48c0c81cd6fabac9d3386406d97633780365b839coar<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"

6f1e2a1eb9944358dc96ee52f2048377c57f1cfaaaron "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"

2a6c49cfaef5979a5a06098f3ce987cd76769409manoj [<!ENTITY mdash "&#8212;">]>

571760de5e60c0b459cb11be45507b923cd023eejwoolley

bcb6e1be6041dfeb549c8ea8d37f97ad4e90a0c3rbb<refentry>

9bd71e35f5d26d26d23fe3a677401828e842ed72wrowe <refentryinfo>

2900ab946a2d76b73a14cebfe2985d253f01c967stoddard <date>Jun 30, 2000</date>

a548c09e6a8ca1b059d0e93b5256c6ccb2b3c3cdrbb </refentryinfo>

a548c09e6a8ca1b059d0e93b5256c6ccb2b3c3cdrbb <refmeta>

a548c09e6a8ca1b059d0e93b5256c6ccb2b3c3cdrbb <refentrytitle>nsupdate</refentrytitle>

b876b7bcf0ce3d232da723246d709e8dbbfe8762rbb <manvolnum>8</manvolnum>

cf6bf6c34c936e6a6fe731dbce4a5c3c8bf8e9a3gstein <refmiscinfo>BIND9</refmiscinfo>

35330e0d79ceb8027223bbb8330a381b1f989d6etrawick </refmeta>

6f6f4a4bca281779d196acbdd5c017bb90858305trawick <refnamediv>

8dd4618c4709236b4ea297d7250d282e463ce2d8rbb <refname>nsupdate</refname>

09bd86d0db1114ee23eda0a6eb76ca055877a1cftrawick <refpurpose>Dynamic DNS update utility</refpurpose>

2deb319e6b3de239f45c16a3e9e836d44f1f7108rbb </refnamediv>

bd929c73ef04789b7183b840d8db6e01d03a4d86rbb

70f6f32765cfaadd6da8de6f0fea97ddd72d8fadmanoj <docinfo>

2a6c49cfaef5979a5a06098f3ce987cd76769409manoj <copyright>

af4c982a7cf4515f124935f99a329744035fc699slive <year>2004</year>

af4c982a7cf4515f124935f99a329744035fc699slive <year>2005</year>

af4c982a7cf4515f124935f99a329744035fc699slive <year>2006</year>

af4c982a7cf4515f124935f99a329744035fc699slive <year>2007</year>

af4c982a7cf4515f124935f99a329744035fc699slive <holder>Internet Systems Consortium, Inc. ("ISC")</holder>

af4c982a7cf4515f124935f99a329744035fc699slive </copyright>

af4c982a7cf4515f124935f99a329744035fc699slive <copyright>

10270f6f94b2069d0d357805c140a9897449b9ccianh <year>2000</year>

4b62424416882687387923b3130b96241503cbe0jerenkrantz <year>2001</year>

5ca8e11fadb6f7a8d9d0367c1800205c99d4bcd6jerenkrantz <year>2002</year>

f9b8e29cfca92cf0a996e8ab17fa1a1f447cecc7stoddard <year>2003</year>

5ca8e11fadb6f7a8d9d0367c1800205c99d4bcd6jerenkrantz <holder>Internet Software Consortium.</holder>

45b0e1c775c1cfed6473c9e5304179ccb9609f53stoddard </copyright>

dbec4658981e4f9127e8676457c28d42932be7cdtrawick </docinfo>

8c8fbb8546af54582539898be704411a60058d85trawick

8c8fbb8546af54582539898be704411a60058d85trawick <refsynopsisdiv>

8c8fbb8546af54582539898be704411a60058d85trawick <cmdsynopsis>

f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz <command>nsupdate</command>

f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz <arg><option>-d</option></arg>

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe <group>

f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz <arg><option>-y <replaceable class="parameter"><optional>hmac:</optional>keyname:secret</replaceable></option></arg>

f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz <arg><option>-k <replaceable class="parameter">keyfile</replaceable></option></arg>

f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz </group>

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe <arg><option>-t <replaceable class="parameter">timeout</replaceable></option></arg>

f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz <arg><option>-u <replaceable class="parameter">udptimeout</replaceable></option></arg>

f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz <arg><option>-r <replaceable class="parameter">udpretries</replaceable></option></arg>

f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz <arg><option>-v</option></arg>

f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz <arg>filename</arg>

f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz </cmdsynopsis>

f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz </refsynopsisdiv>

f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz

f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz <refsect1>

f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz <title>DESCRIPTION</title>

f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz <para><command>nsupdate</command>

f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz is used to submit Dynamic DNS Update requests as defined in RFC2136

f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz to a name server.

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe This allows resource records to be added or removed from a zone

f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz without manually editing the zone file.

f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz A single update request can contain requests to add or remove more than

f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz one

f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz resource record.

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard </para>

6f1e2a1eb9944358dc96ee52f2048377c57f1cfaaaron <para>

6f1e2a1eb9944358dc96ee52f2048377c57f1cfaaaron Zones that are under dynamic control via

f4cb04eb78da02a38fcdd87489dc7b660107d55fjerenkrantz <command>nsupdate</command>

1b3f48fd6b1ccb8745f908e40156c5a85ca3c347jerenkrantz or a DHCP server should not be edited by hand.

8c8fbb8546af54582539898be704411a60058d85trawick Manual edits could

829b09b6ec9b6d69916813ef7205469bddc9f8a9gregames conflict with dynamic updates and cause data to be lost.

