nsupdate.docbook revision 0af994c26ff2462f9186ce0d694c37a4bcbd971d
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reed<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reed - Copyright (C) 2001 Internet Software Consortium.
938440694b33cd752e9e4b71a526368b4811c177Tinderbox User - Permission to use, copy, modify, and distribute this software for any
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reed - purpose with or without fee is hereby granted, provided that the above
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reed - copyright notice and this permission notice appear in all copies.
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reed - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reed - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reed - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reed - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reed - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reed - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reed - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reed - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reed<!-- $Id: nsupdate.docbook,v 1.6 2001/07/02 18:48:26 gson Exp $ -->
1753d3c4d74241a847794f7e7cfd94cc79be6600Evan Hunt<refentryinfo>
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reed</refentryinfo>
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reed<refpurpose>Dynamic DNS update utility</refpurpose>
938440694b33cd752e9e4b71a526368b4811c177Tinderbox User<refsynopsisdiv>
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reed<cmdsynopsis>
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reed <arg><option>-y <replaceable class="parameter">keyname:secret</replaceable></option></arg>
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reed <arg><option>-k <replaceable class="parameter">keyfile</replaceable></option></arg>
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reed</cmdsynopsis>
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reed</refsynopsisdiv>
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedis used to submit Dynamic DNS Update requests as defined in RFC2136
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedto a name server.
6db1357c34f26079dc2516b02d712df228e3db99Jeremy ReedThis allows resource records to be added or removed from a zone
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedwithout manually editing the zone file.
6db1357c34f26079dc2516b02d712df228e3db99Jeremy ReedA single update request can contain requests to add or remove more than one
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedresource record.
6db1357c34f26079dc2516b02d712df228e3db99Jeremy ReedZones that are under dynamic control via
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedor a DHCP server should not be edited by hand.
6db1357c34f26079dc2516b02d712df228e3db99Jeremy ReedManual edits could
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedconflict with dynamic updates and cause data to be lost.
6db1357c34f26079dc2516b02d712df228e3db99Jeremy ReedThe resource records that are dynamically added or removed with
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedhave to be in the same zone.
6db1357c34f26079dc2516b02d712df228e3db99Jeremy ReedRequests are sent to the zone's master server.
6db1357c34f26079dc2516b02d712df228e3db99Jeremy ReedThis is identified by the MNAME field of the zone's SOA record.
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedoperate in debug mode.
6db1357c34f26079dc2516b02d712df228e3db99Jeremy ReedThis provides tracing information about the update requests that are
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedmade and the replies received from the name server.
6db1357c34f26079dc2516b02d712df228e3db99Jeremy ReedTransaction signatures can be used to authenticate the Dynamic DNS
6db1357c34f26079dc2516b02d712df228e3db99Jeremy ReedThese use the TSIG resource record type described in RFC2845.
6db1357c34f26079dc2516b02d712df228e3db99Jeremy ReedThe signatures rely on a shared secret that should only be known to
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedand the name server.
6db1357c34f26079dc2516b02d712df228e3db99Jeremy ReedCurrently, the only supported encryption algorithm for TSIG is
6db1357c34f26079dc2516b02d712df228e3db99Jeremy ReedHMAC-MD5, which is defined in RFC 2104.
6db1357c34f26079dc2516b02d712df228e3db99Jeremy ReedOnce other algorithms are defined for TSIG, applications will need to
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedensure they select the appropriate algorithm as well as the key when
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedauthenticating each other.
6db1357c34f26079dc2516b02d712df228e3db99Jeremy ReedFor instance suitable
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedstatements would be added to
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedso that the name server can associate the appropriate secret key
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedand algorithm with the IP address of the
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedclient application that will be using TSIG authentication.
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reeddoes not read
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedoption to provide the shared secret needed to generate a TSIG record
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedfor authenticating Dynamic DNS update requests.
6db1357c34f26079dc2516b02d712df228e3db99Jeremy ReedThese options are mutually exclusive.
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedreads the shared secret from the file
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedwhose name is of the form
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reed<filename>K{name}.+157.+{random}.private</filename>.
6db1357c34f26079dc2516b02d712df228e3db99Jeremy ReedFor historical
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedreasons, the file
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedmust also be present. When the
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedoption is used, a signature is generated from
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedis the name of the key,
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedis the base64 encoded shared secret.
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedoption is discouraged because the shared secret is supplied as a command
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedline argument in clear text.
6db1357c34f26079dc2516b02d712df228e3db99Jeremy ReedThis may be visible in the output from
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reed<citerefentry>
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reed</citerefentry>
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reedor in a history file maintained by the user's shell.
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reeduses UDP to send update requests to the name server.
6db1357c34f26079dc2516b02d712df228e3db99Jeremy Reeduse a TCP connection.
6db1357c34f26079dc2516b02d712df228e3db99Jeremy ReedThis may be preferable when a batch of update requests is made.
> update delete oldhost.example.com A
> update add newhost.example.com 86400 A 172.16.1.1
> prereq nxdomain nickname.example.com