nsupdate.docbook revision be8aff07bb6a863c46874021f2ce8304b721632a
333fe280eb574439ef3f828d8755dd9e243ec855Andreas Gustafsson<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
a6a23642eaf383add7a0be045c01e7dd8278ccafAndreas Gustafsson - Copyright (C) 2001, 2002 Internet Software Consortium.
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox User - Permission to use, copy, modify, and distribute this software for any
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews - purpose with or without fee is hereby granted, provided that the above
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews - copyright notice and this permission notice appear in all copies.
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox User - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox User - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox User - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox User - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox User - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox User - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox User - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox User - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews<!-- $Id: nsupdate.docbook,v 1.13 2003/03/19 17:43:41 marka Exp $ -->
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox User<refentryinfo>
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox User</refentryinfo>
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews<refpurpose>Dynamic DNS update utility</refpurpose>
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews<refsynopsisdiv>
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews <arg><option>-y <replaceable class="parameter">keyname:secret</replaceable></option></arg>
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews <arg><option>-k <replaceable class="parameter">keyfile</replaceable></option></arg>
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews<arg><option>-t <replaceable class="parameter">timeout</replaceable></option></arg>
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews<arg><option>-u <replaceable class="parameter">udptimeout</replaceable></option></arg>
09d72af3e9961c210d7baa6179165b6cd81e8dd0Tinderbox User<arg><option>-r <replaceable class="parameter">udpretries</replaceable></option></arg>
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews</cmdsynopsis>
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews</refsynopsisdiv>
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrewsis used to submit Dynamic DNS Update requests as defined in RFC2136
09d72af3e9961c210d7baa6179165b6cd81e8dd0Tinderbox Userto a name server.
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox UserThis allows resource records to be added or removed from a zone
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrewswithout manually editing the zone file.
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox UserA single update request can contain requests to add or remove more than one
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox Userresource record.
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox UserZones that are under dynamic control via
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox Useror a DHCP server should not be edited by hand.
848dcebe28e032abfc66e7f10686e1b04a8516feMark AndrewsManual edits could
250ed9e230b3903b1b264dd1ed2f691fc7cd2f8fAndreas Gustafssonconflict with dynamic updates and cause data to be lost.
a3edcadfffbe617a419cdbe1bebb95f68a0eda1eMark AndrewsThe resource records that are dynamically added or removed with
82d13321f4dcc79a9aec992c7a1c4aaff8983adaAutomatic Updaterhave to be in the same zone.
848dcebe28e032abfc66e7f10686e1b04a8516feMark AndrewsRequests are sent to the zone's master server.
848dcebe28e032abfc66e7f10686e1b04a8516feMark AndrewsThis is identified by the MNAME field of the zone's SOA record.
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrewsoperate in debug mode.
848dcebe28e032abfc66e7f10686e1b04a8516feMark AndrewsThis provides tracing information about the update requests that are
a3edcadfffbe617a419cdbe1bebb95f68a0eda1eMark Andrewsmade and the replies received from the name server.
67adc03ef81fb610f8df093b17f55275ee816754Evan HuntTransaction signatures can be used to authenticate the Dynamic DNS
67adc03ef81fb610f8df093b17f55275ee816754Evan HuntThese use the TSIG resource record type described in RFC2845 or the
848dcebe28e032abfc66e7f10686e1b04a8516feMark AndrewsSIG(0) record described in RFC3535 and RFC2931.
67adc03ef81fb610f8df093b17f55275ee816754Evan HuntTSIG relies on a shared secret that should only be known to
0ddeab91cf922fd977f37318620b4c69dccf8364Automatic Updater<command>nsupdate</command> and the name server.
a3edcadfffbe617a419cdbe1bebb95f68a0eda1eMark AndrewsCurrently, the only supported encryption algorithm for TSIG is
36da16fa31fa2a582afe67010ba449a57177fd2fAutomatic UpdaterHMAC-MD5, which is defined in RFC 2104.
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox UserOnce other algorithms are defined for TSIG, applications will need to
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updaterensure they select the appropriate algorithm as well as the key when
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updaterauthenticating each other.
7a7a44400d49122d4cc207b43922a7b9c5afe443Automatic UpdaterFor instance suitable
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox Userstatements would be added to
1e126d80e1b8a0dd541a733283907656424634dcTinderbox Userso that the name server can associate the appropriate secret key
1e126d80e1b8a0dd541a733283907656424634dcTinderbox Userand algorithm with the IP address of the
e2e4d321999340802f77adaacd19c797d04b4b95Automatic Updaterclient application that will be using TSIG authentication.
848dcebe28e032abfc66e7f10686e1b04a8516feMark AndrewsSIG(0) uses public key cryptography. To use a SIG(0) key, the public
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrewskey must be stored in a KEY record in a zone served by the name server.
1879ff49326b49a9e4eadaca193c631409bf8575Tinderbox Useroption (with an HMAC-MD5 key) to provide the shared secret needed to generate
ac946c1f16db64f14431ac53177904ec5f058f03Tinderbox Usera TSIG record for authenticating Dynamic DNS update requests.
ac946c1f16db64f14431ac53177904ec5f058f03Tinderbox UserThese options are mutually exclusive.
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updaterreads the shared secret from the file
22f0b13f28a7df3b348b18848d0ccd745ea88c3cAndreas Gustafssonwhose name is of the form
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox User<filename>K{name}.+157.+{random}.private</filename>.
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox UserFor historical
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox Userreasons, the file
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox User<filename>K{name}.+157.+{random}.key</filename>
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox Usermust also be present. When the
e334405421979688f2d838805ac67ee47bd62976Mark Andrewsoption is used, a signature is generated from
e334405421979688f2d838805ac67ee47bd62976Mark Andrewsis the name of the key,
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox Useris the base64 encoded shared secret.
a3edcadfffbe617a419cdbe1bebb95f68a0eda1eMark Andrewsoption is discouraged because the shared secret is supplied as a command
089c63b69cdf6803aa8901aae3f2fbae58969511Automatic Updaterline argument in clear text.
a3edcadfffbe617a419cdbe1bebb95f68a0eda1eMark AndrewsThis may be visible in the output from
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox User</citerefentry>
089c63b69cdf6803aa8901aae3f2fbae58969511Automatic Updateror in a history file maintained by the user's shell.
ac946c1f16db64f14431ac53177904ec5f058f03Tinderbox UserThe <option>-k</option> may also be used to specify a SIG(0) key used
ac946c1f16db64f14431ac53177904ec5f058f03Tinderbox Userto authenticate Dynamic DNS update requests. In this case, the key
10b865e9187fc77cae02f106ddcc9e03eecdfe06Tinderbox Userspecified is not an HMAC-MD5 key.
1f8dc520d4bbc5406d551724282df1e5f7626e19Automatic Updateruses UDP to send update requests to the name server unless they are too
67adc03ef81fb610f8df093b17f55275ee816754Evan Huntlarge to fit in a UDP request in which case TCP will be used.
a3edcadfffbe617a419cdbe1bebb95f68a0eda1eMark Andrewsuse a TCP connection.
a3edcadfffbe617a419cdbe1bebb95f68a0eda1eMark AndrewsThis may be preferable when a batch of update requests is made.
22f0b13f28a7df3b348b18848d0ccd745ea88c3cAndreas Gustafsson<para>The <option>-t</option> option sets the maximum time a update request can
a3edcadfffbe617a419cdbe1bebb95f68a0eda1eMark Andrewstake before it is aborted. The default is 300 seconds. Zero can be used
c0cbdeedb5e119c640f098da1851cb1b9adcc739Tinderbox Userto disable the timeout.
c0cbdeedb5e119c640f098da1851cb1b9adcc739Tinderbox User<para>The <option>-u</option> option sets the UDP retry interval. The default is
ac946c1f16db64f14431ac53177904ec5f058f03Tinderbox User3 seconds. If zero the interval will be computed from the timeout interval
f33abec8a62ab6f2b867d7189dfffa72592c027bTinderbox Userand number of UDP retries.
f33abec8a62ab6f2b867d7189dfffa72592c027bTinderbox User<para>The <option>-r</option> option sets the number of UDP retries. The default is
a3edcadfffbe617a419cdbe1bebb95f68a0eda1eMark Andrews3. If zero only one update request will be made.
ac946c1f16db64f14431ac53177904ec5f058f03Tinderbox Userreads input from
281ed127e3ed6c7e07792c19c3bc4562f71cfa90Tinderbox Useror standard input.
f33abec8a62ab6f2b867d7189dfffa72592c027bTinderbox UserEach command is supplied on exactly one line of input.
f33abec8a62ab6f2b867d7189dfffa72592c027bTinderbox UserSome commands are for administrative purposes.