829b09b6ec9b6d69916813ef7205469bddc9f8a9gregames </para>

829b09b6ec9b6d69916813ef7205469bddc9f8a9gregames <para>

829b09b6ec9b6d69916813ef7205469bddc9f8a9gregames The resource records that are dynamically added or removed with

8c8fbb8546af54582539898be704411a60058d85trawick <command>nsupdate</command>

8c8fbb8546af54582539898be704411a60058d85trawick have to be in the same zone.

8c8fbb8546af54582539898be704411a60058d85trawick Requests are sent to the zone's master server.

f9b8e29cfca92cf0a996e8ab17fa1a1f447cecc7stoddard This is identified by the MNAME field of the zone's SOA record.

f9b8e29cfca92cf0a996e8ab17fa1a1f447cecc7stoddard </para>

f9b8e29cfca92cf0a996e8ab17fa1a1f447cecc7stoddard <para>

a23b1c5a74208b03884c09a6f9dd5d6c97fa6415trawick The

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe <option>-d</option>

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe option makes

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe <command>nsupdate</command>

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe operate in debug mode.

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe This provides tracing information about the update requests that are

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe made and the replies received from the name server.

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe </para>

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe <para>

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe Transaction signatures can be used to authenticate the Dynamic DNS

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe updates.

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe These use the TSIG resource record type described in RFC2845 or the

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe SIG(0) record described in RFC3535 and RFC2931.

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe TSIG relies on a shared secret that should only be known to

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe <command>nsupdate</command> and the name server.

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe Currently, the only supported encryption algorithm for TSIG is

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe HMAC-MD5, which is defined in RFC 2104.

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe Once other algorithms are defined for TSIG, applications will need to

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe ensure they select the appropriate algorithm as well as the key when

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe authenticating each other.

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe For instance, suitable

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe <type>key</type>

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe and

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe <type>server</type>

638a9edaf48cf003cd40ac25ee8c25f572107414stoddard statements would be added to

638a9edaf48cf003cd40ac25ee8c25f572107414stoddard <filename>/etc/named.conf</filename>

638a9edaf48cf003cd40ac25ee8c25f572107414stoddard so that the name server can associate the appropriate secret key

83d91d60d00dc345bfbcbc48ff206db4a6b23b2eaaron and algorithm with the IP address of the

83d91d60d00dc345bfbcbc48ff206db4a6b23b2eaaron client application that will be using TSIG authentication.

83d91d60d00dc345bfbcbc48ff206db4a6b23b2eaaron SIG(0) uses public key cryptography. To use a SIG(0) key, the public

db2d668e6233d8949b35ee7f9f42f444758f9ce9rbb key must be stored in a KEY record in a zone served by the name server.

db2d668e6233d8949b35ee7f9f42f444758f9ce9rbb <command>nsupdate</command>

db2d668e6233d8949b35ee7f9f42f444758f9ce9rbb does not read

db2d668e6233d8949b35ee7f9f42f444758f9ce9rbb <filename>/etc/named.conf</filename>.

db2d668e6233d8949b35ee7f9f42f444758f9ce9rbb </para>

db2d668e6233d8949b35ee7f9f42f444758f9ce9rbb <para><command>nsupdate</command>

db2d668e6233d8949b35ee7f9f42f444758f9ce9rbb uses the <option>-y</option> or <option>-k</option> option

1ea5221b240a8b41a07c6fb04aab5a73adcddabfaaron to provide the shared secret needed to generate a TSIG record

1ea5221b240a8b41a07c6fb04aab5a73adcddabfaaron for authenticating Dynamic DNS update requests, default type

1ea5221b240a8b41a07c6fb04aab5a73adcddabfaaron HMAC-MD5. These options are mutually exclusive. With the

1ea5221b240a8b41a07c6fb04aab5a73adcddabfaaron <option>-k</option> option, <command>nsupdate</command> reads

a12f07383f9c286519fe88f559187148d5bd1c16aaron the shared secret from the file <parameter>keyfile</parameter>,

1ea5221b240a8b41a07c6fb04aab5a73adcddabfaaron whose name is of the form

1ea5221b240a8b41a07c6fb04aab5a73adcddabfaaron <filename>K{name}.+157.+{random}.private</filename>. For

5d12baef135b5d3cb94745e007a1575398469724jerenkrantz historical reasons, the file

5d12baef135b5d3cb94745e007a1575398469724jerenkrantz <filename>K{name}.+157.+{random}.key</filename> must also be

5d12baef135b5d3cb94745e007a1575398469724jerenkrantz present. When the <option>-y</option> option is used, a

5d12baef135b5d3cb94745e007a1575398469724jerenkrantz signature is generated from

5d12baef135b5d3cb94745e007a1575398469724jerenkrantz <optional><parameter>hmac:</parameter></optional><parameter>keyname:secret.</parameter>

5d12baef135b5d3cb94745e007a1575398469724jerenkrantz <parameter>keyname</parameter> is the name of the key, and

5d12baef135b5d3cb94745e007a1575398469724jerenkrantz <parameter>secret</parameter> is the base64 encoded shared

5d12baef135b5d3cb94745e007a1575398469724jerenkrantz secret. Use of the <option>-y</option> option is discouraged

5d12baef135b5d3cb94745e007a1575398469724jerenkrantz because the shared secret is supplied as a command line

5d12baef135b5d3cb94745e007a1575398469724jerenkrantz argument in clear text. This may be visible in the output

5d12baef135b5d3cb94745e007a1575398469724jerenkrantz from

5d12baef135b5d3cb94745e007a1575398469724jerenkrantz <citerefentry>

b865daaa4ef731a7066ee6d97e2aae36c7743939jerenkrantz <refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum>

b865daaa4ef731a7066ee6d97e2aae36c7743939jerenkrantz </citerefentry> or in a history file maintained by the user's

b865daaa4ef731a7066ee6d97e2aae36c7743939jerenkrantz shell.

b865daaa4ef731a7066ee6d97e2aae36c7743939jerenkrantz </para>

b865daaa4ef731a7066ee6d97e2aae36c7743939jerenkrantz <para>

b865daaa4ef731a7066ee6d97e2aae36c7743939jerenkrantz The <option>-k</option> may also be used to specify a SIG(0) key used

b865daaa4ef731a7066ee6d97e2aae36c7743939jerenkrantz to authenticate Dynamic DNS update requests. In this case, the key

b865daaa4ef731a7066ee6d97e2aae36c7743939jerenkrantz specified is not an HMAC-MD5 key.

b865daaa4ef731a7066ee6d97e2aae36c7743939jerenkrantz </para>

b865daaa4ef731a7066ee6d97e2aae36c7743939jerenkrantz <para>

b865daaa4ef731a7066ee6d97e2aae36c7743939jerenkrantz By default

b865daaa4ef731a7066ee6d97e2aae36c7743939jerenkrantz <command>nsupdate</command>

b865daaa4ef731a7066ee6d97e2aae36c7743939jerenkrantz uses UDP to send update requests to the name server unless they are too

b865daaa4ef731a7066ee6d97e2aae36c7743939jerenkrantz large to fit in a UDP request in which case TCP will be used.

b865daaa4ef731a7066ee6d97e2aae36c7743939jerenkrantz The

dc098c7ce5d36179c504d09fc722d190683d0262aaron <option>-v</option>

dc098c7ce5d36179c504d09fc722d190683d0262aaron option makes

dc098c7ce5d36179c504d09fc722d190683d0262aaron <command>nsupdate</command>

dc098c7ce5d36179c504d09fc722d190683d0262aaron use a TCP connection.

dc098c7ce5d36179c504d09fc722d190683d0262aaron This may be preferable when a batch of update requests is made.

dc098c7ce5d36179c504d09fc722d190683d0262aaron </para>

dc098c7ce5d36179c504d09fc722d190683d0262aaron <para>

364dfd4527e6ce37b828a42e2c0bbdf9ba19a9b8gregames The <option>-t</option> option sets the maximum time an update request

364dfd4527e6ce37b828a42e2c0bbdf9ba19a9b8gregames can

dc098c7ce5d36179c504d09fc722d190683d0262aaron take before it is aborted. The default is 300 seconds. Zero can be

0bcb1fe39dfaacf9745b6633f5cc9ebc8e2596caaaron used

0bcb1fe39dfaacf9745b6633f5cc9ebc8e2596caaaron to disable the timeout.

0bcb1fe39dfaacf9745b6633f5cc9ebc8e2596caaaron </para>

0bcb1fe39dfaacf9745b6633f5cc9ebc8e2596caaaron <para>

0bcb1fe39dfaacf9745b6633f5cc9ebc8e2596caaaron The <option>-u</option> option sets the UDP retry interval. The default

0bcb1fe39dfaacf9745b6633f5cc9ebc8e2596caaaron is

33f5961d34a8b5390cebad0543b3ebe67830e5d7jerenkrantz 3 seconds. If zero, the interval will be computed from the timeout

33f5961d34a8b5390cebad0543b3ebe67830e5d7jerenkrantz interval

33f5961d34a8b5390cebad0543b3ebe67830e5d7jerenkrantz and number of UDP retries.

33f5961d34a8b5390cebad0543b3ebe67830e5d7jerenkrantz </para>

33f5961d34a8b5390cebad0543b3ebe67830e5d7jerenkrantz <para>

33f5961d34a8b5390cebad0543b3ebe67830e5d7jerenkrantz The <option>-r</option> option sets the number of UDP retries. The

ff42f83cbf31893bcde9712332a8e5ee970f6a74trawick default is

ff42f83cbf31893bcde9712332a8e5ee970f6a74trawick 3. If zero, only one update request will be made.

ff42f83cbf31893bcde9712332a8e5ee970f6a74trawick </para>

33f5961d34a8b5390cebad0543b3ebe67830e5d7jerenkrantz </refsect1>

54e1babd5a5a56c576eeeace54110150769cc916coar

54e1babd5a5a56c576eeeace54110150769cc916coar <refsect1>

54e1babd5a5a56c576eeeace54110150769cc916coar <title>INPUT FORMAT</title>

54e1babd5a5a56c576eeeace54110150769cc916coar <para><command>nsupdate</command>

54e1babd5a5a56c576eeeace54110150769cc916coar reads input from

54e1babd5a5a56c576eeeace54110150769cc916coar <parameter>filename</parameter>

54e1babd5a5a56c576eeeace54110150769cc916coar or standard input.

54e1babd5a5a56c576eeeace54110150769cc916coar Each command is supplied on exactly one line of input.

54e1babd5a5a56c576eeeace54110150769cc916coar Some commands are for administrative purposes.

54e1babd5a5a56c576eeeace54110150769cc916coar The others are either update instructions or prerequisite checks on the

54e1babd5a5a56c576eeeace54110150769cc916coar contents of the zone.

54e1babd5a5a56c576eeeace54110150769cc916coar These checks set conditions that some name or set of

54e1babd5a5a56c576eeeace54110150769cc916coar resource records (RRset) either exists or is absent from the zone.

949aa7bba7f804faa8e6b08cad42a98fc0255d85jerenkrantz These conditions must be met if the entire update request is to succeed.

949aa7bba7f804faa8e6b08cad42a98fc0255d85jerenkrantz Updates will be rejected if the tests for the prerequisite conditions

949aa7bba7f804faa8e6b08cad42a98fc0255d85jerenkrantz fail.

