DNSSEC-REVOKE(8) | BIND9 | DNSSEC-REVOKE(8) |
NAME¶
dnssec-revoke - set the REVOKED bit on a DNSSEC key
SYNOPSIS¶
dnssec-revoke [-hr] [-v level] [-V] [-K directory] [-E engine] [-f] [-R] {keyfile}
DESCRIPTION¶
dnssec-revoke reads a DNSSEC key file, sets the REVOKED bit on the key as defined in RFC 5011, and creates a new pair of key files containing the now-revoked key.
OPTIONS¶
-h
-K directory
-r
-v level
-V
-E engine
When BIND is built with OpenSSL PKCS#11 support, this defaults to the string "pkcs11", which identifies an OpenSSL engine that can drive a cryptographic accelerator or hardware service module. When BIND is built with native PKCS#11 cryptography (--enable-native-pkcs11), it defaults to the path of the PKCS#11 provider library specified via "--with-pkcs11".
-f
-R
SEE ALSO¶
dnssec-keygen(8), BIND 9 Administrator Reference Manual, RFC 5011.
AUTHOR¶
Internet Systems Consortium, Inc.
COPYRIGHT¶
Copyright © 2009, 2011, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
2014-01-15 | ISC |