00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<html>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<head>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<title>nsupdate</title>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv</head>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<a name="man.nsupdate"></a><div class="titlepage"></div>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<div class="refnamediv">

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<h2>Name</h2>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<p><span class="application">nsupdate</span> &#8212; Dynamic DNS update utility</p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv</div>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<div class="refsynopsisdiv">

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<h2>Synopsis</h2>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [<code class="option">-L <em class="replaceable"><code>level</code></em></code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-l</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [<code class="option">-T</code>] [<code class="option">-P</code>] [<code class="option">-V</code>] [filename]</p></div>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński</div>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<div class="refsection">

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<a name="id-1.7"></a><h2>DESCRIPTION</h2>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<p><span class="command"><strong>nsupdate</strong></span>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński is used to submit Dynamic DNS Update requests as defined in RFC 2136

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv to a name server.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv This allows resource records to be added or removed from a zone

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv without manually editing the zone file.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv A single update request can contain requests to add or remove more than

aefaed7646cce60b4b2d4b2f7411234949539482~suv one

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv resource record.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv Zones that are under dynamic control via

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv <span class="command"><strong>nsupdate</strong></span>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv or a DHCP server should not be edited by hand.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv Manual edits could

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv conflict with dynamic updates and cause data to be lost.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv The resource records that are dynamically added or removed with

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv <span class="command"><strong>nsupdate</strong></span>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv have to be in the same zone.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv Requests are sent to the zone's master server.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv This is identified by the MNAME field of the zone's SOA record.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv Transaction signatures can be used to authenticate the Dynamic

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv DNS updates. These use the TSIG resource record type described

10b77f97a176647caa068363224704062325ec4aDavid Mathog in RFC 2845 or the SIG(0) record described in RFC 2535 and

10b77f97a176647caa068363224704062325ec4aDavid Mathog RFC 2931 or GSS-TSIG as described in RFC 3645.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv TSIG relies on

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv a shared secret that should only be known to

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv <span class="command"><strong>nsupdate</strong></span> and the name server.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv For instance, suitable <span class="type">key</span> and

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv <span class="type">server</span> statements would be added to

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv <code class="filename">/etc/named.conf</code> so that the name server

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv can associate the appropriate secret key and algorithm with

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog the IP address of the client application that will be using

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog TSIG authentication. You can use <span class="command"><strong>ddns-confgen</strong></span>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog to generate suitable configuration fragments.

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <span class="command"><strong>nsupdate</strong></span>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog uses the <code class="option">-y</code> or <code class="option">-k</code> options

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv to provide the TSIG shared secret. These options are mutually exclusive.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </p>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv SIG(0) uses public key cryptography.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv To use a SIG(0) key, the public key must be stored in a KEY

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv record in a zone served by the name server.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<p>

bf59a669af4d335c3d05297bdf06cf4f5e0ea8a3David Mathog GSS-TSIG uses Kerberos credentials. Standard GSS-TSIG mode

bf59a669af4d335c3d05297bdf06cf4f5e0ea8a3David Mathog is switched on with the <code class="option">-g</code> flag. A

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński non-standards-compliant variant of GSS-TSIG used by Windows

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński 2000 can be switched on with the <code class="option">-o</code> flag.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </p>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński</div>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<div class="refsection">

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<a name="id-1.8"></a><h2>OPTIONS</h2>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<div class="variablelist"><dl class="variablelist">

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dt><span class="term">-d</span></dt>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dd><p>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński Debug mode. This provides tracing information about the

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński update requests that are made and the replies received

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński from the name server.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </p></dd>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dt><span class="term">-D</span></dt>

bf59a669af4d335c3d05297bdf06cf4f5e0ea8a3David Mathog<dd><p>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński Extra debug mode.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </p></dd>

9a8ade3834e2a67c1d95bcfc900ab36be37a03a5David Mathog<dt><span class="term">-k <em class="replaceable"><code>keyfile</code></em></span></dt>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dd><p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv The file containing the TSIG authentication key.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv Keyfiles may be in two formats: a single file containing

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński a <code class="filename">named.conf</code>-format <span class="command"><strong>key</strong></span>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv statement, which may be generated automatically by

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <span class="command"><strong>ddns-confgen</strong></span>, or a pair of files whose names are

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv of the format <code class="filename">K{name}.+157.+{random}.key</code> and

