoke the key.
SEE ALSO
dnssec-keygen(8), BIND 9 Administrator Reference Manual, RFC 5011.
AUTHOR
Internet Systems Consortium