bin/nsupdate/nsupdate.html

	nsupdate.html revision 548a24c3d36837aa5f0e64f7bb8c7308909ffa89
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<!--
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt - Copyright (C) 2004-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - Copyright (C) 2000-2003 Internet Software Consortium.
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt -
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - Permission to use, copy, modify, and/or distribute this software for any
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - purpose with or without fee is hereby granted, provided that the above
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - copyright notice and this permission notice appear in all copies.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt -
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - PERFORMANCE OF THIS SOFTWARE.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt-->
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<!-- $Id$ -->
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<html>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<head>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<title>nsupdate</title>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</head>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<a name="man.nsupdate"></a><div class="titlepage"></div>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<div class="refnamediv">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<h2>Name</h2>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p><span class="application">nsupdate</span> &#8212; Dynamic DNS update utility</p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</div>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<div class="refsynopsisdiv">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<h2>Synopsis</h2>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<div class="cmdsynopsis"><p><code class="command">nsupdate</code>  [<code class="option">-d</code>] [<code class="option">-D</code>] [<code class="option">-L <em class="replaceable"><code>level</code></em></code>] [[<code class="option">-g</code>] |  [<code class="option">-o</code>] |  [<code class="option">-l</code>] |  [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] |  [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [<code class="option">-T</code>] [<code class="option">-P</code>] [<code class="option">-V</code>] [filename]</p></div>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</div>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<div class="refsect1" lang="en">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<a name="id2543499"></a><h2>DESCRIPTION</h2>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p><span><strong class="command">nsupdate</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      is used to submit Dynamic DNS Update requests as defined in RFC 2136
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      to a name server.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      This allows resource records to be added or removed from a zone
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      without manually editing the zone file.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      A single update request can contain requests to add or remove more than
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      one
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      resource record.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt    </p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      Zones that are under dynamic control via
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      <span><strong class="command">nsupdate</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      or a DHCP server should not be edited by hand.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      Manual edits could
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      conflict with dynamic updates and cause data to be lost.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt    </p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      The resource records that are dynamically added or removed with
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      <span><strong class="command">nsupdate</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      have to be in the same zone.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      Requests are sent to the zone's master server.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      This is identified by the MNAME field of the zone's SOA record.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt    </p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      Transaction signatures can be used to authenticate the Dynamic
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      DNS updates.  These use the TSIG resource record type described
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      in RFC 2845 or the SIG(0) record described in RFC 2535 and
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      RFC 2931 or GSS-TSIG as described in RFC 3645.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt    </p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      TSIG relies on
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      a shared secret that should only be known to
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      <span><strong class="command">nsupdate</strong></span> and the name server.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      For instance, suitable <span class="type">key</span> and
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      <span class="type">server</span> statements would be added to
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      <code class="filename">/etc/named.conf</code> so that the name server
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      can associate the appropriate secret key and algorithm with
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      the IP address of the client application that will be using
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      TSIG authentication. You can use <span><strong class="command">ddns-confgen</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      to generate suitable configuration fragments.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      <span><strong class="command">nsupdate</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      uses the <code class="option">-y</code> or <code class="option">-k</code> options
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      to provide the TSIG shared secret.  These options are mutually exclusive.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt    </p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      SIG(0) uses public key cryptography.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      To use a SIG(0) key, the public key must be stored in a KEY
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      record in a zone served by the name server.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt    </p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      GSS-TSIG uses Kerberos credentials.  Standard GSS-TSIG mode
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      is switched on with the <code class="option">-g</code> flag.  A
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      non-standards-compliant variant of GSS-TSIG used by Windows
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      2000 can be switched on with the <code class="option">-o</code> flag.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt    </p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</div>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<div class="refsect1" lang="en">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<a name="id2543573"></a><h2>OPTIONS</h2>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<div class="variablelist"><dl>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">-d</span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        Debug mode. This provides tracing information about the
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        update requests that are made and the replies received
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        from the name server.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">-D</span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        Extra debug mode.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">-k <em class="replaceable"><code>keyfile</code></em></span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        The file containing the TSIG authentication key.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        Keyfiles may be in two formats: a single file containing
