Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

dnssec-revoke(8) [netbsd man page]

DNSSEC-REVOKE(8)						       BIND9							  DNSSEC-REVOKE(8)

NAME
dnssec-revoke - Set the REVOKED bit on a DNSSEC key SYNOPSIS
dnssec-revoke [-hr] [-v level] [-K directory] [-E engine] [-f] [-R] {keyfile} DESCRIPTION
dnssec-revoke reads a DNSSEC key file, sets the REVOKED bit on the key as defined in RFC 5011, and creates a new pair of key files containing the now-revoked key. OPTIONS
-h Emit usage message and exit. -K directory Sets the directory in which the key files are to reside. -r After writing the new keyset files remove the original keyset files. -v level Sets the debugging level. -E engine Use the given OpenSSL engine. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine. -f Force overwrite: Causes dnssec-revoke to write the new key pair even if a file already exists matching the algorithm and key ID of the revoked key. -R Print the key tag of the key with the REVOKE bit set but do not revoke the key. SEE ALSO
dnssec-keygen(8), BIND 9 Administrator Reference Manual, RFC 5011. AUTHOR
Internet Systems Consortium COPYRIGHT
Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC") BIND9 June 1, 2009 DNSSEC-REVOKE(8)

Check Out this Related Man Page

DNSSEC-DSFROMKEY(8)						       BIND9						       DNSSEC-DSFROMKEY(8)

NAME
dnssec-dsfromkey - DNSSEC DS RR generation tool SYNOPSIS
dnssec-dsfromkey [-v level] [-1] [-2] [-a alg] {keyfile} dnssec-dsfromkey {-s} [-v level] [-1] [-2] [-a alg] [-c class] [-d dir] {dnsname} DESCRIPTION
dnssec-dsfromkey outputs the Delegation Signer (DS) resource record (RR), as defined in RFC 3658 and RFC 4509, for the given key(s). OPTIONS
-1 Use SHA-1 as the digest algorithm (the default is to use both SHA-1 and SHA-256). -2 Use SHA-256 as the digest algorithm. -a algorithm Select the digest algorithm. The value of algorithm must be one of SHA-1 (SHA1) or SHA-256 (SHA256). These values are case insensitive. -v level Sets the debugging level. -s Keyset mode: in place of the keyfile name, the argument is the DNS domain name of a keyset file. Following options make sense only in this mode. -c class Specifies the DNS class (default is IN), useful only in the keyset mode. -d directory Look for keyset files in directory as the directory, ignored when not in the keyset mode. EXAMPLE
To build the SHA-256 DS RR from the Kexample.com.+003+26160 keyfile name, the following command would be issued: dnssec-dsfromkey -2 Kexample.com.+003+26160 The command would print something like: example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94 FILES
The keyfile can be designed by the key identification Knnnn.+aaa+iiiii or the full file name Knnnn.+aaa+iiiii.key as generated by dnssec-keygen(8). The keyset file name is built from the directory, the string keyset- and the dnsname. CAVEAT
A keyfile error can give a "file not found" even if the file exists. SEE ALSO
dnssec-keygen(8), dnssec-signzone(8), BIND 9 Administrator Reference Manual, RFC 3658, RFC 4509. AUTHOR
Internet Systems Consortium COPYRIGHT
Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC") BIND9 November 29, 2008 DNSSEC-DSFROMKEY(8)
Man Page

5 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Include Line Before Pattern Using Sed / Awk

Hi, I have a sql file that runs something like this vi Test.sql REVOKE EXECUTE ON DEMO_USER.SQC_SAMP FROM PUBLIC; REVOKE EXECUTE ON DEMO_USER.SQC_SAMP FROM DEMO_READ; REVOKE SELECT ON DEMO_USER.DEMO_NOMINEE_TEST FROM DEMO_READ; REVOKE EXECUTE ON DEMO_USER.SQC_SAMP FROM... (3 Replies)
Discussion started by: rajan_san
3 Replies

2. Advertise with Us

UNIX Systems Administrator Opportunity

Optiver is a worldwide market maker and derivatives trading firm with offices strategically located in Chicago, Amsterdam and Sydney. Attracting very ambitious, talented and results-oriented individuals to become members of a highly selective trading and support group is a primary contributor to... (0 Replies)
Discussion started by: Barb S.
0 Replies

3. Red Hat

Recover deleted files from linux server machine..

Hi, I am working Linux server machine. Somebody by mistake(or may be knowingly) deleted few folders and files from the machine. How is this possible to recover those files and folders????:confused: I normally logged in through Putty and winscp only. And don't have any history for putty... (8 Replies)
Discussion started by: pamu
8 Replies

4. Red Hat

How do I set up dnssec ?

Hi, I am receiving 'no valid signatures' errors in /var/log/messages. I understand that it would be gone if I set 'dnssec-enable no' in named.conf. But I want to let it be (i.e 'dnssec-enable yes'). Please help! (0 Replies)
Discussion started by: madhupnetfundu
0 Replies

5. UNIX for Beginners Questions & Answers

Need help with dnscrypt and dnssec

Hi, I currently have dnscrypt working, and now, I want to add dnssec. dnscrypt is basically a daemon running, and it's configured to 127.0.0.1 under dns in wifi. I have installed dnsmasq, and I am ready to enable dnssec in /usr/local/etc/dnsmasq.conf. My question is the following. Do I... (2 Replies)
Discussion started by: macos22
2 Replies