330c042543440d0987244c94c65d14eeb7af0868rbb<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">

a1033a770bfee276def7d4cb9759856f69293e48trawick

a1033a770bfee276def7d4cb9759856f69293e48trawick

bd2d582e0f0708b6e8e258a9a5f9a15445752087trawick<refentry>

bd2d582e0f0708b6e8e258a9a5f9a15445752087trawick<refentryinfo>

bd2d582e0f0708b6e8e258a9a5f9a15445752087trawick<date>Jun 30, 2000</date>

adb8ad10ffc20ed06ec6cfab6cd7933ab429ea7dtrawick</refentryinfo>

adb8ad10ffc20ed06ec6cfab6cd7933ab429ea7dtrawick<refmeta>

adb8ad10ffc20ed06ec6cfab6cd7933ab429ea7dtrawick<refentrytitle>nsupdate</refentrytitle>

b45c1c292ff1fa635004ae81fa691f8cb3cdda85rbb<manvolnum>8</manvolnum>

b45c1c292ff1fa635004ae81fa691f8cb3cdda85rbb<refmiscinfo>BIND9</refmiscinfo>

b45c1c292ff1fa635004ae81fa691f8cb3cdda85rbb</refmeta>

b45c1c292ff1fa635004ae81fa691f8cb3cdda85rbb<refnamediv>

b45c1c292ff1fa635004ae81fa691f8cb3cdda85rbb<refname>nsupdate</refname>

b45c1c292ff1fa635004ae81fa691f8cb3cdda85rbb<refpurpose>Dynamic DNS update utility</refpurpose>

b45c1c292ff1fa635004ae81fa691f8cb3cdda85rbb</refnamediv>

86f191e8221867df8c9cd22271e7d54204f39186rbb<refsynopsisdiv>

86f191e8221867df8c9cd22271e7d54204f39186rbb<cmdsynopsis>

86f191e8221867df8c9cd22271e7d54204f39186rbb<command>nsupdate</command>

86f191e8221867df8c9cd22271e7d54204f39186rbb<arg><option>-d</option></arg>

86f191e8221867df8c9cd22271e7d54204f39186rbb<group>

962f339c5f0f61adde79936f610fb05ce0854d6echuck <arg><option>-y <replaceable class="parameter">keyname:secret</replaceable></option></arg>

962f339c5f0f61adde79936f610fb05ce0854d6echuck <arg><option>-k <replaceable class="parameter">keyfile</replaceable></option></arg>

962f339c5f0f61adde79936f610fb05ce0854d6echuck</group>

157e6980a24a44e4719173b1c555133caecbc172stoddard<arg><option>-t <replaceable class="parameter">timeout</replaceable></option></arg>

157e6980a24a44e4719173b1c555133caecbc172stoddard<arg><option>-u <replaceable class="parameter">udptimeout</replaceable></option></arg>

157e6980a24a44e4719173b1c555133caecbc172stoddard<arg><option>-r <replaceable class="parameter">udpretries</replaceable></option></arg>

157e6980a24a44e4719173b1c555133caecbc172stoddard<arg><option>-v</option></arg>

faa6e5d8b210456ae4dad0398dfa40a19fd89d59coar<arg>filename</arg>

171f8c636ff1374e3a3dfff333211becda355b98trawick</cmdsynopsis>

171f8c636ff1374e3a3dfff333211becda355b98trawick</refsynopsisdiv>

171f8c636ff1374e3a3dfff333211becda355b98trawick

171f8c636ff1374e3a3dfff333211becda355b98trawick<refsect1>

171f8c636ff1374e3a3dfff333211becda355b98trawick<title>DESCRIPTION</title>

171f8c636ff1374e3a3dfff333211becda355b98trawick<para>

faa6e5d8b210456ae4dad0398dfa40a19fd89d59coar<command>nsupdate</command>

faa6e5d8b210456ae4dad0398dfa40a19fd89d59coaris used to submit Dynamic DNS Update requests as defined in RFC2136

faa6e5d8b210456ae4dad0398dfa40a19fd89d59coarto a name server.

faa6e5d8b210456ae4dad0398dfa40a19fd89d59coarThis allows resource records to be added or removed from a zone

ed105ee460bbaf479f0aa0f59d3951da85066e27stoddardwithout manually editing the zone file.

ed105ee460bbaf479f0aa0f59d3951da85066e27stoddardA single update request can contain requests to add or remove more than one

ed105ee460bbaf479f0aa0f59d3951da85066e27stoddardresource record.

ed105ee460bbaf479f0aa0f59d3951da85066e27stoddard</para>

ed105ee460bbaf479f0aa0f59d3951da85066e27stoddard<para>

ed105ee460bbaf479f0aa0f59d3951da85066e27stoddardZones that are under dynamic control via

ed105ee460bbaf479f0aa0f59d3951da85066e27stoddard<command>nsupdate</command>

ed105ee460bbaf479f0aa0f59d3951da85066e27stoddardor a DHCP server should not be edited by hand.

ed105ee460bbaf479f0aa0f59d3951da85066e27stoddardManual edits could

21b8c3cb46cea2b31a585a95ce9f93f4f6abc35brbbconflict with dynamic updates and cause data to be lost.

bae64a3e5bf7b96d8379e24f13273f26b3b29e16coar</para>

bae64a3e5bf7b96d8379e24f13273f26b3b29e16coar<para>

bae64a3e5bf7b96d8379e24f13273f26b3b29e16coarThe resource records that are dynamically added or removed with

c7fe488773cf6f50a1b2d9211c2f30a2ace8b67ccoar<command>nsupdate</command>

c7fe488773cf6f50a1b2d9211c2f30a2ace8b67ccoarhave to be in the same zone.

c7fe488773cf6f50a1b2d9211c2f30a2ace8b67ccoarRequests are sent to the zone's master server.

c7fe488773cf6f50a1b2d9211c2f30a2ace8b67ccoarThis is identified by the MNAME field of the zone's SOA record.

27338fc39af80f2f0e4a8dbdc90c8a8179a5b2e4rbb</para>

27338fc39af80f2f0e4a8dbdc90c8a8179a5b2e4rbb<para>

27338fc39af80f2f0e4a8dbdc90c8a8179a5b2e4rbbThe

27338fc39af80f2f0e4a8dbdc90c8a8179a5b2e4rbb<option>-d</option>

27338fc39af80f2f0e4a8dbdc90c8a8179a5b2e4rbboption makes

27338fc39af80f2f0e4a8dbdc90c8a8179a5b2e4rbb<command>nsupdate</command>

853a0c44563b056e40e9cffe911190f554e63ec3chuckoperate in debug mode.

853a0c44563b056e40e9cffe911190f554e63ec3chuckThis provides tracing information about the update requests that are

853a0c44563b056e40e9cffe911190f554e63ec3chuckmade and the replies received from the name server.