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        a <code class="filename">named.conf</code>-format <span><strong class="command">key</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        statement, which may be generated automatically by
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        <span><strong class="command">ddns-confgen</strong></span>, or a pair of files whose names are
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        of the format <code class="filename">K{name}.+157.+{random}.key</code> and
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        <code class="filename">K{name}.+157.+{random}.private</code>, which can be
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        generated by <span><strong class="command">dnssec-keygen</strong></span>.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        The <code class="option">-k</code> may also be used to specify a SIG(0) key used
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        to authenticate Dynamic DNS update requests.  In this case, the key
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        specified is not an HMAC-MD5 key.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">-l</span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        Local-host only mode. This sets the server address to
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        localhost (disabling the <span><strong class="command">server</strong></span> so that the server
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        address cannot be overridden).  Connections to the local server will
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        use a TSIG key found in <code class="filename">/var/run/named/session.key</code>,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        which is automatically generated by <span><strong class="command">named</strong></span> if any
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        local master zone has set <span><strong class="command">update-policy</strong></span> to
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        <span><strong class="command">local</strong></span>.  The location of this key file can be
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        overridden with the <code class="option">-k</code> option.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">-L <em class="replaceable"><code>level</code></em></span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        Set the logging debug level.  If zero, logging is disabled.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        Set the port to use for connections to a name server. The
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        default is 53.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">-P</span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        Print the list of private BIND-specific resource record
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        types whose format is understood
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        by <span><strong class="command">nsupdate</strong></span>. See also
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        the <code class="option">-T</code> option.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">-r <em class="replaceable"><code>udpretries</code></em></span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        The number of UDP retries. The default is 3. If zero, only
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        one update request will be made.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">-R <em class="replaceable"><code>randomdev</code></em></span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      Where to obtain randomness. If the operating system
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      does not provide a <code class="filename">/dev/random</code> or
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      equivalent device, the default source of randomness is keyboard
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      input.  <code class="filename">randomdev</code> specifies the name of
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      a character device or file containing random data to be used
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      instead of the default.  The special value
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      <code class="filename">keyboard</code> indicates that keyboard input
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      should be used.  This option may be specified multiple times.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt    </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">-t <em class="replaceable"><code>timeout</code></em></span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        The maximum time an update request can take before it is
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt        aborted. The default is 300 seconds. Zero can be used to
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt        disable the timeout.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">-T</span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        Print the list of IANA standard resource record types
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        whose format is understood by <span><strong class="command">nsupdate</strong></span>.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        <span><strong class="command">nsupdate</strong></span> will exit after the lists are
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        printed. The <code class="option">-T</code> option can be combined
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        with the <code class="option">-P</code> option.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      </p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        Other types can be entered using "TYPEXXXXX" where "XXXXX" is the
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        decimal value of the type with no leading zeros.  The rdata,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        if present, will be parsed using the UNKNOWN rdata format,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        (&lt;backslash&gt; &lt;hash&gt; &lt;space&gt; &lt;length&gt;
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        &lt;space&gt; &lt;hexstring&gt;).
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      </p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">-u <em class="replaceable"><code>udptimeout</code></em></span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        The UDP retry interval. The default is 3 seconds. If zero,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        the interval will be computed from the timeout interval and
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        number of UDP retries.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">-v</span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        Use TCP even for small update requests.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        By default, <span><strong class="command">nsupdate</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        uses UDP to send update requests to the name server unless they are too
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        large to fit in a UDP request in which case TCP will be used.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        TCP may be preferable when a batch of update requests is made.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">-V</span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        Print the version number and exit.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        Literal TSIG authentication key.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        <em class="parameter"><code>keyname</code></em> is the name of the key, and
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        <em class="parameter"><code>secret</code></em> is the base64 encoded shared secret.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        <em class="parameter"><code>hmac</code></em> is the name of the key algorithm;
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        valid choices are <code class="literal">hmac-md5</code>,
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt        <code class="literal">hmac-sha1</code>, <code class="literal">hmac-sha224</code>,
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt        <code class="literal">hmac-sha256</code>, <code class="literal">hmac-sha384</code>, or
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt        <code class="literal">hmac-sha512</code>.  If <em class="parameter"><code>hmac</code></em>
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt        is not specified, the default is <code class="literal">hmac-md5</code>.
