Poster of Linux kernelThe best gift for a Linux geek
DNSSEC-REVOKE

DNSSEC-REVOKE

Section: BIND9 (8) Updated: June 1, 2009
Local index Up
 

NAME

dnssec-revoke - Set the REVOKED bit on a DNSSEC key  

SYNOPSIS

dnssec-revoke [-hr] [-v level] [-K directory] [-E engine] [-f] {keyfile}
 

DESCRIPTION

dnssec-revoke

reads a DNSSEC key file, sets the REVOKED bit on the key as defined in RFC 5011, and creates a new pair of key files containing the now-revoked key.  

OPTIONS

-h

Emit usage message and exit.

-K directory

Sets the directory in which the key files are to reside.

-r

After writing the new keyset files remove the original keyset files.

-v level

Sets the debugging level.

-E engine

Use the given OpenSSL engine. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine.

-f

Force overwrite: Causes dnssec-revoke to write the new key pair even if a file already exists matching the algorithm and key ID of the revoked key.
 

SEE ALSO

dnssec-keygen(8), BIND 9 Administrator Reference Manual, RFC 5011.  

AUTHOR

Internet Systems Consortium  

COPYRIGHT

Copyright © 2009 Internet Systems Consortium, Inc. ("ISC")


 

Index

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
SEE ALSO
AUTHOR
COPYRIGHT

This document was created by man2html, using the manual pages.
Time: 22:01:32 GMT, April 16, 2011