853a0c44563b056e40e9cffe911190f554e63ec3chuck</para>

330c042543440d0987244c94c65d14eeb7af0868rbb<para>

330c042543440d0987244c94c65d14eeb7af0868rbbTransaction signatures can be used to authenticate the Dynamic DNS

f1fa5e69040a3a72054d185f6087a7d1592b83e8rbbupdates.

f1fa5e69040a3a72054d185f6087a7d1592b83e8rbbThese use the TSIG resource record type described in RFC2845 or the

f1fa5e69040a3a72054d185f6087a7d1592b83e8rbbSIG(0) record described in RFC3535 and RFC2931.

f1fa5e69040a3a72054d185f6087a7d1592b83e8rbbTSIG relies on a shared secret that should only be known to

30e3e9b782c701f885583b7d13d8e46c37d7e1ddtrawick<command>nsupdate</command> and the name server.

30e3e9b782c701f885583b7d13d8e46c37d7e1ddtrawickCurrently, the only supported encryption algorithm for TSIG is

30e3e9b782c701f885583b7d13d8e46c37d7e1ddtrawickHMAC-MD5, which is defined in RFC 2104.

30e3e9b782c701f885583b7d13d8e46c37d7e1ddtrawickOnce other algorithms are defined for TSIG, applications will need to

30e3e9b782c701f885583b7d13d8e46c37d7e1ddtrawickensure they select the appropriate algorithm as well as the key when

27faa3af8a50c1dc2dc6cb3049722378f85e5517rbbauthenticating each other.

27faa3af8a50c1dc2dc6cb3049722378f85e5517rbbFor instance suitable

27faa3af8a50c1dc2dc6cb3049722378f85e5517rbb<type>key</type>

141b1a93f508248cbc0e9a124cc38041eb3e2562rbband

141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<type>server</type>

141b1a93f508248cbc0e9a124cc38041eb3e2562rbbstatements would be added to

141b1a93f508248cbc0e9a124cc38041eb3e2562rbb<filename>/etc/named.conf</filename>

141b1a93f508248cbc0e9a124cc38041eb3e2562rbbso that the name server can associate the appropriate secret key

141b1a93f508248cbc0e9a124cc38041eb3e2562rbband algorithm with the IP address of the

141b1a93f508248cbc0e9a124cc38041eb3e2562rbbclient application that will be using TSIG authentication.

865980dc9aeb61741e586502440f0c0fea4835c6trawickSIG(0) uses public key cryptography. To use a SIG(0) key, the public

865980dc9aeb61741e586502440f0c0fea4835c6trawickkey must be stored in a KEY record in a zone served by the name server.

865980dc9aeb61741e586502440f0c0fea4835c6trawick<command>nsupdate</command>

865980dc9aeb61741e586502440f0c0fea4835c6trawickdoes not read

865980dc9aeb61741e586502440f0c0fea4835c6trawick<filename>/etc/named.conf</filename>.

865980dc9aeb61741e586502440f0c0fea4835c6trawick</para>

865980dc9aeb61741e586502440f0c0fea4835c6trawick<para>

865980dc9aeb61741e586502440f0c0fea4835c6trawick<command>nsupdate</command>

9a0d076511763b559a755133f6a182e6c24ef643rbbuses the

9a0d076511763b559a755133f6a182e6c24ef643rbb<option>-y</option>

9a0d076511763b559a755133f6a182e6c24ef643rbbor

9a0d076511763b559a755133f6a182e6c24ef643rbb<option>-k</option>

9a0d076511763b559a755133f6a182e6c24ef643rbboption (with an HMAC-MD5 key) to provide the shared secret needed to generate

b42a7e46e4f80282bd27e96d43c9510b14ccb9aarbba TSIG record for authenticating Dynamic DNS update requests.

b42a7e46e4f80282bd27e96d43c9510b14ccb9aarbbThese options are mutually exclusive.

b42a7e46e4f80282bd27e96d43c9510b14ccb9aarbbWith the

b42a7e46e4f80282bd27e96d43c9510b14ccb9aarbb<option>-k</option>

b42a7e46e4f80282bd27e96d43c9510b14ccb9aarbboption,

6501b757f710f75d47c950300d8110aca67dc0b0rbb<command>nsupdate</command>

6501b757f710f75d47c950300d8110aca67dc0b0rbbreads the shared secret from the file

6501b757f710f75d47c950300d8110aca67dc0b0rbb<parameter>keyfile</parameter>,

6501b757f710f75d47c950300d8110aca67dc0b0rbbwhose name is of the form

dfd4950edac888e671b96f62ff5382b7cb350d48rbb<filename>K{name}.+157.+{random}.private</filename>.

dfd4950edac888e671b96f62ff5382b7cb350d48rbbFor historical

dfd4950edac888e671b96f62ff5382b7cb350d48rbbreasons, the file

dfd4950edac888e671b96f62ff5382b7cb350d48rbb<filename>K{name}.+157.+{random}.key</filename>

a6d4b3f8d54aaf14d8ee5dda3a09bf8b6370dfa4wrowemust also be present. When the

a6d4b3f8d54aaf14d8ee5dda3a09bf8b6370dfa4wrowe<option>-y</option>

c9a95767fbf0f5fb0976a06b97a256033925e433rbboption is used, a signature is generated from

c9a95767fbf0f5fb0976a06b97a256033925e433rbb<parameter>keyname:secret.</parameter>

c9a95767fbf0f5fb0976a06b97a256033925e433rbb<parameter>keyname</parameter>

c9a95767fbf0f5fb0976a06b97a256033925e433rbbis the name of the key,

21b8c3cb46cea2b31a585a95ce9f93f4f6abc35brbband

d8d839738b1e80b0f9c54e83677b3f2c46c22705rbb<parameter>secret</parameter>

d8d839738b1e80b0f9c54e83677b3f2c46c22705rbbis the base64 encoded shared secret.

d8d839738b1e80b0f9c54e83677b3f2c46c22705rbbUse of the

d8d839738b1e80b0f9c54e83677b3f2c46c22705rbb<option>-y</option>

adaea88da2d103e4302e361c932b98cee86fb1c5rbboption is discouraged because the shared secret is supplied as a command

9635d7ffbd8ca441f85051f9a3adba17142d0b20rbbline argument in clear text.

9635d7ffbd8ca441f85051f9a3adba17142d0b20rbbThis may be visible in the output from

9635d7ffbd8ca441f85051f9a3adba17142d0b20rbb<citerefentry>

9635d7ffbd8ca441f85051f9a3adba17142d0b20rbb<refentrytitle>ps</refentrytitle><manvolnum>1

d8d839738b1e80b0f9c54e83677b3f2c46c22705rbb</manvolnum>

d8d839738b1e80b0f9c54e83677b3f2c46c22705rbb</citerefentry>

0415e5e1b9b6eba6899a2e5ef18f8facb8db0cfbstoddardor in a history file maintained by the user's shell.

