NAME

dnssec-revoke - Set the REVOKED bit on a DNSSEC key

SYNOPSIS

ddnnsssseecc--rreevvookkee [--hhrr] [--vv _l_e_v_e_l] [--KK _d_i_r_e_c_t_o_r_y] [--EE _e_n_g_i_n_e] [--ff] {keyfile}

DESCRIPTION

ddnnsssseecc--rreevvookkee reads a DNSSEC key file, sets the REVOKED bit on the key as defined in RFC 5011, and creates a new pair of key files containing the now-revoked key.

OPTIONS

-h Emit usage message and exit.

-K _d_i_r_e_c_t_o_r_y Sets the directory in which the key files are to reside.

-r After writing the new keyset files remove the original keyset files.

-v _l_e_v_e_l Sets the debugging level.

-E _e_n_g_i_n_e Use the given OpenSSL engine. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine.

-f Force overwrite: Causes ddnnsssseecc--rreevvookkee to write the new key pair even if a file already exists matching the algorithm and key ID of the revoked key.

SEE ALSO

ddnnsssseecc--kkeeyyggeenn(8), BIND 9 Administrator Reference Manual, RFC 5011.

AUTHOR

Internet Systems Consortium

Copyright © 2009 Internet Systems Consortium, Inc. ("ISC")