.\" Man page generated from reStructuredText. . . .nr rst2man-indent-level 0 . .de1 rstReportMargin \\$1 \\n[an-margin] level \\n[rst2man-indent-level] level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] - \\n[rst2man-indent0] \\n[rst2man-indent1] \\n[rst2man-indent2] .. .de1 INDENT .\" .rstReportMargin pre: . RS \\$1 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] . nr rst2man-indent-level +1 .\" .rstReportMargin post: .. .de UNINDENT . RE .\" indent \\n[an-margin] .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] .nr rst2man-indent-level -1 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. .TH "DNSSEC-REVOKE" "1" "@RELEASE_DATE@" "@PACKAGE_VERSION@" "BIND 9" .SH NAME dnssec-revoke \- set the REVOKED bit on a DNSSEC key .SH SYNOPSIS .sp \fBdnssec\-revoke\fP [\fB\-hr\fP] [\fB\-v\fP level] [\fB\-V\fP] [\fB\-K\fP directory] [\fB\-E\fP engine] [\fB\-f\fP] [\fB\-R\fP] {keyfile} .SH DESCRIPTION .sp \fBdnssec\-revoke\fP reads a DNSSEC key file, sets the REVOKED bit on the key as defined in \X'tty: link https://datatracker.ietf.org/doc/html/rfc5011.html'\fI\%RFC 5011\fP\X'tty: link', and creates a new pair of key files containing the now\-revoked key. .SH OPTIONS .INDENT 0.0 .TP .B \-h This option emits a usage message and exits. .UNINDENT .INDENT 0.0 .TP .B \-K directory This option sets the directory in which the key files are to reside. .UNINDENT .INDENT 0.0 .TP .B \-r This option indicates to remove the original keyset files after writing the new keyset files. .UNINDENT .INDENT 0.0 .TP .B \-v level This option sets the debugging level. .UNINDENT .INDENT 0.0 .TP .B \-V This option prints version information. .UNINDENT .INDENT 0.0 .TP .B \-E engine This option specifies the cryptographic hardware to use, when applicable. .sp When BIND 9 is built with OpenSSL, this needs to be set to the OpenSSL engine identifier that drives the cryptographic accelerator or hardware service module (usually \fBpkcs11\fP). .UNINDENT .INDENT 0.0 .TP .B \-f This option indicates a forced overwrite and causes \fBdnssec\-revoke\fP to write the new key pair, even if a file already exists matching the algorithm and key ID of the revoked key. .UNINDENT .INDENT 0.0 .TP .B \-R This option prints the key tag of the key with the REVOKE bit set, but does not revoke the key. .UNINDENT .SH SEE ALSO .sp \X'tty: link #std-iscman-dnssec-keygen'\fI\%dnssec\-keygen(8)\fP\X'tty: link', BIND 9 Administrator Reference Manual, \X'tty: link https://datatracker.ietf.org/doc/html/rfc5011.html'\fI\%RFC 5011\fP\X'tty: link'\&. .SH AUTHOR Internet Systems Consortium .SH COPYRIGHT 2024, Internet Systems Consortium .\" Generated by docutils manpage writer. .