Knowledge Base ISC Main Website Ask a Question/Contact ISC
Can I extract the key tag from a DNSKEY obtained via dig?
Author: Cathy Almond Reference Number: AA-00610 Views: 5853 Created: 2012-01-26 12:46 Last Updated: 2014-02-05 12:24 100 Rating/ 1 Voters


dig +multi will show the key tag.  In BIND 9.9, you can also use dig +rrcomments, and both options provide more key information than was available with 9.8.2 dig.

9.8.2:

$ dig +multi isc.org DNSKEY

; <<>> DiG 9.8.2 <<>> +multi isc.org DNSKEY
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54063
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;isc.org.        IN DNSKEY

;; ANSWER SECTION:
isc.org.        2249 IN    DNSKEY 256 3 5 (
                BEAAAAO6L6BadeFzvt6J63GDGrFANfJAitCd9Njcj49y
                6PE1Bv6t33sEyxSVi4KWbjQgViMCxAArxP0IhDLhYFGb
                sU2ugkQ4UMFCPgYIVxC1yvBw1Gt7p+SBQU9qX+Il/cqY
                TJWQkWRdDPHJoaMT1+f7e6YLlntxpl+M7yw3aOEbCByP
                zw==
                ) ; key id = 21693
isc.org.        2249 IN    DNSKEY 257 3 5 (
                BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hW
                LDMvoOMRXjGrhhCeFvAZih7yJHf8ZGfW6hd38hXG/xyl
                YCO6Krpbdojwx8YMXLA5/kA+u50WIL8ZR1R6KTbsYVMf
                /Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy347cBB1zM
                nnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/z
                ZrQzBkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix
                5WcJt+xzqZ7+ysyLKOOedS39Z7SDmsn2eA0FKtQpwA6L
                XeG2w+jxmw3oA8lVUgEf/rzeC/bByBNsO70aEFTd
                ) ; key id = 12892

;; Query time: 35 msec
;; SERVER: 194.74.65.69#53(194.74.65.69)
;; WHEN: Thu Jan 26 12:43:36 2012
;; MSG SIZE  rcvd: 451

9.9.0 with +multi:

$ dig +multi isc.org DNSKEY

; <<>> DiG 9.9.0 <<>> +multi isc.org DNSKEY
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10423
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;isc.org.        IN DNSKEY

;; ANSWER SECTION:
isc.org.        6569 IN    DNSKEY 256 3 5 (
                BEAAAAO6L6BadeFzvt6J63GDGrFANfJAitCd9Njcj49y
                6PE1Bv6t33sEyxSVi4KWbjQgViMCxAArxP0IhDLhYFGb
                sU2ugkQ4UMFCPgYIVxC1yvBw1Gt7p+SBQU9qX+Il/cqY
                TJWQkWRdDPHJoaMT1+f7e6YLlntxpl+M7yw3aOEbCByP
                zw==
                ) ; ZSK; alg = RSASHA1; key id = 21693
isc.org.        6569 IN    DNSKEY 257 3 5 (
                BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hW
                LDMvoOMRXjGrhhCeFvAZih7yJHf8ZGfW6hd38hXG/xyl
                YCO6Krpbdojwx8YMXLA5/kA+u50WIL8ZR1R6KTbsYVMf
                /Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy347cBB1zM
                nnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/z
                ZrQzBkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix
                5WcJt+xzqZ7+ysyLKOOedS39Z7SDmsn2eA0FKtQpwA6L
                XeG2w+jxmw3oA8lVUgEf/rzeC/bByBNsO70aEFTd
                ) ; KSK; alg = RSASHA1; key id = 12892

;; Query time: 34 msec
;; SERVER: 194.74.65.69#53(194.74.65.69)
;; WHEN: Thu Jan 26 11:31:36 2012
;; MSG SIZE  rcvd: 462


9.9.0 with +rrcomments

$ dig +rrcomments isc.org DNSKEY

; <<>> DiG 9.9.0 <<>> +rrcomments isc.org DNSKEY
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5319
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;isc.org.            IN    DNSKEY

;; ANSWER SECTION:
isc.org.        6635    IN    DNSKEY    256 3 5 BEAAAAO6L6BadeFzvt6J63GDGrFANfJAitCd9Njcj49y6PE1Bv6t33sE yxSVi4KWbjQgViMCxAArxP0IhDLhYFGbsU2ugkQ4UMFCPgYIVxC1yvBw 1Gt7p+SBQU9qX+Il/cqYTJWQkWRdDPHJoaMT1+f7e6YLlntxpl+M7yw3 aOEbCByPzw==  ; ZSK; alg = RSASHA1; key id = 21693
isc.org.        6635    IN    DNSKEY    257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjGr hhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA+ u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy3 47cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQz Bkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysyL KOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/bB yBNsO70aEFTd  ; KSK; alg = RSASHA1; key id = 12892

;; Query time: 35 msec
;; SERVER: 194.74.65.69#53(194.74.65.69)
;; WHEN: Thu Jan 26 11:30:30 2012
;; MSG SIZE  rcvd: 462


© 2001-2016 Internet Systems Consortium

Please help us to improve the content of our knowledge base by letting us know below how we can improve this article.

If you have a technical question or problem on which you'd like help, please don't submit it here as article feedback.

For assistance with problems and questions for which you have not been able to find an answer in our Knowledge Base, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted). The bind-users and the dhcp-users lists particularly have a long-standing and active membership.

ISC relies on the financial support of the community to fund the development of its open source software products. If you would like to support future product evolution and maintenance as well having peace of mind knowing that our team of experts are poised to provide you with individual technical assistance whenever you call upon them, then please consider our Professional Subscription Support services - details can be found on our main website.

Feedback
  • There is no feedback for this article
Info Submit Feedback on this Article
Nickname: Your Email: Subject: Comment:
Enter the code below:
Quick Jump Menu