bin/nsupdate/nsupdate.docbook

	nsupdate.docbook revision f5b7359c5730d39ff6eff24ae87c9c74a04c2e5c
5cd4555ad444fd391002ae32450572054369fd42Rob Austein<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
5cd4555ad444fd391002ae32450572054369fd42Rob Austein               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein           [<!ENTITY mdash "&#8212;">]>
9c49c394b4218cc9c743a372a8fcfb787f5ea8caAndreas Gustafsson<!--
a9f68291c8db8111b88442635a04dfd35221411bAutomatic Updater - Copyright (C) 2004-2011  Internet Systems Consortium, Inc. ("ISC")
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews - Copyright (C) 2000-2003  Internet Software Consortium.
9c49c394b4218cc9c743a372a8fcfb787f5ea8caAndreas Gustafsson -
ec5347e2c775f027573ce5648b910361aa926c01Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
9c49c394b4218cc9c743a372a8fcfb787f5ea8caAndreas Gustafsson - purpose with or without fee is hereby granted, provided that the above
9c49c394b4218cc9c743a372a8fcfb787f5ea8caAndreas Gustafsson - copyright notice and this permission notice appear in all copies.
9c49c394b4218cc9c743a372a8fcfb787f5ea8caAndreas Gustafsson -
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
9c49c394b4218cc9c743a372a8fcfb787f5ea8caAndreas Gustafsson-->
f5d30e2864e048a42c4dc1134993ae7efdb5d6c3Mark Andrews
a9f68291c8db8111b88442635a04dfd35221411bAutomatic Updater<!-- $Id: nsupdate.docbook,v 1.46 2011/12/16 23:46:20 tbox Exp $ -->
072440df4f65033eb058c06f2cc72be450606720Jeremy Reed<refentry id="man.nsupdate">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  <refentryinfo>
de10c46b2a714b0fb74837da7867f55cccc6d261Jeremy Reed    <date>Aug 25, 2009</date>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  </refentryinfo>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  <refmeta>
072440df4f65033eb058c06f2cc72be450606720Jeremy Reed    <refentrytitle><application>nsupdate</application></refentrytitle>
a8f6b2aa46f882c7c680b7bdab1dfb78a76787eaMark Andrews    <manvolnum>1</manvolnum>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <refmiscinfo>BIND9</refmiscinfo>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  </refmeta>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  <refnamediv>
072440df4f65033eb058c06f2cc72be450606720Jeremy Reed    <refname><application>nsupdate</application></refname>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <refpurpose>Dynamic DNS update utility</refpurpose>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  </refnamediv>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  <docinfo>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <copyright>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <year>2004</year>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <year>2005</year>
26e2a07a0b6a3b1eccef82ba31270d0c54ad4f06Mark Andrews      <year>2006</year>
c1a883f2e04d94e99c433b1f6cfd0c0338f4ed85Mark Andrews      <year>2007</year>
030aac3dbc57f99bad1d251b0783890ff0369952Automatic Updater      <year>2008</year>
d60212e03fbef1d3dd7f7eb05c0545cc373cb9fcAutomatic Updater      <year>2009</year>
1b892cf691dd0907e0e75774df102dd4d92dd877Automatic Updater      <year>2010</year>
a9f68291c8db8111b88442635a04dfd35221411bAutomatic Updater      <year>2011</year>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </copyright>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <copyright>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <year>2000</year>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <year>2001</year>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <year>2002</year>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <year>2003</year>
f5d30e2864e048a42c4dc1134993ae7efdb5d6c3Mark Andrews      <holder>Internet Software Consortium.</holder>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </copyright>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  </docinfo>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  <refsynopsisdiv>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <cmdsynopsis>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <command>nsupdate</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <arg><option>-d</option></arg>
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews      <arg><option>-D</option></arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <group>
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews    <arg><option>-g</option></arg>
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews    <arg><option>-o</option></arg>
de10c46b2a714b0fb74837da7867f55cccc6d261Jeremy Reed    <arg><option>-l</option></arg>
c6d4f781529d2f28693546b25b2967d44ec89e60Mark Andrews        <arg><option>-y <replaceable class="parameter"><optional>hmac:</optional>keyname:secret</replaceable></option></arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <arg><option>-k <replaceable class="parameter">keyfile</replaceable></option></arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      </group>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <arg><option>-t <replaceable class="parameter">timeout</replaceable></option></arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <arg><option>-u <replaceable class="parameter">udptimeout</replaceable></option></arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <arg><option>-r <replaceable class="parameter">udpretries</replaceable></option></arg>
9a41f786b167a2a6df498d5e9c699f9835e1e9dcMark Andrews      <arg><option>-R <replaceable class="parameter">randomdev</replaceable></option></arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <arg><option>-v</option></arg>
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrews      <arg><option>-T</option></arg>
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrews      <arg><option>-P</option></arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <arg>filename</arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </cmdsynopsis>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  </refsynopsisdiv>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  <refsect1>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <title>DESCRIPTION</title>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para><command>nsupdate</command>
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      is used to submit Dynamic DNS Update requests as defined in RFC 2136
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      to a name server.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      This allows resource records to be added or removed from a zone
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      without manually editing the zone file.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      A single update request can contain requests to add or remove more than
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      one
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      resource record.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      Zones that are under dynamic control via
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <command>nsupdate</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      or a DHCP server should not be edited by hand.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      Manual edits could
