GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
DNSSEC-REVOKE(1) BIND 9 DNSSEC-REVOKE(1)

dnssec-revoke - set the REVOKED bit on a DNSSEC key

dnssec-revoke [-hr] [-v level] [-V] [-K directory] [-E engine] [-f] [-R] {keyfile}

dnssec-revoke reads a DNSSEC key file, sets the REVOKED bit on the key as defined in RFC 5011, and creates a new pair of key files containing the now-revoked key.

-h
This option emits a usage message and exits.

-K directory
This option sets the directory in which the key files are to reside.

-r
This option indicates to remove the original keyset files after writing the new keyset files.

-v level
This option sets the debugging level.

-V
This option prints version information.

-E engine
This option specifies the cryptographic hardware to use, when applicable.

When BIND 9 is built with OpenSSL, this needs to be set to the OpenSSL engine identifier that drives the cryptographic accelerator or hardware service module (usually pkcs11).


-f
This option indicates a forced overwrite and causes dnssec-revoke to write the new key pair, even if a file already exists matching the algorithm and key ID of the revoked key.

-R
This option prints the key tag of the key with the REVOKE bit set, but does not revoke the key.

dnssec-keygen(8), BIND 9 Administrator Reference Manual, RFC 5011.

Internet Systems Consortium

2022, Internet Systems Consortium
2022-05-09 9.18.3

Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.