97 lines
2.6 KiB
Text
97 lines
2.6 KiB
Text
.\" Man page generated from reStructuredText.
|
|
.
|
|
.
|
|
.nr rst2man-indent-level 0
|
|
.
|
|
.de1 rstReportMargin
|
|
\\$1 \\n[an-margin]
|
|
level \\n[rst2man-indent-level]
|
|
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
-
|
|
\\n[rst2man-indent0]
|
|
\\n[rst2man-indent1]
|
|
\\n[rst2man-indent2]
|
|
..
|
|
.de1 INDENT
|
|
.\" .rstReportMargin pre:
|
|
. RS \\$1
|
|
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
|
|
. nr rst2man-indent-level +1
|
|
.\" .rstReportMargin post:
|
|
..
|
|
.de UNINDENT
|
|
. RE
|
|
.\" indent \\n[an-margin]
|
|
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
.nr rst2man-indent-level -1
|
|
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
|
|
..
|
|
.TH "DNSSEC-REVOKE" "1" "@RELEASE_DATE@" "@PACKAGE_VERSION@" "BIND 9"
|
|
.SH NAME
|
|
dnssec-revoke \- set the REVOKED bit on a DNSSEC key
|
|
.SH SYNOPSIS
|
|
.sp
|
|
\fBdnssec\-revoke\fP [\fB\-hr\fP] [\fB\-v\fP level] [\fB\-V\fP] [\fB\-K\fP directory] [\fB\-E\fP engine] [\fB\-f\fP] [\fB\-R\fP] {keyfile}
|
|
.SH DESCRIPTION
|
|
.sp
|
|
\fBdnssec\-revoke\fP reads a DNSSEC key file, sets the REVOKED bit on the
|
|
key as defined in \X'tty: link https://datatracker.ietf.org/doc/html/rfc5011.html'\fI\%RFC 5011\fP\X'tty: link', and creates a new pair of key files
|
|
containing the now\-revoked key.
|
|
.SH OPTIONS
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-h
|
|
This option emits a usage message and exits.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-K directory
|
|
This option sets the directory in which the key files are to reside.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-r
|
|
This option indicates to remove the original keyset files after writing the new keyset files.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-v level
|
|
This option sets the debugging level.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-V
|
|
This option prints version information.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-E engine
|
|
This option specifies the cryptographic hardware to use, when applicable.
|
|
.sp
|
|
When BIND 9 is built with OpenSSL, this needs to be set to the OpenSSL
|
|
engine identifier that drives the cryptographic accelerator or
|
|
hardware service module (usually \fBpkcs11\fP).
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-f
|
|
This option indicates a forced overwrite and causes \fBdnssec\-revoke\fP to write the new key pair,
|
|
even if a file already exists matching the algorithm and key ID of
|
|
the revoked key.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-R
|
|
This option prints the key tag of the key with the REVOKE bit set, but does not
|
|
revoke the key.
|
|
.UNINDENT
|
|
.SH SEE ALSO
|
|
.sp
|
|
\fI\%dnssec\-keygen(8)\fP, BIND 9 Administrator Reference Manual, \X'tty: link https://datatracker.ietf.org/doc/html/rfc5011.html'\fI\%RFC 5011\fP\X'tty: link'\&.
|
|
.SH AUTHOR
|
|
Internet Systems Consortium
|
|
.SH COPYRIGHT
|
|
2025, Internet Systems Consortium
|
|
.\" Generated by docutils manpage writer.
|
|
.
|