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv <code class="filename">K{name}.+157.+{random}.private</code>, which can be

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv generated by <span class="command"><strong>dnssec-keygen</strong></span>.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński The <code class="option">-k</code> may also be used to specify a SIG(0) key used

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv to authenticate Dynamic DNS update requests. In this case, the key

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv specified is not an HMAC-MD5 key.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </p></dd>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dt><span class="term">-l</span></dt>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dd><p>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński Local-host only mode. This sets the server address to

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv localhost (disabling the <span class="command"><strong>server</strong></span> so that the server

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog address cannot be overridden). Connections to the local server will

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog use a TSIG key found in <code class="filename">/var/run/named/session.key</code>,

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog which is automatically generated by <span class="command"><strong>named</strong></span> if any

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog local master zone has set <span class="command"><strong>update-policy</strong></span> to

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <span class="command"><strong>local</strong></span>. The location of this key file can be

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog overridden with the <code class="option">-k</code> option.

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog </p></dd>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<dt><span class="term">-L <em class="replaceable"><code>level</code></em></span></dt>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dd><p>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog Set the logging debug level. If zero, logging is disabled.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </p></dd>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dd><p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv Set the port to use for connections to a name server. The

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog default is 53.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </p></dd>

10b77f97a176647caa068363224704062325ec4aDavid Mathog<dt><span class="term">-P</span></dt>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dd><p>

54e012a3d5151af4fb98822904c3d48e84030657Matthew Petroff Print the list of private BIND-specific resource record

54e012a3d5151af4fb98822904c3d48e84030657Matthew Petroff types whose format is understood

10b77f97a176647caa068363224704062325ec4aDavid Mathog by <span class="command"><strong>nsupdate</strong></span>. See also

10b77f97a176647caa068363224704062325ec4aDavid Mathog the <code class="option">-T</code> option.

10b77f97a176647caa068363224704062325ec4aDavid Mathog </p></dd>

9a8ade3834e2a67c1d95bcfc900ab36be37a03a5David Mathog<dt><span class="term">-r <em class="replaceable"><code>udpretries</code></em></span></dt>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<dd><p>

10b77f97a176647caa068363224704062325ec4aDavid Mathog The number of UDP retries. The default is 3. If zero, only

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński one update request will be made.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </p></dd>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<dt><span class="term">-R <em class="replaceable"><code>randomdev</code></em></span></dt>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<dd><p>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński Where to obtain randomness. If the operating system

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński does not provide a <code class="filename">/dev/random</code> or

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński equivalent device, the default source of randomness is keyboard

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński input. <code class="filename">randomdev</code> specifies the name of

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński a character device or file containing random data to be used

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński instead of the default. The special value

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <code class="filename">keyboard</code> indicates that keyboard input

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński should be used. This option may be specified multiple times.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </p></dd>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dt><span class="term">-t <em class="replaceable"><code>timeout</code></em></span></dt>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dd><p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv The maximum time an update request can take before it is

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv aborted. The default is 300 seconds. Zero can be used to

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv disable the timeout.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </p></dd>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dt><span class="term">-T</span></dt>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dd>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv Print the list of IANA standard resource record types

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński whose format is understood by <span class="command"><strong>nsupdate</strong></span>.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <span class="command"><strong>nsupdate</strong></span> will exit after the lists are

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński printed. The <code class="option">-T</code> option can be combined

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv with the <code class="option">-P</code> option.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </p>

aefaed7646cce60b4b2d4b2f7411234949539482~suv<p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv Other types can be entered using "TYPEXXXXX" where "XXXXX" is the

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv decimal value of the type with no leading zeros. The rdata,

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv if present, will be parsed using the UNKNOWN rdata format,

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv (&lt;backslash&gt; &lt;hash&gt; &lt;space&gt; &lt;length&gt;

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv &lt;space&gt; &lt;hexstring&gt;).