949aa7bba7f804faa8e6b08cad42a98fc0255d85jerenkrantz </para>

949aa7bba7f804faa8e6b08cad42a98fc0255d85jerenkrantz <para>

949aa7bba7f804faa8e6b08cad42a98fc0255d85jerenkrantz Every update request consists of zero or more prerequisites

e0427bf8e52a8fb920cb8b6adb5cdb3b6535b7fecoar and zero or more updates.

e0427bf8e52a8fb920cb8b6adb5cdb3b6535b7fecoar This allows a suitably authenticated update request to proceed if some

07021d9f405849228b859d9fb4b877f20e4fbba3jerenkrantz specified resource records are present or missing from the zone.

07021d9f405849228b859d9fb4b877f20e4fbba3jerenkrantz A blank input line (or the <command>send</command> command)

07021d9f405849228b859d9fb4b877f20e4fbba3jerenkrantz causes the

07021d9f405849228b859d9fb4b877f20e4fbba3jerenkrantz accumulated commands to be sent as one Dynamic DNS update request to the

f126ee03179eb54308118f1ec3de5a7b461685d8aaron name server.

f126ee03179eb54308118f1ec3de5a7b461685d8aaron </para>

f126ee03179eb54308118f1ec3de5a7b461685d8aaron <para>

f126ee03179eb54308118f1ec3de5a7b461685d8aaron The command formats and their meaning are as follows:

f126ee03179eb54308118f1ec3de5a7b461685d8aaron <variablelist>

f126ee03179eb54308118f1ec3de5a7b461685d8aaron

f126ee03179eb54308118f1ec3de5a7b461685d8aaron <varlistentry>

f126ee03179eb54308118f1ec3de5a7b461685d8aaron <term>

f126ee03179eb54308118f1ec3de5a7b461685d8aaron <command>server</command>

f126ee03179eb54308118f1ec3de5a7b461685d8aaron <arg choice="req">servername</arg>

f126ee03179eb54308118f1ec3de5a7b461685d8aaron <arg choice="opt">port</arg>

f126ee03179eb54308118f1ec3de5a7b461685d8aaron </term>

f126ee03179eb54308118f1ec3de5a7b461685d8aaron <listitem>

f126ee03179eb54308118f1ec3de5a7b461685d8aaron <para>

f126ee03179eb54308118f1ec3de5a7b461685d8aaron Sends all dynamic update requests to the name server

109faf633e12ab0bbdd602c7addc795cce59e8addreid <parameter>servername</parameter>.

109faf633e12ab0bbdd602c7addc795cce59e8addreid When no server statement is provided,

109faf633e12ab0bbdd602c7addc795cce59e8addreid <command>nsupdate</command>

109faf633e12ab0bbdd602c7addc795cce59e8addreid will send updates to the master server of the correct zone.

109faf633e12ab0bbdd602c7addc795cce59e8addreid The MNAME field of that zone's SOA record will identify the

109faf633e12ab0bbdd602c7addc795cce59e8addreid master

109faf633e12ab0bbdd602c7addc795cce59e8addreid server for that zone.

109faf633e12ab0bbdd602c7addc795cce59e8addreid <parameter>port</parameter>

109faf633e12ab0bbdd602c7addc795cce59e8addreid is the port number on

109faf633e12ab0bbdd602c7addc795cce59e8addreid <parameter>servername</parameter>

109faf633e12ab0bbdd602c7addc795cce59e8addreid where the dynamic update requests get sent.

109faf633e12ab0bbdd602c7addc795cce59e8addreid If no port number is specified, the default DNS port number of

109faf633e12ab0bbdd602c7addc795cce59e8addreid 53 is

109faf633e12ab0bbdd602c7addc795cce59e8addreid used.

4ca13a5e126946272f02637e268a8e09193c553ecoar </para>

4ca13a5e126946272f02637e268a8e09193c553ecoar </listitem>

4ca13a5e126946272f02637e268a8e09193c553ecoar </varlistentry>

4ca13a5e126946272f02637e268a8e09193c553ecoar

4ca13a5e126946272f02637e268a8e09193c553ecoar <varlistentry>

48c0c81cd6fabac9d3386406d97633780365b839coar <term>

48c0c81cd6fabac9d3386406d97633780365b839coar <command>local</command>

48c0c81cd6fabac9d3386406d97633780365b839coar <arg choice="req">address</arg>

48c0c81cd6fabac9d3386406d97633780365b839coar <arg choice="opt">port</arg>

48c0c81cd6fabac9d3386406d97633780365b839coar </term>

48c0c81cd6fabac9d3386406d97633780365b839coar <listitem>

48c0c81cd6fabac9d3386406d97633780365b839coar <para>

e0427bf8e52a8fb920cb8b6adb5cdb3b6535b7fecoar Sends all dynamic update requests using the local

4ca13a5e126946272f02637e268a8e09193c553ecoar <parameter>address</parameter>.

b84f66c93f820824b1d5455181f55598b766319cwrowe

b84f66c93f820824b1d5455181f55598b766319cwrowe When no local statement is provided,

b84f66c93f820824b1d5455181f55598b766319cwrowe <command>nsupdate</command>

b84f66c93f820824b1d5455181f55598b766319cwrowe will send updates using an address and port chosen by the

7fe18c15b669db9d191859695901dc4fcf3829dawrowe system.

7fe18c15b669db9d191859695901dc4fcf3829dawrowe <parameter>port</parameter>

7fe18c15b669db9d191859695901dc4fcf3829dawrowe can additionally be used to make requests come from a specific

7fe18c15b669db9d191859695901dc4fcf3829dawrowe port.

b84f66c93f820824b1d5455181f55598b766319cwrowe If no port number is specified, the system will assign one.

