man.dnssec-revoke.html revision 24abfe433efd98bb2099b867fb14d049b2f1f531
2d453384452f29ab46f29c0163a830492f936512Till Mossakowski<!--
2d453384452f29ab46f29c0163a830492f936512Till Mossakowski - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
2d453384452f29ab46f29c0163a830492f936512Till Mossakowski - Copyright (C) 2000-2003 Internet Software Consortium.
bb027d3cacbd83dfec98beb38001f105e4918557Christian Maeder -
97018cf5fa25b494adffd7e9b4e87320dae6bf47Christian Maeder - Permission to use, copy, modify, and/or distribute this software for any
2d453384452f29ab46f29c0163a830492f936512Till Mossakowski - purpose with or without fee is hereby granted, provided that the above
b4fbc96e05117839ca409f5f20f97b3ac872d1edTill Mossakowski - copyright notice and this permission notice appear in all copies.
2d453384452f29ab46f29c0163a830492f936512Till Mossakowski -
c673000621dd506e5fc7babf8ca6303b7fcefc14Christian Maeder - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
2d453384452f29ab46f29c0163a830492f936512Till Mossakowski - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
f3a94a197960e548ecd6520bb768cb0d547457bbChristian Maeder - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
2d453384452f29ab46f29c0163a830492f936512Till Mossakowski - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
1f084d62dbf8ae72357697c226cacd1973f0c03fTill Mossakowski - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
1f084d62dbf8ae72357697c226cacd1973f0c03fTill Mossakowski - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
8a8e8dfa317cdb486ca05d71996a27d60bf3c718Christian Maeder - PERFORMANCE OF THIS SOFTWARE.
1f084d62dbf8ae72357697c226cacd1973f0c03fTill Mossakowski-->
2d453384452f29ab46f29c0163a830492f936512Till Mossakowski<!-- $Id$ -->
2f65d931e866162d39d09c43021a55314040b377Christian Maeder<html>
613bf0ed7d98a961755408ead328687ec17f74fdChristian Maeder<head>
036037a4510ea63a81a4829ad0c11ef39b2391b0Christian Maeder<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
613bf0ed7d98a961755408ead328687ec17f74fdChristian Maeder<title>dnssec-revoke</title>
2d453384452f29ab46f29c0163a830492f936512Till Mossakowski<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
2f65d931e866162d39d09c43021a55314040b377Christian Maeder<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
d5ef5a29a89fa5548f81fcd49fcf0ffda69d45b0Christian Maeder<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
1c8c2ec97ff7dee8381aca53f0fca99c01f7b32fSonja Gröning<link rel="prev" href="man.dnssec-keygen.html" title="dnssec-keygen">
036037a4510ea63a81a4829ad0c11ef39b2391b0Christian Maeder<link rel="next" href="man.dnssec-settime.html" title="dnssec-settime">
68c2f69423ac541f27a8096b05e882791064af9dPaolo Torrini</head>
f9d28459072c85d4ae0bc12c1d7e4f0b57f33ae1Christian Maeder<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
1c8c2ec97ff7dee8381aca53f0fca99c01f7b32fSonja Gröning<div class="navheader">
0f2a8687ec78c69557d72accbc33fd759f922b46Sonja Gröning<table width="100%" summary="Navigation header">
62dd3cd58cda003c32ac69ff12dc82b0a6f5d9d3Christian Maeder<tr><th colspan="3" align="center"><span class="application">dnssec-revoke</span></th></tr>
62dd3cd58cda003c32ac69ff12dc82b0a6f5d9d3Christian Maeder<tr>
1c8c2ec97ff7dee8381aca53f0fca99c01f7b32fSonja Gröning<td width="20%" align="left">
1c8c2ec97ff7dee8381aca53f0fca99c01f7b32fSonja Gröning<a accesskey="p" href="man.dnssec-keygen.html">Prev</a>�</td>
7f6b97541fdee30d62a0a3cfa58173212a6cd002Christian Maeder<th width="60%" align="center">Manual pages</th>