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt      </p>
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt<p>
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt        NOTE: Use of the <code class="option">-y</code> option is discouraged because the
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt        shared secret is supplied as a command line argument in clear text.
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt        This may be visible in the output from
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt        <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span>
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt        or in a history file maintained by the user's shell.
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt      </p>
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt</dd>
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt</dl></div>
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt</div>
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt<div class="refsect1" lang="en">
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt<a name="id2544090"></a><h2>INPUT FORMAT</h2>
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt<p><span><strong class="command">nsupdate</strong></span>
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt      reads input from
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      <em class="parameter"><code>filename</code></em>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      or standard input.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      Each command is supplied on exactly one line of input.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      Some commands are for administrative purposes.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      The others are either update instructions or prerequisite checks on the
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      contents of the zone.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      These checks set conditions that some name or set of
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      resource records (RRset) either exists or is absent from the zone.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      These conditions must be met if the entire update request is to succeed.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      Updates will be rejected if the tests for the prerequisite conditions
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      fail.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt    </p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      Every update request consists of zero or more prerequisites
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      and zero or more updates.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      This allows a suitably authenticated update request to proceed if some
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      specified resource records are present or missing from the zone.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      A blank input line (or the <span><strong class="command">send</strong></span> command)
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      causes the
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      accumulated commands to be sent as one Dynamic DNS update request to the
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      name server.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt    </p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      The command formats and their meaning are as follows:
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      </p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<div class="variablelist"><dl>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <span><strong class="command">server</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt           {servername}
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt           [port]
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          Sends all dynamic update requests to the name server
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>servername</code></em>.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          When no server statement is provided,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <span><strong class="command">nsupdate</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          will send updates to the master server of the correct zone.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          The MNAME field of that zone's SOA record will identify the
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          master
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          server for that zone.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>port</code></em>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          is the port number on
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>servername</code></em>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          where the dynamic update requests get sent.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          If no port number is specified, the default DNS port number of
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          53 is
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          used.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <span><strong class="command">local</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt           {address}
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt           [port]
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          Sends all dynamic update requests using the local
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>address</code></em>.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          When no local statement is provided,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <span><strong class="command">nsupdate</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          will send updates using an address and port chosen by the
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          system.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>port</code></em>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          can additionally be used to make requests come from a specific
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          port.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          If no port number is specified, the system will assign one.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <span><strong class="command">zone</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt           {zonename}
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          Specifies that all updates are to be made to the zone
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>zonename</code></em>.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          If no
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>zone</code></em>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          statement is provided,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <span><strong class="command">nsupdate</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          will attempt determine the correct zone to update based on the
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          rest of the input.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <span><strong class="command">class</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt           {classname}
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          Specify the default class.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          If no <em class="parameter"><code>class</code></em> is specified, the
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          default class is
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>IN</code></em>.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <span><strong class="command">ttl</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt           {seconds}
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          Specify the default time to live for records to be added.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          The value <em class="parameter"><code>none</code></em> will clear the default
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          ttl.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <span><strong class="command">key</strong></span>
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt           [hmac:] {keyname}
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt           {secret}
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt        </span></dt>
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt<dd><p>
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt          Specifies that all updates are to be TSIG-signed using the
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt          <em class="parameter"><code>keyname</code></em> <em class="parameter"><code>secret</code></em> pair.
