Does anyone know where to find the ISC signing keys for source packages?

Thomas Schulz schulz at
Wed Dec 29 15:25:23 UTC 2010

> From: Casey Deccio
> Before checking the signature, you need to import ISC's public key
> into your key ring.  Something like this will work:
> curl | gpg --import
> Then you can run gpg --verify.
> Casey

That is the final piece of information I needed. I had previously downloaded
the public key (I just did now know what to do with it), so I used the command

gpg --import pgpkey2009.txt

and then the following command worked

gpg --verify bind-9.7.2-P3.tar.gz.sha256.asc bind-9.7.2-P3.tar.gz

If I rename bind-9.7.2-P3.tar.gz.sha256.asc to bind-9.7.2-P3.tar.gz.asc
then the following shorter command will work

gpg --verify bind-9.7.2-P3.tar.gz.asc

Well, I seem to have insecure memory and the key is not certified with
a trusted signature, but I think that I will trust the result anyway.

Thanks to everyone for their help. Perhaps all of the above should be on
isc's web page.

Tom Schulz
Applied Dynamics Intl.
schulz at

More information about the bind-users mailing list