553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<html lang="en">

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<head>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<title>dnssec-revoke</title>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt</head>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<a name="man.dnssec-revoke"></a><div class="titlepage"></div>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt

1753d3c4d74241a847794f7e7cfd94cc79be6600Evan Hunt <div class="refnamediv">

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<h2>Name</h2>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<p>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt <span class="application">dnssec-revoke</span>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt &#8212; set the REVOKED bit on a DNSSEC key

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt </p>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt</div>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt <div class="refsynopsisdiv">

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<h2>Synopsis</h2>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt <div class="cmdsynopsis"><p>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt <code class="command">dnssec-revoke</code>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt [<code class="option">-hr</code>]

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt [<code class="option">-v <em class="replaceable"><code>level</code></em></code>]

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt [<code class="option">-V</code>]

f1c89cb4f5c72c54bb67dc48cd6f2b332eab9e92Automatic Updater [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>]

207cee019eb5cbbe7c905f7c52f7b5d11f8c0305Automatic Updater [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>]

6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User [<code class="option">-f</code>]

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt [<code class="option">-R</code>]

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt {keyfile}

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt </p></div>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt </div>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt <div class="refsection">

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<a name="id-1.7"></a><h2>DESCRIPTION</h2>

b843f577bbcd6660fbaa506d9e55b156c689a5a8Evan Hunt

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt <p><span class="command"><strong>dnssec-revoke</strong></span>

61bcc232038f0a2cb77ed6269675fdc288f5ec98Evan Hunt reads a DNSSEC key file, sets the REVOKED bit on the key as defined

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt in RFC 5011, and creates a new pair of key files containing the

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt now-revoked key.

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt </p>

b843f577bbcd6660fbaa506d9e55b156c689a5a8Evan Hunt </div>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt <div class="refsection">

42782931073786f98d3d0a617351db40066949a4Mukund Sivaraman<a name="id-1.8"></a><h2>OPTIONS</h2>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt

8b78c993cb475cc94e88560941b28c37684789d9Francis Dupont

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt <div class="variablelist"><dl class="variablelist">

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<dt><span class="term">-h</span></dt>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<dd>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt <p>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt Emit usage message and exit.

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt </p>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt </dd>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<dd>

b843f577bbcd6660fbaa506d9e55b156c689a5a8Evan Hunt <p>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt Sets the directory in which the key files are to reside.

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt </p>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt </dd>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<dt><span class="term">-r</span></dt>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<dd>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt <p>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt After writing the new keyset files remove the original keyset

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt files.

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt </p>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt </dd>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<dd>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt <p>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt Sets the debugging level.

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt </p>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt </dd>

d7be2b79ed0934483d550e17e2bd09de4eaff8f5Evan Hunt<dt><span class="term">-V</span></dt>

d7be2b79ed0934483d550e17e2bd09de4eaff8f5Evan Hunt<dd>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt <p>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt Prints version information.

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt </p>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt </dd>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<dd>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt <p>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt Specifies the cryptographic hardware to use, when applicable.

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt </p>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt <p>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt When BIND is built with OpenSSL PKCS#11 support, this defaults

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt to the string "pkcs11", which identifies an OpenSSL engine

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt that can drive a cryptographic accelerator or hardware service

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt module. When BIND is built with native PKCS#11 cryptography

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt (--enable-native-pkcs11), it defaults to the path of the PKCS#11

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt provider library specified via "--with-pkcs11".

10a759cee69dcc3ce3a4d65e6e263c66e7f60ee8Evan Hunt </p>

10a759cee69dcc3ce3a4d65e6e263c66e7f60ee8Evan Hunt </dd>

10a759cee69dcc3ce3a4d65e6e263c66e7f60ee8Evan Hunt<dt><span class="term">-f</span></dt>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<dd>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt <p>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt Force overwrite: Causes <span class="command"><strong>dnssec-revoke</strong></span> to

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt write the new key pair even if a file already exists matching

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt the algorithm and key ID of the revoked key.

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt </p>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt </dd>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<dt><span class="term">-R</span></dt>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt<dd>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt <p>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt Print the key tag of the key with the REVOKE bit set but do

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt not revoke the key.

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt </p>

61bcc232038f0a2cb77ed6269675fdc288f5ec98Evan Hunt </dd>

61bcc232038f0a2cb77ed6269675fdc288f5ec98Evan Hunt</dl></div>

61bcc232038f0a2cb77ed6269675fdc288f5ec98Evan Hunt </div>

61bcc232038f0a2cb77ed6269675fdc288f5ec98Evan Hunt

61bcc232038f0a2cb77ed6269675fdc288f5ec98Evan Hunt <div class="refsection">

61bcc232038f0a2cb77ed6269675fdc288f5ec98Evan Hunt<a name="id-1.9"></a><h2>SEE ALSO</h2>

61bcc232038f0a2cb77ed6269675fdc288f5ec98Evan Hunt

61bcc232038f0a2cb77ed6269675fdc288f5ec98Evan Hunt <p><span class="citerefentry">

61bcc232038f0a2cb77ed6269675fdc288f5ec98Evan Hunt <span class="refentrytitle">dnssec-keygen</span>(8)

61bcc232038f0a2cb77ed6269675fdc288f5ec98Evan Hunt </span>,

61bcc232038f0a2cb77ed6269675fdc288f5ec98Evan Hunt <em class="citetitle">BIND 9 Administrator Reference Manual</em>,

61bcc232038f0a2cb77ed6269675fdc288f5ec98Evan Hunt <em class="citetitle">RFC 5011</em>.

61bcc232038f0a2cb77ed6269675fdc288f5ec98Evan Hunt </p>

61bcc232038f0a2cb77ed6269675fdc288f5ec98Evan Hunt </div>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt</div></body>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt</html>

553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt