bin/nsupdate/nsupdate.html

	nsupdate.html revision 605b07cadd58ff1d8f89ddf277451ee87a542f9b
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<!--
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
a02a0a8a7eb461619931f4a0e896afa247b52c54Mark Andrews - Copyright (C) 2000-2003 Internet Software Consortium.
72cbea34c935116215846c88a94a3c21ec8c1827Mark Andrews -
4e3c7a22ea3219f680e09540ee12bb326fc2ccedMark Andrews - Permission to use, copy, modify, and distribute this software for any
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews - purpose with or without fee is hereby granted, provided that the above
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews - copyright notice and this permission notice appear in all copies.
a3b428812703d22a605a9f882e71ed65f0ffdc65Mark Andrews -
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
01bf5871f8861eb805dd8ca79bdb9b0b9e4e6a5eMark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
0756445a735e2df39bf798d8de42ae5dd030aa3bMark Andrews - PERFORMANCE OF THIS SOFTWARE.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews-->
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<!-- $Id: nsupdate.html,v 1.29 2006/01/29 22:57:15 marka Exp $ -->
f8f37672a57524560fbdde52484e6ae3de1c3354Mark Andrews<html>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<head>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<title>nsupdate</title>
0756445a735e2df39bf798d8de42ae5dd030aa3bMark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews</head>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews<a name="id2463721"></a><div class="titlepage"></div>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<div class="refnamediv">
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews<h2>Name</h2>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews<p>nsupdate &#8212; Dynamic DNS update utility</p>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson</div>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews<div class="refsynopsisdiv">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<h2>Synopsis</h2>
a3b428812703d22a605a9f882e71ed65f0ffdc65Mark Andrews<div class="cmdsynopsis"><p><code class="command">nsupdate</code>  [<code class="option">-d</code>] [[<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] |  [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-v</code>] [filename]</p></div>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews</div>
bac2ed6ec3fbb5420e6ce69dd1218745d4e02b1eMark Andrews<div class="refsect1" lang="en">
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews<a name="id2525910"></a><h2>DESCRIPTION</h2>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<p><span><strong class="command">nsupdate</strong></span>
bac2ed6ec3fbb5420e6ce69dd1218745d4e02b1eMark Andrews      is used to submit Dynamic DNS Update requests as defined in RFC2136
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      to a name server.
4038ab55037184d76153afd3c469aa8c85adf85dMark Andrews      This allows resource records to be added or removed from a zone
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews      without manually editing the zone file.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      A single update request can contain requests to add or remove more than
bac2ed6ec3fbb5420e6ce69dd1218745d4e02b1eMark Andrews      one
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      resource record.
ede29aeb412c5448ab9a2028763ae08e7887ca74Mark Andrews    </p>
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews<p>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      Zones that are under dynamic control via
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews      <span><strong class="command">nsupdate</strong></span>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson      or a DHCP server should not be edited by hand.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews      Manual edits could
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews      conflict with dynamic updates and cause data to be lost.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson    </p>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews<p>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews      The resource records that are dynamically added or removed with
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson      <span><strong class="command">nsupdate</strong></span>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews      have to be in the same zone.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      Requests are sent to the zone's master server.
26a77b80bb7ee886c6fa704348d5e80a011d8811Mark Andrews      This is identified by the MNAME field of the zone's SOA record.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews    </p>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews<p>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      The
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      <code class="option">-d</code>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      option makes
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews      <span><strong class="command">nsupdate</strong></span>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      operate in debug mode.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      This provides tracing information about the update requests that are
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      made and the replies received from the name server.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews    </p>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews<p>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson      Transaction signatures can be used to authenticate the Dynamic DNS
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews      updates.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews      These use the TSIG resource record type described in RFC2845 or the
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson      SIG(0) record described in RFC3535 and RFC2931.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews      TSIG relies on a shared secret that should only be known to
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson      <span><strong class="command">nsupdate</strong></span> and the name server.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews      Currently, the only supported encryption algorithm for TSIG is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      HMAC-MD5, which is defined in RFC 2104.
c25080dc50542213058c240226c9f342186e6285Mark Andrews      Once other algorithms are defined for TSIG, applications will need to
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      ensure they select the appropriate algorithm as well as the key when
413988c8166976498250c0ebb2e3a645d0366bd3Mark Andrews      authenticating each other.
