nsupdate.html revision 83217b5fdc70ea66fedf2ab3e9b9169c2b8a200a
b941edbeb52407b7402126ed49efdce6c4d5ea3cTinderbox User - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews - Copyright (C) 2000-2003 Internet Software Consortium
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews - Permission to use, copy, modify, and distribute this software for any
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews - purpose with or without fee is hereby granted, provided that the above
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews - copyright notice and this permission notice appear in all copies.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
70e5a7403f0e0a3bd292b8287c5fed5772c15270Automatic Updater<!-- $Id: nsupdate.html,v 1.21 2005/05/12 23:54:26 sra Exp $ -->
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.68.1">
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews<a name="id2456693"></a><div class="titlepage"></div>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews<p>nsupdate — Dynamic DNS update utility</p>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [[<code class="option">-y <em class="replaceable"><code>keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-v</code>] [filename]</p></div>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews<p><span><strong class="command">nsupdate</strong></span>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews is used to submit Dynamic DNS Update requests as defined in RFC2136
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews to a name server.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews This allows resource records to be added or removed from a zone
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews without manually editing the zone file.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews A single update request can contain requests to add or remove more than
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews resource record.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Zones that are under dynamic control via
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <span><strong class="command">nsupdate</strong></span>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews or a DHCP server should not be edited by hand.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Manual edits could
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews conflict with dynamic updates and cause data to be lost.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews The resource records that are dynamically added or removed with
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <span><strong class="command">nsupdate</strong></span>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews have to be in the same zone.
aae306e914255e5fb477295f67e5e13201ded6d1Tinderbox User Requests are sent to the zone's master server.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews This is identified by the MNAME field of the zone's SOA record.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews option makes
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <span><strong class="command">nsupdate</strong></span>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews operate in debug mode.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews This provides tracing information about the update requests that are
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews made and the replies received from the name server.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Transaction signatures can be used to authenticate the Dynamic DNS
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews These use the TSIG resource record type described in RFC2845 or the
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews SIG(0) record described in RFC3535 and RFC2931.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews TSIG relies on a shared secret that should only be known to
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <span><strong class="command">nsupdate</strong></span> and the name server.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Currently, the only supported encryption algorithm for TSIG is
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews HMAC-MD5, which is defined in RFC 2104.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Once other algorithms are defined for TSIG, applications will need to
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews ensure they select the appropriate algorithm as well as the key when
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews authenticating each other.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews For instance suitable
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews statements would be added to
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews so that the name server can associate the appropriate secret key
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews and algorithm with the IP address of the
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews client application that will be using TSIG authentication.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews SIG(0) uses public key cryptography. To use a SIG(0) key, the public
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews key must be stored in a KEY record in a zone served by the name server.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <span><strong class="command">nsupdate</strong></span>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews does not read
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews<p><span><strong class="command">nsupdate</strong></span>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews uses the <code class="option">-y</code> or <code class="option">-k</code>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews option (with an HMAC-MD5 key) to provide the shared secret needed to
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews a TSIG record for authenticating Dynamic DNS update requests.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews These options are mutually exclusive.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <span><strong class="command">nsupdate</strong></span>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews reads the shared secret from the file
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <em class="parameter"><code>keyfile</code></em>,
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews whose name is of the form
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <code class="filename">K{name}.+157.+{random}.private</code>.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews For historical
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews reasons, the file
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <code class="filename">K{name}.+157.+{random}.key</code>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews must also be present. When the
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews option is used, a signature is generated from
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <em class="parameter"><code>keyname:secret.</code></em>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <em class="parameter"><code>keyname</code></em>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews is the name of the key,
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews is the base64 encoded shared secret.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews option is discouraged because the shared secret is supplied as a command
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews line argument in clear text.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews This may be visible in the output from
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews or in a history file maintained by the user's shell.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews The <code class="option">-k</code> may also be used to specify a SIG(0) key used
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews to authenticate Dynamic DNS update requests. In this case, the key
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews specified is not an HMAC-MD5 key.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <span><strong class="command">nsupdate</strong></span>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews uses UDP to send update requests to the name server unless they are too
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews large to fit in a UDP request in which case TCP will be used.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews option makes
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <span><strong class="command">nsupdate</strong></span>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews use a TCP connection.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews This may be preferable when a batch of update requests is made.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews The <code class="option">-t</code> option sets the maximum time a update request
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews take before it is aborted. The default is 300 seconds. Zero can be
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews to disable the timeout.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews The <code class="option">-u</code> option sets the UDP retry interval. The default
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews 3 seconds. If zero the interval will be computed from the timeout
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews and number of UDP retries.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews The <code class="option">-r</code> option sets the number of UDP retries. The
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews 3. If zero only one update request will be made.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews<p><span><strong class="command">nsupdate</strong></span>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews reads input from
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <em class="parameter"><code>filename</code></em>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews or standard input.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Each command is supplied on exactly one line of input.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Some commands are for administrative purposes.
