bin/nsupdate/nsupdate.docbook

9c49c394b4218cc9c743a372a8fcfb787f5ea8caAndreas Gustafsson<!--
2dc5db0eb0ba6672fb1c23875e2a964e59c24cd1Tinderbox User - Copyright (C) 2000-2012, 2014-2017  Internet Systems Consortium, Inc. ("ISC")
9c49c394b4218cc9c743a372a8fcfb787f5ea8caAndreas Gustafsson -
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - This Source Code Form is subject to the terms of the Mozilla Public
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - License, v. 2.0. If a copy of the MPL was not distributed with this
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - file, You can obtain one at http://mozilla.org/MPL/2.0/.
9c49c394b4218cc9c743a372a8fcfb787f5ea8caAndreas Gustafsson-->
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<!-- Converted by db4-upgrade version 1.0 -->
83a28ca274521e15086fc39febde507bcc4e145eMark Andrews<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.nsupdate">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  <info>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    <date>2014-04-18</date>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  </info>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  <refentryinfo>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    <corpname>ISC</corpname>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  </refentryinfo>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  <refmeta>
072440df4f65033eb058c06f2cc72be450606720Jeremy Reed    <refentrytitle><application>nsupdate</application></refentrytitle>
a8f6b2aa46f882c7c680b7bdab1dfb78a76787eaMark Andrews    <manvolnum>1</manvolnum>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <refmiscinfo>BIND9</refmiscinfo>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  </refmeta>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  <refnamediv>
072440df4f65033eb058c06f2cc72be450606720Jeremy Reed    <refname><application>nsupdate</application></refname>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <refpurpose>Dynamic DNS update utility</refpurpose>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  </refnamediv>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  <docinfo>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <copyright>
704e6c8876907aac0bf7380effca8bca400d4acdMark Andrews      <year>2000</year>
704e6c8876907aac0bf7380effca8bca400d4acdMark Andrews      <year>2001</year>
704e6c8876907aac0bf7380effca8bca400d4acdMark Andrews      <year>2002</year>
704e6c8876907aac0bf7380effca8bca400d4acdMark Andrews      <year>2003</year>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <year>2004</year>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <year>2005</year>
26e2a07a0b6a3b1eccef82ba31270d0c54ad4f06Mark Andrews      <year>2006</year>
c1a883f2e04d94e99c433b1f6cfd0c0338f4ed85Mark Andrews      <year>2007</year>
030aac3dbc57f99bad1d251b0783890ff0369952Automatic Updater      <year>2008</year>
d60212e03fbef1d3dd7f7eb05c0545cc373cb9fcAutomatic Updater      <year>2009</year>
1b892cf691dd0907e0e75774df102dd4d92dd877Automatic Updater      <year>2010</year>
a9f68291c8db8111b88442635a04dfd35221411bAutomatic Updater      <year>2011</year>
5fa46bc91672ef5737aee6f99763161511566c24Tinderbox User      <year>2012</year>
938440694b33cd752e9e4b71a526368b4811c177Tinderbox User      <year>2014</year>
c10fda07d68c04221c2d552dc71a2de1352074cbTinderbox User      <year>2015</year>
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews      <year>2016</year>
2dc5db0eb0ba6672fb1c23875e2a964e59c24cd1Tinderbox User      <year>2017</year>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </copyright>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  </docinfo>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  <refsynopsisdiv>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    <cmdsynopsis sepchar=" ">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <command>nsupdate</command>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-d</option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-D</option></arg>
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień      <arg choice="opt" rep="norepeat"><option>-i</option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-L <replaceable class="parameter">level</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <group choice="opt" rep="norepeat">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    <arg choice="opt" rep="norepeat"><option>-g</option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    <arg choice="opt" rep="norepeat"><option>-o</option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    <arg choice="opt" rep="norepeat"><option>-l</option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    <arg choice="opt" rep="norepeat"><option>-y <replaceable class="parameter"><optional>hmac:</optional>keyname:secret</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">keyfile</replaceable></option></arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      </group>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">timeout</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-u <replaceable class="parameter">udptimeout</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">udpretries</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-R <replaceable class="parameter">randomdev</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-v</option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-T</option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-P</option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat"><option>-V</option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <arg choice="opt" rep="norepeat">filename</arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </cmdsynopsis>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  </refsynopsisdiv>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  <refsection><info><title>DESCRIPTION</title></info>
