89 lines
2.5 KiB
Groff
89 lines
2.5 KiB
Groff
.\" Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
|
|
.\"
|
|
.\" Permission to use, copy, modify, and/or distribute this software for any
|
|
.\" purpose with or without fee is hereby granted, provided that the above
|
|
.\" copyright notice and this permission notice appear in all copies.
|
|
.\"
|
|
.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
|
|
.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
|
|
.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
|
|
.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
|
|
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
|
.\" PERFORMANCE OF THIS SOFTWARE.
|
|
.\"
|
|
.\" $Id$
|
|
.\"
|
|
.hy 0
|
|
.ad l
|
|
.\" Title: dnssec\-revoke
|
|
.\" Author:
|
|
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
|
|
.\" Date: June 1, 2009
|
|
.\" Manual: BIND9
|
|
.\" Source: BIND9
|
|
.\"
|
|
.TH "DNSSEC\-REVOKE" "8" "June 1, 2009" "BIND9" "BIND9"
|
|
.\" disable hyphenation
|
|
.nh
|
|
.\" disable justification (adjust text to left margin only)
|
|
.ad l
|
|
.SH "NAME"
|
|
dnssec\-revoke \- Set the REVOKED bit on a DNSSEC key
|
|
.SH "SYNOPSIS"
|
|
.HP 14
|
|
\fBdnssec\-revoke\fR [\fB\-hr\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\fR] [\fB\-R\fR] {keyfile}
|
|
.SH "DESCRIPTION"
|
|
.PP
|
|
\fBdnssec\-revoke\fR
|
|
reads a DNSSEC key file, sets the REVOKED bit on the key as defined in RFC 5011, and creates a new pair of key files containing the now\-revoked key.
|
|
.SH "OPTIONS"
|
|
.PP
|
|
\-h
|
|
.RS 4
|
|
Emit usage message and exit.
|
|
.RE
|
|
.PP
|
|
\-K \fIdirectory\fR
|
|
.RS 4
|
|
Sets the directory in which the key files are to reside.
|
|
.RE
|
|
.PP
|
|
\-r
|
|
.RS 4
|
|
After writing the new keyset files remove the original keyset files.
|
|
.RE
|
|
.PP
|
|
\-v \fIlevel\fR
|
|
.RS 4
|
|
Sets the debugging level.
|
|
.RE
|
|
.PP
|
|
\-E \fIengine\fR
|
|
.RS 4
|
|
Use the given OpenSSL engine. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine.
|
|
.RE
|
|
.PP
|
|
\-f
|
|
.RS 4
|
|
Force overwrite: Causes
|
|
\fBdnssec\-revoke\fR
|
|
to write the new key pair even if a file already exists matching the algorithm and key ID of the revoked key.
|
|
.RE
|
|
.PP
|
|
\-R
|
|
.RS 4
|
|
Print the key tag of the key with the REVOKE bit set but do not revoke the key.
|
|
.RE
|
|
.SH "SEE ALSO"
|
|
.PP
|
|
\fBdnssec\-keygen\fR(8),
|
|
BIND 9 Administrator Reference Manual,
|
|
RFC 5011.
|
|
.SH "AUTHOR"
|
|
.PP
|
|
Internet Systems Consortium
|
|
.SH "COPYRIGHT"
|
|
Copyright \(co 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
|
|
.br
|