from small one page howto to huge articles all in one place
poll results
Last additions:
May 25th. 2007:
April, 26th. 2006:
| 
DNSSEC\-REVOKE
Section: BIND9 (8) Updated: 2014-01-15 Index
Return to Main Contents
NAME
dnssec-revoke - set the REVOKED bit on a DNSSEC key
SYNOPSIS
-
dnssec-revoke [-hr] [-v level] [-V] [-K directory] [-E engine] [-f] [-R] {keyfile}
DESCRIPTION
dnssec-revoke
reads a DNSSEC key file, sets the REVOKED bit on the key as defined in RFC 5011, and creates a new pair of key files containing the now-revoked key.
OPTIONS
-h
-
Emit usage message and exit.
-K directory
-
Sets the directory in which the key files are to reside.
-r
-
After writing the new keyset files remove the original keyset files.
-v level
-
Sets the debugging level.
-V
-
Prints version information.
-E engine
-
Specifies the cryptographic hardware to use, when applicable.
When BIND is built with OpenSSL PKCS#11 support, this defaults to the string "pkcs11", which identifies an OpenSSL engine that can drive a cryptographic accelerator or hardware service module. When BIND is built with native PKCS#11 cryptography (--enable-native-pkcs11), it defaults to the path of the PKCS#11 provider library specified via "--with-pkcs11".
-f
-
Force overwrite: Causes
dnssec-revoke
to write the new key pair even if a file already exists matching the algorithm and key ID of the revoked key.
-R
-
Print the key tag of the key with the REVOKE bit set but do not revoke the key.
SEE ALSO
dnssec-keygen(8),
BIND 9 Administrator Reference Manual,
RFC 5011.
AUTHOR
Internet Systems Consortium, Inc.
COPYRIGHT
Copyright © 2009, 2011, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- OPTIONS
-
- SEE ALSO
-
- AUTHOR
-
- COPYRIGHT
-
| 
|
|
- Running on 
-
:
: 