30eec077db2bdcb6f2a0dc388a3cdde2ede75ec1Mark Andrews
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para><command>nsupdate</command>
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      is used to submit Dynamic DNS Update requests as defined in RFC 2136
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      to a name server.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      This allows resource records to be added or removed from a zone
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      without manually editing the zone file.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      A single update request can contain requests to add or remove more than
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      one
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      resource record.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      Zones that are under dynamic control via
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <command>nsupdate</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      or a DHCP server should not be edited by hand.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      Manual edits could
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      conflict with dynamic updates and cause data to be lost.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      The resource records that are dynamically added or removed with
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <command>nsupdate</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      have to be in the same zone.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      Requests are sent to the zone's master server.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      This is identified by the MNAME field of the zone's SOA record.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para>
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews      Transaction signatures can be used to authenticate the Dynamic
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews      DNS updates.  These use the TSIG resource record type described
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      in RFC 2845 or the SIG(0) record described in RFC 2535 and
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      RFC 2931 or GSS-TSIG as described in RFC 3645.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      TSIG relies on
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews      a shared secret that should only be known to
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <command>nsupdate</command> and the name server.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      For instance, suitable <type>key</type> and
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews      <type>server</type> statements would be added to
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews      <filename>/etc/named.conf</filename> so that the name server
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews      can associate the appropriate secret key and algorithm with
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews      the IP address of the client application that will be using
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      TSIG authentication. You can use <command>ddns-confgen</command>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      to generate suitable configuration fragments.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <command>nsupdate</command>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      uses the <option>-y</option> or <option>-k</option> options
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      to provide the TSIG shared secret.  These options are mutually exclusive.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      SIG(0) uses public key cryptography.
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews      To use a SIG(0) key, the public key must be stored in a KEY
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews      record in a zone served by the name server.
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt    </para>
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt    <para>
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      GSS-TSIG uses Kerberos credentials.  Standard GSS-TSIG mode
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      is switched on with the <option>-g</option> flag.  A
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      non-standards-compliant variant of GSS-TSIG used by Windows
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      2000 can be switched on with the <option>-o</option> flag.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  </refsection>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  <refsection><info><title>OPTIONS</title></info>
30eec077db2bdcb6f2a0dc388a3cdde2ede75ec1Mark Andrews
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <variablelist>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <term>-d</term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        Debug mode. This provides tracing information about the
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        update requests that are made and the replies received
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        from the name server.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <term>-D</term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        Extra debug mode.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień      <varlistentry>
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień    <term>-i</term>
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień    <listitem>
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień      <para>
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień        Force interactive mode, even when standard input is not a terminal.