0756445a735e2df39bf798d8de42ae5dd030aa3bMark Andrews      For instance suitable
642e0716c8b4ab82ebc8e60f94c9e897ee89f19aMark Andrews      <span class="type">key</span>
c25080dc50542213058c240226c9f342186e6285Mark Andrews      and
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      <span class="type">server</span>
413988c8166976498250c0ebb2e3a645d0366bd3Mark Andrews      statements would be added to
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      <code class="filename">/etc/named.conf</code>
c25080dc50542213058c240226c9f342186e6285Mark Andrews      so that the name server can associate the appropriate secret key
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      and algorithm with the IP address of the
413988c8166976498250c0ebb2e3a645d0366bd3Mark Andrews      client application that will be using TSIG authentication.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      SIG(0) uses public key cryptography.  To use a SIG(0) key, the public
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      key must be stored in a KEY record in a zone served by the name server.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      <span><strong class="command">nsupdate</strong></span>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      does not read
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      <code class="filename">/etc/named.conf</code>.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews    </p>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews<p><span><strong class="command">nsupdate</strong></span>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      uses the <code class="option">-y</code> or <code class="option">-k</code> option
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      to provide the shared secret needed to generate a TSIG record
642e0716c8b4ab82ebc8e60f94c9e897ee89f19aMark Andrews      for authenticating Dynamic DNS update requests, default type
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      HMAC-MD5.  These options are mutually exclusive.  With the
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      <code class="option">-k</code> option, <span><strong class="command">nsupdate</strong></span> reads
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      the shared secret from the file <em class="parameter"><code>keyfile</code></em>,
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      whose name is of the form
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      <code class="filename">K{name}.+157.+{random}.private</code>.  For
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      historical reasons, the file
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      <code class="filename">K{name}.+157.+{random}.key</code> must also be
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      present.  When the <code class="option">-y</code> option is used, a
c25080dc50542213058c240226c9f342186e6285Mark Andrews      signature is generated from
413988c8166976498250c0ebb2e3a645d0366bd3Mark Andrews      [<span class="optional"><em class="parameter"><code>hmac:</code></em></span>]<em class="parameter"><code>keyname:secret.</code></em>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      <em class="parameter"><code>keyname</code></em> is the name of the key, and
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      <em class="parameter"><code>secret</code></em> is the base64 encoded shared
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      secret.  Use of the <code class="option">-y</code> option is discouraged
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      because the shared secret is supplied as a command line
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      argument in clear text.  This may be visible in the output
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      from
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span> or in a history file maintained by the user's
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      shell.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews    </p>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews<p>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      The <code class="option">-k</code> may also be used to specify a SIG(0) key used
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      to authenticate Dynamic DNS update requests.  In this case, the key
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews      specified is not an HMAC-MD5 key.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews    </p>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews<p>
642e0716c8b4ab82ebc8e60f94c9e897ee89f19aMark Andrews      By default
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      <span><strong class="command">nsupdate</strong></span>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      uses UDP to send update requests to the name server unless they are too
c25080dc50542213058c240226c9f342186e6285Mark Andrews      large to fit in a UDP request in which case TCP will be used.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      The
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews      <code class="option">-v</code>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      option makes
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      <span><strong class="command">nsupdate</strong></span>
ca12f7f4cf72e2368ee946f3eb4915ab73576cdcMark Andrews      use a TCP connection.
c25080dc50542213058c240226c9f342186e6285Mark Andrews      This may be preferable when a batch of update requests is made.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews    </p>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews<p>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      The <code class="option">-t</code> option sets the maximum time a update request
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      can
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews      take before it is aborted.  The default is 300 seconds.  Zero can be
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      used
642e0716c8b4ab82ebc8e60f94c9e897ee89f19aMark Andrews      to disable the timeout.