60d567a0c2aae815ee6fc20c0d65032bea52c92cwrowe </para>

60d567a0c2aae815ee6fc20c0d65032bea52c92cwrowe </listitem>

60d567a0c2aae815ee6fc20c0d65032bea52c92cwrowe </varlistentry>

d24a92b8a8315e9a266ba84cc2a996d49dd546c1stoddard

48c0c81cd6fabac9d3386406d97633780365b839coar <varlistentry>

48c0c81cd6fabac9d3386406d97633780365b839coar <term>

48c0c81cd6fabac9d3386406d97633780365b839coar <command>zone</command>

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe <arg choice="req">zonename</arg>

2fb49a1d25f38421a68d31b4cbb5d9293fdeafbewrowe </term>

60d567a0c2aae815ee6fc20c0d65032bea52c92cwrowe <listitem>

60d567a0c2aae815ee6fc20c0d65032bea52c92cwrowe <para>

60d567a0c2aae815ee6fc20c0d65032bea52c92cwrowe Specifies that all updates are to be made to the zone

60d567a0c2aae815ee6fc20c0d65032bea52c92cwrowe <parameter>zonename</parameter>.

60d567a0c2aae815ee6fc20c0d65032bea52c92cwrowe If no

7239216999e746bb4fc7671621becea33c5c1c87stoddard <parameter>zone</parameter>

d180ec1b29106f4fec480ef7fcdb04df078010cerse statement is provided,

d180ec1b29106f4fec480ef7fcdb04df078010cerse <command>nsupdate</command>

3913a3b7e7c72ea11d05da36275db39c2dc39b68jwoolley will attempt determine the correct zone to update based on the

3913a3b7e7c72ea11d05da36275db39c2dc39b68jwoolley rest of the input.

3913a3b7e7c72ea11d05da36275db39c2dc39b68jwoolley </para>

57710387e669ee41fb211458efe09c4c73194a66jwoolley </listitem>

57710387e669ee41fb211458efe09c4c73194a66jwoolley </varlistentry>

3913a3b7e7c72ea11d05da36275db39c2dc39b68jwoolley

3913a3b7e7c72ea11d05da36275db39c2dc39b68jwoolley <varlistentry>

d180ec1b29106f4fec480ef7fcdb04df078010cerse <term>

19cbe4d7b7c931723e7249de6829bf965a1fee72stoddard <command>class</command>

19cbe4d7b7c931723e7249de6829bf965a1fee72stoddard <arg choice="req">classname</arg>

b187d568e1507d75139ebc13ca945b38fc05d55cstoddard </term>

b187d568e1507d75139ebc13ca945b38fc05d55cstoddard <listitem>

b187d568e1507d75139ebc13ca945b38fc05d55cstoddard <para>

1c6fb1e726ce22694de0e9a957adb67b929e5d4fstoddard Specify the default class.

1c6fb1e726ce22694de0e9a957adb67b929e5d4fstoddard If no <parameter>class</parameter> is specified, the

a5ed555df952c85bc1b179f5981e8a6c54ba16e6stoddard default class is

d2f8b010487ffa990a9c268df5a25579e7291bcdrbb <parameter>IN</parameter>.

d2f8b010487ffa990a9c268df5a25579e7291bcdrbb </para>

a5ed555df952c85bc1b179f5981e8a6c54ba16e6stoddard </listitem>

0bff2f28ef945280c17099c142126178a78e1e54manoj </varlistentry>

0bff2f28ef945280c17099c142126178a78e1e54manoj

0bff2f28ef945280c17099c142126178a78e1e54manoj <varlistentry>

1e585ba09ea32272e63c4c39c35491e975d21d98stoddard <term>

0bff2f28ef945280c17099c142126178a78e1e54manoj <command>key</command>

35330e0d79ceb8027223bbb8330a381b1f989d6etrawick <arg choice="req">name</arg>

0bff2f28ef945280c17099c142126178a78e1e54manoj <arg choice="req">secret</arg>

9c09943bad734ebd5c7cc10bd6d63b75c4c6e056stoddard </term>

ff849e4163ed879288f0df15f78b6c9d278ec804fanf <listitem>

ff849e4163ed879288f0df15f78b6c9d278ec804fanf <para>

447c6ce3ff08073c44f6785d5256271fcb877512wrowe Specifies that all updates are to be TSIG-signed using the

e0427bf8e52a8fb920cb8b6adb5cdb3b6535b7fecoar <parameter>keyname</parameter> <parameter>keysecret</parameter> pair.

e0427bf8e52a8fb920cb8b6adb5cdb3b6535b7fecoar The <command>key</command> command

e0427bf8e52a8fb920cb8b6adb5cdb3b6535b7fecoar overrides any key specified on the command line via

e0427bf8e52a8fb920cb8b6adb5cdb3b6535b7fecoar <option>-y</option> or <option>-k</option>.

6758b07b4b79f898b0f56375016cea7da0bfb495wrowe </para>

6758b07b4b79f898b0f56375016cea7da0bfb495wrowe </listitem>

6758b07b4b79f898b0f56375016cea7da0bfb495wrowe </varlistentry>

7fe18c15b669db9d191859695901dc4fcf3829dawrowe

db3ccce11afac4fc1d4f51a65424412f7480c46cgstein <varlistentry>

dd4713dc5b186f4d1be7b88f86608fdb84cbe5d5gstein <term>

48c0c81cd6fabac9d3386406d97633780365b839coar <command>prereq nxdomain</command>

48c0c81cd6fabac9d3386406d97633780365b839coar <arg choice="req">domain-name</arg>

48c0c81cd6fabac9d3386406d97633780365b839coar </term>

48c0c81cd6fabac9d3386406d97633780365b839coar <listitem>

db3ccce11afac4fc1d4f51a65424412f7480c46cgstein <para>

79d5106a9b65b956d646f5daae4b94bc79e315b8trawick Requires that no resource record of any type exists with name

79d5106a9b65b956d646f5daae4b94bc79e315b8trawick <parameter>domain-name</parameter>.