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień      </para>
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień    </listitem>
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień      </varlistentry>
e02fa56849131911e9554133b17a5325b37d0828Michał Kępień
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <term>-k <replaceable class="parameter">keyfile</replaceable></term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        The file containing the TSIG authentication key.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        Keyfiles may be in two formats: a single file containing
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        a <filename>named.conf</filename>-format <command>key</command>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        statement, which may be generated automatically by
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <command>ddns-confgen</command>, or a pair of files whose names are
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        of the format <filename>K{name}.+157.+{random}.key</filename> and
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <filename>K{name}.+157.+{random}.private</filename>, which can be
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        generated by <command>dnssec-keygen</command>.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        The <option>-k</option> may also be used to specify a SIG(0) key used
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        to authenticate Dynamic DNS update requests.  In this case, the key
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        specified is not an HMAC-MD5 key.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <term>-l</term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        Local-host only mode. This sets the server address to
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        localhost (disabling the <command>server</command> so that the server
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        address cannot be overridden).  Connections to the local server will
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        use a TSIG key found in <filename>/var/run/named/session.key</filename>,
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        which is automatically generated by <command>named</command> if any
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        local master zone has set <command>update-policy</command> to
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <command>local</command>.  The location of this key file can be
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        overridden with the <option>-k</option> option.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <term>-L <replaceable class="parameter">level</replaceable></term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        Set the logging debug level.  If zero, logging is disabled.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <term>-p <replaceable class="parameter">port</replaceable></term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        Set the port to use for connections to a name server. The
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        default is 53.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <term>-P</term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        Print the list of private BIND-specific resource record
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        types whose format is understood
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        by <command>nsupdate</command>. See also
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        the <option>-T</option> option.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <term>-r <replaceable class="parameter">udpretries</replaceable></term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        The number of UDP retries. The default is 3. If zero, only
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        one update request will be made.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <term>-R <replaceable class="parameter">randomdev</replaceable></term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      Where to obtain randomness. If the operating system
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      does not provide a <filename>/dev/random</filename> or
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      equivalent device, the default source of randomness is keyboard
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      input.  <filename>randomdev</filename> specifies the name of
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      a character device or file containing random data to be used
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      instead of the default.  The special value
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <filename>keyboard</filename> indicates that keyboard input
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      should be used.  This option may be specified multiple times.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <term>-t <replaceable class="parameter">timeout</replaceable></term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        The maximum time an update request can take before it is
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        aborted. The default is 300 seconds. Zero can be used to
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        disable the timeout.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <term>-T</term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        Print the list of IANA standard resource record types
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        whose format is understood by <command>nsupdate</command>.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <command>nsupdate</command> will exit after the lists are
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        printed. The <option>-T</option> option can be combined
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        with the <option>-P</option> option.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        Other types can be entered using "TYPEXXXXX" where "XXXXX" is the
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        decimal value of the type with no leading zeros.  The rdata,
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        if present, will be parsed using the UNKNOWN rdata format,
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        (&lt;backslash&gt; &lt;hash&gt; &lt;space&gt; &lt;length&gt;
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        &lt;space&gt; &lt;hexstring&gt;).
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <term>-u <replaceable class="parameter">udptimeout</replaceable></term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        The UDP retry interval. The default is 3 seconds. If zero,
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        the interval will be computed from the timeout interval and
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        number of UDP retries.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <term>-v</term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        Use TCP even for small update requests.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        By default, <command>nsupdate</command>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        uses UDP to send update requests to the name server unless they are too
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        large to fit in a UDP request in which case TCP will be used.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        TCP may be preferable when a batch of update requests is made.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <term>-V</term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        Print the version number and exit.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <term>-y <replaceable class="parameter"><optional>hmac:</optional>keyname:secret</replaceable></term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        Literal TSIG authentication key.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <parameter>keyname</parameter> is the name of the key, and
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <parameter>secret</parameter> is the base64 encoded shared secret.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <parameter>hmac</parameter> is the name of the key algorithm;
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        valid choices are <literal>hmac-md5</literal>,
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <literal>hmac-sha1</literal>, <literal>hmac-sha224</literal>,
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <literal>hmac-sha256</literal>, <literal>hmac-sha384</literal>, or
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <literal>hmac-sha512</literal>.  If <parameter>hmac</parameter>
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark Andrews        is not specified, the default is <literal>hmac-md5</literal>
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark Andrews        or if MD5 was disabled <literal>hmac-sha256</literal>.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        NOTE: Use of the <option>-y</option> option is discouraged because the
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        shared secret is supplied as a command line argument in clear text.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        This may be visible in the output from
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <citerefentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </citerefentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        or in a history file maintained by the user's shell.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </variablelist>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  </refsection>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  <refsection><info><title>INPUT FORMAT</title></info>
30eec077db2bdcb6f2a0dc388a3cdde2ede75ec1Mark Andrews
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para><command>nsupdate</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      reads input from
