|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
- Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
Packit |
5ce601 |
-
|
|
Packit |
5ce601 |
- This Source Code Form is subject to the terms of the Mozilla Public
|
|
Packit |
5ce601 |
- License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
Packit Service |
704ed8 |
- file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
Packit |
5ce601 |
-
|
|
Packit |
5ce601 |
- See the COPYRIGHT file distributed with this work for additional
|
|
Packit |
5ce601 |
- information regarding copyright ownership.
|
|
Packit |
5ce601 |
-->
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
|
|
Packit Service |
e5d613 |
<refentry xml:id="man.dnssec-revoke">
|
|
Packit |
5ce601 |
<info>
|
|
Packit |
5ce601 |
<date>2014-01-15</date>
|
|
Packit |
5ce601 |
</info>
|
|
Packit |
5ce601 |
<refentryinfo>
|
|
Packit |
5ce601 |
<corpname>ISC</corpname>
|
|
Packit |
5ce601 |
<corpauthor>Internet Systems Consortium, Inc.</corpauthor>
|
|
Packit |
5ce601 |
</refentryinfo>
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
<refmeta>
|
|
Packit |
5ce601 |
<refentrytitle><application>dnssec-revoke</application></refentrytitle>
|
|
Packit |
5ce601 |
<manvolnum>8</manvolnum>
|
|
Packit Service |
e5d613 |
<refmiscinfo class="manual">BIND9</refmiscinfo>
|
|
Packit |
5ce601 |
</refmeta>
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
<refnamediv>
|
|
Packit |
5ce601 |
<refname><application>dnssec-revoke</application></refname>
|
|
Packit |
5ce601 |
<refpurpose>set the REVOKED bit on a DNSSEC key</refpurpose>
|
|
Packit |
5ce601 |
</refnamediv>
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
<docinfo>
|
|
Packit |
5ce601 |
<copyright>
|
|
Packit |
5ce601 |
<year>2009</year>
|
|
Packit |
5ce601 |
<year>2011</year>
|
|
Packit |
5ce601 |
<year>2014</year>
|
|
Packit |
5ce601 |
<year>2015</year>
|
|
Packit |
5ce601 |
<year>2016</year>
|
|
Packit |
5ce601 |
<year>2018</year>
|
|
Packit |
5ce601 |
<year>2019</year>
|
|
Packit |
5ce601 |
<year>2020</year>
|
|
Packit |
5ce601 |
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
|
|
Packit |
5ce601 |
</copyright>
|
|
Packit |
5ce601 |
</docinfo>
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
<refsynopsisdiv>
|
|
Packit |
5ce601 |
<cmdsynopsis sepchar=" ">
|
|
Packit |
5ce601 |
<command>dnssec-revoke</command>
|
|
Packit |
5ce601 |
<arg choice="opt" rep="norepeat"><option>-hr</option></arg>
|
|
Packit |
5ce601 |
<arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
|
|
Packit |
5ce601 |
<arg choice="opt" rep="norepeat"><option>-V</option></arg>
|
|
Packit |
5ce601 |
<arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
|
|
Packit |
5ce601 |
<arg choice="opt" rep="norepeat"><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
|
|
Packit |
5ce601 |
<arg choice="opt" rep="norepeat"><option>-f</option></arg>
|
|
Packit |
5ce601 |
<arg choice="opt" rep="norepeat"><option>-R</option></arg>
|
|
Packit |
5ce601 |
<arg choice="req" rep="norepeat">keyfile</arg>
|
|
Packit |
5ce601 |
</cmdsynopsis>
|
|
Packit |
5ce601 |
</refsynopsisdiv>
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
<refsection><info><title>DESCRIPTION</title></info>
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
<para><command>dnssec-revoke</command>
|
|
Packit |
5ce601 |
reads a DNSSEC key file, sets the REVOKED bit on the key as defined
|
|
Packit |
5ce601 |
in RFC 5011, and creates a new pair of key files containing the
|
|
Packit |
5ce601 |
now-revoked key.
|
|
Packit |
5ce601 |
</para>
|
|
Packit |
5ce601 |
</refsection>
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
<refsection><info><title>OPTIONS</title></info>
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
<variablelist>
|
|
Packit |
5ce601 |
<varlistentry>
|
|
Packit |
5ce601 |
<term>-h</term>
|
|
Packit |
5ce601 |
<listitem>
|
|
Packit |
5ce601 |
<para>
|
|
Packit |
5ce601 |
Emit usage message and exit.
|
|
Packit |
5ce601 |
</para>
|
|
Packit |
5ce601 |
</listitem>
|
|
Packit |
5ce601 |
</varlistentry>
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
<varlistentry>
|
|
Packit |
5ce601 |
<term>-K <replaceable class="parameter">directory</replaceable></term>
|
|
Packit |
5ce601 |
<listitem>
|
|
Packit |
5ce601 |
<para>
|
|
Packit |
5ce601 |
Sets the directory in which the key files are to reside.