7f6b97541fdee30d62a0a3cfa58173212a6cd002Christian Maeder<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-settime.html">Next</a>
7f6b97541fdee30d62a0a3cfa58173212a6cd002Christian Maeder</td>
62dd3cd58cda003c32ac69ff12dc82b0a6f5d9d3Christian Maeder</tr>
62dd3cd58cda003c32ac69ff12dc82b0a6f5d9d3Christian Maeder</table>
4eed11f3c47a94e8908e15a0af70370ad35b3586Paolo Torrini<hr>
62dd3cd58cda003c32ac69ff12dc82b0a6f5d9d3Christian Maeder</div>
2f65d931e866162d39d09c43021a55314040b377Christian Maeder<div class="refentry" lang="en">
2f65d931e866162d39d09c43021a55314040b377Christian Maeder<a name="man.dnssec-revoke"></a><div class="titlepage"></div>
62dd3cd58cda003c32ac69ff12dc82b0a6f5d9d3Christian Maeder<div class="refnamediv">
4eed11f3c47a94e8908e15a0af70370ad35b3586Paolo Torrini<h2>Name</h2>
2f65d931e866162d39d09c43021a55314040b377Christian Maeder<p><span class="application">dnssec-revoke</span> &#8212; Set the REVOKED bit on a DNSSEC key</p>
4eed11f3c47a94e8908e15a0af70370ad35b3586Paolo Torrini</div>
bb027d3cacbd83dfec98beb38001f105e4918557Christian Maeder<div class="refsynopsisdiv">
bb027d3cacbd83dfec98beb38001f105e4918557Christian Maeder<h2>Synopsis</h2>
bb027d3cacbd83dfec98beb38001f105e4918557Christian Maeder<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code> [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div>
613bf0ed7d98a961755408ead328687ec17f74fdChristian Maeder</div>
613bf0ed7d98a961755408ead328687ec17f74fdChristian Maeder<div class="refsect1" lang="en">
613bf0ed7d98a961755408ead328687ec17f74fdChristian Maeder<a name="id2626017"></a><h2>DESCRIPTION</h2>
62dd3cd58cda003c32ac69ff12dc82b0a6f5d9d3Christian Maeder<p><span><strong class="command">dnssec-revoke</strong></span>
613bf0ed7d98a961755408ead328687ec17f74fdChristian Maeder reads a DNSSEC key file, sets the REVOKED bit on the key as defined
62dd3cd58cda003c32ac69ff12dc82b0a6f5d9d3Christian Maeder in RFC 5011, and creates a new pair of key files containing the
613bf0ed7d98a961755408ead328687ec17f74fdChristian Maeder now-revoked key.
2f65d931e866162d39d09c43021a55314040b377Christian Maeder </p>
2f65d931e866162d39d09c43021a55314040b377Christian Maeder</div>
2f65d931e866162d39d09c43021a55314040b377Christian Maeder<div class="refsect1" lang="en">
62dd3cd58cda003c32ac69ff12dc82b0a6f5d9d3Christian Maeder<a name="id2626030"></a><h2>OPTIONS</h2>
bb027d3cacbd83dfec98beb38001f105e4918557Christian Maeder<div class="variablelist"><dl>
62dd3cd58cda003c32ac69ff12dc82b0a6f5d9d3Christian Maeder<dt><span class="term">-h</span></dt>
613bf0ed7d98a961755408ead328687ec17f74fdChristian Maeder<dd><p>
2f65d931e866162d39d09c43021a55314040b377Christian Maeder Emit usage message and exit.
2f65d931e866162d39d09c43021a55314040b377Christian Maeder </p></dd>
62dd3cd58cda003c32ac69ff12dc82b0a6f5d9d3Christian Maeder<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
62dd3cd58cda003c32ac69ff12dc82b0a6f5d9d3Christian Maeder<dd><p>
62dd3cd58cda003c32ac69ff12dc82b0a6f5d9d3Christian Maeder Sets the directory in which the key files are to reside.
613bf0ed7d98a961755408ead328687ec17f74fdChristian Maeder </p></dd>
62dd3cd58cda003c32ac69ff12dc82b0a6f5d9d3Christian Maeder<dt><span class="term">-r</span></dt>
2f65d931e866162d39d09c43021a55314040b377Christian Maeder<dd><p>
613bf0ed7d98a961755408ead328687ec17f74fdChristian Maeder After writing the new keyset files remove the original keyset
62dd3cd58cda003c32ac69ff12dc82b0a6f5d9d3Christian Maeder files.
