Go to main content

man pages section 8: System Administration Commands

Exit Print View

Updated: Wednesday, July 27, 2022
 
 

dnssec-revoke (8)

Name

dnssec-revoke - set the REVOKED bit on a DNSSEC key

Synopsis

dnssec-revoke  [-hr]  [-v  level]  [-V] [-K directory] [-E engine] [-f]
[-R] {keyfile}

Description

DNSSEC-REVOKE(8)                    BIND 9                    DNSSEC-REVOKE(8)



NAME
       dnssec-revoke - set the REVOKED bit on a DNSSEC key

SYNOPSIS
       dnssec-revoke  [-hr]  [-v  level]  [-V] [-K directory] [-E engine] [-f]
       [-R] {keyfile}

DESCRIPTION
       dnssec-revoke reads a DNSSEC key file, sets the REVOKED bit on the  key
       as  defined in RFC 5011, and creates a new pair of key files containing
       the now-revoked key.

OPTIONS
       -h     This option emits a usage message and exits.

       -K directory
              This option sets the directory in which the  key  files  are  to
              reside.

       -r     This  option indicates to remove the original keyset files after
              writing the new keyset files.

       -v level
              This option sets the debugging level.

       -V     This option prints version information.

       -E engine
              This option specifies the cryptographic hardware  to  use,  when
              applicable.

              When  BIND  9 is built with OpenSSL, this needs to be set to the
              OpenSSL engine identifier that drives the cryptographic acceler-
              ator  or  hardware service module (usually pkcs11). When BIND is
              built with native PKCS#11 cryptography (--enable-native-pkcs11),
              it  defaults  to the path of the PKCS#11 provider library speci-
              fied via --with-pkcs11.

       -f     This  option   indicates   a   forced   overwrite   and   causes
              dnssec-revoke  to write the new key pair, even if a file already
              exists matching the algorithm and key ID of the revoked key.

       -R     This option prints the key tag of the key with  the  REVOKE  bit
              set, but does not revoke the key.


ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       +---------------+--------------------------+
       |ATTRIBUTE TYPE |     ATTRIBUTE VALUE      |
       +---------------+--------------------------+
       |Availability   | network/dns/bind         |
       +---------------+--------------------------+
       |Stability      | Pass-through uncommitted |
       +---------------+--------------------------+

SEE ALSO
       dnssec-keygen(8), BIND 9 Administrator Reference Manual, RFC 5011.

AUTHOR
       Internet Systems Consortium

COPYRIGHT
       2022, Internet Systems Consortium



NOTES
       Source  code  for open source software components in Oracle Solaris can
       be found at https://www.oracle.com/downloads/opensource/solaris-source-
       code-downloads.html.

       This     software     was    built    from    source    available    at
       https://github.com/oracle/solaris-userland.   The  original   community
       source                was                downloaded                from
       http://ftp.isc.org/isc/bind9/9.16.29/bind-9.16.29.tar.xz.

       Further information about this software can be found on the open source
       community website at http://www.isc.org/software/bind/.



9.16.29                           2022-05-10                  DNSSEC-REVOKE(8)
Copyright © 1993, 2022, Oracle and/or its affiliates.  
Previous
Next