|
|
Packit |
5ce601 |
</para>
|
|
Packit |
5ce601 |
</listitem>
|
|
Packit |
5ce601 |
</varlistentry>
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
<varlistentry>
|
|
Packit |
5ce601 |
<term>-r</term>
|
|
Packit |
5ce601 |
<listitem>
|
|
Packit |
5ce601 |
<para>
|
|
Packit |
5ce601 |
After writing the new keyset files remove the original keyset
|
|
Packit |
5ce601 |
files.
|
|
Packit |
5ce601 |
</para>
|
|
Packit |
5ce601 |
</listitem>
|
|
Packit |
5ce601 |
</varlistentry>
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
<varlistentry>
|
|
Packit |
5ce601 |
<term>-v <replaceable class="parameter">level</replaceable></term>
|
|
Packit |
5ce601 |
<listitem>
|
|
Packit |
5ce601 |
<para>
|
|
Packit |
5ce601 |
Sets the debugging level.
|
|
Packit |
5ce601 |
</para>
|
|
Packit |
5ce601 |
</listitem>
|
|
Packit |
5ce601 |
</varlistentry>
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
<varlistentry>
|
|
Packit |
5ce601 |
<term>-V</term>
|
|
Packit |
5ce601 |
<listitem>
|
|
Packit |
5ce601 |
<para>
|
|
Packit |
5ce601 |
Prints version information.
|
|
Packit |
5ce601 |
</para>
|
|
Packit |
5ce601 |
</listitem>
|
|
Packit |
5ce601 |
</varlistentry>
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
<varlistentry>
|
|
Packit |
5ce601 |
<term>-E <replaceable class="parameter">engine</replaceable></term>
|
|
Packit |
5ce601 |
<listitem>
|
|
Packit |
5ce601 |
<para>
|
|
Packit |
5ce601 |
Specifies the cryptographic hardware to use, when applicable.
|
|
Packit |
5ce601 |
</para>
|
|
Packit |
5ce601 |
<para>
|
|
Packit |
5ce601 |
When BIND is built with OpenSSL PKCS#11 support, this defaults
|
|
Packit |
5ce601 |
to the string "pkcs11", which identifies an OpenSSL engine
|
|
Packit |
5ce601 |
that can drive a cryptographic accelerator or hardware service
|
|
Packit |
5ce601 |
module. When BIND is built with native PKCS#11 cryptography
|
|
Packit |
5ce601 |
(--enable-native-pkcs11), it defaults to the path of the PKCS#11
|
|
Packit |
5ce601 |
provider library specified via "--with-pkcs11".
|
|
Packit |
5ce601 |
</para>
|
|
Packit |
5ce601 |
</listitem>
|
|
Packit |
5ce601 |
</varlistentry>
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
<varlistentry>
|
|
Packit |
5ce601 |
<term>-f</term>
|
|
Packit |
5ce601 |
<listitem>
|
|
Packit |
5ce601 |
<para>
|
|
Packit |
5ce601 |
Force overwrite: Causes <command>dnssec-revoke</command> to
|
|
Packit |
5ce601 |
write the new key pair even if a file already exists matching
|
|
Packit |
5ce601 |
the algorithm and key ID of the revoked key.
|
|
Packit |
5ce601 |
</para>
|
|
Packit |
5ce601 |
</listitem>
|
|
Packit |
5ce601 |
</varlistentry>
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
<varlistentry>
|
|
Packit |
5ce601 |
<term>-R</term>
|
|
Packit |
5ce601 |
<listitem>
|
|
Packit |
5ce601 |
<para>
|
|
Packit |
5ce601 |
Print the key tag of the key with the REVOKE bit set but do
|
|
Packit |
5ce601 |
not revoke the key.
|
|
Packit |
5ce601 |
</para>
|
|
Packit |
5ce601 |
</listitem>
|
|
Packit |
5ce601 |
</varlistentry>
|
|
Packit |
5ce601 |
</variablelist>
|
|
Packit |
5ce601 |
</refsection>
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
<refsection><info><title>SEE ALSO</title></info>
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
<para><citerefentry>
|
|
Packit |
5ce601 |
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
|
|
Packit |
5ce601 |
</citerefentry>,
|
|
Packit |
5ce601 |
<citetitle>BIND 9 Administrator Reference Manual</citetitle>,
|
|
Packit |
5ce601 |
<citetitle>RFC 5011</citetitle>.
|
|
Packit |
5ce601 |
</para>
|
|
Packit |
5ce601 |
</refsection>
|
|
Packit |
5ce601 |
|
|
Packit |
5ce601 |
</refentry>
|