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      conflict with dynamic updates and cause data to be lost.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      The resource records that are dynamically added or removed with
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <command>nsupdate</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      have to be in the same zone.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      Requests are sent to the zone's master server.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      This is identified by the MNAME field of the zone's SOA record.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      The
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <option>-d</option>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      option makes
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <command>nsupdate</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      operate in debug mode.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      This provides tracing information about the update requests that are
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      made and the replies received from the name server.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews    <para>
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews      The <option>-D</option> option makes <command>nsupdate</command>
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews      report additional debugging information to <option>-d</option>.
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews    </para>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt    <para>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      The <option>-L</option> option with an integer argument of zero or
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      higher sets the logging debug level.  If zero, logging is disabled.
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para>
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews      Transaction signatures can be used to authenticate the Dynamic
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews      DNS updates.  These use the TSIG resource record type described
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      in RFC 2845 or the SIG(0) record described in RFC 2535 and
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      RFC 2931 or GSS-TSIG as described in RFC 3645.  TSIG relies on
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews      a shared secret that should only be known to
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews      <command>nsupdate</command> and the name server.  Currently,
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews      the only supported encryption algorithm for TSIG is HMAC-MD5,
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews      which is defined in RFC 2104.  Once other algorithms are
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews      defined for TSIG, applications will need to ensure they select
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews      the appropriate algorithm as well as the key when authenticating
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews      each other.  For instance, suitable <type>key</type> and
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews      <type>server</type> statements would be added to
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews      <filename>/etc/named.conf</filename> so that the name server
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews      can associate the appropriate secret key and algorithm with
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews      the IP address of the client application that will be using
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews      TSIG authentication.  SIG(0) uses public key cryptography.
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews      To use a SIG(0) key, the public key must be stored in a KEY
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews      record in a zone served by the name server.
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews      <command>nsupdate</command> does not read
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <filename>/etc/named.conf</filename>.
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt    </para>
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt    <para>
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      GSS-TSIG uses Kerberos credentials.  Standard GSS-TSIG mode
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      is switched on with the <option>-g</option> flag.  A
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      non-standards-compliant variant of GSS-TSIG used by Windows
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      2000 can be switched on with the <option>-o</option> flag.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para><command>nsupdate</command>
c6d4f781529d2f28693546b25b2967d44ec89e60Mark Andrews      uses the <option>-y</option> or <option>-k</option> option
c6d4f781529d2f28693546b25b2967d44ec89e60Mark Andrews      to provide the shared secret needed to generate a TSIG record
c6d4f781529d2f28693546b25b2967d44ec89e60Mark Andrews      for authenticating Dynamic DNS update requests, default type
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      HMAC-MD5.  These options are mutually exclusive.
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt    </para>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt    <para>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      When the <option>-y</option> option is used, a signature is
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      generated from
c6d4f781529d2f28693546b25b2967d44ec89e60Mark Andrews      <optional><parameter>hmac:</parameter></optional><parameter>keyname:secret.</parameter>
c6d4f781529d2f28693546b25b2967d44ec89e60Mark Andrews      <parameter>keyname</parameter> is the name of the key, and
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      <parameter>secret</parameter> is the base64 encoded shared secret.
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      Use of the <option>-y</option> option is discouraged because the
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      shared secret is supplied as a command line argument in clear text.
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      This may be visible in the output from
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <citerefentry>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt        <refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      </citerefentry>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      or in a history file maintained by the user's shell.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      With the
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      <option>-k</option> option, <command>nsupdate</command> reads
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      the shared secret from the file <parameter>keyfile</parameter>.
