Can I extract the key tag from a DNSKEY obtained via dig?
  • 03 Oct 2018
  • 2 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

Can I extract the key tag from a DNSKEY obtained via dig?

  • Dark
    Light
  • PDF

dig +multi will show the key tag (key id). In BIND 9.9 and later, you can also use dig +rrcomments, and both options provide more key information than was available with 9.8.2 dig.

9.8.2:

$ dig +multi isc.org DNSKEY

; <<>> DiG 9.8.2 <<>> +multi isc.org DNSKEY
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54063
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;isc.org.        IN DNSKEY

;; ANSWER SECTION:
isc.org.        2249 IN    DNSKEY 256 3 5 (
                BEAAAAO6L6BadeFzvt6J63GDGrFANfJAitCd9Njcj49y
                6PE1Bv6t33sEyxSVi4KWbjQgViMCxAArxP0IhDLhYFGb
                sU2ugkQ4UMFCPgYIVxC1yvBw1Gt7p+SBQU9qX+Il/cqY
                TJWQkWRdDPHJoaMT1+f7e6YLlntxpl+M7yw3aOEbCByP
                zw==
                ) ; key id = 21693
isc.org.        2249 IN    DNSKEY 257 3 5 (
                BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hW
                LDMvoOMRXjGrhhCeFvAZih7yJHf8ZGfW6hd38hXG/xyl
                YCO6Krpbdojwx8YMXLA5/kA+u50WIL8ZR1R6KTbsYVMf
                /Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy347cBB1zM
                nnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/z
                ZrQzBkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix
                5WcJt+xzqZ7+ysyLKOOedS39Z7SDmsn2eA0FKtQpwA6L
                XeG2w+jxmw3oA8lVUgEf/rzeC/bByBNsO70aEFTd
                ) ; key id = 12892

;; Query time: 35 msec
;; SERVER: 194.74.65.69#53(194.74.65.69)
;; WHEN: Thu Jan 26 12:43:36 2012
;; MSG SIZE  rcvd: 451

9.9.0 with +multi:

$ dig +multi isc.org DNSKEY

; <<>> DiG 9.9.0 <<>> +multi isc.org DNSKEY
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10423
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;isc.org.        IN DNSKEY

;; ANSWER SECTION:
isc.org.        6569 IN    DNSKEY 256 3 5 (
                BEAAAAO6L6BadeFzvt6J63GDGrFANfJAitCd9Njcj49y
                6PE1Bv6t33sEyxSVi4KWbjQgViMCxAArxP0IhDLhYFGb
                sU2ugkQ4UMFCPgYIVxC1yvBw1Gt7p+SBQU9qX+Il/cqY
                TJWQkWRdDPHJoaMT1+f7e6YLlntxpl+M7yw3aOEbCByP
                zw==
                ) ; ZSK; alg = RSASHA1; key id = 21693
isc.org.        6569 IN    DNSKEY 257 3 5 (
                BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hW
                LDMvoOMRXjGrhhCeFvAZih7yJHf8ZGfW6hd38hXG/xyl
                YCO6Krpbdojwx8YMXLA5/kA+u50WIL8ZR1R6KTbsYVMf
                /Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy347cBB1zM
                nnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/z
                ZrQzBkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix
                5WcJt+xzqZ7+ysyLKOOedS39Z7SDmsn2eA0FKtQpwA6L
                XeG2w+jxmw3oA8lVUgEf/rzeC/bByBNsO70aEFTd
                ) ; KSK; alg = RSASHA1; key id = 12892

;; Query time: 34 msec
;; SERVER: 194.74.65.69#53(194.74.65.69)
;; WHEN: Thu Jan 26 11:31:36 2012
;; MSG SIZE  rcvd: 462

9.9.0 with +rrcomments

$ dig +rrcomments isc.org DNSKEY

; <<>> DiG 9.9.0 <<>> +rrcomments isc.org DNSKEY
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5319
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;isc.org.            IN    DNSKEY

;; ANSWER SECTION:
isc.org.        6635    IN    DNSKEY    256 3 5 BEAAAAO6L6BadeFzvt6J63GDGrFANfJAitCd9Njcj49y6PE1Bv6t33sE yxSVi4KWbjQgViMCxAArxP0IhDLhYFGbsU2ugkQ4UMFCPgYIVxC1yvBw 1Gt7p+SBQU9qX+Il/cqYTJWQkWRdDPHJoaMT1+f7e6YLlntxpl+M7yw3 aOEbCByPzw==  ; ZSK; alg = RSASHA1; key id = 21693
isc.org.        6635    IN    DNSKEY    257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjGr hhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA+ u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy3 47cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQz Bkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysyL KOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/bB yBNsO70aEFTd  ; KSK; alg = RSASHA1; key id = 12892

;; Query time: 35 msec
;; SERVER: 194.74.65.69#53(194.74.65.69)
;; WHEN: Thu Jan 26 11:30:30 2012
;; MSG SIZE  rcvd: 462