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv</dd>

14d5f6c1726326ebd2b3e1576c8881c1a3e1599eDavid Mathog<dt><span class="term">-u <em class="replaceable"><code>udptimeout</code></em></span></dt>

14d5f6c1726326ebd2b3e1576c8881c1a3e1599eDavid Mathog<dd><p>

14d5f6c1726326ebd2b3e1576c8881c1a3e1599eDavid Mathog The UDP retry interval. The default is 3 seconds. If zero,

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński the interval will be computed from the timeout interval and

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv number of UDP retries.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </p></dd>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dt><span class="term">-v</span></dt>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dd><p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv Use TCP even for small update requests.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński By default, <span class="command"><strong>nsupdate</strong></span>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv uses UDP to send update requests to the name server unless they are too

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv large to fit in a UDP request in which case TCP will be used.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv TCP may be preferable when a batch of update requests is made.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </p></dd>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dt><span class="term">-V</span></dt>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dd><p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv Print the version number and exit.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </p></dd>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dt><span class="term">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></span></dt>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dd>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv Literal TSIG authentication key.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <em class="parameter"><code>keyname</code></em> is the name of the key, and

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv <em class="parameter"><code>secret</code></em> is the base64 encoded shared secret.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <em class="parameter"><code>hmac</code></em> is the name of the key algorithm;

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv valid choices are <code class="literal">hmac-md5</code>,

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <code class="literal">hmac-sha1</code>, <code class="literal">hmac-sha224</code>,

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <code class="literal">hmac-sha256</code>, <code class="literal">hmac-sha384</code>, or

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv <code class="literal">hmac-sha512</code>. If <em class="parameter"><code>hmac</code></em>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv is not specified, the default is <code class="literal">hmac-md5</code>.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv NOTE: Use of the <code class="option">-y</code> option is discouraged because the

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński shared secret is supplied as a command line argument in clear text.

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog This may be visible in the output from

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński or in a history file maintained by the user's shell.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </p>

14d5f6c1726326ebd2b3e1576c8881c1a3e1599eDavid Mathog</dd>

14d5f6c1726326ebd2b3e1576c8881c1a3e1599eDavid Mathog</dl></div>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv</div>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<div class="refsection">

14d5f6c1726326ebd2b3e1576c8881c1a3e1599eDavid Mathog<a name="id-1.9"></a><h2>INPUT FORMAT</h2>

14d5f6c1726326ebd2b3e1576c8881c1a3e1599eDavid Mathog<p><span class="command"><strong>nsupdate</strong></span>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński reads input from

14d5f6c1726326ebd2b3e1576c8881c1a3e1599eDavid Mathog <em class="parameter"><code>filename</code></em>

14d5f6c1726326ebd2b3e1576c8881c1a3e1599eDavid Mathog or standard input.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv Each command is supplied on exactly one line of input.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv Some commands are for administrative purposes.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński The others are either update instructions or prerequisite checks on the

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog contents of the zone.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv These checks set conditions that some name or set of

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv resource records (RRset) either exists or is absent from the zone.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv These conditions must be met if the entire update request is to succeed.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv Updates will be rejected if the tests for the prerequisite conditions

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński fail.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </p>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<p>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog Every update request consists of zero or more prerequisites

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv and zero or more updates.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv This allows a suitably authenticated update request to proceed if some

453a8671e6992250324846d0b76f02801221c760Matthew Petroff specified resource records are present or missing from the zone.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv A blank input line (or the <span class="command"><strong>send</strong></span> command)

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński causes the

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog accumulated commands to be sent as one Dynamic DNS update request to the

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv name server.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<p>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog The command formats and their meaning are as follows:

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog </p>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<div class="variablelist"><dl class="variablelist">

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dt><span class="term">

9a8ade3834e2a67c1d95bcfc900ab36be37a03a5David Mathog <span class="command"><strong>server</strong></span>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog {servername}

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog [port]

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </span></dt>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<dd><p>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński Sends all dynamic update requests to the name server

9a8ade3834e2a67c1d95bcfc900ab36be37a03a5David Mathog <em class="parameter"><code>servername</code></em>.

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog When no server statement is provided,

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <span class="command"><strong>nsupdate</strong></span>

9a8ade3834e2a67c1d95bcfc900ab36be37a03a5David Mathog will send updates to the master server of the correct zone.

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog The MNAME field of that zone's SOA record will identify the

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog master

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog server for that zone.

9a8ade3834e2a67c1d95bcfc900ab36be37a03a5David Mathog <em class="parameter"><code>port</code></em>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog is the port number on

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <em class="parameter"><code>servername</code></em>

9a8ade3834e2a67c1d95bcfc900ab36be37a03a5David Mathog where the dynamic update requests get sent.

