This tutorial applies to a cPanel server with PowerDNS installed.
To list the domains on your server that are configured with DNSSEC (Domain Name System Security Extensions) you need to login as root and execute the following command:
pdnssec list-secure-zones
The result will be something like:
root@web [~]# pdnssec list-secure-zones
Mar 08 15:52:08 [bindbackend] Done parsing domains, 0 rejected, 12 new, 0 removed
yourdomain1.com
yourdomain2.com
All secure zonecount:1
root@web [~]#
yourdomain1.com, yourdomain2.com etc are the domains that use DNSSEC.
You can go ahead and list the key details for a domain with DNSSEC. Just use the command:
pdnssec show-zone yourdomain1.com
For example, for our domain demo.plothost.com, the info is:
root@web [~]# pdnssec show-zone demo.plothost.com Mar 08 13:04:11 [bindbackend] Done parsing domains, 0 rejected, 463 new, 0 removed Zone is not presigned Zone has NARROW hashed NSEC3 semantics, configuration: 1 0 7 78326f1db1405ff2 keys: ID = 3 (KSK), tag = 57434, algo = 8, bits = 2048 Active: 1 ( RSASHA256 ) KSK DNSKEY = demo.plothost.com IN DNSKEY 257 3 8 AwEAAaZVe21ROtKfWtzQrB2tPd4kP0+cautYOsgbWtPkHy6l0WBDcXQFRennP/uJIDsbfdDkjP1l4SrdpOM5NI01CtE6QTvHDA32L4Z8L9N5qmQ+YkAe+Vk09tNQVKYMfiN/sMA4xQIHQ8KAvky4jMn+fr2k6WvE/QyQPtjYAEoXt1uOiGCSFE7njCx9maikt/WT5YrZEQ5ncJjzzPU3IGdznlJc2sDV+NXbDHVqjH0Bd0GlIp7l/2Io5sAcnlusvi2u5Dawa1aLidfNyLIlmEmzqy98djDFD8vu627E9zmZ74M0YCBbfD6oRpmmXj1SRkc+GhIFN2HvqnkJyf/k1gvG2ms= ; ( RSASHA256 ) DS = demo.plothost.com IN DS 57434 8 1 49708717a42d565c741fe3d6ece70d648c8a6d7b ; ( SHA1 digest ) DS = demo.plothost.com IN DS 57434 8 2 c255d52f2386a15b8e3181a6596b47d0b96911bf044c55e6df6c3387294b3150 ; ( SHA256 digest ) DS = demo.plothost.com IN DS 57434 8 4 716c0d1c8b33bd01e8beb218924abf62e7ac531c056e073ad2dec2720bc4e57a693f18af75a410484ca1438208c0390e ; ( SHA-384 digest ) ID = 4 (ZSK), tag = 1318, algo = 8, bits = 1024 Active: 1 ( RSASHA256 ) root@web [~]#