0756445a735e2df39bf798d8de42ae5dd030aa3bMark Andrews    </p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<p>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews      The <code class="option">-u</code> option sets the UDP retry interval.  The default
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews      is
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson      3 seconds.  If zero the interval will be computed from the timeout
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews      interval
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews      and number of UDP retries.
ca12f7f4cf72e2368ee946f3eb4915ab73576cdcMark Andrews    </p>
7c40ffd67bd1e73907f83a79a6ff8c635f4a4a74Mark Andrews<p>
0756445a735e2df39bf798d8de42ae5dd030aa3bMark Andrews      The <code class="option">-r</code> option sets the number of UDP retries. The
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      default is
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews      3.  If zero only one update request will be made.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews    </p>
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews</div>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<div class="refsect1" lang="en">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<a name="id2526206"></a><h2>INPUT FORMAT</h2>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews<p><span><strong class="command">nsupdate</strong></span>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson      reads input from
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews      <em class="parameter"><code>filename</code></em>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      or standard input.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews      Each command is supplied on exactly one line of input.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      Some commands are for administrative purposes.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      The others are either update instructions or prerequisite checks on the
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      contents of the zone.
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews      These checks set conditions that some name or set of
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      resource records (RRset) either exists or is absent from the zone.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      These conditions must be met if the entire update request is to succeed.
5752b9e296f14034f103149f18188770c2cc5239Mark Andrews      Updates will be rejected if the tests for the prerequisite conditions
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews      fail.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews    </p>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<p>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      Every update request consists of zero or more prerequisites
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      and zero or more updates.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews      This allows a suitably authenticated update request to proceed if some
e076d0c88be69de7c190ab924d095e69d2e11f7aAndreas Gustafsson      specified resource records are present or missing from the zone.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews      A blank input line (or the <span><strong class="command">send</strong></span> command)
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      causes the
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      accumulated commands to be sent as one Dynamic DNS update request to the
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      name server.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews    </p>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<p>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews      The command formats and their meaning are as follows:
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews      </p>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews<div class="variablelist"><dl>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">server</code>  {servername} [port]</p></div></span></dt>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews<dd><p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              Sends all dynamic update requests to the name server
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              <em class="parameter"><code>servername</code></em>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              When no server statement is provided,
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews              <span><strong class="command">nsupdate</strong></span>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews              will send updates to the master server of the correct zone.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews              The MNAME field of that zone's SOA record will identify the
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews              master
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews              server for that zone.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews              <em class="parameter"><code>port</code></em>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews              is the port number on
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews              <em class="parameter"><code>servername</code></em>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              where the dynamic update requests get sent.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews              If no port number is specified, the default DNS port number of
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              53 is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              used.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            </p></dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">local</code>  {address} [port]</p></div></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd><p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              Sends all dynamic update requests using the local
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              <em class="parameter"><code>address</code></em>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              When no local statement is provided,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              <span><strong class="command">nsupdate</strong></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              will send updates using an address and port chosen by the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              system.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              <em class="parameter"><code>port</code></em>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              can additionally be used to make requests come from a specific
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              port.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              If no port number is specified, the system will assign one.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            </p></dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">zone</code>  {zonename}</p></div></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd><p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              Specifies that all updates are to be made to the zone
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              <em class="parameter"><code>zonename</code></em>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              If no
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              <em class="parameter"><code>zone</code></em>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              statement is provided,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              <span><strong class="command">nsupdate</strong></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              will attempt determine the correct zone to update based on the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              rest of the input.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            </p></dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">class</code>  {classname}</p></div></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd><p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              Specify the default class.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              If no <em class="parameter"><code>class</code></em> is specified the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              default class is
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              <em class="parameter"><code>IN</code></em>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            </p></dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">key</code>  {name} {secret}</p></div></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd><p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              Specifies that all updates are to be TSIG signed using the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              <em class="parameter"><code>keyname</code></em> <em class="parameter"><code>keysecret</code></em> pair.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              The <span><strong class="command">key</strong></span> command
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              overrides any key specified on the command line via
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              <code class="option">-y</code> or <code class="option">-k</code>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            </p></dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">prereq nxdomain</code>  {domain-name}</p></div></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd><p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              Requires that no resource record of any type exists with name
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              <em class="parameter"><code>domain-name</code></em>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            </p></dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">prereq yxdomain</code>  {domain-name}</p></div></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd><p>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews              Requires that
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews              <em class="parameter"><code>domain-name</code></em>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              exists (has as at least one resource record, of any type).