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <parameter>filename</parameter>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      or standard input.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      Each command is supplied on exactly one line of input.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      Some commands are for administrative purposes.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      The others are either update instructions or prerequisite checks on the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      contents of the zone.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      These checks set conditions that some name or set of
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      resource records (RRset) either exists or is absent from the zone.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      These conditions must be met if the entire update request is to succeed.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      Updates will be rejected if the tests for the prerequisite conditions
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      fail.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      Every update request consists of zero or more prerequisites
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      and zero or more updates.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      This allows a suitably authenticated update request to proceed if some
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      specified resource records are present or missing from the zone.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      A blank input line (or the <command>send</command> command)
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      causes the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      accumulated commands to be sent as one Dynamic DNS update request to the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      name server.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      The command formats and their meaning are as follows:
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <variablelist>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <command>server</command>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="req" rep="norepeat">servername</arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="opt" rep="norepeat">port</arg>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          Sends all dynamic update requests to the name server
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>servername</parameter>.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          When no server statement is provided,
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <command>nsupdate</command>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          will send updates to the master server of the correct zone.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          The MNAME field of that zone's SOA record will identify the
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          master
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          server for that zone.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>port</parameter>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          is the port number on
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>servername</parameter>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          where the dynamic update requests get sent.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          If no port number is specified, the default DNS port number of
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          53 is
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          used.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <command>local</command>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="req" rep="norepeat">address</arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="opt" rep="norepeat">port</arg>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          Sends all dynamic update requests using the local
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>address</parameter>.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          When no local statement is provided,
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <command>nsupdate</command>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          will send updates using an address and port chosen by the
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          system.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>port</parameter>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          can additionally be used to make requests come from a specific
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          port.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          If no port number is specified, the system will assign one.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <command>zone</command>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="req" rep="norepeat">zonename</arg>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          Specifies that all updates are to be made to the zone
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>zonename</parameter>.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          If no
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>zone</parameter>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          statement is provided,
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <command>nsupdate</command>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          will attempt determine the correct zone to update based on the
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          rest of the input.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <command>class</command>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="req" rep="norepeat">classname</arg>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          Specify the default class.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          If no <parameter>class</parameter> is specified, the
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          default class is
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>IN</parameter>.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <command>ttl</command>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="req" rep="norepeat">seconds</arg>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          Specify the default time to live for records to be added.
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews          The value <parameter>none</parameter> will clear the default
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews          ttl.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <command>key</command>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="opt" rep="norepeat">hmac:</arg><arg choice="req" rep="norepeat">keyname</arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="req" rep="norepeat">secret</arg>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          Specifies that all updates are to be TSIG-signed using the
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>keyname</parameter> <parameter>secret</parameter> pair.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          If <parameter>hmac</parameter> is specified, then it sets the
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          signing algorithm in use; the default is
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark Andrews          <literal>hmac-md5</literal> or if MD5 was disabled
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark Andrews          <literal>hmac-sha256</literal>.  The <command>key</command>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          command overrides any key specified on the command line via
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <option>-y</option> or <option>-k</option>.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <command>gsstsig</command>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <para>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          Use GSS-TSIG to sign the updated.  This is equivalent to
6ad1eab597456687386f5e41d17d0bceeacef2d2Jeremy C. Reed          specifying <option>-g</option> on the command line.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <command>oldgsstsig</command>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <para>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          Use the Windows 2000 version of GSS-TSIG to sign the updated.
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          This is equivalent to specifying <option>-o</option> on the
6ad1eab597456687386f5e41d17d0bceeacef2d2Jeremy C. Reed          command line.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <command>realm</command>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt        <arg choice="req" rep="norepeat"><optional>realm_name</optional></arg>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <para>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          When using GSS-TSIG use <parameter>realm_name</parameter> rather
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          than the default realm in <filename>krb5.conf</filename>.  If no
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          realm is specified the saved realm is cleared.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <command>check-names</command>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt        <arg choice="req" rep="norepeat"><optional>yes_or_no</optional></arg>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </term>
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrews      <listitem>
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrews        <para>
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrews          Turn on or off check-names processing on records to
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrews          be added.  Check-names has no effect on prerequisites
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrews          or records to be deleted.  By default check-names
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrews          processing is on.  If check-names processing fails
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrews          the record will not be added to the UPDATE message.
