87 lines
2.4 KiB
Plaintext
87 lines
2.4 KiB
Plaintext
.\" Man page generated from reStructuredText.
|
|
.
|
|
.TH "DNSSEC-REVOKE" "8" "@RELEASE_DATE@" "@BIND9_VERSION@" "BIND 9"
|
|
.SH NAME
|
|
dnssec-revoke \- set the REVOKED bit on a DNSSEC key
|
|
.
|
|
.nr rst2man-indent-level 0
|
|
.
|
|
.de1 rstReportMargin
|
|
\\$1 \\n[an-margin]
|
|
level \\n[rst2man-indent-level]
|
|
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
-
|
|
\\n[rst2man-indent0]
|
|
\\n[rst2man-indent1]
|
|
\\n[rst2man-indent2]
|
|
..
|
|
.de1 INDENT
|
|
.\" .rstReportMargin pre:
|
|
. RS \\$1
|
|
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
|
|
. nr rst2man-indent-level +1
|
|
.\" .rstReportMargin post:
|
|
..
|
|
.de UNINDENT
|
|
. RE
|
|
.\" indent \\n[an-margin]
|
|
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
.nr rst2man-indent-level -1
|
|
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
|
|
..
|
|
.SH SYNOPSIS
|
|
.sp
|
|
\fBdnssec\-revoke\fP [\fB\-hr\fP] [\fB\-v\fP level] [\fB\-V\fP] [\fB\-K\fP directory] [\fB\-E\fP engine] [\fB\-f\fP] [\fB\-R\fP] {keyfile}
|
|
.SH DESCRIPTION
|
|
.sp
|
|
\fBdnssec\-revoke\fP reads a DNSSEC key file, sets the REVOKED bit on the
|
|
key as defined in \fI\%RFC 5011\fP, and creates a new pair of key files
|
|
containing the now\-revoked key.
|
|
.SH OPTIONS
|
|
.INDENT 0.0
|
|
.TP
|
|
\fB\-h\fP
|
|
Emit usage message and exit.
|
|
.TP
|
|
\fB\-K\fP directory
|
|
Sets the directory in which the key files are to reside.
|
|
.TP
|
|
\fB\-r\fP
|
|
After writing the new keyset files remove the original keyset files.
|
|
.TP
|
|
\fB\-v\fP level
|
|
Sets the debugging level.
|
|
.TP
|
|
\fB\-V\fP
|
|
Prints version information.
|
|
.TP
|
|
\fB\-E\fP engine
|
|
Specifies the cryptographic hardware to use, when applicable.
|
|
.sp
|
|
When BIND is built with OpenSSL PKCS#11 support, this defaults to the
|
|
string "pkcs11", which identifies an OpenSSL engine that can drive a
|
|
cryptographic accelerator or hardware service module. When BIND is
|
|
built with native PKCS#11 cryptography (\-\-enable\-native\-pkcs11), it
|
|
defaults to the path of the PKCS#11 provider library specified via
|
|
"\-\-with\-pkcs11".
|
|
.TP
|
|
\fB\-f\fP
|
|
Force overwrite: Causes \fBdnssec\-revoke\fP to write the new key pair
|
|
even if a file already exists matching the algorithm and key ID of
|
|
the revoked key.
|
|
.TP
|
|
\fB\-R\fP
|
|
Print the key tag of the key with the REVOKE bit set but do not
|
|
revoke the key.
|
|
.UNINDENT
|
|
.SH SEE ALSO
|
|
.sp
|
|
\fBdnssec\-keygen(8)\fP, BIND 9 Administrator Reference Manual, \fI\%RFC 5011\fP\&.
|
|
.SH AUTHOR
|
|
Internet Systems Consortium
|
|
.SH COPYRIGHT
|
|
2020, Internet Systems Consortium
|
|
.\" Generated by docutils manpage writer.
|
|
.
|