0415e5e1b9b6eba6899a2e5ef18f8facb8db0cfbstoddard</para>

0415e5e1b9b6eba6899a2e5ef18f8facb8db0cfbstoddard<para>

0415e5e1b9b6eba6899a2e5ef18f8facb8db0cfbstoddardThe <option>-k</option> may also be used to specify a SIG(0) key used

1374444b4fab1475091e12a81663f379b73005efrbbto authenticate Dynamic DNS update requests. In this case, the key

1374444b4fab1475091e12a81663f379b73005efrbbspecified is not an HMAC-MD5 key.

1374444b4fab1475091e12a81663f379b73005efrbb</para>

3233d057ad276d823bded5c24c3fd6729ed1a736rbb<para>

3233d057ad276d823bded5c24c3fd6729ed1a736rbbBy default

3233d057ad276d823bded5c24c3fd6729ed1a736rbb<command>nsupdate</command>

9927a2a72d50103f32323b53f5fc4577c1801327rbbuses UDP to send update requests to the name server unless they are too

9927a2a72d50103f32323b53f5fc4577c1801327rbblarge to fit in a UDP request in which case TCP will be used.

9927a2a72d50103f32323b53f5fc4577c1801327rbbThe

9927a2a72d50103f32323b53f5fc4577c1801327rbb<option>-v</option>

9927a2a72d50103f32323b53f5fc4577c1801327rbboption makes

82d2eed8f2152aff3f7554951c133a9d404ebbc5rbb<command>nsupdate</command>

82d2eed8f2152aff3f7554951c133a9d404ebbc5rbbuse a TCP connection.

82d2eed8f2152aff3f7554951c133a9d404ebbc5rbbThis may be preferable when a batch of update requests is made.

2e970b7ec485dde18f8fb3f494f98a3f68749859fanf</para>

2e970b7ec485dde18f8fb3f494f98a3f68749859fanf<para>The <option>-t</option> option sets the maximum time a update request can

2e970b7ec485dde18f8fb3f494f98a3f68749859fanftake before it is aborted. The default is 300 seconds. Zero can be used

a5a7ecb732cfe89bb1f8e3c61b316c2075cefe52rbbto disable the timeout.

a5a7ecb732cfe89bb1f8e3c61b316c2075cefe52rbb</para>

a5a7ecb732cfe89bb1f8e3c61b316c2075cefe52rbb<para>The <option>-u</option> option sets the UDP retry interval. The default is

364701a102725758f2e3a511924381e2faa93e27rbb3 seconds. If zero the interval will be computed from the timeout interval

364701a102725758f2e3a511924381e2faa93e27rbband number of UDP retries.

364701a102725758f2e3a511924381e2faa93e27rbb</para>

364701a102725758f2e3a511924381e2faa93e27rbb<para>The <option>-r</option> option sets the number of UDP retries. The default is

364701a102725758f2e3a511924381e2faa93e27rbb3. If zero only one update request will be made.

364701a102725758f2e3a511924381e2faa93e27rbb</para>

0811e8a41d152f0016a385ce1dfa44f475425b70rbb</refsect1>

0811e8a41d152f0016a385ce1dfa44f475425b70rbb

0811e8a41d152f0016a385ce1dfa44f475425b70rbb<refsect1>

0811e8a41d152f0016a385ce1dfa44f475425b70rbb<title>INPUT FORMAT</title>

957b9b3f5e47c6cc7c2d8d9e2224c7364e966c70rbb<para>

957b9b3f5e47c6cc7c2d8d9e2224c7364e966c70rbb<command>nsupdate</command>

957b9b3f5e47c6cc7c2d8d9e2224c7364e966c70rbbreads input from

957b9b3f5e47c6cc7c2d8d9e2224c7364e966c70rbb<parameter>filename</parameter>

957b9b3f5e47c6cc7c2d8d9e2224c7364e966c70rbbor standard input.

957b9b3f5e47c6cc7c2d8d9e2224c7364e966c70rbbEach command is supplied on exactly one line of input.

e91c80d53d8ffa738283d923638fa3efd8aa6bf7rbbSome commands are for administrative purposes.

e91c80d53d8ffa738283d923638fa3efd8aa6bf7rbbThe others are either update instructions or prerequisite checks on the

e91c80d53d8ffa738283d923638fa3efd8aa6bf7rbbcontents of the zone.

9359bd100badb53fd8a465cb3a0a90b218b30c4cbenThese checks set conditions that some name or set of

9359bd100badb53fd8a465cb3a0a90b218b30c4cbenresource records (RRset) either exists or is absent from the zone.

9359bd100badb53fd8a465cb3a0a90b218b30c4cbenThese conditions must be met if the entire update request is to succeed.

d0211374a981173d4537e3f919c708b5f64040fcgsteinUpdates will be rejected if the tests for the prerequisite conditions fail.

d0211374a981173d4537e3f919c708b5f64040fcgstein</para>

d0211374a981173d4537e3f919c708b5f64040fcgstein<para>

37d15e1062df9dcdd39ebee5bd2fdc75d4a6aa4arbbEvery update request consists of zero or more prerequisites

37d15e1062df9dcdd39ebee5bd2fdc75d4a6aa4arbband zero or more updates.

37d15e1062df9dcdd39ebee5bd2fdc75d4a6aa4arbbThis allows a suitably authenticated update request to proceed if some

e3ec3193b69b45923c14915fa3ee3bc1f0215bafrbbspecified resource records are present or missing from the zone.

e3ec3193b69b45923c14915fa3ee3bc1f0215bafrbbA blank input line (or the <command>send</command> command) causes the

e3ec3193b69b45923c14915fa3ee3bc1f0215bafrbbaccumulated commands to be sent as one Dynamic DNS update request to the

e3ec3193b69b45923c14915fa3ee3bc1f0215bafrbbname server.

e3ec3193b69b45923c14915fa3ee3bc1f0215bafrbb</para>

138c8f7cb8254e035c6f45288e3909cd9c21be5cmartin<para>

138c8f7cb8254e035c6f45288e3909cd9c21be5cmartinThe command formats and their meaning are as follows:

138c8f7cb8254e035c6f45288e3909cd9c21be5cmartin<variablelist>

138c8f7cb8254e035c6f45288e3909cd9c21be5cmartin<varlistentry><term>

138c8f7cb8254e035c6f45288e3909cd9c21be5cmartin<cmdsynopsis>

adaea88da2d103e4302e361c932b98cee86fb1c5rbb<command>server</command>

adaea88da2d103e4302e361c932b98cee86fb1c5rbb<arg choice="req">servername</arg>

adaea88da2d103e4302e361c932b98cee86fb1c5rbb<arg choice="opt">port</arg>

adaea88da2d103e4302e361c932b98cee86fb1c5rbb</cmdsynopsis>

8a76b3f3c93d39930182afa227d258218f80926brbb</term>

8e7c85d6eb9bf628f081763c5bd778b784d5001crbb<listitem>

8e7c85d6eb9bf628f081763c5bd778b784d5001crbb<para>

8e7c85d6eb9bf628f081763c5bd778b784d5001crbbSends all dynamic update requests to the name server

8e7c85d6eb9bf628f081763c5bd778b784d5001crbb<parameter>servername</parameter>.

