a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<html lang="en">

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<head>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<title>dnssec-revoke</title>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">

5b2db69e215078c268a3e690d144373baebbf17bJames Phillpotts<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<link rel="prev" href="man.dnssec-keymgr.html" title="dnssec-keymgr">

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<link rel="next" href="man.dnssec-settime.html" title="dnssec-settime">

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington</head>

2dd75eff92ef66e22cca286b6f4fe5a9c929af9dPhill Cunnington<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">

71363e07e41e17659a43f938de6d9598e25e948aPhill Cunnington<div class="navheader">

ea855443c65c9cc910e3d4f3ba13a3cd32332e72Phill Cunnington<table width="100%" summary="Navigation header">

ea855443c65c9cc910e3d4f3ba13a3cd32332e72Phill Cunnington<tr><th colspan="3" align="center"><span class="application">dnssec-revoke</span></th></tr>

7de0b02ea333f0df1acdce59cfb943fd3c37e940Phill Cunnington<tr>

71363e07e41e17659a43f938de6d9598e25e948aPhill Cunnington<td width="20%" align="left">

ea855443c65c9cc910e3d4f3ba13a3cd32332e72Phill Cunnington<a accesskey="p" href="man.dnssec-keymgr.html">Prev</a>�</td>

ea855443c65c9cc910e3d4f3ba13a3cd32332e72Phill Cunnington<th width="60%" align="center">Manual pages</th>

ea855443c65c9cc910e3d4f3ba13a3cd32332e72Phill Cunnington<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-settime.html">Next</a>

ea855443c65c9cc910e3d4f3ba13a3cd32332e72Phill Cunnington</td>

ea855443c65c9cc910e3d4f3ba13a3cd32332e72Phill Cunnington</tr>

ea855443c65c9cc910e3d4f3ba13a3cd32332e72Phill Cunnington</table>

ea855443c65c9cc910e3d4f3ba13a3cd32332e72Phill Cunnington<hr>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington</div>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<div class="refentry">

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<a name="man.dnssec-revoke"></a><div class="titlepage"></div>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<div class="refnamediv">

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<h2>Name</h2>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<p><span class="application">dnssec-revoke</span> &#8212; set the REVOKED bit on a DNSSEC key</p>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington</div>

2dd75eff92ef66e22cca286b6f4fe5a9c929af9dPhill Cunnington<div class="refsynopsisdiv">

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<h2>Synopsis</h2>

2dffe047d982828750ee6d5e2bda32caee3de522Phill Cunnington<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code> [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington</div>

c6fe4a12490efd2bbe2017f6ff276283d200003cJames Phillpotts<div class="refsection">

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<a name="id-1.14.14.7"></a><h2>DESCRIPTION</h2>

5db031755ab3a8762e266f96f5d74832548d330bPhill Cunnington<p><span class="command"><strong>dnssec-revoke</strong></span>

5db031755ab3a8762e266f96f5d74832548d330bPhill Cunnington reads a DNSSEC key file, sets the REVOKED bit on the key as defined

cecac354c250e765529594cfe77d8e398b8b4c22Phill Cunnington in RFC 5011, and creates a new pair of key files containing the

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington now-revoked key.

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington </p>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington</div>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<div class="refsection">

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<a name="id-1.14.14.8"></a><h2>OPTIONS</h2>

2dffe047d982828750ee6d5e2bda32caee3de522Phill Cunnington<div class="variablelist"><dl class="variablelist">

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<dt><span class="term">-h</span></dt>

7101d14ca54351f3908b64b0459eb4293359cceaPhill Cunnington<dd><p>

5ad278af38ea0c2eb5e449328cbb7c29f86e5965Phill Cunnington Emit usage message and exit.

5b2db69e215078c268a3e690d144373baebbf17bJames Phillpotts </p></dd>

9c66fb67f2ad1de61c12a43db588e58e0fd67e57Phill Cunnington<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>

71363e07e41e17659a43f938de6d9598e25e948aPhill Cunnington<dd><p>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington Sets the directory in which the key files are to reside.

2dffe047d982828750ee6d5e2bda32caee3de522Phill Cunnington </p></dd>

5ad278af38ea0c2eb5e449328cbb7c29f86e5965Phill Cunnington<dt><span class="term">-r</span></dt>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<dd><p>

eeac42855e6e36bfea0f354ee1bff9d3e127eadcPhill Cunnington After writing the new keyset files remove the original keyset

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington files.

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington </p></dd>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<dd><p>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington Sets the debugging level.

