1<!-- 2 - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC") 3 - Copyright (C) 2000-2003 Internet Software Consortium. 4 - 5 - Permission to use, copy, modify, and/or distribute this software for any 6 - purpose with or without fee is hereby granted, provided that the above 7 - copyright notice and this permission notice appear in all copies. 8 - 9 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15 - PERFORMANCE OF THIS SOFTWARE. 16--> 17<html> 18<head> 19<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> 20<title>dnssec-revoke</title> 21<meta name="generator" content="DocBook XSL Stylesheets V1.78.1"> 22<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual"> 23<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages"> 24<link rel="prev" href="man.dnssec-keygen.html" title="dnssec-keygen"> 25<link rel="next" href="man.dnssec-settime.html" title="dnssec-settime"> 26</head> 27<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"> 28<div class="navheader"> 29<table width="100%" summary="Navigation header"> 30<tr><th colspan="3" align="center"><span class="application">dnssec-revoke</span></th></tr> 31<tr> 32<td width="20%" align="left"> 33<a accesskey="p" href="man.dnssec-keygen.html">Prev</a>�</td> 34<th width="60%" align="center">Manual pages</th> 35<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-settime.html">Next</a> 36</td> 37</tr> 38</table> 39<hr> 40</div> 41<div class="refentry"> 42<a name="man.dnssec-revoke"></a><div class="titlepage"></div> 43<div class="refnamediv"> 44<h2>Name</h2> 45<p><span class="application">dnssec-revoke</span> — Set the REVOKED bit on a DNSSEC key</p> 46</div> 47<div class="refsynopsisdiv"> 48<h2>Synopsis</h2> 49<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code> [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div> 50</div> 51<div class="refsection"> 52<a name="id-1.14.10.6"></a><h2>DESCRIPTION</h2> 53<p><span class="command"><strong>dnssec-revoke</strong></span> 54 reads a DNSSEC key file, sets the REVOKED bit on the key as defined 55 in RFC 5011, and creates a new pair of key files containing the 56 now-revoked key. 57 </p> 58</div> 59<div class="refsection"> 60<a name="id-1.14.10.7"></a><h2>OPTIONS</h2> 61<div class="variablelist"><dl class="variablelist"> 62<dt><span class="term">-h</span></dt> 63<dd><p> 64 Emit usage message and exit. 65 </p></dd> 66<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt> 67<dd><p> 68 Sets the directory in which the key files are to reside. 69 </p></dd> 70<dt><span class="term">-r</span></dt> 71<dd><p> 72 After writing the new keyset files remove the original keyset 73 files. 74 </p></dd> 75<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt> 76<dd><p> 77 Sets the debugging level. 78 </p></dd> 79<dt><span class="term">-V</span></dt> 80<dd><p> 81 Prints version information. 82 </p></dd> 83<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt> 84<dd><p> 85 Use the given OpenSSL engine. When compiled with PKCS#11 support 86 it defaults to pkcs11; the empty name resets it to no engine. 87 </p></dd> 88<dt><span class="term">-f</span></dt> 89<dd><p> 90 Force overwrite: Causes <span class="command"><strong>dnssec-revoke</strong></span> to 91 write the new key pair even if a file already exists matching 92 the algorithm and key ID of the revoked key. 93 </p></dd> 94<dt><span class="term">-R</span></dt> 95<dd><p> 96 Print the key tag of the key with the REVOKE bit set but do 97 not revoke the key. 98 </p></dd> 99</dl></div> 100</div> 101<div class="refsection"> 102<a name="id-1.14.10.8"></a><h2>SEE ALSO</h2> 103<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, 104 <em class="citetitle">BIND 9 Administrator Reference Manual</em>, 105 <em class="citetitle">RFC 5011</em>. 106 </p> 107</div> 108</div> 109<div class="navfooter"> 110<hr> 111<table width="100%" summary="Navigation footer"> 112<tr> 113<td width="40%" align="left"> 114<a accesskey="p" href="man.dnssec-keygen.html">Prev</a>�</td> 115<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td> 116<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-settime.html">Next</a> 117</td> 118</tr> 119<tr> 120<td width="40%" align="left" valign="top"> 121<span class="application">dnssec-keygen</span>�</td> 122<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td> 123<td width="40%" align="right" valign="top">�<span class="application">dnssec-settime</span> 124</td> 125</tr> 126</table> 127</div> 128<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p> 129</body> 130</html> 131