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog If no port number is specified, the default DNS port number of

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog 53 is

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński used.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </p></dd>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dt><span class="term">

9a8ade3834e2a67c1d95bcfc900ab36be37a03a5David Mathog <span class="command"><strong>local</strong></span>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog {address}

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog [port]

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog </span></dt>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dd><p>

9a8ade3834e2a67c1d95bcfc900ab36be37a03a5David Mathog Sends all dynamic update requests using the local

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <em class="parameter"><code>address</code></em>.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog When no local statement is provided,

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <span class="command"><strong>nsupdate</strong></span>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv will send updates using an address and port chosen by the

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv system.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv <em class="parameter"><code>port</code></em>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv can additionally be used to make requests come from a specific

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński port.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv If no port number is specified, the system will assign one.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </p></dd>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dt><span class="term">

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <span class="command"><strong>zone</strong></span>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński {zonename}

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </span></dt>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dd><p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv Specifies that all updates are to be made to the zone

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv <em class="parameter"><code>zonename</code></em>.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński If no

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <em class="parameter"><code>zone</code></em>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog statement is provided,

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv <span class="command"><strong>nsupdate</strong></span>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv will attempt determine the correct zone to update based on the

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv rest of the input.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </p></dd>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dt><span class="term">

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv <span class="command"><strong>class</strong></span>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv {classname}

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </span></dt>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dd><p>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński Specify the default class.

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog If no <em class="parameter"><code>class</code></em> is specified, the

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog default class is

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv <em class="parameter"><code>IN</code></em>.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </p></dd>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dt><span class="term">

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <span class="command"><strong>ttl</strong></span>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv {seconds}

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </span></dt>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dd><p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv Specify the default time to live for records to be added.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv The value <em class="parameter"><code>none</code></em> will clear the default

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv ttl.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </p></dd>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dt><span class="term">

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv <span class="command"><strong>key</strong></span>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv [hmac:] {keyname}

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv {secret}

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </span></dt>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dd><p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv Specifies that all updates are to be TSIG-signed using the

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <em class="parameter"><code>keyname</code></em> <em class="parameter"><code>secret</code></em> pair.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv If <em class="parameter"><code>hmac</code></em> is specified, then it sets the

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv signing algorithm in use; the default is

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv <code class="literal">hmac-md5</code>. The <span class="command"><strong>key</strong></span>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv command overrides any key specified on the command line via

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <code class="option">-y</code> or <code class="option">-k</code>.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </p></dd>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dt><span class="term">

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv <span class="command"><strong>gsstsig</strong></span>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </span></dt>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dd><p>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński Use GSS-TSIG to sign the updated. This is equivalent to

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv specifying <code class="option">-g</code> on the command line.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </p></dd>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dt><span class="term">

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv <span class="command"><strong>oldgsstsig</strong></span>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </span></dt>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dd><p>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog Use the Windows 2000 version of GSS-TSIG to sign the updated.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński This is equivalent to specifying <code class="option">-o</code> on the

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński command line.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </p></dd>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dt><span class="term">

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <span class="command"><strong>realm</strong></span>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv {[<span class="optional">realm_name</span>]}

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </span></dt>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dd><p>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog When using GSS-TSIG use <em class="parameter"><code>realm_name</code></em> rather

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog than the default realm in <code class="filename">krb5.conf</code>. If no

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński realm is specified the saved realm is cleared.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </p></dd>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dt><span class="term">

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv <span class="command"><strong>check-names</strong></span>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński {[<span class="optional">yes_or_no</span>]}

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </span></dt>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dd><p>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog Turn on or off check-names processing on records to

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński be added. Check-names has no effect on prerequisites

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog or records to be deleted. By default check-names

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński processing is on. If check-names processing fails

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog the record will not be added to the UPDATE message.

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog </p></dd>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<dt><span class="term">

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <span class="command"><strong>[<span class="optional">prereq</span>] nxdomain</strong></span>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński {domain-name}

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </span></dt>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dd><p>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński Requires that no resource record of any type exists with name

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <em class="parameter"><code>domain-name</code></em>.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </p></dd>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<dt><span class="term">

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <span class="command"><strong>[<span class="optional">prereq</span>] yxdomain</strong></span>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog {domain-name}

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog </span></dt>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dd><p>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński Requires that

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <em class="parameter"><code>domain-name</code></em>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog exists (has as at least one resource record, of any type).

