bin/nsupdate/nsupdate.docbook

	nsupdate.docbook revision 5fa46bc91672ef5737aee6f99763161511566c24
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
990d0e893f5b70e735cdf990af66e9ec6e91fa78Tinderbox User               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
75c0816e8295e180f4bc7f10db3d0d880383bc1cMark Andrews           [<!ENTITY mdash "&#8212;">]>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!--
4a14ce5ba00ab7bc55c99ffdcf59c7a4ab902721Automatic Updater - Copyright (C) 2004-2012  Internet Systems Consortium, Inc. ("ISC")
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - Copyright (C) 2000-2003  Internet Software Consortium.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein -
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - Permission to use, copy, modify, and/or distribute this software for any
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - purpose with or without fee is hereby granted, provided that the above
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - copyright notice and this permission notice appear in all copies.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein -
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
ea94d370123a5892f6c47a97f21d1b28d44bb168Tinderbox User - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - PERFORMANCE OF THIS SOFTWARE.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein-->
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!-- $Id$ -->
e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews<refentry id="man.nsupdate">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <refentryinfo>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <date>Aug 25, 2009</date>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </refentryinfo>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <refmeta>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <refentrytitle><application>nsupdate</application></refentrytitle>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <manvolnum>1</manvolnum>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <refmiscinfo>BIND9</refmiscinfo>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </refmeta>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews  <refnamediv>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <refname><application>nsupdate</application></refname>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <refpurpose>Dynamic DNS update utility</refpurpose>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </refnamediv>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <docinfo>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <copyright>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <year>2004</year>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <year>2005</year>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <year>2006</year>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <year>2007</year>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <year>2008</year>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <year>2009</year>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews      <year>2010</year>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <year>2011</year>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <year>2012</year>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </copyright>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <copyright>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <year>2000</year>
5fa6a064b8301e4f274bd132fd577def59e4fb4cTinderbox User      <year>2001</year>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <year>2002</year>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <year>2003</year>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <holder>Internet Software Consortium.</holder>
5fa6a064b8301e4f274bd132fd577def59e4fb4cTinderbox User    </copyright>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </docinfo>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
5fa6a064b8301e4f274bd132fd577def59e4fb4cTinderbox User  <refsynopsisdiv>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <cmdsynopsis>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <command>nsupdate</command>
5fa6a064b8301e4f274bd132fd577def59e4fb4cTinderbox User      <arg><option>-d</option></arg>
5fa6a064b8301e4f274bd132fd577def59e4fb4cTinderbox User      <arg><option>-D</option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <group>
5fa6a064b8301e4f274bd132fd577def59e4fb4cTinderbox User    <arg><option>-g</option></arg>
5fa6a064b8301e4f274bd132fd577def59e4fb4cTinderbox User    <arg><option>-o</option></arg>
5fa6a064b8301e4f274bd132fd577def59e4fb4cTinderbox User    <arg><option>-l</option></arg>
5fa6a064b8301e4f274bd132fd577def59e4fb4cTinderbox User        <arg><option>-y <replaceable class="parameter"><optional>hmac:</optional>keyname:secret</replaceable></option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <arg><option>-k <replaceable class="parameter">keyfile</replaceable></option></arg>
5fa6a064b8301e4f274bd132fd577def59e4fb4cTinderbox User      </group>
5fa6a064b8301e4f274bd132fd577def59e4fb4cTinderbox User      <arg><option>-t <replaceable class="parameter">timeout</replaceable></option></arg>
5fa6a064b8301e4f274bd132fd577def59e4fb4cTinderbox User      <arg><option>-u <replaceable class="parameter">udptimeout</replaceable></option></arg>
5fa6a064b8301e4f274bd132fd577def59e4fb4cTinderbox User      <arg><option>-r <replaceable class="parameter">udpretries</replaceable></option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <arg><option>-R <replaceable class="parameter">randomdev</replaceable></option></arg>
5fa6a064b8301e4f274bd132fd577def59e4fb4cTinderbox User      <arg><option>-v</option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <arg><option>-T</option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <arg><option>-P</option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <arg>filename</arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </cmdsynopsis>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </refsynopsisdiv>
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater
78ec962d9828200d18cd0e41b7d6b9792a74923dTinderbox User  <refsect1>
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater    <title>DESCRIPTION</title>
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater    <para><command>nsupdate</command>
78ec962d9828200d18cd0e41b7d6b9792a74923dTinderbox User      is used to submit Dynamic DNS Update requests as defined in RFC 2136
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater      to a name server.