62dd3cd58cda003c32ac69ff12dc82b0a6f5d9d3Christian Maeder </p></dd>
62dd3cd58cda003c32ac69ff12dc82b0a6f5d9d3Christian Maeder<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
2f65d931e866162d39d09c43021a55314040b377Christian Maeder<dd><p>
613bf0ed7d98a961755408ead328687ec17f74fdChristian Maeder Sets the debugging level.
613bf0ed7d98a961755408ead328687ec17f74fdChristian Maeder </p></dd>
2f65d931e866162d39d09c43021a55314040b377Christian Maeder<dt><span class="term">-V</span></dt>
2f65d931e866162d39d09c43021a55314040b377Christian Maeder<dd><p>
62dd3cd58cda003c32ac69ff12dc82b0a6f5d9d3Christian Maeder Prints version information.
62dd3cd58cda003c32ac69ff12dc82b0a6f5d9d3Christian Maeder </p></dd>
62dd3cd58cda003c32ac69ff12dc82b0a6f5d9d3Christian Maeder<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
62dd3cd58cda003c32ac69ff12dc82b0a6f5d9d3Christian Maeder<dd>
62dd3cd58cda003c32ac69ff12dc82b0a6f5d9d3Christian Maeder<p>
62dd3cd58cda003c32ac69ff12dc82b0a6f5d9d3Christian Maeder Specifies the cryptographic hardware to use, when applicable.
62dd3cd58cda003c32ac69ff12dc82b0a6f5d9d3Christian Maeder </p>
62dd3cd58cda003c32ac69ff12dc82b0a6f5d9d3Christian Maeder<p>
62dd3cd58cda003c32ac69ff12dc82b0a6f5d9d3Christian Maeder When BIND is built with OpenSSL PKCS#11 support, this defaults
22448641fde7298ad9d9ddb9d2e7f4801ea01689Paolo Torrini to the string "pkcs11", which identifies an OpenSSL engine
036037a4510ea63a81a4829ad0c11ef39b2391b0Christian Maeder that can drive a cryptographic accelerator or hardware service
036037a4510ea63a81a4829ad0c11ef39b2391b0Christian Maeder module. When BIND is built with native PKCS#11 cryptography
036037a4510ea63a81a4829ad0c11ef39b2391b0Christian Maeder (--enable-native-pkcs11), it defaults to the path of the PKCS#11
036037a4510ea63a81a4829ad0c11ef39b2391b0Christian Maeder provider library specified via "--with-pkcs11".
036037a4510ea63a81a4829ad0c11ef39b2391b0Christian Maeder </p>
32def3382732ed208ca04dde8a7b3a9dd3b60961Christian Maeder</dd>
2f65d931e866162d39d09c43021a55314040b377Christian Maeder<dt><span class="term">-f</span></dt>
036037a4510ea63a81a4829ad0c11ef39b2391b0Christian Maeder<dd><p>
1ac0c4de66a297fd7e345d9275f723fd83bb7bd1Christian Maeder Force overwrite: Causes <span><strong class="command">dnssec-revoke</strong></span> to
036037a4510ea63a81a4829ad0c11ef39b2391b0Christian Maeder write the new key pair even if a file already exists matching
32def3382732ed208ca04dde8a7b3a9dd3b60961Christian Maeder the algorithm and key ID of the revoked key.
1ac0c4de66a297fd7e345d9275f723fd83bb7bd1Christian Maeder </p></dd>
036037a4510ea63a81a4829ad0c11ef39b2391b0Christian Maeder<dt><span class="term">-R</span></dt>
036037a4510ea63a81a4829ad0c11ef39b2391b0Christian Maeder<dd><p>
036037a4510ea63a81a4829ad0c11ef39b2391b0Christian Maeder Print the key tag of the key with the REVOKE bit set but do
2f65d931e866162d39d09c43021a55314040b377Christian Maeder not revoke the key.
