bin/nsupdate/nsupdate.html

	nsupdate.html revision edac761923fac89405f7d1e4244a11d88a89f413
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews<!--
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - Copyright (C) 2000, 2001  Internet Software Consortium.
f0aad5341752aefe5059832f6cf3abc3283c6e16Tinderbox User -
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - Permission to use, copy, modify, and distribute this software for any
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - purpose with or without fee is hereby granted, provided that the above
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - copyright notice and this permission notice appear in all copies.
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User -
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User-->
e108f2ec640e1acb54999c0ade58af606149956dTinderbox User<HTML
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews><HEAD
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews><TITLE
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>nsupdate</TITLE
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews><META
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsNAME="GENERATOR"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCONTENT="Modular DocBook HTML Stylesheet Version 1.61
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews"></HEAD
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User><BODY
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="REFENTRY"
e108f2ec640e1acb54999c0ade58af606149956dTinderbox UserBGCOLOR="#FFFFFF"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsTEXT="#000000"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsLINK="#0000FF"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsVLINK="#840084"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsALINK="#0000FF"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews><H1
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User><A
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsNAME="AEN1"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>nsupdate</A
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User></H1
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><DIV
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="REFNAMEDIV"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><A
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserNAME="AEN8"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews></A
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><H2
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>Name</H2
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>nsupdate&nbsp;--&nbsp;Dynamic DNS update utility</DIV
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><DIV
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="REFSYNOPSISDIV"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><A
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserNAME="AEN11"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User></A
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><H2
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>Synopsis</H2
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><P
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><B
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="COMMAND"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>nsupdate</B
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>  [<TT
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="OPTION"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>-d</TT
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>] [<TT
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="OPTION"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>-y <TT
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="REPLACEABLE"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><I
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>keyname:secret</I
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User></TT
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User></TT
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User> | <TT
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="OPTION"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>-k <TT
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="REPLACEABLE"
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User><I
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>keyfile</I
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User></TT
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User></TT
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>] [<TT
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="OPTION"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>-v</TT
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt>] [filename]</P
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews></DIV
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews><DIV
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="REFSECT1"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><A
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsNAME="AEN26"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews></A
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt><H2
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>DESCRIPTION</H2
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews><P
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews><B
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="COMMAND"
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt>nsupdate</B
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsis used to submit Dynamic DNS Update requests as defined in RFC2136
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsto a name server.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserThis allows resource records to be added or removed from a zone
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox Userwithout manually editing the zone file.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserA single update request can contain requests to add or remove more than one
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox Userresource record.</P
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User><P
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>Zones that are under dynamic control via
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<B
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox UserCLASS="COMMAND"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>nsupdate</B
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox Useror a DHCP server should not be edited by hand.
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox UserManual edits could
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox Userconflict with dynamic updates and cause data to be lost.</P
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><P
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>The resource records that are dynamically added or removed with
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<B
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="COMMAND"
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>nsupdate</B
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox Userhave to be in the same zone.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserRequests are sent to the zone's master server.
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox UserThis is identified by the MNAME field of the zone's SOA record.</P
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><P
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>The
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<TT
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox UserCLASS="OPTION"
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>-d</TT
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox Useroption makes
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<B
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox UserCLASS="COMMAND"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>nsupdate</B
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox Useroperate in debug mode.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox UserThis provides tracing information about the update requests that are
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox Usermade and the replies received from the name server.</P
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><P
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>Transaction signatures can be used to authenticate the Dynamic DNS
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox Userupdates.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserThese use the TSIG resource record type described in RFC2845.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserThe signatures rely on a shared secret that should only be known to
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<B
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox UserCLASS="COMMAND"
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>nsupdate</B
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox Userand the name server.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCurrently, the only supported encryption algorithm for TSIG is
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserHMAC-MD5, which is defined in RFC 2104.
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox UserOnce other algorithms are defined for TSIG, applications will need to
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox Userensure they select the appropriate algorithm as well as the key when
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox Userauthenticating each other.
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox UserFor instance suitable
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<SPAN
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="TYPE"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>key</SPAN
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox Userand
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<SPAN
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox UserCLASS="TYPE"
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>server</SPAN
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox Userstatements would be added to
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<TT
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="FILENAME"
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>/etc/named.conf</TT
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox Userso that the name server can associate the appropriate secret key
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox Userand algorithm with the IP address of the
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox Userclient application that will be using TSIG authentication.