78ec962d9828200d18cd0e41b7d6b9792a74923dTinderbox User      This allows resource records to be added or removed from a zone
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater      without manually editing the zone file.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      A single update request can contain requests to add or remove more than
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      one
78ec962d9828200d18cd0e41b7d6b9792a74923dTinderbox User      resource record.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <para>
78ec962d9828200d18cd0e41b7d6b9792a74923dTinderbox User      Zones that are under dynamic control via
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <command>nsupdate</command>
78ec962d9828200d18cd0e41b7d6b9792a74923dTinderbox User      or a DHCP server should not be edited by hand.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Manual edits could
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      conflict with dynamic updates and cause data to be lost.
78ec962d9828200d18cd0e41b7d6b9792a74923dTinderbox User    </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <para>
78ec962d9828200d18cd0e41b7d6b9792a74923dTinderbox User      The resource records that are dynamically added or removed with
78ec962d9828200d18cd0e41b7d6b9792a74923dTinderbox User      <command>nsupdate</command>
78ec962d9828200d18cd0e41b7d6b9792a74923dTinderbox User      have to be in the same zone.
7208386cd37a2092c70eddf80cf29519b16c4c80Mark Andrews      Requests are sent to the zone's master server.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      This is identified by the MNAME field of the zone's SOA record.
507151045be68c671ffd4e2f37e17cdfa0376fc4Automatic Updater    </para>
507151045be68c671ffd4e2f37e17cdfa0376fc4Automatic Updater    <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      The
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <option>-d</option>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      option makes
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews      <command>nsupdate</command>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews      operate in debug mode.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      This provides tracing information about the update requests that are
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews      made and the replies received from the name server.
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews    </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      The <option>-D</option> option makes <command>nsupdate</command>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews      report additional debugging information to <option>-d</option>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <para>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews      The <option>-L</option> option with an integer argument of zero or
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      higher sets the logging debug level.  If zero, logging is disabled.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Transaction signatures can be used to authenticate the Dynamic
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      DNS updates.  These use the TSIG resource record type described
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      in RFC 2845 or the SIG(0) record described in RFC 2535 and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      RFC 2931 or GSS-TSIG as described in RFC 3645.  TSIG relies on
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      a shared secret that should only be known to
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews      <command>nsupdate</command> and the name server.  Currently,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      the only supported encryption algorithm for TSIG is HMAC-MD5,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      which is defined in RFC 2104.  Once other algorithms are
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      defined for TSIG, applications will need to ensure they select
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      the appropriate algorithm as well as the key when authenticating
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      each other.  For instance, suitable <type>key</type> and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <type>server</type> statements would be added to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <filename>/etc/named.conf</filename> so that the name server
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      can associate the appropriate secret key and algorithm with
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      the IP address of the client application that will be using
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      TSIG authentication.  SIG(0) uses public key cryptography.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      To use a SIG(0) key, the public key must be stored in a KEY
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      record in a zone served by the name server.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <command>nsupdate</command> does not read
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <filename>/etc/named.conf</filename>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      GSS-TSIG uses Kerberos credentials.  Standard GSS-TSIG mode
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      is switched on with the <option>-g</option> flag.  A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      non-standards-compliant variant of GSS-TSIG used by Windows
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      2000 can be switched on with the <option>-o</option> flag.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <para><command>nsupdate</command>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      uses the <option>-y</option> or <option>-k</option> option
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      to provide the shared secret needed to generate a TSIG record
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      for authenticating Dynamic DNS update requests, default type
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      HMAC-MD5.  These options are mutually exclusive.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      When the <option>-y</option> option is used, a signature is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      generated from
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <optional><parameter>hmac:</parameter></optional><parameter>keyname:secret.</parameter>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <parameter>keyname</parameter> is the name of the key, and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <parameter>secret</parameter> is the base64 encoded shared secret.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Use of the <option>-y</option> option is discouraged because the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      shared secret is supplied as a command line argument in clear text.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      This may be visible in the output from
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <citerefentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      </citerefentry>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      or in a history file maintained by the user's shell.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    </para>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews    <para>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      With the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <option>-k</option> option, <command>nsupdate</command> reads
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      the shared secret from the file <parameter>keyfile</parameter>.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      Keyfiles may be in two formats: a single file containing
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews      a <filename>named.conf</filename>-format <command>key</command>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      statement, which may be generated automatically by
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <command>ddns-confgen</command>, or a pair of files whose names are
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      of the format <filename>K{name}.+157.+{random}.key</filename> and
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      <filename>K{name}.+157.+{random}.private</filename>, which can be
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      generated by <command>dnssec-keygen</command>.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      The <option>-k</option> may also be used to specify a SIG(0) key used
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews      to authenticate Dynamic DNS update requests.  In this case, the key
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      specified is not an HMAC-MD5 key.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <command>nsupdate</command> can be run in a local-host only mode
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      using the <option>-l</option> flag.  This sets the server address to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      localhost (disabling the <command>server</command> so that the server
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      address cannot be overridden).  Connections to the local server will
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      use a TSIG key found in <filename>/var/run/named/session.key</filename>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      which is automatically generated by <command>named</command> if any
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      local master zone has set <command>update-policy</command> to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <command>local</command>.  The location of this key file can be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      overridden with the <option>-k</option> option.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </para>
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater    <para>
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater      By default, <command>nsupdate</command>
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater      uses UDP to send update requests to the name server unless they are too
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater      large to fit in a UDP request in which case TCP will be used.
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater      The
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater      <option>-v</option>
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater      option makes
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater      <command>nsupdate</command>
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater      use a TCP connection.
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater      This may be preferable when a batch of update requests is made.
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater    </para>
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater    <para>
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater      The <option>-p</option> sets the default port number to use for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      connections to a name server.  The default is 53.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      The <option>-t</option> option sets the maximum time an update request
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      can
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      take before it is aborted.  The default is 300 seconds.  Zero can be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      used
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      to disable the timeout.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      The <option>-u</option> option sets the UDP retry interval.  The default
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      3 seconds.  If zero, the interval will be computed from the timeout
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      interval
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      and number of UDP retries.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      The <option>-r</option> option sets the number of UDP retries. The
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      default is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      3.  If zero, only one update request will be made.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      The <option>-R <replaceable
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      class="parameter">randomdev</replaceable></option> option
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      specifies a source of randomness.  If the operating system
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      does not provide a <filename>/dev/random</filename> or
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      equivalent device, the default source of randomness is keyboard
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      input.  <filename>randomdev</filename> specifies the name of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      a character device or file containing random data to be used
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      instead of the default.  The special value
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <filename>keyboard</filename> indicates that keyboard input
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      should be used.  This option may be specified multiple times.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Other types can be entered using "TYPEXXXXX" where "XXXXX" is the
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews      decimal value of the type with no leading zeros.  The rdata,
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews      if present, will be parsed using the UNKNOWN rdata format,
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews      (&lt;backslash&gt; &lt;hash&gt; &lt;space&gt; &lt;length&gt;
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews      &lt;space&gt; &lt;hexstring&gt;).
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews    </para>
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews    <para>
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews      The <option>-T</option> and <option>-P</option> options print out
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews      lists of non-meta types for which the type-specific presentation
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews      formats are known.  <option>-T</option> prints out the list of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      IANA-assigned types.  <option>-P</option> prints out the list of
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews      private types specific to <command>named</command>.  These options
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews      may be combined.  <command>nsupdate</command> will exit after the
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews      lists are printed.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </para>
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews  </refsect1>
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews  <refsect1>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <title>INPUT FORMAT</title>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <para><command>nsupdate</command>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      reads input from
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <parameter>filename</parameter>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      or standard input.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Each command is supplied on exactly one line of input.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Some commands are for administrative purposes.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      The others are either update instructions or prerequisite checks on the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      contents of the zone.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      These checks set conditions that some name or set of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      resource records (RRset) either exists or is absent from the zone.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      These conditions must be met if the entire update request is to succeed.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Updates will be rejected if the tests for the prerequisite conditions
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      fail.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <para>
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User      Every update request consists of zero or more prerequisites
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User      and zero or more updates.
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User      This allows a suitably authenticated update request to proceed if some
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User      specified resource records are present or missing from the zone.
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User      A blank input line (or the <command>send</command> command)
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User      causes the
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User      accumulated commands to be sent as one Dynamic DNS update request to the
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User      name server.
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User    </para>
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User    <para>
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User      The command formats and their meaning are as follows:
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User      <variablelist>
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User        <varlistentry>
3a32ac2a720653083c7a22cb654b86c398f6d4c8Tinderbox User          <term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <command>server</command>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <arg choice="req">servername</arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <arg choice="opt">port</arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            </term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              Sends all dynamic update requests to the name server
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <parameter>servername</parameter>.
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews              When no server statement is provided,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <command>nsupdate</command>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              will send updates to the master server of the correct zone.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              The MNAME field of that zone's SOA record will identify the
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews              master
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              server for that zone.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <parameter>port</parameter>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              is the port number on
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <parameter>servername</parameter>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              where the dynamic update requests get sent.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              If no port number is specified, the default DNS port number of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              53 is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              used.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <command>local</command>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <arg choice="req">address</arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <arg choice="opt">port</arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            </term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              Sends all dynamic update requests using the local
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <parameter>address</parameter>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews              When no local statement is provided,
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews              <command>nsupdate</command>
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews              will send updates using an address and port chosen by the
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews              system.
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews              <parameter>port</parameter>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              can additionally be used to make requests come from a specific
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              port.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              If no port number is specified, the system will assign one.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <command>zone</command>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <arg choice="req">zonename</arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            </term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              Specifies that all updates are to be made to the zone
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <parameter>zonename</parameter>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              If no
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <parameter>zone</parameter>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              statement is provided,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <command>nsupdate</command>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              will attempt determine the correct zone to update based on the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              rest of the input.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <command>class</command>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <arg choice="req">classname</arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            </term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              Specify the default class.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              If no <parameter>class</parameter> is specified, the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              default class is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <parameter>IN</parameter>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            </para>
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews          </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <command>ttl</command>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <arg choice="req">seconds</arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            </term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              Specify the default time to live for records to be added.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          The value <parameter>none</parameter> will clear the default
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          ttl.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <command>key</command>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <arg choice="req">name</arg>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater              <arg choice="req">secret</arg>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater            </term>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater          <listitem>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater            <para>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater              Specifies that all updates are to be TSIG-signed using the
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater              <parameter>keyname</parameter> <parameter>keysecret</parameter> pair.
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater              The <command>key</command> command
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater              overrides any key specified on the command line via
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater              <option>-y</option> or <option>-k</option>.
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater            </para>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater          </listitem>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater        </varlistentry>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater        <varlistentry>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater          <term>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater            <command>gsstsig</command>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater          </term>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater          <listitem>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater            <para>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater          Use GSS-TSIG to sign the updated.  This is equivalent to
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater          specifying <option>-g</option> on the commandline.
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater            </para>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater          </listitem>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater        </varlistentry>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater        <varlistentry>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater          <term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <command>oldgsstsig</command>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          Use the Windows 2000 version of GSS-TSIG to sign the updated.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          This is equivalent to specifying <option>-o</option> on the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          commandline.
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User            </para>
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User          </listitem>
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User        </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews        <varlistentry>
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User          <term>
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User            <command>realm</command>
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User            <arg choice="req"><optional>realm_name</optional></arg>
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User          </term>
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User          <listitem>
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User            <para>
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User          When using GSS-TSIG use <parameter>realm_name</parameter> rather
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User          than the default realm in <filename>krb5.conf</filename>.  If no
a24330c4805a224191ab687d0291963062fe3355Tinderbox User          realm is specified the saved realm is cleared.
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User            </para>
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User          </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User        <varlistentry>
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User          <term>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews              <command><optional>prereq</optional> nxdomain</command>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews              <arg choice="req">domain-name</arg>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews            </term>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews          <listitem>
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User            <para>
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User              Requires that no resource record of any type exists with name
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User              <parameter>domain-name</parameter>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </listitem>
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User        </varlistentry>
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User
bae169ea64bf736d6ea6074c2af3d7c117079972Tinderbox User
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User        <varlistentry>
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User          <term>
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User              <command><optional>prereq</optional> yxdomain</command>
dad65f7c93330a10705384739dff3a6d4dfe1e70Tinderbox User              <arg choice="req">domain-name</arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            </term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              Requires that
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <parameter>domain-name</parameter>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              exists (has as at least one resource record, of any type).
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <command><optional>prereq</optional> nxrrset</command>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <arg choice="req">domain-name</arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <arg choice="opt">class</arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <arg choice="req">type</arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            </term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              Requires that no resource record exists of the specified
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <parameter>type</parameter>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <parameter>class</parameter>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <parameter>domain-name</parameter>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              If
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <parameter>class</parameter>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              is omitted, IN (internet) is assumed.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <command><optional>prereq</optional> yxrrset</command>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <arg choice="req">domain-name</arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <arg choice="opt">class</arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <arg choice="req">type</arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            </term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              This requires that a resource record of the specified
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <parameter>type</parameter>,
5fa6a064b8301e4f274bd132fd577def59e4fb4cTinderbox User              <parameter>class</parameter>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <parameter>domain-name</parameter>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              must exist.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce              If
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <parameter>class</parameter>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              is omitted, IN (internet) is assumed.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </listitem>
5fa6a064b8301e4f274bd132fd577def59e4fb4cTinderbox User        </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <command><optional>prereq</optional> yxrrset</command>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews              <arg choice="req">domain-name</arg>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews              <arg choice="opt">class</arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <arg choice="req">type</arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <arg choice="req" rep="repeat">data</arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            </term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              The
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <parameter>data</parameter>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              from each set of prerequisites of this form
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              sharing a common
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <parameter>type</parameter>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <parameter>class</parameter>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <parameter>domain-name</parameter>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              are combined to form a set of RRs.  This set of RRs must
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              exactly match the set of RRs existing in the zone at the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              given
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews              <parameter>type</parameter>,
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews              <parameter>class</parameter>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <parameter>domain-name</parameter>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              The
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <parameter>data</parameter>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              are written in the standard text representation of the resource
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews              record's
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews              RDATA.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </varlistentry>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews        <varlistentry>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews          <term>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews              <command><optional>update</optional> del<optional>ete</optional></command>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews              <arg choice="req">domain-name</arg>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews              <arg choice="opt">ttl</arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <arg choice="opt">class</arg>
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater              <arg choice="opt">type <arg choice="opt" rep="repeat">data</arg></arg>
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater            </term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <para>
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews              Deletes any resource records named
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews              <parameter>domain-name</parameter>.
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews              If
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews              <parameter>type</parameter>
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews              and
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews              <parameter>data</parameter>
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews              is provided, only matching resource records will be removed.
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews              The internet class is assumed if
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews              <parameter>class</parameter>
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews              is not supplied.  The
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <parameter>ttl</parameter>
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews              is ignored, and is only allowed for compatibility.
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews            </para>
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews          </listitem>
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater        </varlistentry>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews
035992291cb70ec3be4046fcea921b4a6acb1c77Mark Andrews        <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <command><optional>update</optional> add</command>
0c6ada0a814f3c5417daa1654129bc2af56ed504Automatic Updater              <arg choice="req">domain-name</arg>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews              <arg choice="req">ttl</arg>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews              <arg choice="opt">class</arg>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews              <arg choice="req">type</arg>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews              <arg choice="req" rep="repeat">data</arg>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews            </term>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews          <listitem>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews            <para>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews              Adds a new resource record with the specified
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews              <parameter>ttl</parameter>,
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews              <parameter>class</parameter>
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews              and
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews              <parameter>data</parameter>.