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrews        </para>
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrews      </listitem>
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrews    </varlistentry>
ed1c845c1d3a6b9c2c38e9f7ab177d4ce0309639Mark Andrews
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <command><optional>prereq</optional> nxdomain</command>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="req" rep="norepeat">domain-name</arg>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          Requires that no resource record of any type exists with name
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>domain-name</parameter>.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <command><optional>prereq</optional> yxdomain</command>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="req" rep="norepeat">domain-name</arg>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          Requires that
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>domain-name</parameter>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          exists (has as at least one resource record, of any type).
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <command><optional>prereq</optional> nxrrset</command>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="req" rep="norepeat">domain-name</arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="opt" rep="norepeat">class</arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="req" rep="norepeat">type</arg>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          Requires that no resource record exists of the specified
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>type</parameter>,
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>class</parameter>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          and
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>domain-name</parameter>.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          If
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>class</parameter>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          is omitted, IN (internet) is assumed.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <command><optional>prereq</optional> yxrrset</command>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="req" rep="norepeat">domain-name</arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="opt" rep="norepeat">class</arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="req" rep="norepeat">type</arg>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          This requires that a resource record of the specified
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>type</parameter>,
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>class</parameter>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          and
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>domain-name</parameter>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          must exist.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          If
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>class</parameter>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          is omitted, IN (internet) is assumed.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <command><optional>prereq</optional> yxrrset</command>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="req" rep="norepeat">domain-name</arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="opt" rep="norepeat">class</arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="req" rep="norepeat">type</arg>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <arg choice="req" rep="repeat">data</arg>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          The
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>data</parameter>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          from each set of prerequisites of this form
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          sharing a common
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>type</parameter>,
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>class</parameter>,
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          and
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>domain-name</parameter>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          are combined to form a set of RRs.  This set of RRs must
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          exactly match the set of RRs existing in the zone at the
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          given
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>type</parameter>,
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>class</parameter>,
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          and
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>domain-name</parameter>.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          The
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>data</parameter>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          are written in the standard text representation of the resource
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          record's
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          RDATA.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <command><optional>update</optional> del<optional>ete</optional></command>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="req" rep="norepeat">domain-name</arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="opt" rep="norepeat">ttl</arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="opt" rep="norepeat">class</arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="opt" rep="norepeat">type <arg choice="opt" rep="repeat">data</arg></arg>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          Deletes any resource records named
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>domain-name</parameter>.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          If
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>type</parameter>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          and
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>data</parameter>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          is provided, only matching resource records will be removed.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          The internet class is assumed if
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>class</parameter>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          is not supplied.  The
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>ttl</parameter>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          is ignored, and is only allowed for compatibility.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <command><optional>update</optional> add</command>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="req" rep="norepeat">domain-name</arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="req" rep="norepeat">ttl</arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="opt" rep="norepeat">class</arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          <arg choice="req" rep="norepeat">type</arg>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <arg choice="req" rep="repeat">data</arg>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          Adds a new resource record with the specified
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>ttl</parameter>,
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>class</parameter>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          and
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <parameter>data</parameter>.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <command>show</command>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          Displays the current message, containing all of the
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          prerequisites and
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          updates specified since the last send.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <command>send</command>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          Sends the current message.  This is equivalent to entering a
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          blank line.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <command>answer</command>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          Displays the answer.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <command>debug</command>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          Turn on debugging.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <command>version</command>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          Print version number.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <command>help</command>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          Print a list of commands.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </varlistentry>
67d01dcacb2051a03377c8ec5c0e36604c17aea5Evan Hunt
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      </variablelist>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      Lines beginning with a semicolon are comments and are ignored.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  </refsection>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  <refsection><info><title>EXAMPLES</title></info>
30eec077db2bdcb6f2a0dc388a3cdde2ede75ec1Mark Andrews
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      The examples below show how
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <command>nsupdate</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      could be used to insert and delete resource records from the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <type>example.com</type>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      zone.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      Notice that the input in each example contains a trailing blank line so
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      that
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      a group of commands are sent as one dynamic update request to the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      master name server for
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <type>example.com</type>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <programlisting>
9c49c394b4218cc9c743a372a8fcfb787f5ea8caAndreas Gustafsson# nsupdate
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein&gt; update delete oldhost.example.com A
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein&gt; update add newhost.example.com 86400 A 172.16.1.1
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein&gt; send
9c49c394b4218cc9c743a372a8fcfb787f5ea8caAndreas Gustafsson</programlisting>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      Any A records for
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <type>oldhost.example.com</type>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      are deleted.
