man.dnssec-revoke.html revision fd2597f75693a2279fdf588bd40dfe2407c42028
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld - Copyright (C) 2000-2003 Internet Software Consortium.
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld - Permission to use, copy, modify, and/or distribute this software for any
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld - purpose with or without fee is hereby granted, provided that the above
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld - copyright notice and this permission notice appear in all copies.
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
e8ba2a389f6ca6999ca72dabbe2871e894bf6b67Hans Rosenfeld - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
8834f7ac63a18ac48dfacf20506346d82b04fc14Youzhong Yang - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld - PERFORMANCE OF THIS SOFTWARE.
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld<link rel="prev" href="man.dnssec-keygen.html" title="dnssec-keygen">
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld<link rel="next" href="man.dnssec-settime.html" title="dnssec-settime">
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld<table width="100%" summary="Navigation header">
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld<tr><th colspan="3" align="center"><span class="application">dnssec-revoke</span></th></tr>
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld<a accesskey="p" href="man.dnssec-keygen.html">Prev</a>�</td>
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld<th width="60%" align="center">Manual pages</th>
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-settime.html">Next</a>
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld<a name="man.dnssec-revoke"></a><div class="titlepage"></div>
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld<p><span class="application">dnssec-revoke</span> — Set the REVOKED bit on a DNSSEC key</p>
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code> [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div>
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld<a name="id-1.14.11.7"></a><h2>DESCRIPTION</h2>
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld<p><span class="command"><strong>dnssec-revoke</strong></span>
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld reads a DNSSEC key file, sets the REVOKED bit on the key as defined
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld in RFC 5011, and creates a new pair of key files containing the
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld now-revoked key.
8834f7ac63a18ac48dfacf20506346d82b04fc14Youzhong Yang<div class="variablelist"><dl class="variablelist">
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld Emit usage message and exit.
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld Sets the directory in which the key files are to reside.
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld After writing the new keyset files remove the original keyset
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld Sets the debugging level.
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld Prints version information.
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld Specifies the cryptographic hardware to use, when applicable.
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld When BIND is built with OpenSSL PKCS#11 support, this defaults
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld to the string "pkcs11", which identifies an OpenSSL engine
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld that can drive a cryptographic accelerator or hardware service
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld module. When BIND is built with native PKCS#11 cryptography
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld (--enable-native-pkcs11), it defaults to the path of the PKCS#11
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld provider library specified via "--with-pkcs11".
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld Force overwrite: Causes <span class="command"><strong>dnssec-revoke</strong></span> to
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld write the new key pair even if a file already exists matching
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld the algorithm and key ID of the revoked key.
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld Print the key tag of the key with the REVOKE bit set but do
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld not revoke the key.
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
8834f7ac63a18ac48dfacf20506346d82b04fc14Youzhong Yang <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld<table width="100%" summary="Navigation footer">
510a68476ba6e33759b7603130d76db4cec783d1Hans Rosenfeld<a accesskey="p" href="man.dnssec-keygen.html">Prev</a>�</td>
510a68476ba6e33759b7603130d76db4cec783d1Hans Rosenfeld<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
510a68476ba6e33759b7603130d76db4cec783d1Hans Rosenfeld<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-settime.html">Next</a>
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld<span class="application">dnssec-keygen</span>�</td>
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld<td width="40%" align="right" valign="top">�<span class="application">dnssec-settime</span>
3c9168fa8e9c30d55b3aa2fde74bd7da46df53f5Hans Rosenfeld<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.0pre-alpha</p>