22f0b13f28a7df3b348b18848d0ccd745ea88c3cAndreas GustafssonThe others are either update instructions or prerequisite checks on the
22f0b13f28a7df3b348b18848d0ccd745ea88c3cAndreas Gustafssoncontents of the zone.
97bb3725292d3f74bcb0a32be6a76b2da34ba494Andreas GustafssonThese checks set conditions that some name or set of
428dc9698871ecfeda63eab31cd3523dd4befb31Mark Andrewsresource records (RRset) either exists or is absent from the zone.
97bb3725292d3f74bcb0a32be6a76b2da34ba494Andreas GustafssonThese conditions must be met if the entire update request is to succeed.
c978c6cb6e0c38d8378b6cd1f6b5aac3cf91e36aAutomatic UpdaterUpdates will be rejected if the tests for the prerequisite conditions fail.
d9184858dd5d7677050a813d444c281c56f697aaTinderbox UserEvery update request consists of zero or more prerequisites
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrewsand zero or more updates.
5fa6a064b8301e4f274bd132fd577def59e4fb4cTinderbox UserThis allows a suitably authenticated update request to proceed if some
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox Userspecified resource records are present or missing from the zone.
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox UserA blank input line (or the <command>send</command> command) causes the
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox Useraccumulated commands to be sent as one Dynamic DNS update request to the
947d37484ed01966a9e89dd27f62c1b427324dc2Tinderbox UserThe command formats and their meaning are as follows:
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews<variablelist>
ac946c1f16db64f14431ac53177904ec5f058f03Tinderbox User</cmdsynopsis>
e6d0a391f5f9b18f5bd497aefff269e474ee560cWitold KrecickiSends all dynamic update requests to the name server
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox UserWhen no server statement is provided,
795beed7207cb3501cd3f89cec165c07ad86dee2Tinderbox Userwill send updates to the master server of the correct zone.
848dcebe28e032abfc66e7f10686e1b04a8516feMark AndrewsThe MNAME field of that zone's SOA record will identify the master
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrewsserver for that zone.
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrewsis the port number on
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrewswhere the dynamic update requests get sent.
848dcebe28e032abfc66e7f10686e1b04a8516feMark AndrewsIf no port number is specified, the default DNS port number of 53 is
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User</cmdsynopsis>
22f0b13f28a7df3b348b18848d0ccd745ea88c3cAndreas GustafssonSends all dynamic update requests using the local
1879ff49326b49a9e4eadaca193c631409bf8575Tinderbox UserWhen no local statement is provided,
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrewswill send updates using an address and port chosen by the system.
67adc03ef81fb610f8df093b17f55275ee816754Evan Huntcan additionally be used to make requests come from a specific port.
67adc03ef81fb610f8df093b17f55275ee816754Evan HuntIf no port number is specified, the system will assign one.
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews<cmdsynopsis>
61ab11c0ec845606f85452b2c9f2e223772aae00Tinderbox User</cmdsynopsis>
a3edcadfffbe617a419cdbe1bebb95f68a0eda1eMark AndrewsSpecifies that all updates are to be made to the zone
6ae22c411920be5f5fd1780ac0cd44cbb21b144aMukund Sivaramanstatement is provided,
6ae22c411920be5f5fd1780ac0cd44cbb21b144aMukund Sivaramanwill attempt determine the correct zone to update based on the rest of the input.
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User</cmdsynopsis>
d0d1dbab0fe2b940ffb4354dcadb30885f160770Tinderbox UserSpecifies that all updates are to be TSIG signed using the
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User<parameter>keyname</parameter> <parameter>keysecret</parameter> pair.
