nsupdate.docbook revision edac761923fac89405f7d1e4244a11d88a89f413
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes - Copyright (C) 2000, 2001 Internet Software Consortium.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes - Permission to use, copy, modify, and distribute this software for any
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes - purpose with or without fee is hereby granted, provided that the above
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes - copyright notice and this permission notice appear in all copies.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
0662ed52e814f8f08ef0e09956413a792584eddffuankg - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
70953fb44a7140fe206c3a5f011e24209c8c5c6abnicholes<!-- $Id: nsupdate.docbook,v 1.2 2001/03/31 02:39:51 bwelling Exp $ -->
16b55a35cff91315d261d1baa776138af465c4e4fuankg<refentryinfo>
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes</refentryinfo>
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes<refpurpose>Dynamic DNS update utility</refpurpose>
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes</refnamediv>
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes<refsynopsisdiv>
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes<cmdsynopsis>
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes <arg><option>-y <replaceable class="parameter">keyname:secret</replaceable></option></arg>
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes <arg><option>-k <replaceable class="parameter">keyfile</replaceable></option></arg>
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes</cmdsynopsis>
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes</refsynopsisdiv>
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesis used to submit Dynamic DNS Update requests as defined in RFC2136
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesto a name server.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesThis allows resource records to be added or removed from a zone
cb2846ded4de1abbb5934b92132baf826f1babfebnicholeswithout manually editing the zone file.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesA single update request can contain requests to add or remove more than one
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesresource record.
ac7985784d08a3655291f24f711812b4d8b1cbcffuankgZones that are under dynamic control via
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesor a DHCP server should not be edited by hand.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesManual edits could
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesconflict with dynamic updates and cause data to be lost.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesThe resource records that are dynamically added or removed with
cb2846ded4de1abbb5934b92132baf826f1babfebnicholeshave to be in the same zone.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesRequests are sent to the zone's master server.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesThis is identified by the MNAME field of the zone's SOA record.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesoperate in debug mode.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesThis provides tracing information about the update requests that are
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesmade and the replies received from the name server.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesTransaction signatures can be used to authenticate the Dynamic DNS
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesThese use the TSIG resource record type described in RFC2845.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesThe signatures rely on a shared secret that should only be known to
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesand the name server.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesCurrently, the only supported encryption algorithm for TSIG is
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesHMAC-MD5, which is defined in RFC 2104.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesOnce other algorithms are defined for TSIG, applications will need to
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesensure they select the appropriate algorithm as well as the key when
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesauthenticating each other.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesFor instance suitable
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesstatements would be added to
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesso that the name server can associate the appropriate secret key
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesand algorithm with the IP address of the
0a39e7683f6611d66c55712f50bb240428d832a1bnicholesclient application that will be using TSIG authentication.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesdoes not read
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesoption to provide the shared secret needed to generate a TSIG record
ac7985784d08a3655291f24f711812b4d8b1cbcffuankgfor authenticating Dynamic DNS update requests.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesThese options are mutually exclusive.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesreads the shared secret from the file
cb2846ded4de1abbb5934b92132baf826f1babfebnicholeswhose name is of the form
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes<filename>K{name}.+157.+{random}.private</filename>.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesFor historical
0662ed52e814f8f08ef0e09956413a792584eddffuankgreasons, the file
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesmust also be present. When the
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesoption is used, a signature is generated from
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesis the name of the key,
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesis the base64 encoded shared secret.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesoption is discouraged because the shared secret is supplied as a command
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesline argument in clear text.
0662ed52e814f8f08ef0e09956413a792584eddffuankgThis may be visible in the output from
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes<citerefentry>
ac7985784d08a3655291f24f711812b4d8b1cbcffuankg</manvolnum>
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes</citerefentry>
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesor in a history file maintained by the user's shell.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesuses UDP to send update requests to the name server.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesuse a TCP connection.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesThis may be preferable when a batch of update requests is made.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesreads input from
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesor standard input.
bf1e7c075ccc3e6597d17de7641332ff6ff92e8astrikerEach command is supplied on exactly one line of input.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesSome commands are for administrative purposes.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesThe others are either update instructions or prerequisite checks on the
cb2846ded4de1abbb5934b92132baf826f1babfebnicholescontents of the zone.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesThese checks set conditions that some name or set of
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesresource records (RRset) either exists or is absent from the zone.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesThese conditions must be met if the entire update request is to succeed.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesUpdates will be rejected if the tests for the prerequisite conditions fail.
ac7985784d08a3655291f24f711812b4d8b1cbcffuankgEvery update request consists of zero or more prerequisites
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesand zero or more updates.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesThis allows a suitably authenticated update request to proceed if some
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesspecified resource records are present or missing from the zone.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesA blank input line causes the accumulated commands to be sent as one Dynamic
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesDNS update request to the name server.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesThe command formats and their meaning are as follows:
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes<variablelist>
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes<cmdsynopsis>
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes</cmdsynopsis>
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesSends all dynamic update requests to the name server
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesWhen no server statement is provided,
cb2846ded4de1abbb5934b92132baf826f1babfebnicholeswill send updates to the master server of the correct zone.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesThe MNAME field of that zone's SOA record will identify the master
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesserver for that zone.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesis the port number on
cb2846ded4de1abbb5934b92132baf826f1babfebnicholeswhere the dynamic update requests get sent.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesIf no port number is specified, the default DNS port number of 53 is
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes<cmdsynopsis>
609ef720afd62ca63391c9fdb415cd2faf29aa46bnicholes</cmdsynopsis>
ac7985784d08a3655291f24f711812b4d8b1cbcffuankgSends all dynamic update requests using the local
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesWhen no local statement is provided,
cb2846ded4de1abbb5934b92132baf826f1babfebnicholeswill send updates using an address and port choosen by the system.
ac7985784d08a3655291f24f711812b4d8b1cbcffuankgcan additionally be used to make requests come from a specific port.
ac7985784d08a3655291f24f711812b4d8b1cbcffuankgIf no port number is specified, the system will assign one.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes<cmdsynopsis>
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes</cmdsynopsis>
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesSpecifies that all updates are to be made to the zone
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesstatement is provided,
ac7985784d08a3655291f24f711812b4d8b1cbcffuankgwill attempt determine the correct zone to update based on the rest of the input.
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes<cmdsynopsis>
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes</cmdsynopsis>
cb2846ded4de1abbb5934b92132baf826f1babfebnicholesRequires that no resource record of any type exists with name
cb2846ded4de1abbb5934b92132baf826f1babfebnicholes<cmdsynopsis>
> update delete oldhost.example.com A
> update add newhost.example.com 86400 A 172.16.1.1
> prereq nxdomain nickname.example.com