Go to main content

man pages section 8: System Administration Commands

Exit Print View

Updated: Thursday, June 13, 2019
 
 

dnssec-revoke (8)

Name

dnssec-revoke - set the REVOKED bit on a DNSSEC key

Synopsis

dnssec-revoke [-hr] [-v level] [-V] [-K directory] [-E engine] [-f]
[-R] {keyfile}

Description

DNSSEC-REVOKE(8)                     BIND9                    DNSSEC-REVOKE(8)



NAME
       dnssec-revoke - set the REVOKED bit on a DNSSEC key

SYNOPSIS
       dnssec-revoke [-hr] [-v level] [-V] [-K directory] [-E engine] [-f]
                     [-R] {keyfile}

DESCRIPTION
       dnssec-revoke reads a DNSSEC key file, sets the REVOKED bit on the key
       as defined in RFC 5011, and creates a new pair of key files containing
       the now-revoked key.

OPTIONS
       -h
           Emit usage message and exit.

       -K directory
           Sets the directory in which the key files are to reside.

       -r
           After writing the new keyset files remove the original keyset
           files.

       -v level
           Sets the debugging level.

       -V
           Prints version information.

       -E engine
           Specifies the cryptographic hardware to use, when applicable.

           When BIND is built with OpenSSL PKCS#11 support, this defaults to
           the string "pkcs11", which identifies an OpenSSL engine that can
           drive a cryptographic accelerator or hardware service module. When
           BIND is built with native PKCS#11 cryptography
           (--enable-native-pkcs11), it defaults to the path of the PKCS#11
           provider library specified via "--with-pkcs11".

       -f
           Force overwrite: Causes dnssec-revoke to write the new key pair
           even if a file already exists matching the algorithm and key ID of
           the revoked key.

       -R
           Print the key tag of the key with the REVOKE bit set but do not
           revoke the key.


ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       +---------------+------------------+
       |ATTRIBUTE TYPE | ATTRIBUTE VALUE  |
       +---------------+------------------+
       |Availability   | network/dns/bind |
       +---------------+------------------+
       |Stability      | Uncommitted      |
       +---------------+------------------+
SEE ALSO
       dnssec-keygen(8), BIND 9 Administrator Reference Manual, RFC 5011.

AUTHOR
       Internet Systems Consortium, Inc.

COPYRIGHT
       Copyright (C) 2009, 2011, 2014-2016, 2018, 2019 Internet Systems
       Consortium, Inc. ("ISC")



NOTES
       This software was built from source available at
       https://github.com/oracle/solaris-userland.  The original community
       source was downloaded from
       http://ftp.isc.org/isc/bind9/9.11.6/bind-9.11.6.tar.gz

       Further information about this software can be found on the open source
       community website at http://www.isc.org/software/bind/.



ISC                               2014-01-15                  DNSSEC-REVOKE(8)