79d5106a9b65b956d646f5daae4b94bc79e315b8trawick </para>

cf6bf6c34c936e6a6fe731dbce4a5c3c8bf8e9a3gstein </listitem>

cf6bf6c34c936e6a6fe731dbce4a5c3c8bf8e9a3gstein </varlistentry>

cf6bf6c34c936e6a6fe731dbce4a5c3c8bf8e9a3gstein

6fa71a1bd8c61518b05f5798a7a1594c270e78afrbb

93c5cba06b623ebe8e4372e886eece12d9a80c3egstein <varlistentry>

14cccaddba3a9263cf0d0ddc311e18f3e3dc9b0fgstein <term>

14cccaddba3a9263cf0d0ddc311e18f3e3dc9b0fgstein <command>prereq yxdomain</command>

14cccaddba3a9263cf0d0ddc311e18f3e3dc9b0fgstein <arg choice="req">domain-name</arg>

14cccaddba3a9263cf0d0ddc311e18f3e3dc9b0fgstein </term>

14cccaddba3a9263cf0d0ddc311e18f3e3dc9b0fgstein <listitem>

14cccaddba3a9263cf0d0ddc311e18f3e3dc9b0fgstein <para>

823c303d33c9e637a83d82208bcbafaf5f532d7bgstein Requires that

823c303d33c9e637a83d82208bcbafaf5f532d7bgstein <parameter>domain-name</parameter>

e636eba7474e0010b5c7198af1c2fe5ad8652dbbmanoj exists (has as at least one resource record, of any type).

e636eba7474e0010b5c7198af1c2fe5ad8652dbbmanoj </para>

e636eba7474e0010b5c7198af1c2fe5ad8652dbbmanoj </listitem>

281da4c02cf40c663298ded7e4e5b913a8f8b814gstein </varlistentry>

281da4c02cf40c663298ded7e4e5b913a8f8b814gstein

2f728b2e8555fee1b7cc11e886488692f2575fbddougm <varlistentry>

2f728b2e8555fee1b7cc11e886488692f2575fbddougm <term>

2f728b2e8555fee1b7cc11e886488692f2575fbddougm <command>prereq nxrrset</command>

60d567a0c2aae815ee6fc20c0d65032bea52c92cwrowe <arg choice="req">domain-name</arg>

48c0c81cd6fabac9d3386406d97633780365b839coar <arg choice="opt">class</arg>

60d567a0c2aae815ee6fc20c0d65032bea52c92cwrowe <arg choice="req">type</arg>

60d567a0c2aae815ee6fc20c0d65032bea52c92cwrowe </term>

60d567a0c2aae815ee6fc20c0d65032bea52c92cwrowe <listitem>

60d567a0c2aae815ee6fc20c0d65032bea52c92cwrowe <para>

60d567a0c2aae815ee6fc20c0d65032bea52c92cwrowe Requires that no resource record exists of the specified

60d567a0c2aae815ee6fc20c0d65032bea52c92cwrowe <parameter>type</parameter>,

fdff4ace2701177219fe1c444f69242372423354aaron <parameter>class</parameter>

fdff4ace2701177219fe1c444f69242372423354aaron and

fdff4ace2701177219fe1c444f69242372423354aaron <parameter>domain-name</parameter>.

fdff4ace2701177219fe1c444f69242372423354aaron If

fdff4ace2701177219fe1c444f69242372423354aaron <parameter>class</parameter>

fdff4ace2701177219fe1c444f69242372423354aaron is omitted, IN (internet) is assumed.

fdff4ace2701177219fe1c444f69242372423354aaron </para>

fdff4ace2701177219fe1c444f69242372423354aaron </listitem>

27757f6699a924d4b493a1b6cceb27df27a43287dreid </varlistentry>

27757f6699a924d4b493a1b6cceb27df27a43287dreid

27757f6699a924d4b493a1b6cceb27df27a43287dreid

21e01f13f717faeca3e498d7d9c9b4d3af98ae27trawick <varlistentry>

21e01f13f717faeca3e498d7d9c9b4d3af98ae27trawick <term>

21e01f13f717faeca3e498d7d9c9b4d3af98ae27trawick <command>prereq yxrrset</command>

21e01f13f717faeca3e498d7d9c9b4d3af98ae27trawick <arg choice="req">domain-name</arg>

21e01f13f717faeca3e498d7d9c9b4d3af98ae27trawick <arg choice="opt">class</arg>

21e01f13f717faeca3e498d7d9c9b4d3af98ae27trawick <arg choice="req">type</arg>

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard </term>

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard <listitem>

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard <para>

6f1e2a1eb9944358dc96ee52f2048377c57f1cfaaaron This requires that a resource record of the specified

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard <parameter>type</parameter>,

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard <parameter>class</parameter>

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard and

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard <parameter>domain-name</parameter>

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard must exist.

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard If

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard <parameter>class</parameter>

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard is omitted, IN (internet) is assumed.