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      Keyfiles may be in two formats: a single file containing
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      a <filename>named.conf</filename>-format <command>key</command>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      statement, which may be generated automatically by
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      <command>ddns-confgen</command>, or a pair of files whose names are
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      of the format <filename>K{name}.+157.+{random}.key</filename> and
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      <filename>K{name}.+157.+{random}.private</filename>, which can be
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      generated by <command>dnssec-keygen</command>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      The <option>-k</option> may also be used to specify a SIG(0) key used
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      to authenticate Dynamic DNS update requests.  In this case, the key
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      specified is not an HMAC-MD5 key.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews    <para>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      <command>nsupdate</command> can be run in a local-host only mode
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      using the <option>-l</option> flag.  This sets the server address to
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      localhost (disabling the <command>server</command> so that the server
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      address cannot be overridden).  Connections to the local server will
535bc8112a41aac6efbb03ad12e90666bf49a373Evan Hunt      use a TSIG key found in <filename>/var/run/named/session.key</filename>,
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      which is automatically generated by <command>named</command> if any
08f860f800d32007a0c9bf456f6c35fbb2ecbc81Evan Hunt      local master zone has set <command>update-policy</command> to
08f860f800d32007a0c9bf456f6c35fbb2ecbc81Evan Hunt      <command>local</command>.  The location of this key file can be
08f860f800d32007a0c9bf456f6c35fbb2ecbc81Evan Hunt      overridden with the <option>-k</option> option.
b98225ff8a5721a998ccb440df4d261488fef163Mark Andrews    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      By default, <command>nsupdate</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      uses UDP to send update requests to the name server unless they are too
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      large to fit in a UDP request in which case TCP will be used.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      The
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <option>-v</option>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      option makes
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <command>nsupdate</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      use a TCP connection.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      This may be preferable when a batch of update requests is made.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt    <para>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      The <option>-p</option> sets the default port number to use for
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      connections to a name server.  The default is 53.
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para>
561a29af8c54a216e7d30b5b4f6e0d21661654ecMark Andrews      The <option>-t</option> option sets the maximum time an update request
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      can
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      take before it is aborted.  The default is 300 seconds.  Zero can be
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      used
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      to disable the timeout.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      The <option>-u</option> option sets the UDP retry interval.  The default
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      is
561a29af8c54a216e7d30b5b4f6e0d21661654ecMark Andrews      3 seconds.  If zero, the interval will be computed from the timeout
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      interval
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      and number of UDP retries.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      The <option>-r</option> option sets the number of UDP retries. The
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      default is
561a29af8c54a216e7d30b5b4f6e0d21661654ecMark Andrews      3.  If zero, only one update request will be made.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
9a41f786b167a2a6df498d5e9c699f9835e1e9dcMark Andrews    <para>
9a41f786b167a2a6df498d5e9c699f9835e1e9dcMark Andrews      The <option>-R <replaceable
9a41f786b167a2a6df498d5e9c699f9835e1e9dcMark Andrews      class="parameter">randomdev</replaceable></option> option
9a41f786b167a2a6df498d5e9c699f9835e1e9dcMark Andrews      specifies a source of randomness.  If the operating system
9a41f786b167a2a6df498d5e9c699f9835e1e9dcMark Andrews      does not provide a <filename>/dev/random</filename> or
9a41f786b167a2a6df498d5e9c699f9835e1e9dcMark Andrews      equivalent device, the default source of randomness is keyboard
9a41f786b167a2a6df498d5e9c699f9835e1e9dcMark Andrews      input.  <filename>randomdev</filename> specifies the name of
9a41f786b167a2a6df498d5e9c699f9835e1e9dcMark Andrews      a character device or file containing random data to be used
9a41f786b167a2a6df498d5e9c699f9835e1e9dcMark Andrews      instead of the default.  The special value
9a41f786b167a2a6df498d5e9c699f9835e1e9dcMark Andrews      <filename>keyboard</filename> indicates that keyboard input
9a41f786b167a2a6df498d5e9c699f9835e1e9dcMark Andrews      should be used.  This option may be specified multiple times.
9a41f786b167a2a6df498d5e9c699f9835e1e9dcMark Andrews    </para>
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrews    <para>
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrews      The <option>-T</option> and <option>-P</option> print out a
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrews      lists of non-meta types for which the type specific presentation
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrews      format is known.  <option>-T</option> prints out the list of
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrews      assigned types.  <option>-P</option> prints out the list of
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrews      private types.  These options may be combined.  nsupdate will
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrews      exit after the lists are printed.
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrews    </para>
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrews    <para>
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrews      Other types can be entered using "TYPEXXXXX" where "XXXXX" is the
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrews      decimal value of the type with no leading zeros.  The rdata,
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrews      if present, will be parsed using the UNKNOWN rdata format,
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrews      (&lt;backslash&gt; &lt;hash&gt; &lt;space&gt; &lt;length&gt;
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrews      &lt;space&gt; &lt;hexstring&gt;).
f5b7359c5730d39ff6eff24ae87c9c74a04c2e5cMark Andrews    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  </refsect1>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  <refsect1>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <title>INPUT FORMAT</title>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para><command>nsupdate</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      reads input from
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <parameter>filename</parameter>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      or standard input.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      Each command is supplied on exactly one line of input.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      Some commands are for administrative purposes.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      The others are either update instructions or prerequisite checks on the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      contents of the zone.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      These checks set conditions that some name or set of
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      resource records (RRset) either exists or is absent from the zone.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      These conditions must be met if the entire update request is to succeed.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      Updates will be rejected if the tests for the prerequisite conditions
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      fail.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      Every update request consists of zero or more prerequisites
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      and zero or more updates.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      This allows a suitably authenticated update request to proceed if some
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      specified resource records are present or missing from the zone.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      A blank input line (or the <command>send</command> command)
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      causes the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      accumulated commands to be sent as one Dynamic DNS update request to the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      name server.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      The command formats and their meaning are as follows:
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <variablelist>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <varlistentry>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein          <term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <command>server</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="req">servername</arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="opt">port</arg>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein            </term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              Sends all dynamic update requests to the name server
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>servername</parameter>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              When no server statement is provided,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <command>nsupdate</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              will send updates to the master server of the correct zone.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              The MNAME field of that zone's SOA record will identify the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              master
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              server for that zone.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>port</parameter>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              is the port number on
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>servername</parameter>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              where the dynamic update requests get sent.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              If no port number is specified, the default DNS port number of
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              53 is
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              used.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <varlistentry>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein          <term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <command>local</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="req">address</arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="opt">port</arg>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein            </term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              Sends all dynamic update requests using the local
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>address</parameter>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              When no local statement is provided,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <command>nsupdate</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              will send updates using an address and port chosen by the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              system.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>port</parameter>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              can additionally be used to make requests come from a specific
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              port.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              If no port number is specified, the system will assign one.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <varlistentry>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein          <term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <command>zone</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="req">zonename</arg>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein            </term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              Specifies that all updates are to be made to the zone
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>zonename</parameter>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              If no
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>zone</parameter>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              statement is provided,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <command>nsupdate</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              will attempt determine the correct zone to update based on the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              rest of the input.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <varlistentry>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein          <term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <command>class</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="req">classname</arg>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein            </term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              Specify the default class.
561a29af8c54a216e7d30b5b4f6e0d21661654ecMark Andrews              If no <parameter>class</parameter> is specified, the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              default class is
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>IN</parameter>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews        <varlistentry>
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews          <term>
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews              <command>ttl</command>
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews              <arg choice="req">seconds</arg>
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews            </term>
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews          <listitem>
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews            <para>
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews              Specify the default time to live for records to be added.
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews          The value <parameter>none</parameter> will clear the default
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews          ttl.
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews            </para>
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews          </listitem>
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews        </varlistentry>
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <varlistentry>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein          <term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <command>key</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="req">name</arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="req">secret</arg>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein            </term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            <para>
561a29af8c54a216e7d30b5b4f6e0d21661654ecMark Andrews              Specifies that all updates are to be TSIG-signed using the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>keyname</parameter> <parameter>keysecret</parameter> pair.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              The <command>key</command> command
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              overrides any key specified on the command line via
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <option>-y</option> or <option>-k</option>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt        <varlistentry>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          <term>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt            <command>gsstsig</command>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          </term>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          <listitem>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt            <para>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          Use GSS-TSIG to sign the updated.  This is equivalent to
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          specifying <option>-g</option> on the commandline.
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt            </para>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          </listitem>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt        </varlistentry>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt        <varlistentry>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          <term>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt            <command>oldgsstsig</command>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          </term>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          <listitem>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt            <para>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          Use the Windows 2000 version of GSS-TSIG to sign the updated.
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          This is equivalent to specifying <option>-o</option> on the
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          commandline.
