"Fossies" - the Fresh Open Source Software Archive

Member "bind-9.11.23/bin/dnssec/dnssec-revoke.docbook" (7 Sep 2020, 5188 Bytes) of package /linux/misc/dns/bind9/9.11.23/bind-9.11.23.tar.gz:

As a special service "Fossies" has tried to format the requested source page into HTML format (assuming docbook format). Alternatively you can here view or download the uninterpreted source code file. A member file download can also be achieved by clicking within a package contents listing on the according byte size field.

ISC Internet Systems Consortium, Inc. dnssec-revoke 8 BIND9 dnssec-revoke set the REVOKED bit on a DNSSEC key 2009 2011 2014 2015 2016 2018 2019 2020 Internet Systems Consortium, Inc. ("ISC") dnssec-revoke -hr -v level -V -K directory -E engine -f -R keyfile


dnssec-revoke reads a DNSSEC key file, sets the REVOKED bit on the key as defined in RFC 5011, and creates a new pair of key files containing the now-revoked key.



Emit usage message and exit.

-K <directory>

Sets the directory in which the key files are to reside.


After writing the new keyset files remove the original keyset files.

-v <level>

Sets the debugging level.


Prints version information.

-E <engine>

Specifies the cryptographic hardware to use, when applicable.

When BIND is built with OpenSSL PKCS#11 support, this defaults to the string "pkcs11", which identifies an OpenSSL engine that can drive a cryptographic accelerator or hardware service module. When BIND is built with native PKCS#11 cryptography (--enable-native-pkcs11), it defaults to the path of the PKCS#11 provider library specified via "--with-pkcs11".


Force overwrite: Causes dnssec-revoke to write the new key pair even if a file already exists matching the algorithm and key ID of the revoked key.


Print the key tag of the key with the REVOKE bit set but do not revoke the key.


dnssec-keygen8, BIND 9 Administrator Reference Manual, RFC 5011.