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington            </p></dd>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">prereq nxrrset</code>  {domain-name} [class] {type}</p></div></span></dt>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<dd><p>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington              Requires that no resource record exists of the specified
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington              <em class="parameter"><code>type</code></em>,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              <em class="parameter"><code>class</code></em>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              and
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington              <em class="parameter"><code>domain-name</code></em>.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington              If
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington              <em class="parameter"><code>class</code></em>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews              is omitted, IN (internet) is assumed.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            </p></dd>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">prereq yxrrset</code>  {domain-name} [class] {type}</p></div></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd><p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              This requires that a resource record of the specified
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              <em class="parameter"><code>type</code></em>,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              <em class="parameter"><code>class</code></em>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews              and
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews              <em class="parameter"><code>domain-name</code></em>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews              must exist.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews              If
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews              <em class="parameter"><code>class</code></em>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews              is omitted, IN (internet) is assumed.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews            </p></dd>
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">prereq yxrrset</code>  {domain-name} [class] {type} {data...}</p></div></span></dt>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<dd><p>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews              The
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews              <em class="parameter"><code>data</code></em>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews              from each set of prerequisites of this form
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews              sharing a common
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews              <em class="parameter"><code>type</code></em>,
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews              <em class="parameter"><code>class</code></em>,
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews              and
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews              <em class="parameter"><code>domain-name</code></em>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              are combined to form a set of RRs.  This set of RRs must
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews              exactly match the set of RRs existing in the zone at the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              given
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              <em class="parameter"><code>type</code></em>,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              <em class="parameter"><code>class</code></em>,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              <em class="parameter"><code>domain-name</code></em>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              The
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              <em class="parameter"><code>data</code></em>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              are written in the standard text representation of the resource
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              record's
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              RDATA.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            </p></dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">update delete</code>  {domain-name} [ttl] [class] [type  [data...]]</p></div></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd><p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              Deletes any resource records named
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              <em class="parameter"><code>domain-name</code></em>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              If
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              <em class="parameter"><code>type</code></em>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              <em class="parameter"><code>data</code></em>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              is provided, only matching resource records will be removed.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              The internet class is assumed if
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              <em class="parameter"><code>class</code></em>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews              is not supplied.  The
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews              <em class="parameter"><code>ttl</code></em>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              is ignored, and is only allowed for compatibility.
