man.nsupdate.html revision 731cc132f22dbc9e0ecd7035dce314a61076d31b
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor - Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor - Permission to use, copy, modify, and/or distribute this software for any
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor - purpose with or without fee is hereby granted, provided that the above
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor - copyright notice and this permission notice appear in all copies.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen - PERFORMANCE OF THIS SOFTWARE.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<!-- $Id: man.nsupdate.html,v 1.10 2008/09/25 04:45:04 tbox Exp $ -->
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
3f08db06526d6901aa08c110b5bc7dde6bc39905nd<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<tr><th colspan="3" align="center"><span class="application">nsupdate</span></th></tr>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<td width="20%" align="right">�<a accesskey="n" href="man.rndc.html">Next</a>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<a name="man.nsupdate"></a><div class="titlepage"></div>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<p><span class="application">nsupdate</span> — Dynamic DNS update utility</p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [filename]</p></div>
30471a4650391f57975f60bbb6e4a90be7b284bfhumbedooh<p><span><strong class="command">nsupdate</strong></span>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor is used to submit Dynamic DNS Update requests as defined in RFC2136
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor to a name server.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor This allows resource records to be added or removed from a zone
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor without manually editing the zone file.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor A single update request can contain requests to add or remove more than
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor resource record.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor Zones that are under dynamic control via
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <span><strong class="command">nsupdate</strong></span>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor or a DHCP server should not be edited by hand.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor Manual edits could
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor conflict with dynamic updates and cause data to be lost.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor The resource records that are dynamically added or removed with
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <span><strong class="command">nsupdate</strong></span>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor have to be in the same zone.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor Requests are sent to the zone's master server.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor This is identified by the MNAME field of the zone's SOA record.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor option makes
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <span><strong class="command">nsupdate</strong></span>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor operate in debug mode.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor This provides tracing information about the update requests that are
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor made and the replies received from the name server.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor The <code class="option">-D</code> option makes <span><strong class="command">nsupdate</strong></span>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor report additional debugging information to <code class="option">-d</code>.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor Transaction signatures can be used to authenticate the Dynamic DNS
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor These use the TSIG resource record type described in RFC2845 or the
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor SIG(0) record described in RFC3535 and RFC2931.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor TSIG relies on a shared secret that should only be known to
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <span><strong class="command">nsupdate</strong></span> and the name server.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor Currently, the only supported encryption algorithm for TSIG is
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor HMAC-MD5, which is defined in RFC 2104.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor Once other algorithms are defined for TSIG, applications will need to
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor ensure they select the appropriate algorithm as well as the key when
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor authenticating each other.
3c08156e511e20e221c69dfd20006c2269d1e3cdrjung For instance, suitable
3c08156e511e20e221c69dfd20006c2269d1e3cdrjung statements would be added to
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor so that the name server can associate the appropriate secret key
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor and algorithm with the IP address of the
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor client application that will be using TSIG authentication.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor SIG(0) uses public key cryptography. To use a SIG(0) key, the public
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor key must be stored in a KEY record in a zone served by the name server.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <span><strong class="command">nsupdate</strong></span>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor does not read
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<p><span><strong class="command">nsupdate</strong></span>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor uses the <code class="option">-y</code> or <code class="option">-k</code> option
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor to provide the shared secret needed to generate a TSIG record
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor for authenticating Dynamic DNS update requests, default type
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor HMAC-MD5. These options are mutually exclusive. With the
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <code class="option">-k</code> option, <span><strong class="command">nsupdate</strong></span> reads
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor the shared secret from the file <em class="parameter"><code>keyfile</code></em>,
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor whose name is of the form
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <code class="filename">K{name}.+157.+{random}.private</code>. For
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor historical reasons, the file
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <code class="filename">K{name}.+157.+{random}.key</code> must also be
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor present. When the <code class="option">-y</code> option is used, a
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor signature is generated from
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor [<span class="optional"><em class="parameter"><code>hmac:</code></em></span>]<em class="parameter"><code>keyname:secret.</code></em>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <em class="parameter"><code>keyname</code></em> is the name of the key, and