036037a4510ea63a81a4829ad0c11ef39b2391b0Christian Maeder </p></dd>
1ac0c4de66a297fd7e345d9275f723fd83bb7bd1Christian Maeder</dl></div>
036037a4510ea63a81a4829ad0c11ef39b2391b0Christian Maeder</div>
2f65d931e866162d39d09c43021a55314040b377Christian Maeder<div class="refsect1" lang="en">
036037a4510ea63a81a4829ad0c11ef39b2391b0Christian Maeder<a name="id2637773"></a><h2>SEE ALSO</h2>
036037a4510ea63a81a4829ad0c11ef39b2391b0Christian Maeder<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
d5ef5a29a89fa5548f81fcd49fcf0ffda69d45b0Christian Maeder <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
613bf0ed7d98a961755408ead328687ec17f74fdChristian Maeder <em class="citetitle">RFC 5011</em>.
613bf0ed7d98a961755408ead328687ec17f74fdChristian Maeder </p>
613bf0ed7d98a961755408ead328687ec17f74fdChristian Maeder</div>
2f65d931e866162d39d09c43021a55314040b377Christian Maeder<div class="refsect1" lang="en">
613bf0ed7d98a961755408ead328687ec17f74fdChristian Maeder<a name="id2637798"></a><h2>AUTHOR</h2>
2f65d931e866162d39d09c43021a55314040b377Christian Maeder<p><span class="corpauthor">Internet Systems Consortium</span>
613bf0ed7d98a961755408ead328687ec17f74fdChristian Maeder </p>
613bf0ed7d98a961755408ead328687ec17f74fdChristian Maeder</div>
036037a4510ea63a81a4829ad0c11ef39b2391b0Christian Maeder</div>
613bf0ed7d98a961755408ead328687ec17f74fdChristian Maeder<div class="navfooter">
576ccd5a62961b379f40158ad35589c90cb7758bChristian Maeder<hr>
576ccd5a62961b379f40158ad35589c90cb7758bChristian Maeder<table width="100%" summary="Navigation footer">
576ccd5a62961b379f40158ad35589c90cb7758bChristian Maeder<tr>
576ccd5a62961b379f40158ad35589c90cb7758bChristian Maeder<td width="40%" align="left">
576ccd5a62961b379f40158ad35589c90cb7758bChristian Maeder<a accesskey="p" href="man.dnssec-keygen.html">Prev</a>�</td>
576ccd5a62961b379f40158ad35589c90cb7758bChristian Maeder<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
576ccd5a62961b379f40158ad35589c90cb7758bChristian Maeder<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-settime.html">Next</a>
576ccd5a62961b379f40158ad35589c90cb7758bChristian Maeder</td>
576ccd5a62961b379f40158ad35589c90cb7758bChristian Maeder</tr>
576ccd5a62961b379f40158ad35589c90cb7758bChristian Maeder<tr>
576ccd5a62961b379f40158ad35589c90cb7758bChristian Maeder<td width="40%" align="left" valign="top">
576ccd5a62961b379f40158ad35589c90cb7758bChristian Maeder<span class="application">dnssec-keygen</span>�</td>
576ccd5a62961b379f40158ad35589c90cb7758bChristian Maeder<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
576ccd5a62961b379f40158ad35589c90cb7758bChristian Maeder<td width="40%" align="right" valign="top">�<span class="application">dnssec-settime</span>
576ccd5a62961b379f40158ad35589c90cb7758bChristian Maeder</td>
576ccd5a62961b379f40158ad35589c90cb7758bChristian Maeder</tr>
576ccd5a62961b379f40158ad35589c90cb7758bChristian Maeder</table>
576ccd5a62961b379f40158ad35589c90cb7758bChristian Maeder</div>
576ccd5a62961b379f40158ad35589c90cb7758bChristian Maeder<p style="text-align: center;">BIND 9.11.0pre-alpha</p>
576ccd5a62961b379f40158ad35589c90cb7758bChristian Maeder</body>
576ccd5a62961b379f40158ad35589c90cb7758bChristian Maeder</html>
576ccd5a62961b379f40158ad35589c90cb7758bChristian Maeder