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington </p></dd>

4aa2bc2779a92691d5c66593fdbdaa96ed663e6fPhill Cunnington<dt><span class="term">-V</span></dt>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<dd><p>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington Prints version information.

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington </p></dd>

9c66fb67f2ad1de61c12a43db588e58e0fd67e57Phill Cunnington<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>

9c66fb67f2ad1de61c12a43db588e58e0fd67e57Phill Cunnington<dd>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<p>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington Specifies the cryptographic hardware to use, when applicable.

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington </p>

9c66fb67f2ad1de61c12a43db588e58e0fd67e57Phill Cunnington<p>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington When BIND is built with OpenSSL PKCS#11 support, this defaults

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington to the string "pkcs11", which identifies an OpenSSL engine

5b2db69e215078c268a3e690d144373baebbf17bJames Phillpotts that can drive a cryptographic accelerator or hardware service

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington module. When BIND is built with native PKCS#11 cryptography

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington (--enable-native-pkcs11), it defaults to the path of the PKCS#11

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington provider library specified via "--with-pkcs11".

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington </p>

5db031755ab3a8762e266f96f5d74832548d330bPhill Cunnington</dd>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<dt><span class="term">-f</span></dt>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<dd><p>

9c66fb67f2ad1de61c12a43db588e58e0fd67e57Phill Cunnington Force overwrite: Causes <span class="command"><strong>dnssec-revoke</strong></span> to

7de0b02ea333f0df1acdce59cfb943fd3c37e940Phill Cunnington write the new key pair even if a file already exists matching

5ad278af38ea0c2eb5e449328cbb7c29f86e5965Phill Cunnington the algorithm and key ID of the revoked key.

b996e3134e41db65e98ce86d1ff30a9b1a9f0d40Phill Cunnington </p></dd>

5b2db69e215078c268a3e690d144373baebbf17bJames Phillpotts<dt><span class="term">-R</span></dt>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<dd><p>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington Print the key tag of the key with the REVOKE bit set but do

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington not revoke the key.

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington </p></dd>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington</dl></div>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington</div>

5b2db69e215078c268a3e690d144373baebbf17bJames Phillpotts<div class="refsection">

5db031755ab3a8762e266f96f5d74832548d330bPhill Cunnington<a name="id-1.14.14.9"></a><h2>SEE ALSO</h2>

5db031755ab3a8762e266f96f5d74832548d330bPhill Cunnington<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,

5db031755ab3a8762e266f96f5d74832548d330bPhill Cunnington <em class="citetitle">BIND 9 Administrator Reference Manual</em>,

5b2db69e215078c268a3e690d144373baebbf17bJames Phillpotts <em class="citetitle">RFC 5011</em>.

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington </p>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington</div>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington</div>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<div class="navfooter">

5db031755ab3a8762e266f96f5d74832548d330bPhill Cunnington<hr>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<table width="100%" summary="Navigation footer">

9c66fb67f2ad1de61c12a43db588e58e0fd67e57Phill Cunnington<tr>

7de0b02ea333f0df1acdce59cfb943fd3c37e940Phill Cunnington<td width="40%" align="left">

5ad278af38ea0c2eb5e449328cbb7c29f86e5965Phill Cunnington<a accesskey="p" href="man.dnssec-keymgr.html">Prev</a>�</td>

b996e3134e41db65e98ce86d1ff30a9b1a9f0d40Phill Cunnington<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>

5b2db69e215078c268a3e690d144373baebbf17bJames Phillpotts<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-settime.html">Next</a>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington</td>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington</tr>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<tr>

7de0b02ea333f0df1acdce59cfb943fd3c37e940Phill Cunnington<td width="40%" align="left" valign="top">

7de0b02ea333f0df1acdce59cfb943fd3c37e940Phill Cunnington<span class="application">dnssec-keymgr</span>�</td>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>

c6fe4a12490efd2bbe2017f6ff276283d200003cJames Phillpotts<td width="40%" align="right" valign="top">�<span class="application">dnssec-settime</span>

c6fe4a12490efd2bbe2017f6ff276283d200003cJames Phillpotts</td>

5db031755ab3a8762e266f96f5d74832548d330bPhill Cunnington</tr>

c6fe4a12490efd2bbe2017f6ff276283d200003cJames Phillpotts</table>

bc558f11010dbf089ac9eb18410921daeb9d3875Phill Cunnington</div>

c6fe4a12490efd2bbe2017f6ff276283d200003cJames Phillpotts<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.0</p>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington</body>

a093731116a8c24d49b903df7602cf586e499b45Phill Cunnington</html>

c6fe4a12490efd2bbe2017f6ff276283d200003cJames Phillpotts