444f2a8efd07b9b4472781fbab89208eb1c4c5f5Mark Andrews The others are either update instructions or prerequisite checks on the
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews contents of the zone.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews These checks set conditions that some name or set of
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews resource records (RRset) either exists or is absent from the zone.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews These conditions must be met if the entire update request is to succeed.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Updates will be rejected if the tests for the prerequisite conditions
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Every update request consists of zero or more prerequisites
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews and zero or more updates.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews This allows a suitably authenticated update request to proceed if some
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews specified resource records are present or missing from the zone.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews A blank input line (or the <span><strong class="command">send</strong></span> command)
444f2a8efd07b9b4472781fbab89208eb1c4c5f5Mark Andrews accumulated commands to be sent as one Dynamic DNS update request to the
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews name server.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews The command formats and their meaning are as follows:
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">server</code> {servername} [port]</p></div></span></dt>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Sends all dynamic update requests to the name server
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <em class="parameter"><code>servername</code></em>.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews When no server statement is provided,
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <span><strong class="command">nsupdate</strong></span>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews will send updates to the master server of the correct zone.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews The MNAME field of that zone's SOA record will identify the
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews server for that zone.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews is the port number on
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <em class="parameter"><code>servername</code></em>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews where the dynamic update requests get sent.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews If no port number is specified, the default DNS port number of
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">local</code> {address} [port]</p></div></span></dt>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Sends all dynamic update requests using the local
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <em class="parameter"><code>address</code></em>.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews When no local statement is provided,
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <span><strong class="command">nsupdate</strong></span>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews will send updates using an address and port chosen by the
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews can additionally be used to make requests come from a specific
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews If no port number is specified, the system will assign one.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">zone</code> {zonename}</p></div></span></dt>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Specifies that all updates are to be made to the zone
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <em class="parameter"><code>zonename</code></em>.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews statement is provided,
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <span><strong class="command">nsupdate</strong></span>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews will attempt determine the correct zone to update based on the
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews rest of the input.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">class</code> {classname}</p></div></span></dt>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Specify the default class.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews If no <em class="parameter"><code>class</code></em> is specified the
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews default class is
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">key</code> {name} {secret}</p></div></span></dt>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Specifies that all updates are to be TSIG signed using the
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <em class="parameter"><code>keyname</code></em> <em class="parameter"><code>keysecret</code></em> pair.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews The <span><strong class="command">key</strong></span> command
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews overrides any key specified on the command line via
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <code class="option">-y</code> or <code class="option">-k</code>.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">prereq nxdomain</code> {domain-name}</p></div></span></dt>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Requires that no resource record of any type exists with name
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <em class="parameter"><code>domain-name</code></em>.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">prereq yxdomain</code> {domain-name}</p></div></span></dt>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Requires that
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <em class="parameter"><code>domain-name</code></em>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews exists (has as at least one resource record, of any type).