4556ad3a270bf049b3225433a402666aaffe3c36Mark Andrews            </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <term>
5fa6a064b8301e4f274bd132fd577def59e4fb4cTinderbox User              <command>show</command>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            </term>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews          <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <para>
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews              Displays the current message, containing all of the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              prerequisites and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              updates specified since the last send.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </varlistentry>
5fa6a064b8301e4f274bd132fd577def59e4fb4cTinderbox User
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <term>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews              <command>send</command>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            </term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <listitem>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews            <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              Sends the current message.  This is equivalent to entering a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              blank line.
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater            </para>
ac93437301f55ed69bf85883a497a75598c628f9Automatic Updater          </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <command>answer</command>
5fa6a064b8301e4f274bd132fd577def59e4fb4cTinderbox User            </term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <listitem>
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews            <para>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews              Displays the answer.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <command>debug</command>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            </term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              Turn on debugging.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      </variablelist>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce    </para>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Lines beginning with a semicolon are comments and are ignored.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </refsect1>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <refsect1>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <title>EXAMPLES</title>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      The examples below show how
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <command>nsupdate</command>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      could be used to insert and delete resource records from the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <type>example.com</type>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      zone.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Notice that the input in each example contains a trailing blank line so
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      that
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      a group of commands are sent as one dynamic update request to the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      master name server for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <type>example.com</type>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <programlisting>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein# nsupdate
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein&gt; update delete oldhost.example.com A
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein&gt; update add newhost.example.com 86400 A 172.16.1.1
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein&gt; send
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</programlisting>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      Any A records for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <type>oldhost.example.com</type>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      are deleted.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      And an A record for
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      <type>newhost.example.com</type>
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce      with IP address 172.16.1.1 is added.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      The newly-added record has a 1 day TTL (86400 seconds).
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <programlisting>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein# nsupdate
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein&gt; prereq nxdomain nickname.example.com
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein&gt; update add nickname.example.com 86400 CNAME somehost.example.com
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein&gt; send
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</programlisting>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      The prerequisite condition gets the name server to check that there
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      are no resource records of any type for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <type>nickname.example.com</type>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      If there are, the update request fails.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      If this name does not exist, a CNAME for it is added.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      This ensures that when the CNAME is added, it cannot conflict with the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      long-standing rule in RFC 1034 that a name must not exist as any other
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      record type if it exists as a CNAME.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      (The rule has been updated for DNSSEC in RFC 2535 to allow CNAMEs to have
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      RRSIG, DNSKEY and NSEC records.)
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews    </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </refsect1>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <refsect1>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <title>FILES</title>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <variablelist>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><constant>/etc/resolv.conf</constant></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            used to identify default name server
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><constant>/var/run/named/session.key</constant></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            sets the default TSIG key for use in local-only mode
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><constant>K{name}.+157.+{random}.key</constant></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            base-64 encoding of HMAC-MD5 key created by
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <citerefentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            </citerefentry>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <term><constant>K{name}.+157.+{random}.private</constant></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            base-64 encoding of HMAC-MD5 key created by
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            <citerefentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein              <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            </citerefentry>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein          </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </variablelist>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </refsect1>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <refsect1>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <title>SEE ALSO</title>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <citetitle>RFC 2136</citetitle>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <citetitle>RFC 3007</citetitle>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <citetitle>RFC 2104</citetitle>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <citetitle>RFC 2845</citetitle>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <citetitle>RFC 1034</citetitle>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <citetitle>RFC 2535</citetitle>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <citetitle>RFC 2931</citetitle>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <citerefentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </citerefentry>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <citerefentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <refentrytitle>ddns-confgen</refentrytitle><manvolnum>8</manvolnum>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </citerefentry>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      <citerefentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      </citerefentry>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </refsect1>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  <refsect1>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <title>BUGS</title>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    <para>
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrews      The TSIG key is redundantly stored in two separate files.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      This is a consequence of nsupdate using the DST library
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      for its cryptographic operations, and may change in future
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein      releases.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein  </refsect1>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein</refentry><!--
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - Local variables:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - mode: sgml
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - End:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein-->
d9c707589ade5d69fb59b6837555adc4cd24d34fAutomatic Updater