nsupdate.html revision d4ef65050feac78554addf6e16a06c6e2e0bd331
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte - Copyright (C) 2001 Internet Software Consortium.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte - Permission to use, copy, modify, and distribute this software for any
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte - purpose with or without fee is hereby granted, provided that the above
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte - copyright notice and this permission notice appear in all copies.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte<!-- $Id: nsupdate.html,v 1.3 2001/04/10 21:50:49 bwelling Exp $ -->
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>nsupdate</TITLE
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteNAME="GENERATOR"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCONTENT="Modular DocBook HTML Stylesheet Version 1.61
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="REFENTRY"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteBGCOLOR="#FFFFFF"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteTEXT="#000000"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteLINK="#0000FF"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteVLINK="#840084"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteALINK="#0000FF"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="REFNAMEDIV"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>nsupdate -- Dynamic DNS update utility</DIV
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="REFSYNOPSISDIV"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>Synopsis</H2
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="COMMAND"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="OPTION"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="OPTION"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="REPLACEABLE"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>keyname:secret</I
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="OPTION"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="REPLACEABLE"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="OPTION"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>] [filename]</P
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="REFSECT1"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>DESCRIPTION</H2
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="COMMAND"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forteis used to submit Dynamic DNS Update requests as defined in RFC2136
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forteto a name server.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteThis allows resource records to be added or removed from a zone
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Fortewithout manually editing the zone file.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteA single update request can contain requests to add or remove more than one
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forteresource record.</P
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>Zones that are under dynamic control via
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="COMMAND"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forteor a DHCP server should not be edited by hand.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteManual edits could
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forteconflict with dynamic updates and cause data to be lost.</P
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>The resource records that are dynamically added or removed with
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="COMMAND"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Fortehave to be in the same zone.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteRequests are sent to the zone's master server.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteThis is identified by the MNAME field of the zone's SOA record.</P
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="OPTION"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="COMMAND"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forteoperate in debug mode.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteThis provides tracing information about the update requests that are
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Fortemade and the replies received from the name server.</P
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>Transaction signatures can be used to authenticate the Dynamic DNS
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteThese use the TSIG resource record type described in RFC2845.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteThe signatures rely on a shared secret that should only be known to
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="COMMAND"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forteand the name server.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCurrently, the only supported encryption algorithm for TSIG is
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteHMAC-MD5, which is defined in RFC 2104.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteOnce other algorithms are defined for TSIG, applications will need to
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forteensure they select the appropriate algorithm as well as the key when
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forteauthenticating each other.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteFor instance suitable
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>server</SPAN
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Fortestatements would be added to
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="FILENAME"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forteso that the name server can associate the appropriate secret key
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forteand algorithm with the IP address of the
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forteclient application that will be using TSIG authentication.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="COMMAND"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Fortedoes not read
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="FILENAME"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="COMMAND"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="OPTION"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="OPTION"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forteoption to provide the shared secret needed to generate a TSIG record
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Fortefor authenticating Dynamic DNS update requests.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteThese options are mutually exclusive.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="OPTION"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="COMMAND"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Fortereads the shared secret from the file
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="PARAMETER"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Fortewhose name is of the form
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="FILENAME"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>K{name}.+157.+{random}.private</TT
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteFor historical
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Fortereasons, the file
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="FILENAME"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>K{name}.+157.+{random}.key</TT
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Fortemust also be present. When the
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="OPTION"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forteoption is used, a signature is generated from
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="PARAMETER"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>keyname:secret.</I
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="PARAMETER"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forteis the name of the key,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="PARAMETER"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forteis the base64 encoded shared secret.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="OPTION"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forteoption is discouraged because the shared secret is supplied as a command
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forteline argument in clear text.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteThis may be visible in the output from
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="CITEREFENTRY"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="REFENTRYTITLE"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forteor in a history file maintained by the user's shell.</P
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="COMMAND"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forteuses UDP to send update requests to the name server.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="OPTION"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="COMMAND"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forteuse a TCP connection.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteThis may be preferable when a batch of update requests is made.</P
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="REFSECT1"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>INPUT FORMAT</H2
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="COMMAND"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Fortereads input from
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="PARAMETER"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forteor standard input.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteEach command is supplied on exactly one line of input.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteSome commands are for administrative purposes.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteThe others are either update instructions or prerequisite checks on the
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Fortecontents of the zone.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteThese checks set conditions that some name or set of
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forteresource records (RRset) either exists or is absent from the zone.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteThese conditions must be met if the entire update request is to succeed.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteUpdates will be rejected if the tests for the prerequisite conditions fail.</P
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>Every update request consists of zero or more prerequisites
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forteand zero or more updates.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteThis allows a suitably authenticated update request to proceed if some
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Fortespecified resource records are present or missing from the zone.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteA blank input line causes the accumulated commands to be sent as one Dynamic
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteDNS update request to the name server.</P
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>The command formats and their meaning are as follows:
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="VARIABLELIST"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="COMMAND"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte> {servername} [port]</P
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>Sends all dynamic update requests to the name server
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="PARAMETER"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>servername</I
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteWhen no server statement is provided,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="COMMAND"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Fortewill send updates to the master server of the correct zone.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteThe MNAME field of that zone's SOA record will identify the master
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forteserver for that zone.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="PARAMETER"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forteis the port number on
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="PARAMETER"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>servername</I
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Fortewhere the dynamic update requests get sent.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteIf no port number is specified, the default DNS port number of 53 is
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="COMMAND"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte> {address} [port]</P
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>Sends all dynamic update requests using the local
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="PARAMETER"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteWhen no local statement is provided,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="COMMAND"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Fortewill send updates using an address and port choosen by the system.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="PARAMETER"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Fortecan additionally be used to make requests come from a specific port.
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteIf no port number is specified, the system will assign one. </P
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="COMMAND"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte> {zonename}</P
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>Specifies that all updates are to be made to the zone
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="PARAMETER"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="PARAMETER"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Fortestatement is provided,
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="COMMAND"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Fortewill attempt determine the correct zone to update based on the rest of the input.</P
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="COMMAND"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>prereq nxdomain</B
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte> {domain-name}</P
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>Requires that no resource record of any type exists with name
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="PARAMETER"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>domain-name</I
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="COMMAND"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>prereq yxdomain</B
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte> {domain-name}</P
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>Requires that
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="PARAMETER"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>domain-name</I
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forteexists (has as at least one resource record, of any type).</P
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="COMMAND"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>prereq nxrrset</B
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte> {domain-name} [class] {type}</P
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>Requires that no resource record exists of the specified
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="PARAMETER"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="PARAMETER"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="PARAMETER"
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn Forte>domain-name</I
fcf3ce441efd61da9bb2884968af01cb7c1452ccJohn ForteCLASS="PARAMETER"
> update delete oldhost.example.com A
> update add newhost.example.com 86400 A 172.16.1.1
> prereq nxdomain nickname.example.com