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard </para>

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard </listitem>

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard </varlistentry>

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard <varlistentry>

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard <term>

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard <command>prereq yxrrset</command>

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard <arg choice="req">domain-name</arg>

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard <arg choice="opt">class</arg>

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard <arg choice="req">type</arg>

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard <arg choice="req" rep="repeat">data</arg>

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard </term>

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard <listitem>

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard <para>

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard The

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard <parameter>data</parameter>

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard from each set of prerequisites of this form

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard sharing a common

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard <parameter>type</parameter>,

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard <parameter>class</parameter>,

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard and

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard <parameter>domain-name</parameter>

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard are combined to form a set of RRs. This set of RRs must

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard exactly match the set of RRs existing in the zone at the

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard given

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard <parameter>type</parameter>,

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard <parameter>class</parameter>,

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard and

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard <parameter>domain-name</parameter>.

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard The

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard <parameter>data</parameter>

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard are written in the standard text representation of the resource

ddd44b06b04507cae083c52451e28f54f0bdb5afstoddard record's

64ad864fa0f4493eebb181e393b40a8a90beccb9coar RDATA.

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </para>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </listitem>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </varlistentry>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar

48c0c81cd6fabac9d3386406d97633780365b839coar <varlistentry>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <term>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <command>update delete</command>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <arg choice="req">domain-name</arg>

48c0c81cd6fabac9d3386406d97633780365b839coar <arg choice="opt">ttl</arg>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <arg choice="opt">class</arg>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <arg choice="opt">type <arg choice="opt" rep="repeat">data</arg></arg>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </term>

48c0c81cd6fabac9d3386406d97633780365b839coar <listitem>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <para>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar Deletes any resource records named

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <parameter>domain-name</parameter>.

64ad864fa0f4493eebb181e393b40a8a90beccb9coar If

48c0c81cd6fabac9d3386406d97633780365b839coar <parameter>type</parameter>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar and

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <parameter>data</parameter>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar is provided, only matching resource records will be removed.

48c0c81cd6fabac9d3386406d97633780365b839coar The internet class is assumed if

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <parameter>class</parameter>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar is not supplied. The

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <parameter>ttl</parameter>

48c0c81cd6fabac9d3386406d97633780365b839coar is ignored, and is only allowed for compatibility.

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </para>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </listitem>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </varlistentry>

48c0c81cd6fabac9d3386406d97633780365b839coar

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <varlistentry>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <term>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <command>update add</command>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <arg choice="req">domain-name</arg>

48c0c81cd6fabac9d3386406d97633780365b839coar <arg choice="req">ttl</arg>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <arg choice="opt">class</arg>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <arg choice="req">type</arg>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <arg choice="req" rep="repeat">data</arg>

48c0c81cd6fabac9d3386406d97633780365b839coar </term>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <listitem>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <para>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar Adds a new resource record with the specified

48c0c81cd6fabac9d3386406d97633780365b839coar <parameter>ttl</parameter>,

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <parameter>class</parameter>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar and

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <parameter>data</parameter>.

48c0c81cd6fabac9d3386406d97633780365b839coar </para>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </listitem>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </varlistentry>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar

48c0c81cd6fabac9d3386406d97633780365b839coar <varlistentry>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <term>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <command>show</command>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </term>

48c0c81cd6fabac9d3386406d97633780365b839coar <listitem>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <para>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar Displays the current message, containing all of the

64ad864fa0f4493eebb181e393b40a8a90beccb9coar prerequisites and

48c0c81cd6fabac9d3386406d97633780365b839coar updates specified since the last send.

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </para>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </listitem>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </varlistentry>

48c0c81cd6fabac9d3386406d97633780365b839coar

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <varlistentry>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <term>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <command>send</command>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </term>

48c0c81cd6fabac9d3386406d97633780365b839coar <listitem>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <para>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar Sends the current message. This is equivalent to entering a

64ad864fa0f4493eebb181e393b40a8a90beccb9coar blank line.

48c0c81cd6fabac9d3386406d97633780365b839coar </para>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </listitem>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </varlistentry>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar

48c0c81cd6fabac9d3386406d97633780365b839coar <varlistentry>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <term>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <command>answer</command>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </term>

48c0c81cd6fabac9d3386406d97633780365b839coar <listitem>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <para>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar Displays the answer.

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </para>

48c0c81cd6fabac9d3386406d97633780365b839coar </listitem>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </varlistentry>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </variablelist>

48c0c81cd6fabac9d3386406d97633780365b839coar </para>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <para>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar Lines beginning with a semicolon are comments and are ignored.

48c0c81cd6fabac9d3386406d97633780365b839coar </para>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </refsect1>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar

48c0c81cd6fabac9d3386406d97633780365b839coar <refsect1>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <title>EXAMPLES</title>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <para>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar The examples below show how

48c0c81cd6fabac9d3386406d97633780365b839coar <command>nsupdate</command>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar could be used to insert and delete resource records from the

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <type>example.com</type>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar zone.

48c0c81cd6fabac9d3386406d97633780365b839coar Notice that the input in each example contains a trailing blank line so

64ad864fa0f4493eebb181e393b40a8a90beccb9coar that

64ad864fa0f4493eebb181e393b40a8a90beccb9coar a group of commands are sent as one dynamic update request to the

64ad864fa0f4493eebb181e393b40a8a90beccb9coar master name server for

48c0c81cd6fabac9d3386406d97633780365b839coar <type>example.com</type>.

64ad864fa0f4493eebb181e393b40a8a90beccb9coar

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <programlisting>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar# nsupdate

48c0c81cd6fabac9d3386406d97633780365b839coar&gt; update delete oldhost.example.com A

64ad864fa0f4493eebb181e393b40a8a90beccb9coar&gt; update add newhost.example.com 86400 A 172.16.1.1

64ad864fa0f4493eebb181e393b40a8a90beccb9coar&gt; send

64ad864fa0f4493eebb181e393b40a8a90beccb9coar</programlisting>

48c0c81cd6fabac9d3386406d97633780365b839coar </para>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <para>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar Any A records for

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <type>oldhost.example.com</type>

48c0c81cd6fabac9d3386406d97633780365b839coar are deleted.