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </p></dd>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dt><span class="term">

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <span class="command"><strong>[<span class="optional">prereq</span>] nxrrset</strong></span>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog {domain-name}

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński [class]

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog {type}

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog </span></dt>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<dd><p>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog Requires that no resource record exists of the specified

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <em class="parameter"><code>type</code></em>,

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <em class="parameter"><code>class</code></em>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog and

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <em class="parameter"><code>domain-name</code></em>.

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog If

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <em class="parameter"><code>class</code></em>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog is omitted, IN (internet) is assumed.

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog </p></dd>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<dt><span class="term">

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <span class="command"><strong>[<span class="optional">prereq</span>] yxrrset</strong></span>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog {domain-name}

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog [class]

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog {type}

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </span></dt>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dd><p>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński This requires that a resource record of the specified

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <em class="parameter"><code>type</code></em>,

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <em class="parameter"><code>class</code></em>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński and

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <em class="parameter"><code>domain-name</code></em>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński must exist.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński If

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <em class="parameter"><code>class</code></em>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński is omitted, IN (internet) is assumed.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </p></dd>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<dt><span class="term">

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv <span class="command"><strong>[<span class="optional">prereq</span>] yxrrset</strong></span>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński {domain-name}

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński [class]

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv {type}

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv {data...}

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </span></dt>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dd><p>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński The

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <em class="parameter"><code>data</code></em>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński from each set of prerequisites of this form

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński sharing a common

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <em class="parameter"><code>type</code></em>,

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <em class="parameter"><code>class</code></em>,

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński and

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <em class="parameter"><code>domain-name</code></em>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński are combined to form a set of RRs. This set of RRs must

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński exactly match the set of RRs existing in the zone at the

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog given

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <em class="parameter"><code>type</code></em>,

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <em class="parameter"><code>class</code></em>,

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński and

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <em class="parameter"><code>domain-name</code></em>.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński The

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <em class="parameter"><code>data</code></em>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński are written in the standard text representation of the resource

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński record's

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński RDATA.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </p></dd>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dt><span class="term">

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <span class="command"><strong>[<span class="optional">update</span>] del[<span class="optional">ete</span>]</strong></span>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński {domain-name}

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński [ttl]

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński [class]

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński [type [data...]]

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </span></dt>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dd><p>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński Deletes any resource records named

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <em class="parameter"><code>domain-name</code></em>.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński If

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <em class="parameter"><code>type</code></em>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński and

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <em class="parameter"><code>data</code></em>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński is provided, only matching resource records will be removed.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński The internet class is assumed if

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <em class="parameter"><code>class</code></em>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński is not supplied. The

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <em class="parameter"><code>ttl</code></em>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński is ignored, and is only allowed for compatibility.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </p></dd>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dt><span class="term">

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <span class="command"><strong>[<span class="optional">update</span>] add</strong></span>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński {domain-name}

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv {ttl}

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog [class]

10b77f97a176647caa068363224704062325ec4aDavid Mathog {type}

10b77f97a176647caa068363224704062325ec4aDavid Mathog {data...}

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </span></dt>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<dd><p>

10b77f97a176647caa068363224704062325ec4aDavid Mathog Adds a new resource record with the specified

10b77f97a176647caa068363224704062325ec4aDavid Mathog <em class="parameter"><code>ttl</code></em>,

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <em class="parameter"><code>class</code></em>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński and

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <em class="parameter"><code>data</code></em>.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </p></dd>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<dt><span class="term">

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <span class="command"><strong>show</strong></span>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </span></dt>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<dd><p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv Displays the current message, containing all of the

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv prerequisites and

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv updates specified since the last send.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </p></dd>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dt><span class="term">

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv <span class="command"><strong>send</strong></span>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </span></dt>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dd><p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv Sends the current message. This is equivalent to entering a

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv blank line.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </p></dd>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dt><span class="term">

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <span class="command"><strong>answer</strong></span>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </span></dt>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dd><p>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog Displays the answer.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </p></dd>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<dt><span class="term">

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <span class="command"><strong>debug</strong></span>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog </span></dt>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dd><p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv Turn on debugging.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </p></dd>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dt><span class="term">

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv <span class="command"><strong>version</strong></span>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </span></dt>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dd><p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv Print version number.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </p></dd>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dt><span class="term">

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv <span class="command"><strong>help</strong></span>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </span></dt>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<dd><p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv Print a list of commands.