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<B
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox UserCLASS="COMMAND"
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>nsupdate</B
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox Userdoes not read
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<TT
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox UserCLASS="FILENAME"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>/etc/named.conf</TT
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>.</P
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><P
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><B
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox UserCLASS="COMMAND"
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>nsupdate</B
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox Useruses the
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<TT
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox UserCLASS="OPTION"
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>-y</TT
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox Useror
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<TT
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="OPTION"
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>-k</TT
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox Useroption to provide the shared secret needed to generate a TSIG record
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox Userfor authenticating Dynamic DNS update requests.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox UserThese options are mutually exclusive.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox UserWith the
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User<TT
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox UserCLASS="OPTION"
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>-k</TT
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox Useroption,
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<B
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox UserCLASS="COMMAND"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>nsupdate</B
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox Userreads the shared secret from the file
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<TT
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="PARAMETER"
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User><I
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>keyfile</I
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User></TT
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>,
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox Userwhose name is of the form
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<TT
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="FILENAME"
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>K{name}.+157.+{random}.private</TT
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserFor historical
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox Userreasons, the file
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<TT
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox UserCLASS="FILENAME"
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>K{name}.+157.+{random}.key</TT
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox Usermust also be present.  When the
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<TT
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox UserCLASS="OPTION"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>-y</TT
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox Useroption is used, a signature is generated from
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<TT
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox UserCLASS="PARAMETER"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><I
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>keyname:secret.</I
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User></TT
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<TT
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox UserCLASS="PARAMETER"
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User><I
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>keyname</I
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User></TT
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox Useris the name of the key,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox Userand
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<TT
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox UserCLASS="PARAMETER"
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User><I
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User>secret</I
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User></TT
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox Useris the base64 encoded shared secret.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserUse of the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<TT
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox UserCLASS="OPTION"
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>-y</TT
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox Useroption is discouraged because the shared secret is supplied as a command
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox Userline argument in clear text.
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox UserThis may be visible in the output from
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<SPAN
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="CITEREFENTRY"
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User><SPAN
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="REFENTRYTITLE"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>ps</SPAN
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>(1)</SPAN
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox Useror in a history file maintained by the user's shell.</P
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User><P
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>By default
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<B
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="COMMAND"
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>nsupdate</B
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox Useruses UDP to send update requests to the name server.
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox UserThe
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<TT
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox UserCLASS="OPTION"
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>-v</TT
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox Useroption makes
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<B
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox UserCLASS="COMMAND"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>nsupdate</B
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox Useruse a TCP connection.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserThis may be preferable when a batch of update requests is made.</P
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User></DIV
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User><DIV
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="REFSECT1"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><A
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox UserNAME="AEN65"
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User></A
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><H2
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>INPUT FORMAT</H2
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User><P
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User><B
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="COMMAND"
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User>nsupdate</B
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox Userreads input from
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<TT
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="PARAMETER"
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User><I
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>filename</I
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User></TT
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox Useror standard input.
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox UserEach command is supplied on exactly one line of input.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserSome commands are for administrative purposes.
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox UserThe others are either update instructions or prerequisite checks on the
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox Usercontents of the zone.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserThese checks set conditions that some name or set of
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox Userresource records (RRset) either exists or is absent from the zone.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserThese conditions must be met if the entire update request is to succeed.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserUpdates will be rejected if the tests for the prerequisite conditions fail.</P
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><P
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>Every update request consists of zero or more prerequisites
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox Userand zero or more updates.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserThis allows a suitably authenticated update request to proceed if some
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox Userspecified resource records are present or missing from the zone.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan HuntA blank input line causes the accumulated commands to be sent as one Dynamic
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox UserDNS update request to the name server.</P
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt><P
057cafaa3df7be7a6dcca71fbaf8fb498fd83518Mark Andrews>The command formats and their meaning are as follows:
057cafaa3df7be7a6dcca71fbaf8fb498fd83518Mark Andrews<P
057cafaa3df7be7a6dcca71fbaf8fb498fd83518Mark Andrews></P
057cafaa3df7be7a6dcca71fbaf8fb498fd83518Mark Andrews><DIV
057cafaa3df7be7a6dcca71fbaf8fb498fd83518Mark AndrewsCLASS="VARIABLELIST"
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt><DL
057cafaa3df7be7a6dcca71fbaf8fb498fd83518Mark Andrews><DT
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><P
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><B
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="COMMAND"
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User>server</B
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>  {servername} [port]</P
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User></DT
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews><DD
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><P
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>Sends all dynamic update requests to the name server
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<TT
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox UserCLASS="PARAMETER"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User><I
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>servername</I
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User></TT
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserWhen no server statement is provided,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<B
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="COMMAND"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>nsupdate</B
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox Userwill send updates to the master server of the correct zone.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsThe MNAME field of that zone's SOA record will identify the master
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsserver for that zone.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<TT
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="PARAMETER"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews><I
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>port</I
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User></TT
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User>
e108f2ec640e1acb54999c0ade58af606149956dTinderbox Useris the port number on
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<TT
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="PARAMETER"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews><I
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User>servername</I
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User></TT
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>
e108f2ec640e1acb54999c0ade58af606149956dTinderbox Userwhere the dynamic update requests get sent.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsIf no port number is specified, the default DNS port number of 53 is
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsused.</P
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews></DD
1ca759b3f5c0672b2a66bc02288fe010cabbfe37Tinderbox User><DT
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews><P
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews><B
CLASS="COMMAND"
>local</B
>  {address} [port]</P
></DT
><DD
><P
>Sends all dynamic update requests using the local
<TT
CLASS="PARAMETER"
><I
>address</I
></TT
>.