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <em class="parameter"><code>secret</code></em> is the base64 encoded shared
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor secret. Use of the <code class="option">-y</code> option is discouraged
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor because the shared secret is supplied as a command line
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor argument in clear text. This may be visible in the output
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span> or in a history file maintained by the user's
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor The <code class="option">-k</code> may also be used to specify a SIG(0) key used
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor to authenticate Dynamic DNS update requests. In this case, the key
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor specified is not an HMAC-MD5 key.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <span><strong class="command">nsupdate</strong></span>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor uses UDP to send update requests to the name server unless they are too
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor large to fit in a UDP request in which case TCP will be used.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor option makes
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <span><strong class="command">nsupdate</strong></span>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor use a TCP connection.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor This may be preferable when a batch of update requests is made.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor The <code class="option">-t</code> option sets the maximum time an update request
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor take before it is aborted. The default is 300 seconds. Zero can be
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor to disable the timeout.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor The <code class="option">-u</code> option sets the UDP retry interval. The default
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor 3 seconds. If zero, the interval will be computed from the timeout
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor and number of UDP retries.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor The <code class="option">-r</code> option sets the number of UDP retries. The
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor 3. If zero, only one update request will be made.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor The <code class="option">-R <em class="replaceable"><code>randomdev</code></em></code> option
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor specifies a source of randomness. If the operating system
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor does not provide a <code class="filename">/dev/random</code> or
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor equivalent device, the default source of randomness is keyboard
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor input. <code class="filename">randomdev</code> specifies the name of
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor a character device or file containing random data to be used
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor instead of the default. The special value
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <code class="filename">keyboard</code> indicates that keyboard input
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor should be used. This option may be specified multiple times.
3c08156e511e20e221c69dfd20006c2269d1e3cdrjung<p><span><strong class="command">nsupdate</strong></span>
3c08156e511e20e221c69dfd20006c2269d1e3cdrjung reads input from
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor or standard input.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor Each command is supplied on exactly one line of input.
3c08156e511e20e221c69dfd20006c2269d1e3cdrjung Some commands are for administrative purposes.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor The others are either update instructions or prerequisite checks on the
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor contents of the zone.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor These checks set conditions that some name or set of
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor resource records (RRset) either exists or is absent from the zone.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor These conditions must be met if the entire update request is to succeed.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor Updates will be rejected if the tests for the prerequisite conditions
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor Every update request consists of zero or more prerequisites
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor and zero or more updates.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor This allows a suitably authenticated update request to proceed if some
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor specified resource records are present or missing from the zone.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor A blank input line (or the <span><strong class="command">send</strong></span> command)
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor accumulated commands to be sent as one Dynamic DNS update request to the
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor name server.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor The command formats and their meaning are as follows:
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor {servername}
3c08156e511e20e221c69dfd20006c2269d1e3cdrjung Sends all dynamic update requests to the name server
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor When no server statement is provided,
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <span><strong class="command">nsupdate</strong></span>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor will send updates to the master server of the correct zone.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor The MNAME field of that zone's SOA record will identify the
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor server for that zone.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor is the port number on
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor where the dynamic update requests get sent.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor If no port number is specified, the default DNS port number of
727872d18412fc021f03969b8641810d8896820bhumbedooh Sends all dynamic update requests using the local
cc7e1025de9ac63bd4db6fe7f71c158b2cf09fe4humbedooh When no local statement is provided,
727872d18412fc021f03969b8641810d8896820bhumbedooh <span><strong class="command">nsupdate</strong></span>
0d0ba3a410038e179b695446bb149cce6264e0abnd will send updates using an address and port chosen by the
ac082aefa89416cbdc9a1836eaf3bed9698201c8humbedooh can additionally be used to make requests come from a specific
0d0ba3a410038e179b695446bb149cce6264e0abnd If no port number is specified, the system will assign one.
0d0ba3a410038e179b695446bb149cce6264e0abnd {zonename}
af33a4994ae2ff15bc67d19ff1a7feb906745bf8rbowen Specifies that all updates are to be made to the zone
7fec19672a491661b2fe4b29f685bc7f4efa64d4nd statement is provided,
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <span><strong class="command">nsupdate</strong></span>
<em class="parameter"><code>keyname</code></em> <em class="parameter"><code>keysecret</code></em> pair.
> update delete oldhost.example.com A
> update add newhost.example.com 86400 A 172.16.1.1
> prereq nxdomain nickname.example.com