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox Useroverrides any key specified on the command line via
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox User</cmdsynopsis>
3e80f25d33be14eaa4aca8b487d68808fa42a797Tinderbox UserRequires that no resource record of any type exists with name
ac946c1f16db64f14431ac53177904ec5f058f03Tinderbox User</cmdsynopsis>
08e36aa5a5c7697a839f83831fccf8fb3f792848Mark AndrewsRequires that
a3edcadfffbe617a419cdbe1bebb95f68a0eda1eMark Andrewsexists (has as at least one resource record, of any type).
5fa6a064b8301e4f274bd132fd577def59e4fb4cTinderbox User</cmdsynopsis>
848dcebe28e032abfc66e7f10686e1b04a8516feMark AndrewsRequires that no resource record exists of the specified
60c29cf21affb5243753e22f9ff43347013ae8ebTinderbox Useris omitted, IN (internet) is assumed.
71bd858d8ed62672e7c23999dc7c02fd16a55089Evan Hunt</cmdsynopsis>
67adc03ef81fb610f8df093b17f55275ee816754Evan HuntThis requires that a resource record of the specified
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox Useris omitted, IN (internet) is assumed.
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrewsfrom each set of prerequisites of this form
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrewssharing a common
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrewsare combined to form a set of RRs. This set of RRs must
67adc03ef81fb610f8df093b17f55275ee816754Evan Huntexactly match the set of RRs existing in the zone at the
6ae22c411920be5f5fd1780ac0cd44cbb21b144aMukund Sivaramanare written in the standard text representation of the resource record's
b5f6271f4daf1e54501af2cb7dd278d7e8003d65Mark Andrews<cmdsynopsis>
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews<arg choice="opt">type <arg choice="opt" rep="repeat">data</arg></arg>
67adc03ef81fb610f8df093b17f55275ee816754Evan Hunt</cmdsynopsis>
848dcebe28e032abfc66e7f10686e1b04a8516feMark AndrewsDeletes any resource records named
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox Useris provided, only matching resource records will be removed.
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox UserThe internet class is assumed if
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrewsis not supplied. The
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox Useris ignored, and is only allowed for compatibility.
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews<cmdsynopsis>
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews</cmdsynopsis>
848dcebe28e032abfc66e7f10686e1b04a8516feMark AndrewsAdds a new resource record with the specified
67adc03ef81fb610f8df093b17f55275ee816754Evan Hunt<cmdsynopsis>
67adc03ef81fb610f8df093b17f55275ee816754Evan Hunt</cmdsynopsis>
848dcebe28e032abfc66e7f10686e1b04a8516feMark AndrewsDisplays the current message, containing all of the prerequisites and
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox Userupdates specified since the last send.
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews</cmdsynopsis>
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox UserSends the current message. This is equivalent to entering a blank line.
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews</variablelist>
848dcebe28e032abfc66e7f10686e1b04a8516feMark AndrewsLines beginning with a semicolon are comments, and are ignored.
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox UserThe examples below show how
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox Usercould be used to insert and delete resource records from the
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox UserNotice that the input in each example contains a trailing blank line so that
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox Usera group of commands are sent as one dynamic update request to the
e334405421979688f2d838805ac67ee47bd62976Mark Andrewsmaster name server for
e334405421979688f2d838805ac67ee47bd62976Mark Andrews<programlisting>
e334405421979688f2d838805ac67ee47bd62976Mark Andrews> update delete oldhost.example.com A
e334405421979688f2d838805ac67ee47bd62976Mark Andrews> update add newhost.example.com 86400 A 172.16.1.1
65ad89971ee9973074cd11c207af92bf5440df01Automatic Updater</programlisting>
089c63b69cdf6803aa8901aae3f2fbae58969511Automatic UpdaterAny A records for
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox Userand an A record for
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox Userit IP address 172.16.1.1 is added.