When no local statement is provided,
<B
CLASS="COMMAND"
>nsupdate</B
>
will send updates using an address and port choosen by the system.
<TT
CLASS="PARAMETER"
><I
>port</I
></TT
>
can additionally be used to make requests come from a specific port.
If no port number is specified, the system will assign one.&#13;</P
></DD
><DT
><P
><B
CLASS="COMMAND"
>zone</B
>  {zonename}</P
></DT
><DD
><P
>Specifies that all updates are to be made to the zone
<TT
CLASS="PARAMETER"
><I
>zonename</I
></TT
>.
If no
<TT
CLASS="PARAMETER"
><I
>zone</I
></TT
>
statement is provided,
<B
CLASS="COMMAND"
>nsupdate</B
>
will attempt determine the correct zone to update based on the rest of the input.</P
></DD
><DT
><P
><B
CLASS="COMMAND"
>prereq nxdomain</B
>  {domain-name}</P
></DT
><DD
><P
>Requires that no resource record of any type exists with name
<TT
CLASS="PARAMETER"
><I
>domain-name</I
></TT
>.</P
></DD
><DT
><P
><B
CLASS="COMMAND"
>prereq yxdomain</B
>  {domain-name}</P
></DT
><DD
><P
>Requires that
<TT
CLASS="PARAMETER"
><I
>domain-name</I
></TT
>
exists (has as at least one resource record, of any type).</P
></DD
><DT
><P
><B
CLASS="COMMAND"
>prereq nxrrset</B
>  {domain-name} [class] {type}</P
></DT
><DD
><P
>Requires that no resource record exists of the specified
<TT
CLASS="PARAMETER"
><I
>type</I
></TT
>,
<TT
CLASS="PARAMETER"
><I
>class</I
></TT
>
and
<TT
CLASS="PARAMETER"
><I
>domain-name</I
></TT
>.
If
<TT
CLASS="PARAMETER"
><I
>class</I
></TT
>
is omitted, IN (internet) is assumed.
&#13;</P
></DD
><DT
><P
><B
CLASS="COMMAND"
>prereq yxrrset</B
>  {domain-name} [class] {type}</P
></DT
><DD
><P
>This requires that a resource record of the specified
<TT
CLASS="PARAMETER"
><I
>type</I
></TT
>,
<TT
CLASS="PARAMETER"
><I
>class</I
></TT
>
and
<TT
CLASS="PARAMETER"
><I
>domain-name</I
></TT
>
must exist.
If
<TT
CLASS="PARAMETER"
><I
>class</I
></TT
>
is omitted, IN (internet) is assumed.</P
></DD
><DT
><P
><B
CLASS="COMMAND"
>prereq yxrrset</B
>  {domain-name} [class] {type} {data...}</P
></DT
><DD
><P
>The
<TT
CLASS="PARAMETER"
><I
>data</I
></TT
>
from each set of prerequisites of this form
sharing a common
<TT
CLASS="PARAMETER"
><I
>type</I
></TT
>,
<TT
CLASS="PARAMETER"
><I
>class</I
></TT
>,
and
<TT
CLASS="PARAMETER"
><I
>domain-name</I
></TT
>
are combined to form a set of RRs.  This set of RRs must
exactly match the set of RRs existing in the zone at the
given
<TT
CLASS="PARAMETER"
><I
>type</I
></TT
>,
<TT
CLASS="PARAMETER"
><I
>class</I
></TT
>,
and
<TT
CLASS="PARAMETER"
><I
>domain-name</I
></TT
>.