01bf5871f8861eb805dd8ca79bdb9b0b9e4e6a5eMark Andrews            </p></dd>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">update add</code>  {domain-name} {ttl} [class] {type} {data...}</p></div></span></dt>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<dd><p>
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews              Adds a new resource record with the specified
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews              <em class="parameter"><code>ttl</code></em>,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              <em class="parameter"><code>class</code></em>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews              and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              <em class="parameter"><code>data</code></em>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            </p></dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">show</code> </p></div></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd><p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              Displays the current message, containing all of the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              prerequisites and
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              updates specified since the last send.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            </p></dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">send</code> </p></div></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd><p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              Sends the current message.  This is equivalent to entering a
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              blank line.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            </p></dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">answer</code> </p></div></span></dt>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dd><p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington              Displays the answer.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            </p></dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</dl></div>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      Lines beginning with a semicolon are comments and are ignored.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</div>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews<div class="refsect1" lang="en">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<a name="id2527158"></a><h2>EXAMPLES</h2>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      The examples below show how
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      <span><strong class="command">nsupdate</strong></span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      could be used to insert and delete resource records from the
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      <span class="type">example.com</span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      zone.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      Notice that the input in each example contains a trailing blank line so
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      that
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      a group of commands are sent as one dynamic update request to the
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews      master name server for
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews      <span class="type">example.com</span>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews      </p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<pre class="programlisting">
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews# nsupdate
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews&gt; update delete oldhost.example.com A
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews&gt; update add newhost.example.com 86400 A 172.16.1.1
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews&gt; send
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews</pre>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews    </p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      Any A records for
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews      <span class="type">oldhost.example.com</span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      are deleted.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      and an A record for
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      <span class="type">newhost.example.com</span>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      it IP address 172.16.1.1 is added.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      The newly-added record has a 1 day TTL (86400 seconds)
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<pre class="programlisting">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington# nsupdate
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington&gt; prereq nxdomain nickname.example.com
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington&gt; update add nickname.example.com 86400 CNAME somehost.example.com
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington&gt; send
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington</pre>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington    </p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      The prerequisite condition gets the name server to check that there
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      are no resource records of any type for
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      <span class="type">nickname.example.com</span>.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      If there are, the update request fails.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      If this name does not exist, a CNAME for it is added.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      This ensures that when the CNAME is added, it cannot conflict with the
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews      long-standing rule in RFC1034 that a name must not exist as any other
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews      record type if it exists as a CNAME.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      (The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews      RRSIG, DNSKEY and NSEC records.)
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews    </p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews</div>
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews<div class="refsect1" lang="en">
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<a name="id2527270"></a><h2>FILES</h2>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<div class="variablelist"><dl>
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<dd><p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            used to identify default name server
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews          </p></dd>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<dt><span class="term"><code class="constant">K{name}.+157.+{random}.key</code></span></dt>
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews<dd><p>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington            base-64 encoding of HMAC-MD5 key created by
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews            <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          </p></dd>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<dt><span class="term"><code class="constant">K{name}.+157.+{random}.private</code></span></dt>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<dd><p>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington            base-64 encoding of HMAC-MD5 key created by
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington            <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews          </p></dd>
83a810eba60ae87341a2d177ff60d834e26d7a90Mark Andrews</dl></div>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington</div>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews<div class="refsect1" lang="en">
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<a name="id2527408"></a><h2>SEE ALSO</h2>
2bef3713093349af52ba61eaab07adf3207da873Mark Andrews<p><span class="citerefentry"><span class="refentrytitle">RFC2136</span></span>,
2bef3713093349af52ba61eaab07adf3207da873Mark Andrews      <span class="citerefentry"><span class="refentrytitle">RFC3007</span></span>,
2bef3713093349af52ba61eaab07adf3207da873Mark Andrews      <span class="citerefentry"><span class="refentrytitle">RFC2104</span></span>,
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews      <span class="citerefentry"><span class="refentrytitle">RFC2845</span></span>,
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews      <span class="citerefentry"><span class="refentrytitle">RFC1034</span></span>,
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews      <span class="citerefentry"><span class="refentrytitle">RFC2535</span></span>,
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews      <span class="citerefentry"><span class="refentrytitle">RFC2931</span></span>,
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
83a810eba60ae87341a2d177ff60d834e26d7a90Mark Andrews      <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews    </p>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews</div>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews<div class="refsect1" lang="en">
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews<a name="id2527478"></a><h2>BUGS</h2>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews<p>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews      The TSIG key is redundantly stored in two separate files.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews      This is a consequence of nsupdate using the DST library
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews      for its cryptographic operations, and may change in future
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews      releases.
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews    </p>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews</div>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews</div></body>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews</html>
01bf5871f8861eb805dd8ca79bdb9b0b9e4e6a5eMark Andrews