8e7c85d6eb9bf628f081763c5bd778b784d5001crbbWhen no server statement is provided,

97ad13ce0413b573e63512b57c874ebbd41065b2rbb<command>nsupdate</command>

97ad13ce0413b573e63512b57c874ebbd41065b2rbbwill send updates to the master server of the correct zone.

2d3a1dd65798c72b7e46593614b4e27716cc5cderbbThe MNAME field of that zone's SOA record will identify the master

2d3a1dd65798c72b7e46593614b4e27716cc5cderbbserver for that zone.

2d3a1dd65798c72b7e46593614b4e27716cc5cderbb<parameter>port</parameter>

2d3a1dd65798c72b7e46593614b4e27716cc5cderbbis the port number on

78f2608a1583b3cb409e12be701392ad1a929653rbb<parameter>servername</parameter>

78f2608a1583b3cb409e12be701392ad1a929653rbbwhere the dynamic update requests get sent.

78f2608a1583b3cb409e12be701392ad1a929653rbbIf no port number is specified, the default DNS port number of 53 is

78f2608a1583b3cb409e12be701392ad1a929653rbbused.

c5c3b5e33fca6425dc716e1dc51c10733d9b6bc3rbb</para>

c5c3b5e33fca6425dc716e1dc51c10733d9b6bc3rbb

c5c3b5e33fca6425dc716e1dc51c10733d9b6bc3rbb<varlistentry><term>

c5c3b5e33fca6425dc716e1dc51c10733d9b6bc3rbb<cmdsynopsis>

be7b08f10dc6b0be088c8b41009d89ea49ad4acarbb<command>local</command>

be7b08f10dc6b0be088c8b41009d89ea49ad4acarbb<arg choice="req">address</arg>

be7b08f10dc6b0be088c8b41009d89ea49ad4acarbb<arg choice="opt">port</arg>

be7b08f10dc6b0be088c8b41009d89ea49ad4acarbb</cmdsynopsis>

2a0c3663b66c9af764267ac3c4e140e659598474ben</term>

2a0c3663b66c9af764267ac3c4e140e659598474ben<listitem>

2a0c3663b66c9af764267ac3c4e140e659598474ben<para>

2a0c3663b66c9af764267ac3c4e140e659598474benSends all dynamic update requests using the local

8a76b3f3c93d39930182afa227d258218f80926brbb<parameter>address</parameter>.

8a76b3f3c93d39930182afa227d258218f80926brbb

8a76b3f3c93d39930182afa227d258218f80926brbbWhen no local statement is provided,

8a76b3f3c93d39930182afa227d258218f80926brbb<command>nsupdate</command>

11d400383ba9f941cc49e1a8da562fd172d3d7c5stoddardwill send updates using an address and port chosen by the system.

11d400383ba9f941cc49e1a8da562fd172d3d7c5stoddard<parameter>port</parameter>

13ee9baf0119bca0739d3f17591f0bf2c64cdcccrbbcan additionally be used to make requests come from a specific port.

528e2a7d7cf6b8879291b59dd5afd8f6c7ae1b6brbbIf no port number is specified, the system will assign one.

528e2a7d7cf6b8879291b59dd5afd8f6c7ae1b6brbb

528e2a7d7cf6b8879291b59dd5afd8f6c7ae1b6brbb<varlistentry><term>

528e2a7d7cf6b8879291b59dd5afd8f6c7ae1b6brbb<cmdsynopsis>

528e2a7d7cf6b8879291b59dd5afd8f6c7ae1b6brbb<command>zone</command>

1a3161b56ebbbd036730d5372d4800cc495db212rbb<arg choice="req">zonename</arg>

1a3161b56ebbbd036730d5372d4800cc495db212rbb</cmdsynopsis>

1a3161b56ebbbd036730d5372d4800cc495db212rbb</term>

1a3161b56ebbbd036730d5372d4800cc495db212rbb<listitem>

1a3161b56ebbbd036730d5372d4800cc495db212rbb<para>

2d87d8f191175a0683f430d790d81a5604b74ec6rbbSpecifies that all updates are to be made to the zone

2d87d8f191175a0683f430d790d81a5604b74ec6rbb<parameter>zonename</parameter>.

2d87d8f191175a0683f430d790d81a5604b74ec6rbbIf no

2d87d8f191175a0683f430d790d81a5604b74ec6rbb<parameter>zone</parameter>

6bcee6b60a2fc4c96328af30e79bad4927ff30f3rbbstatement is provided,

6bcee6b60a2fc4c96328af30e79bad4927ff30f3rbb<command>nsupdate</command>

6bcee6b60a2fc4c96328af30e79bad4927ff30f3rbbwill attempt determine the correct zone to update based on the rest of the input.

6bcee6b60a2fc4c96328af30e79bad4927ff30f3rbb</para>

6bcee6b60a2fc4c96328af30e79bad4927ff30f3rbb

1e8d4cfede0bad3a1a33e3b2eef0ba6754746f72rbb<varlistentry><term>

1e8d4cfede0bad3a1a33e3b2eef0ba6754746f72rbb<cmdsynopsis>

1e8d4cfede0bad3a1a33e3b2eef0ba6754746f72rbb<command>key</command>

1e8d4cfede0bad3a1a33e3b2eef0ba6754746f72rbb<arg choice="req">name</arg>

5600cf225f3be88ed9b5385a0737ccde7d0775bbrbb<arg choice="req">secret</arg>

5600cf225f3be88ed9b5385a0737ccde7d0775bbrbb</cmdsynopsis>

5600cf225f3be88ed9b5385a0737ccde7d0775bbrbb</term>

5600cf225f3be88ed9b5385a0737ccde7d0775bbrbb<listitem>

84b76faff9e8fa4b16b587b95d3930e36fe3c405rbb<para>

84b76faff9e8fa4b16b587b95d3930e36fe3c405rbbSpecifies that all updates are to be TSIG signed using the

84b76faff9e8fa4b16b587b95d3930e36fe3c405rbb<parameter>keyname</parameter> <parameter>keysecret</parameter> pair.

84b76faff9e8fa4b16b587b95d3930e36fe3c405rbbThe <command>key</command> command

84b76faff9e8fa4b16b587b95d3930e36fe3c405rbboverrides any key specified on the command line via

84b76faff9e8fa4b16b587b95d3930e36fe3c405rbb<option>-y</option> or <option>-k</option>.

84b76faff9e8fa4b16b587b95d3930e36fe3c405rbb</para>

84b76faff9e8fa4b16b587b95d3930e36fe3c405rbb

84b76faff9e8fa4b16b587b95d3930e36fe3c405rbb<varlistentry><term>

84b76faff9e8fa4b16b587b95d3930e36fe3c405rbb<cmdsynopsis>

84b76faff9e8fa4b16b587b95d3930e36fe3c405rbb<command>prereq nxdomain</command>

bcef91d7068817e2e56854f5c5b22b6eb4663a85rbb<arg choice="req">domain-name</arg>

bcef91d7068817e2e56854f5c5b22b6eb4663a85rbb</cmdsynopsis>

bcef91d7068817e2e56854f5c5b22b6eb4663a85rbb</term>

445997e06464e7625c7f0e22917f8f2d9876cfffrbb<listitem>

445997e06464e7625c7f0e22917f8f2d9876cfffrbb<para>

445997e06464e7625c7f0e22917f8f2d9876cfffrbbRequires that no resource record of any type exists with name

445997e06464e7625c7f0e22917f8f2d9876cfffrbb<parameter>domain-name</parameter>.

445997e06464e7625c7f0e22917f8f2d9876cfffrbb</para>

a2c240fe8836beba2330b03d55569d9e31bb3358trawick

a2c240fe8836beba2330b03d55569d9e31bb3358trawick

a2c240fe8836beba2330b03d55569d9e31bb3358trawick<varlistentry><term>

a2c240fe8836beba2330b03d55569d9e31bb3358trawick<cmdsynopsis>

13ee9baf0119bca0739d3f17591f0bf2c64cdcccrbb<command>prereq yxdomain</command>

13ee9baf0119bca0739d3f17591f0bf2c64cdcccrbb<arg choice="req">domain-name</arg>

13ee9baf0119bca0739d3f17591f0bf2c64cdcccrbb</cmdsynopsis>

13ee9baf0119bca0739d3f17591f0bf2c64cdcccrbb</term>

5a58a10705b7b154b53294e0c0283d64eabdcb7fstoddard<listitem>

5a58a10705b7b154b53294e0c0283d64eabdcb7fstoddard<para>

5a58a10705b7b154b53294e0c0283d64eabdcb7fstoddardRequires that

10a2de5cee9ae5abe675ea200fbe635a54556c8ffanf<parameter>domain-name</parameter>

3568de757bac0b47256647504c186d17ca272f85rbbexists (has as at least one resource record, of any type).

3568de757bac0b47256647504c186d17ca272f85rbb</para>

3568de757bac0b47256647504c186d17ca272f85rbb

98f3c8c547839251cb43e9f917114cc8b16ced9efanf<varlistentry><term>

98f3c8c547839251cb43e9f917114cc8b16ced9efanf<cmdsynopsis>

98f3c8c547839251cb43e9f917114cc8b16ced9efanf<command>prereq nxrrset</command>

1a411968bb62cc88c3cbf14a53caf6587c224259fanf<arg choice="req">domain-name</arg>

1a411968bb62cc88c3cbf14a53caf6587c224259fanf<arg choice="opt">class</arg>

10a2de5cee9ae5abe675ea200fbe635a54556c8ffanf<arg choice="req">type</arg>

10a2de5cee9ae5abe675ea200fbe635a54556c8ffanf</cmdsynopsis>

10a2de5cee9ae5abe675ea200fbe635a54556c8ffanf</term>

10a2de5cee9ae5abe675ea200fbe635a54556c8ffanf<listitem>

60777c94cb33363389d4848524c0809c235ba5e5rbb<para>

6f06d481dafc90f1b553f1d2828bcea50a039854fieldingRequires that no resource record exists of the specified

b5140df3124b186e4a977812fd9828d1e295c080wrowe<parameter>type</parameter>,

b5140df3124b186e4a977812fd9828d1e295c080wrowe<parameter>class</parameter>

b5140df3124b186e4a977812fd9828d1e295c080wroweand

b5140df3124b186e4a977812fd9828d1e295c080wrowe<parameter>domain-name</parameter>.

b5140df3124b186e4a977812fd9828d1e295c080wroweIf

c9dafaafc2650994e47f88f5239f643c97ec4cb3wrowe<parameter>class</parameter>

c9dafaafc2650994e47f88f5239f643c97ec4cb3wroweis omitted, IN (internet) is assumed.

c9dafaafc2650994e47f88f5239f643c97ec4cb3wrowe

c9dafaafc2650994e47f88f5239f643c97ec4cb3wrowe

c9dafaafc2650994e47f88f5239f643c97ec4cb3wrowe<varlistentry><term>

41aef8943f349ee0b5b510dd436301b4c33c628cwrowe<cmdsynopsis>

41aef8943f349ee0b5b510dd436301b4c33c628cwrowe<command>prereq yxrrset</command>

bb360f1d9bdce4f55f290de07a711db006b25957wrowe<arg choice="req">domain-name</arg>

5727f68f33838686d447f55a100309e54efb20f8fielding<arg choice="opt">class</arg>

5727f68f33838686d447f55a100309e54efb20f8fielding<arg choice="req">type</arg>

5727f68f33838686d447f55a100309e54efb20f8fielding</cmdsynopsis>

5727f68f33838686d447f55a100309e54efb20f8fielding</term>

5727f68f33838686d447f55a100309e54efb20f8fielding<listitem>

d28c69d8e5f2e88e653d61436bb6fa6302a212b4rbb<para>

d28c69d8e5f2e88e653d61436bb6fa6302a212b4rbbThis requires that a resource record of the specified

d28c69d8e5f2e88e653d61436bb6fa6302a212b4rbb<parameter>type</parameter>,

d28c69d8e5f2e88e653d61436bb6fa6302a212b4rbb<parameter>class</parameter>

d28c69d8e5f2e88e653d61436bb6fa6302a212b4rbband

b974a8fc59a9d6193305dcd8690992a411d88232rbb<parameter>domain-name</parameter>

b974a8fc59a9d6193305dcd8690992a411d88232rbbmust exist.

b974a8fc59a9d6193305dcd8690992a411d88232rbbIf

b974a8fc59a9d6193305dcd8690992a411d88232rbb<parameter>class</parameter>

b974a8fc59a9d6193305dcd8690992a411d88232rbbis omitted, IN (internet) is assumed.

fa996ff928f6170678c8789c8073c368f56d770arbb</para>

fa996ff928f6170678c8789c8073c368f56d770arbb

fa996ff928f6170678c8789c8073c368f56d770arbb<varlistentry><term>

fa996ff928f6170678c8789c8073c368f56d770arbb<cmdsynopsis>

fa996ff928f6170678c8789c8073c368f56d770arbb<command>prereq yxrrset</command>

fa996ff928f6170678c8789c8073c368f56d770arbb<arg choice="req">domain-name</arg>

a1bbc66131c63e718e3f73fc11a348f7552d7947rbb<arg choice="opt">class</arg>

a1bbc66131c63e718e3f73fc11a348f7552d7947rbb<arg choice="req">type</arg>

a1bbc66131c63e718e3f73fc11a348f7552d7947rbb<arg choice="req" rep="repeat">data</arg>

b31025f6f2c0392dc76eecca7f27faad0b902be0wrowe</cmdsynopsis>

b31025f6f2c0392dc76eecca7f27faad0b902be0wrowe</term>

b31025f6f2c0392dc76eecca7f27faad0b902be0wrowe<listitem>

b31025f6f2c0392dc76eecca7f27faad0b902be0wrowe<para>

b31025f6f2c0392dc76eecca7f27faad0b902be0wroweThe

b31025f6f2c0392dc76eecca7f27faad0b902be0wrowe<parameter>data</parameter>

4783bc116b4dc37deadcc0b68ce3d3eeb6a7464abenfrom each set of prerequisites of this form

4783bc116b4dc37deadcc0b68ce3d3eeb6a7464abensharing a common

4783bc116b4dc37deadcc0b68ce3d3eeb6a7464aben<parameter>type</parameter>,

4783bc116b4dc37deadcc0b68ce3d3eeb6a7464aben<parameter>class</parameter>,

4783bc116b4dc37deadcc0b68ce3d3eeb6a7464abenand

fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb<parameter>domain-name</parameter>

fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbbare combined to form a set of RRs. This set of RRs must

fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbbexactly match the set of RRs existing in the zone at the

fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbbgiven

fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb<parameter>type</parameter>,

fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb<parameter>class</parameter>,

fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbband

fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbb<parameter>domain-name</parameter>.

fcc25eda7b150e226d3c1cdaea66a943d3fdee4erbbThe

cab10c98980b42562a7850410cecd37798e170ecrbb<parameter>data</parameter>

cab10c98980b42562a7850410cecd37798e170ecrbbare written in the standard text representation of the resource record's

cab10c98980b42562a7850410cecd37798e170ecrbbRDATA.

cab10c98980b42562a7850410cecd37798e170ecrbb</para>

cab10c98980b42562a7850410cecd37798e170ecrbb

71715c646d5231de578431f8961e711764b899d3fanf<varlistentry><term>

71715c646d5231de578431f8961e711764b899d3fanf<cmdsynopsis>

71715c646d5231de578431f8961e711764b899d3fanf<command>update delete</command>

2714d6002fcdf12f5b26cc948c9f2f03ca5e7ee9rbb<arg choice="req">domain-name</arg>

2714d6002fcdf12f5b26cc948c9f2f03ca5e7ee9rbb<arg choice="opt">ttl</arg>

2714d6002fcdf12f5b26cc948c9f2f03ca5e7ee9rbb<arg choice="opt">class</arg>

2714d6002fcdf12f5b26cc948c9f2f03ca5e7ee9rbb<arg choice="opt">type <arg choice="opt" rep="repeat">data</arg></arg>

2714d6002fcdf12f5b26cc948c9f2f03ca5e7ee9rbb</cmdsynopsis>

8695c28e4d0bb9357f606045b37238d4f49ce8b6rbb</term>

8695c28e4d0bb9357f606045b37238d4f49ce8b6rbb<listitem>

8695c28e4d0bb9357f606045b37238d4f49ce8b6rbb<para>

8695c28e4d0bb9357f606045b37238d4f49ce8b6rbbDeletes any resource records named

8695c28e4d0bb9357f606045b37238d4f49ce8b6rbb<parameter>domain-name</parameter>.

8695c28e4d0bb9357f606045b37238d4f49ce8b6rbbIf

5f69f46ccdf50afd8f0a23f134746e6066185e89rbb<parameter>type</parameter>

5f69f46ccdf50afd8f0a23f134746e6066185e89rbband

5f69f46ccdf50afd8f0a23f134746e6066185e89rbb<parameter>data</parameter>

5f69f46ccdf50afd8f0a23f134746e6066185e89rbbis provided, only matching resource records will be removed.

5f69f46ccdf50afd8f0a23f134746e6066185e89rbbThe internet class is assumed if

e76797ee89ad6fb15ad97b0f3903ae324ac44949wrowe<parameter>class</parameter>

e76797ee89ad6fb15ad97b0f3903ae324ac44949wroweis not supplied. The

e76797ee89ad6fb15ad97b0f3903ae324ac44949wrowe<parameter>ttl</parameter>

e76797ee89ad6fb15ad97b0f3903ae324ac44949wroweis ignored, and is only allowed for compatibility.

e76797ee89ad6fb15ad97b0f3903ae324ac44949wrowe</para>

e76797ee89ad6fb15ad97b0f3903ae324ac44949wrowe

e76797ee89ad6fb15ad97b0f3903ae324ac44949wrowe<varlistentry><term>

e76797ee89ad6fb15ad97b0f3903ae324ac44949wrowe<cmdsynopsis>

e76797ee89ad6fb15ad97b0f3903ae324ac44949wrowe<command>update add</command>

a1e0709c89175c34a3f72eb4a83d7ee1621a0884rbb<arg choice="req">domain-name</arg>

a1e0709c89175c34a3f72eb4a83d7ee1621a0884rbb<arg choice="req">ttl</arg>

a1e0709c89175c34a3f72eb4a83d7ee1621a0884rbb<arg choice="opt">class</arg>

a1e0709c89175c34a3f72eb4a83d7ee1621a0884rbb<arg choice="req">type</arg>

4b13b6bcdcfae61d3c58cc2569757651f28f2bbfrbb<arg choice="req" rep="repeat">data</arg>

4b13b6bcdcfae61d3c58cc2569757651f28f2bbfrbb</cmdsynopsis>

4b13b6bcdcfae61d3c58cc2569757651f28f2bbfrbb</term>

34ea1d36f4e1c8d66338e691793017d105cc9c32rbb<listitem>

34ea1d36f4e1c8d66338e691793017d105cc9c32rbb<para>

34ea1d36f4e1c8d66338e691793017d105cc9c32rbbAdds a new resource record with the specified

34ea1d36f4e1c8d66338e691793017d105cc9c32rbb<parameter>ttl</parameter>,

2c8f06bf370a44a3d0544ed5319355463c417132gregames<parameter>class</parameter>

2c8f06bf370a44a3d0544ed5319355463c417132gregamesand

2c8f06bf370a44a3d0544ed5319355463c417132gregames<parameter>data</parameter>.

db06e09891b001667974483058923b88c3258324rbb</para>

db06e09891b001667974483058923b88c3258324rbb

db06e09891b001667974483058923b88c3258324rbb<varlistentry><term>

db06e09891b001667974483058923b88c3258324rbb<cmdsynopsis>

db06e09891b001667974483058923b88c3258324rbb<command>show</command>

8ba9d5e9aaaa79dba0de13f5c1b6e725d98f1dc2fanf</cmdsynopsis>

8ba9d5e9aaaa79dba0de13f5c1b6e725d98f1dc2fanf</term>

8ba9d5e9aaaa79dba0de13f5c1b6e725d98f1dc2fanf<listitem>

8ba9d5e9aaaa79dba0de13f5c1b6e725d98f1dc2fanf<para>

26cf4d32b4ff8807a64b0cfa6865a7d6d171c68efanfDisplays the current message, containing all of the prerequisites and

26cf4d32b4ff8807a64b0cfa6865a7d6d171c68efanfupdates specified since the last send.

26cf4d32b4ff8807a64b0cfa6865a7d6d171c68efanf</para>

06c107289de0a0888386e0bc08ef9fc60aacd8bctrawick

06c107289de0a0888386e0bc08ef9fc60aacd8bctrawick<varlistentry><term>

06c107289de0a0888386e0bc08ef9fc60aacd8bctrawick<cmdsynopsis>

06c107289de0a0888386e0bc08ef9fc60aacd8bctrawick<command>send</command>

f4ab6acec7b02518869ca649ce2d3ceeb92d282etrawick</cmdsynopsis>

f4ab6acec7b02518869ca649ce2d3ceeb92d282etrawick</term>

f4ab6acec7b02518869ca649ce2d3ceeb92d282etrawick<listitem>

b0bd38b2226e5cfb86cce6ed1991723f4c9e4f68trawick<para>

bf9902ea6090f94c9ee0aaddd80b419a184ffe55jimSends the current message. This is equivalent to entering a blank line.

bf9902ea6090f94c9ee0aaddd80b419a184ffe55jim</para>

bf9902ea6090f94c9ee0aaddd80b419a184ffe55jim</listitem>

bf9902ea6090f94c9ee0aaddd80b419a184ffe55jim</variablelist>

bf9902ea6090f94c9ee0aaddd80b419a184ffe55jim

bf9902ea6090f94c9ee0aaddd80b419a184ffe55jim<para>

bf9902ea6090f94c9ee0aaddd80b419a184ffe55jimLines beginning with a semicolon are comments, and are ignored.

0b34df54ff22d0ca05eb8e9d7c9610138a878c83rbb</para>

0b34df54ff22d0ca05eb8e9d7c9610138a878c83rbb

0b34df54ff22d0ca05eb8e9d7c9610138a878c83rbb</refsect1>

83047afdc49c183cdca6373dba6a0c6afa638f12gstein

0b34df54ff22d0ca05eb8e9d7c9610138a878c83rbb<refsect1>

c8cc46d12794845f39fa154224075a3bbe57a4c8ben<title>EXAMPLES</title>

c8cc46d12794845f39fa154224075a3bbe57a4c8ben<para>

5dea9095cbfab622c65e5f2f806007aaa7d7761arbbThe examples below show how

5dea9095cbfab622c65e5f2f806007aaa7d7761arbb<command>nsupdate</command>

5dea9095cbfab622c65e5f2f806007aaa7d7761arbbcould be used to insert and delete resource records from the

5dea9095cbfab622c65e5f2f806007aaa7d7761arbb<type>example.com</type>

5dea9095cbfab622c65e5f2f806007aaa7d7761arbbzone.

365c33fd9c0fc3ac27c0bd1d360a5a94980c576atrawickNotice that the input in each example contains a trailing blank line so that

365c33fd9c0fc3ac27c0bd1d360a5a94980c576atrawicka group of commands are sent as one dynamic update request to the

365c33fd9c0fc3ac27c0bd1d360a5a94980c576atrawickmaster name server for

0ea568e49752d337d2b513cce07f2a6f4699d6eatrawick<type>example.com</type>.

0ea568e49752d337d2b513cce07f2a6f4699d6eatrawick

0ea568e49752d337d2b513cce07f2a6f4699d6eatrawick<programlisting>

b7a0ad483b54711addc5f43f679189619a23c749ben# nsupdate

b7a0ad483b54711addc5f43f679189619a23c749ben> update delete oldhost.example.com A

328d02603f471fad56cc5588fc9e93f589593ad0rbb> update add newhost.example.com 86400 A 172.16.1.1

328d02603f471fad56cc5588fc9e93f589593ad0rbb>

1c850e9f96375578e43e5f69ba7499a543b2a7bdtrawick</programlisting>

1c850e9f96375578e43e5f69ba7499a543b2a7bdtrawick</para>

1c850e9f96375578e43e5f69ba7499a543b2a7bdtrawick<para>

48a2f5e2c189669b025d462f44fda5d4b45e8d78trawickAny A records for

48a2f5e2c189669b025d462f44fda5d4b45e8d78trawick<type>oldhost.example.com</type>

48a2f5e2c189669b025d462f44fda5d4b45e8d78trawickare deleted.

48a2f5e2c189669b025d462f44fda5d4b45e8d78trawickand an A record for

48a2f5e2c189669b025d462f44fda5d4b45e8d78trawick<type>newhost.example.com</type>

48a2f5e2c189669b025d462f44fda5d4b45e8d78trawickit IP address 172.16.1.1 is added.

48a2f5e2c189669b025d462f44fda5d4b45e8d78trawickThe newly-added record has a 1 day TTL (86400 seconds)

b22fb75c37b70fbe176afdb8081c3ce2dba86db4rbb<programlisting>

b22fb75c37b70fbe176afdb8081c3ce2dba86db4rbb# nsupdate

b22fb75c37b70fbe176afdb8081c3ce2dba86db4rbb> prereq nxdomain nickname.example.com

b22fb75c37b70fbe176afdb8081c3ce2dba86db4rbb> update add nickname.example.com 86400 CNAME somehost.example.com

b22fb75c37b70fbe176afdb8081c3ce2dba86db4rbb>

8fccb89ed59d5c80c76a818f7ca02bb0d068d4d3rbb</programlisting>

8fccb89ed59d5c80c76a818f7ca02bb0d068d4d3rbb</para>

8fccb89ed59d5c80c76a818f7ca02bb0d068d4d3rbb<para>

8fccb89ed59d5c80c76a818f7ca02bb0d068d4d3rbbThe prerequisite condition gets the name server to check that there

8fccb89ed59d5c80c76a818f7ca02bb0d068d4d3rbbare no resource records of any type for

da07a882b90b44243c9cd88ac09a789999dccc4drbb<type>nickname.example.com</type>.

da07a882b90b44243c9cd88ac09a789999dccc4drbb

da07a882b90b44243c9cd88ac09a789999dccc4drbbIf there are, the update request fails.

da07a882b90b44243c9cd88ac09a789999dccc4drbbIf this name does not exist, a CNAME for it is added.

da07a882b90b44243c9cd88ac09a789999dccc4drbbThis ensures that when the CNAME is added, it cannot conflict with the

4a5c8a77f48f0cf10bfe70479d0a2e8e7d6cd917rbblong-standing rule in RFC1034 that a name must not exist as any other

4a5c8a77f48f0cf10bfe70479d0a2e8e7d6cd917rbbrecord type if it exists as a CNAME.

4a5c8a77f48f0cf10bfe70479d0a2e8e7d6cd917rbb(The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have

4a5c8a77f48f0cf10bfe70479d0a2e8e7d6cd917rbbRRSIG, DNSKEY and NSEC records.)

4a5c8a77f48f0cf10bfe70479d0a2e8e7d6cd917rbb</para>

4a5c8a77f48f0cf10bfe70479d0a2e8e7d6cd917rbb</refsect1>

5bf029f8452b6aa105cf3d9d9b19221920725428rbb

5bf029f8452b6aa105cf3d9d9b19221920725428rbb<refsect1>

5bf029f8452b6aa105cf3d9d9b19221920725428rbb<title>FILES</title>

60ed053fe71b1e3cfab8c4ed37afde30a6db4841rbb

60ed053fe71b1e3cfab8c4ed37afde30a6db4841rbb<variablelist>

60ed053fe71b1e3cfab8c4ed37afde30a6db4841rbb<varlistentry><term><constant>/etc/resolv.conf</constant></term>

e03878add0099ba9741efc46d545955a60ea8bdcrbb<listitem>

e03878add0099ba9741efc46d545955a60ea8bdcrbb<para>

e03878add0099ba9741efc46d545955a60ea8bdcrbbused to identify default name server

e03878add0099ba9741efc46d545955a60ea8bdcrbb</para>

1860b2b5f1de31f8cf9d95f1b394fe98c8dbfab7rbb</listitem>

1860b2b5f1de31f8cf9d95f1b394fe98c8dbfab7rbb

1860b2b5f1de31f8cf9d95f1b394fe98c8dbfab7rbb<varlistentry><term><constant>K{name}.+157.+{random}.key</constant></term>

9ec65cbae2f760e485a1c54df5b19853688d5c91wrowe<listitem>

9ec65cbae2f760e485a1c54df5b19853688d5c91wrowe<para>

9ec65cbae2f760e485a1c54df5b19853688d5c91wrowebase-64 encoding of HMAC-MD5 key created by

9ec65cbae2f760e485a1c54df5b19853688d5c91wrowe<citerefentry>

9ec65cbae2f760e485a1c54df5b19853688d5c91wrowe<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>

9ec65cbae2f760e485a1c54df5b19853688d5c91wrowe</citerefentry>.

9ec65cbae2f760e485a1c54df5b19853688d5c91wrowe</para>

9ec65cbae2f760e485a1c54df5b19853688d5c91wrowe</listitem>

a8c0c0b8d7dada680bd3f3d70f78ce0656ba5aa6trawick

a8c0c0b8d7dada680bd3f3d70f78ce0656ba5aa6trawick<varlistentry><term><constant>K{name}.+157.+{random}.private</constant></term>

a8c0c0b8d7dada680bd3f3d70f78ce0656ba5aa6trawick<listitem>

a8c0c0b8d7dada680bd3f3d70f78ce0656ba5aa6trawick<para>

a8c0c0b8d7dada680bd3f3d70f78ce0656ba5aa6trawickbase-64 encoding of HMAC-MD5 key created by

a8c0c0b8d7dada680bd3f3d70f78ce0656ba5aa6trawick<citerefentry>

77c656dabf05adcdee0d30b15b4628be738a1913rbb<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>

77c656dabf05adcdee0d30b15b4628be738a1913rbb</citerefentry>.

77c656dabf05adcdee0d30b15b4628be738a1913rbb</para>

77c656dabf05adcdee0d30b15b4628be738a1913rbb</listitem>

77c656dabf05adcdee0d30b15b4628be738a1913rbb</variablelist>

7e73041858979fd162c849cc2e7447beb51eedf8rbb</refsect1>

7e73041858979fd162c849cc2e7447beb51eedf8rbb

886cd69ebf69e990dbc365be87ff8ea7cd681904rbb<refsect1>

886cd69ebf69e990dbc365be87ff8ea7cd681904rbb<title>SEE ALSO</title>

886cd69ebf69e990dbc365be87ff8ea7cd681904rbb<para>

a8c0c0b8d7dada680bd3f3d70f78ce0656ba5aa6trawick<citerefentry>

886cd69ebf69e990dbc365be87ff8ea7cd681904rbb<refentrytitle>RFC2136</refentrytitle>

886cd69ebf69e990dbc365be87ff8ea7cd681904rbb</citerefentry>,

886cd69ebf69e990dbc365be87ff8ea7cd681904rbb<citerefentry>

db9ac238bf63d7df2bebbaff4de1628a32151028trawick<refentrytitle>RFC3007</refentrytitle>

ce121a776564df6bb75498209094142d92404b8atrawick</citerefentry>,

ce121a776564df6bb75498209094142d92404b8atrawick<citerefentry>

ce121a776564df6bb75498209094142d92404b8atrawick<refentrytitle>RFC2104</refentrytitle>

e1ade9256c87684358786fcf7eef251bd4c1db10rbb</citerefentry>,

e1ade9256c87684358786fcf7eef251bd4c1db10rbb<citerefentry>

e1ade9256c87684358786fcf7eef251bd4c1db10rbb<refentrytitle>RFC2845</refentrytitle>

e1ade9256c87684358786fcf7eef251bd4c1db10rbb</citerefentry>,

e1ade9256c87684358786fcf7eef251bd4c1db10rbb<citerefentry>

e1ade9256c87684358786fcf7eef251bd4c1db10rbb<refentrytitle>RFC1034</refentrytitle>

db9ac238bf63d7df2bebbaff4de1628a32151028trawick</citerefentry>,

db9ac238bf63d7df2bebbaff4de1628a32151028trawick<citerefentry>

db9ac238bf63d7df2bebbaff4de1628a32151028trawick<refentrytitle>RFC2535</refentrytitle>

eae32ab3fb398ca408bc2d45b22adf1b67a75471rbb</citerefentry>,

eae32ab3fb398ca408bc2d45b22adf1b67a75471rbb<citerefentry>

d1d25826dbd7d2ba97db90b77122ae2b0f363e89rbb<refentrytitle>RFC2931</refentrytitle>

d1d25826dbd7d2ba97db90b77122ae2b0f363e89rbb</citerefentry>,

d1d25826dbd7d2ba97db90b77122ae2b0f363e89rbb<citerefentry>

42ec91fadb5532438ab4c02993b15c18a517967frbb<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>

42ec91fadb5532438ab4c02993b15c18a517967frbb</citerefentry>,

42ec91fadb5532438ab4c02993b15c18a517967frbb<citerefentry>

42ec91fadb5532438ab4c02993b15c18a517967frbb<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>

42ec91fadb5532438ab4c02993b15c18a517967frbb</citerefentry>.

96fc773162e93e5b85686ab152f11baf4498d868rbb

2975523a2901fc601ae9510082a7d4fb11bb9aecake</refsect1>

2975523a2901fc601ae9510082a7d4fb11bb9aecake<refsect1>

2975523a2901fc601ae9510082a7d4fb11bb9aecake<title>BUGS</title>

5827adc4c40ff4b10db9b09cea43f4307c8fc319trawick<para>

5827adc4c40ff4b10db9b09cea43f4307c8fc319trawickThe TSIG key is redundantly stored in two separate files.

5827adc4c40ff4b10db9b09cea43f4307c8fc319trawickThis is a consequence of nsupdate using the DST library

5827adc4c40ff4b10db9b09cea43f4307c8fc319trawickfor its cryptographic operations, and may change in future

5827adc4c40ff4b10db9b09cea43f4307c8fc319trawickreleases.

5827adc4c40ff4b10db9b09cea43f4307c8fc319trawick</para>

cfa64348224b66dd1c9979b809406c4d15b1c137fielding</refsect1>

e7270e4daeb3e62414b361ca2bf0e707d0ae3310wrowe</refentry>

e7270e4daeb3e62414b361ca2bf0e707d0ae3310wrowe