45f36932943c02159a8907380fc79dd70e2184f1Evan Hunt<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">prereq nxrrset</code> {domain-name} [class] {type}</p></div></span></dt>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Requires that no resource record exists of the specified
45f36932943c02159a8907380fc79dd70e2184f1Evan Hunt <em class="parameter"><code>domain-name</code></em>.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews is omitted, IN (internet) is assumed.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">prereq yxrrset</code> {domain-name} [class] {type}</p></div></span></dt>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews This requires that a resource record of the specified
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <em class="parameter"><code>domain-name</code></em>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews is omitted, IN (internet) is assumed.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">prereq yxrrset</code> {domain-name} [class] {type} {data...}</p></div></span></dt>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews from each set of prerequisites of this form
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews sharing a common
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <em class="parameter"><code>domain-name</code></em>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews are combined to form a set of RRs. This set of RRs must
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews exactly match the set of RRs existing in the zone at the
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <em class="parameter"><code>domain-name</code></em>.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews are written in the standard text representation of the resource
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">update delete</code> {domain-name} [ttl] [class] [type [data...]]</p></div></span></dt>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Deletes any resource records named
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <em class="parameter"><code>domain-name</code></em>.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews is provided, only matching resource records will be removed.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews The internet class is assumed if
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews is not supplied. The
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews is ignored, and is only allowed for compatibility.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">update add</code> {domain-name} {ttl} [class] {type} {data...}</p></div></span></dt>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Adds a new resource record with the specified
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">show</code> </p></div></span></dt>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Displays the current message, containing all of the
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews prerequisites and
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews updates specified since the last send.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">send</code> </p></div></span></dt>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Sends the current message. This is equivalent to entering a
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews<dt><span class="term"><div class="cmdsynopsis"><p><code class="command">answer</code> </p></div></span></dt>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Displays the answer.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Lines beginning with a semicolon are comments and are ignored.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews The examples below show how
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <span><strong class="command">nsupdate</strong></span>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews could be used to insert and delete resource records from the
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Notice that the input in each example contains a trailing blank line so
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews a group of commands are sent as one dynamic update request to the
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews master name server for
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews> update delete oldhost.example.com A
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews> update add newhost.example.com 86400 A 172.16.1.1
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews Any A records for
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews are deleted.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews and an A record for
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews it IP address 172.16.1.1 is added.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews The newly-added record has a 1 day TTL (86400 seconds)
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews> prereq nxdomain nickname.example.com
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews> update add nickname.example.com 86400 CNAME somehost.example.com
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews The prerequisite condition gets the name server to check that there
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews are no resource records of any type for
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <span class="type">nickname.example.com</span>.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews If there are, the update request fails.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews If this name does not exist, a CNAME for it is added.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews This ensures that when the CNAME is added, it cannot conflict with the
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews long-standing rule in RFC1034 that a name must not exist as any other
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews record type if it exists as a CNAME.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews (The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews RRSIG, DNSKEY and NSEC records.)
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews used to identify default name server
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews<dt><span class="term"><code class="constant">K{name}.+157.+{random}.key</code></span></dt>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews base-64 encoding of HMAC-MD5 key created by
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews<dt><span class="term"><code class="constant">K{name}.+157.+{random}.private</code></span></dt>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews base-64 encoding of HMAC-MD5 key created by
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews<p><span class="citerefentry"><span class="refentrytitle">RFC2136</span></span>,
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <span class="citerefentry"><span class="refentrytitle">RFC3007</span></span>,
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <span class="citerefentry"><span class="refentrytitle">RFC2104</span></span>,
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <span class="citerefentry"><span class="refentrytitle">RFC2845</span></span>,
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <span class="citerefentry"><span class="refentrytitle">RFC1034</span></span>,
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <span class="citerefentry"><span class="refentrytitle">RFC2535</span></span>,
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <span class="citerefentry"><span class="refentrytitle">RFC2931</span></span>,
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews The TSIG key is redundantly stored in two separate files.
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews This is a consequence of nsupdate using the DST library
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews for its cryptographic operations, and may change in future