561a29af8c54a216e7d30b5b4f6e0d21661654ecMark Andrews      And an A record for
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <type>newhost.example.com</type>
561a29af8c54a216e7d30b5b4f6e0d21661654ecMark Andrews      with IP address 172.16.1.1 is added.
561a29af8c54a216e7d30b5b4f6e0d21661654ecMark Andrews      The newly-added record has a 1 day TTL (86400 seconds).
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <programlisting>
9c49c394b4218cc9c743a372a8fcfb787f5ea8caAndreas Gustafsson# nsupdate
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein&gt; prereq nxdomain nickname.example.com
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein&gt; update add nickname.example.com 86400 CNAME somehost.example.com
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein&gt; send
9c49c394b4218cc9c743a372a8fcfb787f5ea8caAndreas Gustafsson</programlisting>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      The prerequisite condition gets the name server to check that there
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      are no resource records of any type for
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <type>nickname.example.com</type>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      If there are, the update request fails.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      If this name does not exist, a CNAME for it is added.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      This ensures that when the CNAME is added, it cannot conflict with the
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      long-standing rule in RFC 1034 that a name must not exist as any other
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      record type if it exists as a CNAME.
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      (The rule has been updated for DNSSEC in RFC 2535 to allow CNAMEs to have
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      RRSIG, DNSKEY and NSEC records.)
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  </refsection>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  <refsection><info><title>FILES</title></info>
30eec077db2bdcb6f2a0dc388a3cdde2ede75ec1Mark Andrews
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <variablelist>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <term><constant>/etc/resolv.conf</constant></term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        used to identify default name server
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      </varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <term><constant>/var/run/named/session.key</constant></term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        sets the default TSIG key for use in local-only mode
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </listitem>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      </varlistentry>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <term><constant>K{name}.+157.+{random}.key</constant></term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        base-64 encoding of HMAC-MD5 key created by
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <citerefentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </citerefentry>.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      </varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <varlistentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <term><constant>K{name}.+157.+{random}.private</constant></term>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <listitem>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      <para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        base-64 encoding of HMAC-MD5 key created by
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        <citerefentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt          <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt        </citerefentry>.
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt      </para>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    </listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      </varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </variablelist>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  </refsection>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  <refsection><info><title>SEE ALSO</title></info>
30eec077db2bdcb6f2a0dc388a3cdde2ede75ec1Mark Andrews
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt    <para>
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      <citetitle>RFC 2136</citetitle>,
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      <citetitle>RFC 3007</citetitle>,
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      <citetitle>RFC 2104</citetitle>,
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      <citetitle>RFC 2845</citetitle>,
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      <citetitle>RFC 1034</citetitle>,
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      <citetitle>RFC 2535</citetitle>,
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      <citetitle>RFC 2931</citetitle>,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <citerefentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      </citerefentry>,
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      <citerefentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <refentrytitle>ddns-confgen</refentrytitle><manvolnum>8</manvolnum>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      </citerefentry>,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <citerefentry>
ca6e60cb704c4c8eea1385a9fbef3eaa476eca28Evan Hunt    <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      </citerefentry>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  </refsection>
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  <refsection><info><title>BUGS</title></info>
30eec077db2bdcb6f2a0dc388a3cdde2ede75ec1Mark Andrews
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      The TSIG key is redundantly stored in two separate files.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      This is a consequence of nsupdate using the DST library
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      for its cryptographic operations, and may change in future
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      releases.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt  </refsection>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt</refentry>