nsupdate.html revision d4ef65050feac78554addf6e16a06c6e2e0bd331
86f221492f6f6b71c1114e3edba7373aa93d906bMark Andrews - Copyright (C) 2001 Internet Software Consortium.
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt - Permission to use, copy, modify, and distribute this software for any
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt - purpose with or without fee is hereby granted, provided that the above
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt - copyright notice and this permission notice appear in all copies.
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt<!-- $Id: nsupdate.html,v 1.3 2001/04/10 21:50:49 bwelling Exp $ -->
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt>nsupdate</TITLE
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntNAME="GENERATOR"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCONTENT="Modular DocBook HTML Stylesheet Version 1.61
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="REFENTRY"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntBGCOLOR="#FFFFFF"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntTEXT="#000000"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntLINK="#0000FF"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntVLINK="#840084"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntALINK="#0000FF"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="REFNAMEDIV"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt>nsupdate -- Dynamic DNS update utility</DIV
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="REFSYNOPSISDIV"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt>Synopsis</H2
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="COMMAND"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="OPTION"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="OPTION"
86f221492f6f6b71c1114e3edba7373aa93d906bMark AndrewsCLASS="REPLACEABLE"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt>keyname:secret</I
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="OPTION"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="REPLACEABLE"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="OPTION"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt>] [filename]</P
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="REFSECT1"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt>DESCRIPTION</H2
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="COMMAND"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntis used to submit Dynamic DNS Update requests as defined in RFC2136
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntto a name server.
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntThis allows resource records to be added or removed from a zone
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntwithout manually editing the zone file.
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntA single update request can contain requests to add or remove more than one
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntresource record.</P
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt>Zones that are under dynamic control via
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="COMMAND"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntor a DHCP server should not be edited by hand.
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntManual edits could
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntconflict with dynamic updates and cause data to be lost.</P
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt>The resource records that are dynamically added or removed with
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="COMMAND"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunthave to be in the same zone.
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntRequests are sent to the zone's master server.
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntThis is identified by the MNAME field of the zone's SOA record.</P
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="OPTION"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="COMMAND"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntoperate in debug mode.
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntThis provides tracing information about the update requests that are
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntmade and the replies received from the name server.</P
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt>Transaction signatures can be used to authenticate the Dynamic DNS
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntThese use the TSIG resource record type described in RFC2845.
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntThe signatures rely on a shared secret that should only be known to
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="COMMAND"
86f221492f6f6b71c1114e3edba7373aa93d906bMark Andrewsand the name server.
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCurrently, the only supported encryption algorithm for TSIG is
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntHMAC-MD5, which is defined in RFC 2104.
86f221492f6f6b71c1114e3edba7373aa93d906bMark AndrewsOnce other algorithms are defined for TSIG, applications will need to
86f221492f6f6b71c1114e3edba7373aa93d906bMark Andrewsensure they select the appropriate algorithm as well as the key when
86f221492f6f6b71c1114e3edba7373aa93d906bMark Andrewsauthenticating each other.
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntFor instance suitable
86f221492f6f6b71c1114e3edba7373aa93d906bMark Andrews>server</SPAN
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntstatements would be added to
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="FILENAME"
86f221492f6f6b71c1114e3edba7373aa93d906bMark Andrewsso that the name server can associate the appropriate secret key
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntand algorithm with the IP address of the
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntclient application that will be using TSIG authentication.
86f221492f6f6b71c1114e3edba7373aa93d906bMark AndrewsCLASS="COMMAND"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntdoes not read
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="FILENAME"
86f221492f6f6b71c1114e3edba7373aa93d906bMark AndrewsCLASS="COMMAND"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="OPTION"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="OPTION"
86f221492f6f6b71c1114e3edba7373aa93d906bMark Andrewsoption to provide the shared secret needed to generate a TSIG record
86f221492f6f6b71c1114e3edba7373aa93d906bMark Andrewsfor authenticating Dynamic DNS update requests.
86f221492f6f6b71c1114e3edba7373aa93d906bMark AndrewsThese options are mutually exclusive.
86f221492f6f6b71c1114e3edba7373aa93d906bMark AndrewsCLASS="OPTION"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="COMMAND"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntreads the shared secret from the file
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="PARAMETER"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntwhose name is of the form
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="FILENAME"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt>K{name}.+157.+{random}.private</TT
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntFor historical
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntreasons, the file
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="FILENAME"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt>K{name}.+157.+{random}.key</TT
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntmust also be present. When the
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="OPTION"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntoption is used, a signature is generated from
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="PARAMETER"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt>keyname:secret.</I
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="PARAMETER"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntis the name of the key,
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="PARAMETER"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntis the base64 encoded shared secret.
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="OPTION"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntoption is discouraged because the shared secret is supplied as a command
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntline argument in clear text.
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntThis may be visible in the output from
86f221492f6f6b71c1114e3edba7373aa93d906bMark AndrewsCLASS="CITEREFENTRY"
86f221492f6f6b71c1114e3edba7373aa93d906bMark AndrewsCLASS="REFENTRYTITLE"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntor in a history file maintained by the user's shell.</P
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="COMMAND"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntuses UDP to send update requests to the name server.
86f221492f6f6b71c1114e3edba7373aa93d906bMark AndrewsCLASS="OPTION"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="COMMAND"
86f221492f6f6b71c1114e3edba7373aa93d906bMark Andrewsuse a TCP connection.
86f221492f6f6b71c1114e3edba7373aa93d906bMark AndrewsThis may be preferable when a batch of update requests is made.</P
86f221492f6f6b71c1114e3edba7373aa93d906bMark AndrewsCLASS="REFSECT1"
86f221492f6f6b71c1114e3edba7373aa93d906bMark Andrews>INPUT FORMAT</H2
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="COMMAND"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntreads input from
86f221492f6f6b71c1114e3edba7373aa93d906bMark AndrewsCLASS="PARAMETER"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntor standard input.
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntEach command is supplied on exactly one line of input.
86f221492f6f6b71c1114e3edba7373aa93d906bMark AndrewsSome commands are for administrative purposes.
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntThe others are either update instructions or prerequisite checks on the
86f221492f6f6b71c1114e3edba7373aa93d906bMark Andrewscontents of the zone.
86f221492f6f6b71c1114e3edba7373aa93d906bMark AndrewsThese checks set conditions that some name or set of
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntresource records (RRset) either exists or is absent from the zone.
86f221492f6f6b71c1114e3edba7373aa93d906bMark AndrewsThese conditions must be met if the entire update request is to succeed.
86f221492f6f6b71c1114e3edba7373aa93d906bMark AndrewsUpdates will be rejected if the tests for the prerequisite conditions fail.</P
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt>Every update request consists of zero or more prerequisites
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntand zero or more updates.
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntThis allows a suitably authenticated update request to proceed if some
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntspecified resource records are present or missing from the zone.
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntA blank input line causes the accumulated commands to be sent as one Dynamic
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntDNS update request to the name server.</P
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt>The command formats and their meaning are as follows:
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="VARIABLELIST"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="COMMAND"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt> {servername} [port]</P
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt>Sends all dynamic update requests to the name server
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="PARAMETER"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt>servername</I
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntWhen no server statement is provided,
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="COMMAND"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntwill send updates to the master server of the correct zone.
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntThe MNAME field of that zone's SOA record will identify the master
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntserver for that zone.
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="PARAMETER"
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntis the port number on
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan HuntCLASS="PARAMETER"
> update delete oldhost.example.com A
> update add newhost.example.com 86400 A 172.16.1.1
> prereq nxdomain nickname.example.com