Is there a tool which allows me to view the parameters of an existing private/public key used for DNSSEC in Bind 9?
I've been unable to determine simple things such as the expiration date, the algorithm, key strength, zone name for key, etc.
Asked
Active
Viewed 502 times
1 Answers
0
Your question could mean two things. Are you wanting to check the parameters for a remote server, or one which you have the private and public key files for?
Also note, DNSSEC keys don't actually have expiration dates. Signatures do. The expiration date of a key is a concept that many DNS server implementations have created, and is part of their key management system.
Signature expiration times are easy to read from the output of dig +dnssec, as they are in YYYYMMDDhhmmss format. Extracting the key algorithm and length from the dnskey record is a bit harder using dig as it does not convert "5" to "RSASHA1" for instance.
Michael Graff
- 6,668
- 1
- 24
- 36