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt          If <em class="parameter"><code>hmac</code></em> is specified, then it sets the
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt          signing algorithm in use; the default is
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <code class="literal">hmac-md5</code>.  The <span><strong class="command">key</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          command overrides any key specified on the command line via
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <code class="option">-y</code> or <code class="option">-k</code>.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        <span><strong class="command">gsstsig</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      </span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          Use GSS-TSIG to sign the updated.  This is equivalent to
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          specifying <code class="option">-g</code> on the commandline.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        <span><strong class="command">oldgsstsig</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      </span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          Use the Windows 2000 version of GSS-TSIG to sign the updated.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          This is equivalent to specifying <code class="option">-o</code> on the
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          commandline.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        <span><strong class="command">realm</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt         {[<span class="optional">realm_name</span>]}
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      </span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          When using GSS-TSIG use <em class="parameter"><code>realm_name</code></em> rather
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          than the default realm in <code class="filename">krb5.conf</code>.  If no
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          realm is specified the saved realm is cleared.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        <span><strong class="command">check-names</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt         {[<span class="optional">yes_or_no</span>]}
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      </span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          Turn on or off check-names processing on records to
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          be added.  Check-names has no effect on prerequisites
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          or records to be deleted.  By default check-names
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          processing is on.  If check-names processing fails
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          the record will not be added to the UPDATE message.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <span><strong class="command">[<span class="optional">prereq</span>] nxdomain</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt           {domain-name}
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          Requires that no resource record of any type exists with name
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>domain-name</code></em>.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <span><strong class="command">[<span class="optional">prereq</span>] yxdomain</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt           {domain-name}
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          Requires that
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>domain-name</code></em>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          exists (has as at least one resource record, of any type).
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <span><strong class="command">[<span class="optional">prereq</span>] nxrrset</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt           {domain-name}
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt           [class]
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt           {type}
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          Requires that no resource record exists of the specified
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>type</code></em>,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>class</code></em>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          and
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>domain-name</code></em>.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          If
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>class</code></em>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          is omitted, IN (internet) is assumed.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <span><strong class="command">[<span class="optional">prereq</span>] yxrrset</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt           {domain-name}
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt           [class]
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt           {type}
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          This requires that a resource record of the specified
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>type</code></em>,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>class</code></em>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          and
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>domain-name</code></em>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          must exist.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          If
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>class</code></em>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          is omitted, IN (internet) is assumed.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <span><strong class="command">[<span class="optional">prereq</span>] yxrrset</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt           {domain-name}
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt           [class]
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt           {type}
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt           {data...}
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          The
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>data</code></em>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          from each set of prerequisites of this form
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          sharing a common
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>type</code></em>,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>class</code></em>,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          and
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>domain-name</code></em>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          are combined to form a set of RRs.  This set of RRs must
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          exactly match the set of RRs existing in the zone at the
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          given
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>type</code></em>,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>class</code></em>,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          and
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>domain-name</code></em>.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          The
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>data</code></em>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          are written in the standard text representation of the resource
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          record's
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          RDATA.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <span><strong class="command">[<span class="optional">update</span>] del[<span class="optional">ete</span>]</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt           {domain-name}
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt           [ttl]
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt           [class]
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt           [type [data...]]
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt        </span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          Deletes any resource records named
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>domain-name</code></em>.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          If
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>type</code></em>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          and
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>data</code></em>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          is provided, only matching resource records will be removed.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          The internet class is assumed if
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>class</code></em>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          is not supplied.  The
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>ttl</code></em>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          is ignored, and is only allowed for compatibility.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <span><strong class="command">[<span class="optional">update</span>] add</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt           {domain-name}
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt           {ttl}
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt           [class]
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt           {type}
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt           {data...}
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          Adds a new resource record with the specified
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>ttl</code></em>,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>class</code></em>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          and
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <em class="parameter"><code>data</code></em>.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <span><strong class="command">show</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          Displays the current message, containing all of the
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt          prerequisites and
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          updates specified since the last send.