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt            </para>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          </listitem>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt        </varlistentry>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt        <varlistentry>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          <term>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt            <command>realm</command>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt            <arg choice="req"><optional>realm_name</optional></arg>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          </term>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          <listitem>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt            <para>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          When using GSS-TSIG use <parameter>realm_name</parameter> rather
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          than the default realm in <filename>krb5.conf</filename>.  If no
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          realm is specified the saved realm is cleared.
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt            </para>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt          </listitem>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt        </varlistentry>
bf9b852c3eaf2c9847f926751b57a06f1ae3d72aEvan Hunt
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <varlistentry>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein          <term>
1d32b1df372d6be6bac6450739b9e5ea23819995Evan Hunt              <command><optional>prereq</optional> nxdomain</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="req">domain-name</arg>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein            </term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              Requires that no resource record of any type exists with name
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>domain-name</parameter>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <varlistentry>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein          <term>
1d32b1df372d6be6bac6450739b9e5ea23819995Evan Hunt              <command><optional>prereq</optional> yxdomain</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="req">domain-name</arg>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein            </term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              Requires that
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>domain-name</parameter>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              exists (has as at least one resource record, of any type).
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <varlistentry>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein          <term>
1d32b1df372d6be6bac6450739b9e5ea23819995Evan Hunt              <command><optional>prereq</optional> nxrrset</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="req">domain-name</arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="opt">class</arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="req">type</arg>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein            </term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              Requires that no resource record exists of the specified
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>type</parameter>,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>class</parameter>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              and
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>domain-name</parameter>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              If
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>class</parameter>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              is omitted, IN (internet) is assumed.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <varlistentry>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein          <term>
1d32b1df372d6be6bac6450739b9e5ea23819995Evan Hunt              <command><optional>prereq</optional> yxrrset</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="req">domain-name</arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="opt">class</arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="req">type</arg>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein            </term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              This requires that a resource record of the specified
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>type</parameter>,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>class</parameter>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              and
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>domain-name</parameter>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              must exist.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              If
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>class</parameter>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              is omitted, IN (internet) is assumed.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <varlistentry>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein          <term>
1d32b1df372d6be6bac6450739b9e5ea23819995Evan Hunt              <command><optional>prereq</optional> yxrrset</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="req">domain-name</arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="opt">class</arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="req">type</arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="req" rep="repeat">data</arg>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein            </term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              The
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>data</parameter>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              from each set of prerequisites of this form
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              sharing a common
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>type</parameter>,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>class</parameter>,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              and
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>domain-name</parameter>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              are combined to form a set of RRs.  This set of RRs must
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              exactly match the set of RRs existing in the zone at the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              given
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>type</parameter>,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>class</parameter>,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              and
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>domain-name</parameter>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              The
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>data</parameter>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              are written in the standard text representation of the resource
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              record's
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              RDATA.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <varlistentry>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein          <term>
1d32b1df372d6be6bac6450739b9e5ea23819995Evan Hunt              <command><optional>update</optional> del<optional>ete</optional></command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="req">domain-name</arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="opt">ttl</arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="opt">class</arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="opt">type <arg choice="opt" rep="repeat">data</arg></arg>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein            </term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              Deletes any resource records named
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>domain-name</parameter>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              If
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>type</parameter>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              and
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>data</parameter>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              is provided, only matching resource records will be removed.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              The internet class is assumed if
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>class</parameter>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              is not supplied.  The
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>ttl</parameter>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              is ignored, and is only allowed for compatibility.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <varlistentry>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein          <term>
1d32b1df372d6be6bac6450739b9e5ea23819995Evan Hunt              <command><optional>update</optional> add</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="req">domain-name</arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="req">ttl</arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="opt">class</arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="req">type</arg>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <arg choice="req" rep="repeat">data</arg>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein            </term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              Adds a new resource record with the specified
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>ttl</parameter>,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>class</parameter>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              and
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <parameter>data</parameter>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <varlistentry>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein          <term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <command>show</command>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein            </term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              Displays the current message, containing all of the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              prerequisites and
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              updates specified since the last send.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <varlistentry>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein          <term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <command>send</command>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein            </term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              Sends the current message.  This is equivalent to entering a
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              blank line.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <varlistentry>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein          <term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <command>answer</command>
8d709e3ee443222cd35e44eadc9a4c0a8d92fec2Rob Austein            </term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              Displays the answer.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews        <varlistentry>
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews          <term>
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews              <command>debug</command>
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews            </term>
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews          <listitem>
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews            <para>
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews              Turn on debugging.
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews            </para>
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews          </listitem>
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews        </varlistentry>
21d493fc392d472086ad3c7c4563b7cadcb06788Mark Andrews
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      </variablelist>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      Lines beginning with a semicolon are comments and are ignored.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  </refsect1>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  <refsect1>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <title>EXAMPLES</title>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      The examples below show how
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <command>nsupdate</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      could be used to insert and delete resource records from the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <type>example.com</type>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      zone.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      Notice that the input in each example contains a trailing blank line so
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      that
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      a group of commands are sent as one dynamic update request to the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      master name server for
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <type>example.com</type>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <programlisting>
9c49c394b4218cc9c743a372a8fcfb787f5ea8caAndreas Gustafsson# nsupdate
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein&gt; update delete oldhost.example.com A
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein&gt; update add newhost.example.com 86400 A 172.16.1.1
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein&gt; send
9c49c394b4218cc9c743a372a8fcfb787f5ea8caAndreas Gustafsson</programlisting>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      Any A records for
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <type>oldhost.example.com</type>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      are deleted.
561a29af8c54a216e7d30b5b4f6e0d21661654ecMark Andrews      And an A record for
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <type>newhost.example.com</type>
561a29af8c54a216e7d30b5b4f6e0d21661654ecMark Andrews      with IP address 172.16.1.1 is added.
561a29af8c54a216e7d30b5b4f6e0d21661654ecMark Andrews      The newly-added record has a 1 day TTL (86400 seconds).
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <programlisting>
9c49c394b4218cc9c743a372a8fcfb787f5ea8caAndreas Gustafsson# nsupdate
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein&gt; prereq nxdomain nickname.example.com
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein&gt; update add nickname.example.com 86400 CNAME somehost.example.com
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein&gt; send
9c49c394b4218cc9c743a372a8fcfb787f5ea8caAndreas Gustafsson</programlisting>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      The prerequisite condition gets the name server to check that there
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      are no resource records of any type for
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <type>nickname.example.com</type>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      If there are, the update request fails.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      If this name does not exist, a CNAME for it is added.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      This ensures that when the CNAME is added, it cannot conflict with the
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      long-standing rule in RFC 1034 that a name must not exist as any other
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      record type if it exists as a CNAME.
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      (The rule has been updated for DNSSEC in RFC 2535 to allow CNAMEs to have
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      RRSIG, DNSKEY and NSEC records.)
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  </refsect1>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  <refsect1>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <title>FILES</title>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <variablelist>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <term><constant>/etc/resolv.conf</constant></term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            used to identify default name server
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      </varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      <varlistentry>
535bc8112a41aac6efbb03ad12e90666bf49a373Evan Hunt        <term><constant>/var/run/named/session.key</constant></term>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt        <listitem>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt          <para>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt            sets the default TSIG key for use in local-only mode
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt          </para>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt        </listitem>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      </varlistentry>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <term><constant>K{name}.+157.+{random}.key</constant></term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            base-64 encoding of HMAC-MD5 key created by
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            <citerefentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            </citerefentry>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      </varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <term><constant>K{name}.+157.+{random}.private</constant></term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            base-64 encoding of HMAC-MD5 key created by
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            <citerefentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            </citerefentry>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      </varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </variablelist>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  </refsect1>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  <refsect1>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <title>SEE ALSO</title>
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt    <para>
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      <citetitle>RFC 2136</citetitle>,
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      <citetitle>RFC 3007</citetitle>,
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      <citetitle>RFC 2104</citetitle>,
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      <citetitle>RFC 2845</citetitle>,
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      <citetitle>RFC 1034</citetitle>,
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      <citetitle>RFC 2535</citetitle>,
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt      <citetitle>RFC 2931</citetitle>,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <citerefentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      </citerefentry>,
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      <citerefentry>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt        <refentrytitle>ddns-confgen</refentrytitle><manvolnum>8</manvolnum>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt      </citerefentry>,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <citerefentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      </citerefentry>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  </refsect1>
8f7de3db7ec299ddeded142905f5eb1f22076353Evan Hunt
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  <refsect1>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <title>BUGS</title>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      The TSIG key is redundantly stored in two separate files.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      This is a consequence of nsupdate using the DST library
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      for its cryptographic operations, and may change in future
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      releases.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  </refsect1>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein</refentry><!--
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein - Local variables:
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein - mode: sgml
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein - End:
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein-->