64ad864fa0f4493eebb181e393b40a8a90beccb9coar And an A record for

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <type>newhost.example.com</type>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar with IP address 172.16.1.1 is added.

48c0c81cd6fabac9d3386406d97633780365b839coar The newly-added record has a 1 day TTL (86400 seconds).

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <programlisting>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar# nsupdate

64ad864fa0f4493eebb181e393b40a8a90beccb9coar&gt; prereq nxdomain nickname.example.com

48c0c81cd6fabac9d3386406d97633780365b839coar&gt; update add nickname.example.com 86400 CNAME somehost.example.com

64ad864fa0f4493eebb181e393b40a8a90beccb9coar&gt; send

6694e265e9a71ceaedbe1f1aa4db4d9ba42fb866wrowe</programlisting>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </para>

48c0c81cd6fabac9d3386406d97633780365b839coar <para>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar The prerequisite condition gets the name server to check that there

64ad864fa0f4493eebb181e393b40a8a90beccb9coar are no resource records of any type for

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <type>nickname.example.com</type>.

48c0c81cd6fabac9d3386406d97633780365b839coar

64ad864fa0f4493eebb181e393b40a8a90beccb9coar If there are, the update request fails.

64ad864fa0f4493eebb181e393b40a8a90beccb9coar If this name does not exist, a CNAME for it is added.

64ad864fa0f4493eebb181e393b40a8a90beccb9coar This ensures that when the CNAME is added, it cannot conflict with the

48c0c81cd6fabac9d3386406d97633780365b839coar long-standing rule in RFC1034 that a name must not exist as any other

64ad864fa0f4493eebb181e393b40a8a90beccb9coar record type if it exists as a CNAME.

64ad864fa0f4493eebb181e393b40a8a90beccb9coar (The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have

64ad864fa0f4493eebb181e393b40a8a90beccb9coar RRSIG, DNSKEY and NSEC records.)

48c0c81cd6fabac9d3386406d97633780365b839coar </para>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </refsect1>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <refsect1>

48c0c81cd6fabac9d3386406d97633780365b839coar <title>FILES</title>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <variablelist>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <varlistentry>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <term><constant>/etc/resolv.conf</constant></term>

48c0c81cd6fabac9d3386406d97633780365b839coar <listitem>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <para>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar used to identify default name server

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </para>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </listitem>

48c0c81cd6fabac9d3386406d97633780365b839coar </varlistentry>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <varlistentry>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <term><constant>K{name}.+157.+{random}.key</constant></term>

48c0c81cd6fabac9d3386406d97633780365b839coar <listitem>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <para>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar base-64 encoding of HMAC-MD5 key created by

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <citerefentry>

48c0c81cd6fabac9d3386406d97633780365b839coar <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </citerefentry>.

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </para>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </listitem>

48c0c81cd6fabac9d3386406d97633780365b839coar </varlistentry>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <varlistentry>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <term><constant>K{name}.+157.+{random}.private</constant></term>

48c0c81cd6fabac9d3386406d97633780365b839coar <listitem>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <para>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar base-64 encoding of HMAC-MD5 key created by

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <citerefentry>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>

48c0c81cd6fabac9d3386406d97633780365b839coar </citerefentry>.

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </para>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </listitem>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </varlistentry>

48c0c81cd6fabac9d3386406d97633780365b839coar

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </variablelist>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </refsect1>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar

48c0c81cd6fabac9d3386406d97633780365b839coar <refsect1>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <title>SEE ALSO</title>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <para><citerefentry>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <refentrytitle>RFC2136</refentrytitle>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </citerefentry>,

48c0c81cd6fabac9d3386406d97633780365b839coar <citerefentry>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <refentrytitle>RFC3007</refentrytitle>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </citerefentry>,

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <citerefentry>

48c0c81cd6fabac9d3386406d97633780365b839coar <refentrytitle>RFC2104</refentrytitle>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </citerefentry>,

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <citerefentry>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <refentrytitle>RFC2845</refentrytitle>

48c0c81cd6fabac9d3386406d97633780365b839coar </citerefentry>,

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <citerefentry>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <refentrytitle>RFC1034</refentrytitle>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </citerefentry>,

48c0c81cd6fabac9d3386406d97633780365b839coar <citerefentry>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <refentrytitle>RFC2535</refentrytitle>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </citerefentry>,

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <citerefentry>

48c0c81cd6fabac9d3386406d97633780365b839coar <refentrytitle>RFC2931</refentrytitle>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </citerefentry>,

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <citerefentry>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>

48c0c81cd6fabac9d3386406d97633780365b839coar </citerefentry>,

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <citerefentry>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </citerefentry>.

48c0c81cd6fabac9d3386406d97633780365b839coar </para>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </refsect1>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <refsect1>

48c0c81cd6fabac9d3386406d97633780365b839coar <title>BUGS</title>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar <para>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar The TSIG key is redundantly stored in two separate files.

64ad864fa0f4493eebb181e393b40a8a90beccb9coar This is a consequence of nsupdate using the DST library

48c0c81cd6fabac9d3386406d97633780365b839coar for its cryptographic operations, and may change in future

64ad864fa0f4493eebb181e393b40a8a90beccb9coar releases.

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </para>

64ad864fa0f4493eebb181e393b40a8a90beccb9coar </refsect1>

48c0c81cd6fabac9d3386406d97633780365b839coar</refentry><!--

64ad864fa0f4493eebb181e393b40a8a90beccb9coar