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt        </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <span><strong class="command">send</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </span></dt>
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          Sends the current message.  This is equivalent to entering a
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          blank line.
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt        </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <span><strong class="command">answer</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          Displays the answer.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <span><strong class="command">debug</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          Turn on debugging.
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt        </p></dd>
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt<dt><span class="term">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <span><strong class="command">version</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          Print version number.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          <span><strong class="command">help</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt          Print a list of commands.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</dl></div>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt    </p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      Lines beginning with a semicolon are comments and are ignored.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt    </p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</div>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<div class="refsect1" lang="en">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<a name="id2545012"></a><h2>EXAMPLES</h2>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      The examples below show how
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      <span><strong class="command">nsupdate</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      could be used to insert and delete resource records from the
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      <span class="type">example.com</span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      zone.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      Notice that the input in each example contains a trailing blank line so
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      that
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      a group of commands are sent as one dynamic update request to the
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      master name server for
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      <span class="type">example.com</span>.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      </p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<pre class="programlisting">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt# nsupdate
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt&gt; update delete oldhost.example.com A
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt&gt; update add newhost.example.com 86400 A 172.16.1.1
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt&gt; send
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</pre>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt    </p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      Any A records for
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      <span class="type">oldhost.example.com</span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      are deleted.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      And an A record for
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      <span class="type">newhost.example.com</span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      with IP address 172.16.1.1 is added.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      The newly-added record has a 1 day TTL (86400 seconds).
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      </p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<pre class="programlisting">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt# nsupdate
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt&gt; prereq nxdomain nickname.example.com
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt&gt; update add nickname.example.com 86400 CNAME somehost.example.com
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt&gt; send
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</pre>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt    </p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      The prerequisite condition gets the name server to check that there
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      are no resource records of any type for
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      <span class="type">nickname.example.com</span>.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      If there are, the update request fails.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      If this name does not exist, a CNAME for it is added.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      This ensures that when the CNAME is added, it cannot conflict with the
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt      long-standing rule in RFC 1034 that a name must not exist as any other
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      record type if it exists as a CNAME.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      (The rule has been updated for DNSSEC in RFC 2535 to allow CNAMEs to have
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      RRSIG, DNSKEY and NSEC records.)
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt    </p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</div>
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt<div class="refsect1" lang="en">
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt<a name="id2545056"></a><h2>FILES</h2>
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt<div class="variablelist"><dl>
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        used to identify default name server
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term"><code class="constant">/var/run/named/session.key</code></span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        sets the default TSIG key for use in local-only mode
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term"><code class="constant">K{name}.+157.+{random}.key</code></span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        base-64 encoding of HMAC-MD5 key created by
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term"><code class="constant">K{name}.+157.+{random}.private</code></span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dd><p>
a747113422afaa29ce72d2c5ba7f0b7ea9ec2054Evan Hunt        base-64 encoding of HMAC-MD5 key created by
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt        <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      </p></dd>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</dl></div>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</div>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<div class="refsect1" lang="en">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<a name="id2545142"></a><h2>SEE ALSO</h2>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      <em class="citetitle">RFC 2136</em>,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      <em class="citetitle">RFC 3007</em>,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      <em class="citetitle">RFC 2104</em>,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      <em class="citetitle">RFC 2845</em>,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      <em class="citetitle">RFC 1034</em>,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      <em class="citetitle">RFC 2535</em>,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      <em class="citetitle">RFC 2931</em>,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      <span class="citerefentry"><span class="refentrytitle">ddns-confgen</span>(8)</span>,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt    </p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</div>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<div class="refsect1" lang="en">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<a name="id2545200"></a><h2>BUGS</h2>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      The TSIG key is redundantly stored in two separate files.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      This is a consequence of nsupdate using the DST library
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      for its cryptographic operations, and may change in future
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt      releases.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt    </p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</div>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</div></body>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt</html>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt