Scripting dnssec-verify - processing command output

Matthew Richardson matthew-l at
Sun Feb 7 10:07:24 UTC 2021

Thanks!  That diagnosis is spot on: dnssec-verify is sending all its output
to STDERR as demonstrated by:-

>[matthew at m71 ~]$ dnssec-verify -I text -o >temp-out 2>temp-err
>[matthew at m71 ~]$ ls -l temp-*
>-rw-rw-r-- 1 matthew matthew 279 Feb  7 09:34 temp-err
>-rw-rw-r-- 1 matthew matthew   0 Feb  7 09:34 temp-out

The fix (well, lash up) in Perl then becomes:-

    $resp = `dnssec-verify -I text -o 2>&1`;

which then gets the output from STDERR into the variable.

Let's wait for the ISC folks to see whether they think this is a bug...

Best wishes,

>From: Paul Kosinski via bind-users <bind-users at>
>To: bind-users at
>Date: Sat, 6 Feb 2021 19:45:54 -0500
>Subject: Re: Scripting dnssec-verify - processing command output

>It sounds to me like dnssec-verify is sending the output in question to STDERR instead of STDOUT.
>On Sat, 06 Feb 2021 19:02:28 +0000
>Matthew Richardson <matthew-l at> wrote:
>> I have been using Perl to do a reasonable amount of scripting, running bind
>> utilities and processing the results into variables.  The details below are
>> from Bind 9.11.27 on Centos 7.
>> The code:-
>>     $resp = `dig -t soa`;
>>     print "dig resp:'$resp'\n";
>> gets the result of the dig command into the variable $resp and prints it.
>> However:-
>>     $resp = `dnssec-verify -I text -o`;
>>     print "dnssec-verify resp:'$resp'\n";
>> displays the results of the dnssec-verify command on the console and leaves
>> the variable $resp empty.
>> Any ideas would be appreciated...
>> As an aside, using dnssec-keygen DOES put the results into the variable.
>> Best wishes,
>> Matthew
>Please visit to unsubscribe from this list
>ISC funds the development of this software with paid support subscriptions. Contact us at for more information.
>bind-users mailing list
>bind-users at

More information about the bind-users mailing list