The
<TT
CLASS="PARAMETER"
><I
>data</I
></TT
>
are written in the standard text representation of the resource record's
RDATA.</P
></DD
><DT
><P
><B
CLASS="COMMAND"
>update delete</B
>  {domain-name} [ttl] [class] [type  [data...]]</P
></DT
><DD
><P
>Deletes any resource records named
<TT
CLASS="PARAMETER"
><I
>domain-name</I
></TT
>.
If
<TT
CLASS="PARAMETER"
><I
>type</I
></TT
>
and
<TT
CLASS="PARAMETER"
><I
>data</I
></TT
>
is provided, only matching resource records will be removed.
The internet class is assumed if
<TT
CLASS="PARAMETER"
><I
>class</I
></TT
>
is not supplied.  The
<TT
CLASS="PARAMETER"
><I
>ttl</I
></TT
>
is ignored, and is only allowed for compatibility.</P
></DD
><DT
><P
><B
CLASS="COMMAND"
>update add</B
>  {domain-name} {ttl} [class] {type} {data...}</P
></DT
><DD
><P
>Adds a new resource record with the specified
<TT
CLASS="PARAMETER"
><I
>ttl</I
></TT
>,
<TT
CLASS="PARAMETER"
><I
>class</I
></TT
>
and
<TT
CLASS="PARAMETER"
><I
>data</I
></TT
>.</P
></DD
></DL
></DIV
>&#13;</P
><P
>Lines beginning with a semicolon are comments, and are ignored.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN197"
></A
><H2
>EXAMPLES</H2
><P
>The examples below show how
<B
CLASS="COMMAND"
>nsupdate</B
>
could be used to insert and delete resource records from the
<SPAN
CLASS="TYPE"
>example.com</SPAN
>
zone.
Notice that the input in each example contains a trailing blank line so that
a group of commands are sent as one dynamic update request to the
master name server for
<SPAN
CLASS="TYPE"
>example.com</SPAN
>.

<PRE
CLASS="PROGRAMLISTING"
># nsupdate
&#62; update delete oldhost.example.com A
&#62; update add newhost.example.com 86400 A 172.16.1.1
&#62;</PRE
></P
><P
>Any A records for
<SPAN
CLASS="TYPE"
>oldhost.example.com</SPAN
>
are deleted.
and an A record for
<SPAN
CLASS="TYPE"
>newhost.example.com</SPAN
>
it IP address 172.16.1.1 is added.
The newly-added record has a 1 day TTL (86400 seconds)
<PRE
CLASS="PROGRAMLISTING"
># nsupdate
&#62; prereq nxdomain nickname.example.com
&#62; update add nickname.example.com CNAME somehost.example.com
&#62;</PRE
></P
><P
>The prerequisite condition gets the name server to check that there
are no resource records of any type for
<SPAN
CLASS="TYPE"
>nickname.example.com</SPAN
>.

If there are, the update request fails.
If this name does not exist, a CNAME for it is added.
This ensures that when the CNAME is added, it cannot conflict with the
long-standing rule in RFC1034 that a name must not exist as any other
record type if it exists as a CNAME.
(The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have
SIG, KEY and NXT records.)</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN210"
></A
><H2
>FILES</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
><TT
CLASS="CONSTANT"
>/etc/resolv.conf</TT
></DT
><DD
><P
>used to identify default name server</P
></DD
><DT
><TT
CLASS="CONSTANT"
>K{name}.+157.+{random}.key</TT
></DT
><DD
><P
>base-64 encoding of HMAC-MD5 key created by
<SPAN
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
>dnssec-keygen</SPAN
>(8)</SPAN
>.</P
></DD
><DT
><TT
CLASS="CONSTANT"
>K{name}.+157.+{random}.private</TT
></DT
><DD
><P
>base-64 encoding of HMAC-MD5 key created by
<SPAN
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
>dnssec-keygen</SPAN
>(8)</SPAN
>.</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN234"
></A
><H2
>SEE ALSO</H2
><P
><SPAN
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
>RFC2136</SPAN
></SPAN
>,
<SPAN
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
>RFC2137</SPAN
></SPAN
>,
<SPAN
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
>RFC2104</SPAN
></SPAN
>,
<SPAN
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
>RFC2845</SPAN
></SPAN
>,
<SPAN
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
>RFC1034</SPAN
></SPAN
>,
<SPAN
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
>RFC2535</SPAN
></SPAN
>,
<SPAN
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
>named</SPAN
>(8)</SPAN
>,
<SPAN
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
>dnssec-keygen</SPAN
>(8)</SPAN
>.&#13;</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN255"
></A
><H2
>BUGS</H2
><P
>The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library
for its cryptographic operations, and may change in future
releases.</P
></DIV
></BODY
></HTML
>