089c63b69cdf6803aa8901aae3f2fbae58969511Automatic UpdaterThe newly-added record has a 1 day TTL (86400 seconds)
9ce6056d520aaf5241560fab6ab096c0d4e87b36Automatic Updater<programlisting>
ac946c1f16db64f14431ac53177904ec5f058f03Tinderbox User> update add nickname.example.com 86400 CNAME somehost.example.com
67adc03ef81fb610f8df093b17f55275ee816754Evan Hunt</programlisting>
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox UserThe prerequisite condition gets the name server to check that there
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox Userare no resource records of any type for
848dcebe28e032abfc66e7f10686e1b04a8516feMark AndrewsIf there are, the update request fails.
848dcebe28e032abfc66e7f10686e1b04a8516feMark AndrewsIf this name does not exist, a CNAME for it is added.
848dcebe28e032abfc66e7f10686e1b04a8516feMark AndrewsThis ensures that when the CNAME is added, it cannot conflict with the
c0cbdeedb5e119c640f098da1851cb1b9adcc739Tinderbox Userlong-standing rule in RFC1034 that a name must not exist as any other
c0cbdeedb5e119c640f098da1851cb1b9adcc739Tinderbox Userrecord type if it exists as a CNAME.
c0cbdeedb5e119c640f098da1851cb1b9adcc739Tinderbox User(The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have
f33abec8a62ab6f2b867d7189dfffa72592c027bTinderbox UserSIG, KEY and NXT records.)
4ca7391e640bd4f0abb31508019d3bd62819fa8eMark Andrews<variablelist>
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews<varlistentry><term><constant>/etc/resolv.conf</constant></term>
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox Userused to identify default name server
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox User<varlistentry><term><constant>K{name}.+157.+{random}.key</constant></term>
ac946c1f16db64f14431ac53177904ec5f058f03Tinderbox Userbase-64 encoding of HMAC-MD5 key created by
f39512a917cdd06c611d366603374f6ef570c80eTinderbox User<citerefentry>
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews</citerefentry>.
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews<varlistentry><term><constant>K{name}.+157.+{random}.private</constant></term>
e6d0a391f5f9b18f5bd497aefff269e474ee560cWitold Krecickibase-64 encoding of HMAC-MD5 key created by
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews<citerefentry>
45571e73747cb97c4abcdc7be8cc0c484b1b0e42Tinderbox User<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
d6984fd680db88faad5be52edef2416dd20488baTinderbox User</citerefentry>.
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews</variablelist>
4ca7391e640bd4f0abb31508019d3bd62819fa8eMark Andrews<citerefentry>
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews</citerefentry>,
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews<citerefentry>
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User</citerefentry>,
0cfa9af7edf7c3e13917f784557390e4b6612ee6Tinderbox User<citerefentry>
f2016fcecf098726740507a5522dca04c49aeb82Tinderbox User</citerefentry>,
1879ff49326b49a9e4eadaca193c631409bf8575Tinderbox User<citerefentry>
4ca7391e640bd4f0abb31508019d3bd62819fa8eMark Andrews</citerefentry>,
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews<citerefentry>
67adc03ef81fb610f8df093b17f55275ee816754Evan Hunt</citerefentry>,
67adc03ef81fb610f8df093b17f55275ee816754Evan Hunt<citerefentry>
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews</citerefentry>,
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews<citerefentry>
61ab11c0ec845606f85452b2c9f2e223772aae00Tinderbox User</citerefentry>,
8168c2873909444bdf62325b29fe118a879b22fcTinderbox User<citerefentry>
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
fb756ba3047770957173ba546257ca43af7ba3e4Mark Andrews</citerefentry>,
848dcebe28e032abfc66e7f10686e1b04a8516feMark Andrews<citerefentry>
6ae22c411920be5f5fd1780ac0cd44cbb21b144aMukund Sivaraman<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
6ae22c411920be5f5fd1780ac0cd44cbb21b144aMukund Sivaraman</citerefentry>.
848dcebe28e032abfc66e7f10686e1b04a8516feMark AndrewsThe TSIG key is redundantly stored in two separate files.
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox UserThis is a consequence of nsupdate using the DST library
c7f299247ca4460807f44b43f84ba19719646cc9Tinderbox Userfor its cryptographic operations, and may change in future