14d5f6c1726326ebd2b3e1576c8881c1a3e1599eDavid Mathog </p></dd>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv</dl></div>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </p>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<p>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński Lines beginning with a semicolon are comments and are ignored.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </p>

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv</div>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<div class="refsection">

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv<a name="id-1.10"></a><h2>EXAMPLES</h2>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<p>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński The examples below show how

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv <span class="command"><strong>nsupdate</strong></span>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński could be used to insert and delete resource records from the

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <span class="type">example.com</span>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński zone.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński Notice that the input in each example contains a trailing blank line so

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński that

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv a group of commands are sent as one dynamic update request to the

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv master name server for

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <span class="type">example.com</span>.

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv </p>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<pre class="programlisting">

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv# nsupdate

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv&gt; update delete oldhost.example.com A

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv&gt; update add newhost.example.com 86400 A 172.16.1.1

00d0240eaf3986ebaeedcbeabbdb727b73a5934b~suv&gt; send

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński</pre>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<p>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </p>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<p>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog Any A records for

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <span class="type">oldhost.example.com</span>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog are deleted.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński And an A record for

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <span class="type">newhost.example.com</span>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog with IP address 172.16.1.1 is added.

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog The newly-added record has a 1 day TTL (86400 seconds).

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog </p>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<pre class="programlisting">

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog# nsupdate

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog&gt; prereq nxdomain nickname.example.com

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński&gt; update add nickname.example.com 86400 CNAME somehost.example.com

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog&gt; send

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog</pre>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<p>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog </p>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<p>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog The prerequisite condition gets the name server to check that there

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński are no resource records of any type for

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <span class="type">nickname.example.com</span>.

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog If there are, the update request fails.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński If this name does not exist, a CNAME for it is added.

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog This ensures that when the CNAME is added, it cannot conflict with the

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog long-standing rule in RFC 1034 that a name must not exist as any other

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog record type if it exists as a CNAME.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński (The rule has been updated for DNSSEC in RFC 2535 to allow CNAMEs to have

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog RRSIG, DNSKEY and NSEC records.)

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </p>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog</div>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<div class="refsection">

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<a name="id-1.11"></a><h2>FILES</h2>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<div class="variablelist"><dl class="variablelist">

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<dd><p>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński used to identify default name server

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </p></dd>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<dt><span class="term"><code class="constant">/var/run/named/session.key</code></span></dt>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dd><p>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog sets the default TSIG key for use in local-only mode

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog </p></dd>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<dt><span class="term"><code class="constant">K{name}.+157.+{random}.key</code></span></dt>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dd><p>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński base-64 encoding of HMAC-MD5 key created by

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog </p></dd>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<dt><span class="term"><code class="constant">K{name}.+157.+{random}.private</code></span></dt>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<dd><p>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński base-64 encoding of HMAC-MD5 key created by

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog </p></dd>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog</dl></div>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog</div>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<div class="refsection">

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<a name="id-1.12"></a><h2>SEE ALSO</h2>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński<p>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <em class="citetitle">RFC 2136</em>,

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <em class="citetitle">RFC 3007</em>,

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <em class="citetitle">RFC 2104</em>,

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <em class="citetitle">RFC 2845</em>,

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <em class="citetitle">RFC 1034</em>,

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński <em class="citetitle">RFC 2535</em>,

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <em class="citetitle">RFC 2931</em>,

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <span class="citerefentry"><span class="refentrytitle">ddns-confgen</span>(8)</span>,

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog </p>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog</div>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<div class="refsection">

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<a name="id-1.13"></a><h2>BUGS</h2>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog<p>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog The TSIG key is redundantly stored in two separate files.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński This is a consequence of nsupdate using the DST library

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog for its cryptographic operations, and may change in future

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog releases.

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński </p>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński</div>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog</div></body>

1710c8729db34263e50b443e7fcf541d3cffa005Krzysztof Kosiński</html>

5530d4cb2db040e48228f2f4a525e3dabb15b057David Mathog