man.nsupdate.html revision 731cc132f22dbc9e0ecd7035dce314a61076d31b
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<!--
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor - Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor -
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor - Permission to use, copy, modify, and/or distribute this software for any
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor - purpose with or without fee is hereby granted, provided that the above
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor - copyright notice and this permission notice appear in all copies.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor -
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen - PERFORMANCE OF THIS SOFTWARE.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor-->
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<!-- $Id: man.nsupdate.html,v 1.10 2008/09/25 04:45:04 tbox Exp $ -->
af33a4994ae2ff15bc67d19ff1a7feb906745bf8rbowen<html>
3f08db06526d6901aa08c110b5bc7dde6bc39905nd<head>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<title>nsupdate</title>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
3f08db06526d6901aa08c110b5bc7dde6bc39905nd<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<link rel="prev" href="man.named.html" title="named">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<link rel="next" href="man.rndc.html" title="rndc">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor</head>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<div class="navheader">
f086b4b402fa9a2fefc7dda85de2a3cc1cd0a654rjung<table width="100%" summary="Navigation header">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<tr><th colspan="3" align="center"><span class="application">nsupdate</span></th></tr>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<tr>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<td width="20%" align="left">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<a accesskey="p" href="man.named.html">Prev</a>�</td>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<th width="60%" align="center">Manual pages</th>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<td width="20%" align="right">�<a accesskey="n" href="man.rndc.html">Next</a>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor</td>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor</tr>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor</table>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<hr>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor</div>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<div class="refentry" lang="en">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<a name="man.nsupdate"></a><div class="titlepage"></div>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<div class="refnamediv">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<h2>Name</h2>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<p><span class="application">nsupdate</span> &#8212; Dynamic DNS update utility</p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor</div>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<div class="refsynopsisdiv">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<h2>Synopsis</h2>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [filename]</p></div>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor</div>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<div class="refsect1" lang="en">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<a name="id2608568"></a><h2>DESCRIPTION</h2>
30471a4650391f57975f60bbb6e4a90be7b284bfhumbedooh<p><span><strong class="command">nsupdate</strong></span>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor is used to submit Dynamic DNS Update requests as defined in RFC2136
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor to a name server.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor This allows resource records to be added or removed from a zone
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor without manually editing the zone file.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor A single update request can contain requests to add or remove more than
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor one
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor resource record.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor Zones that are under dynamic control via
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <span><strong class="command">nsupdate</strong></span>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor or a DHCP server should not be edited by hand.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor Manual edits could
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor conflict with dynamic updates and cause data to be lost.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor The resource records that are dynamically added or removed with
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <span><strong class="command">nsupdate</strong></span>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor have to be in the same zone.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor Requests are sent to the zone's master server.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor This is identified by the MNAME field of the zone's SOA record.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor The
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <code class="option">-d</code>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor option makes
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <span><strong class="command">nsupdate</strong></span>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor operate in debug mode.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor This provides tracing information about the update requests that are
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor made and the replies received from the name server.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor The <code class="option">-D</code> option makes <span><strong class="command">nsupdate</strong></span>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor report additional debugging information to <code class="option">-d</code>.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor Transaction signatures can be used to authenticate the Dynamic DNS
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor updates.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor These use the TSIG resource record type described in RFC2845 or the
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor SIG(0) record described in RFC3535 and RFC2931.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor TSIG relies on a shared secret that should only be known to
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <span><strong class="command">nsupdate</strong></span> and the name server.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor Currently, the only supported encryption algorithm for TSIG is
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor HMAC-MD5, which is defined in RFC 2104.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor Once other algorithms are defined for TSIG, applications will need to
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor ensure they select the appropriate algorithm as well as the key when
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor authenticating each other.
3c08156e511e20e221c69dfd20006c2269d1e3cdrjung For instance, suitable
3c08156e511e20e221c69dfd20006c2269d1e3cdrjung <span class="type">key</span>
3c08156e511e20e221c69dfd20006c2269d1e3cdrjung and
3c08156e511e20e221c69dfd20006c2269d1e3cdrjung <span class="type">server</span>
3c08156e511e20e221c69dfd20006c2269d1e3cdrjung statements would be added to
3c08156e511e20e221c69dfd20006c2269d1e3cdrjung <code class="filename">/etc/named.conf</code>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor so that the name server can associate the appropriate secret key
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor and algorithm with the IP address of the
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor client application that will be using TSIG authentication.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor SIG(0) uses public key cryptography. To use a SIG(0) key, the public
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor key must be stored in a KEY record in a zone served by the name server.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <span><strong class="command">nsupdate</strong></span>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor does not read
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <code class="filename">/etc/named.conf</code>.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<p><span><strong class="command">nsupdate</strong></span>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor uses the <code class="option">-y</code> or <code class="option">-k</code> option
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor to provide the shared secret needed to generate a TSIG record
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor for authenticating Dynamic DNS update requests, default type
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor HMAC-MD5. These options are mutually exclusive. With the
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <code class="option">-k</code> option, <span><strong class="command">nsupdate</strong></span> reads
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor the shared secret from the file <em class="parameter"><code>keyfile</code></em>,
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor whose name is of the form
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <code class="filename">K{name}.+157.+{random}.private</code>. For
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor historical reasons, the file
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <code class="filename">K{name}.+157.+{random}.key</code> must also be
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor present. When the <code class="option">-y</code> option is used, a
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor signature is generated from
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor [<span class="optional"><em class="parameter"><code>hmac:</code></em></span>]<em class="parameter"><code>keyname:secret.</code></em>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <em class="parameter"><code>keyname</code></em> is the name of the key, and
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <em class="parameter"><code>secret</code></em> is the base64 encoded shared
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor secret. Use of the <code class="option">-y</code> option is discouraged
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor because the shared secret is supplied as a command line
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor argument in clear text. This may be visible in the output
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor from
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span> or in a history file maintained by the user's
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor shell.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor The <code class="option">-k</code> may also be used to specify a SIG(0) key used
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor to authenticate Dynamic DNS update requests. In this case, the key
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor specified is not an HMAC-MD5 key.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor By default
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <span><strong class="command">nsupdate</strong></span>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor uses UDP to send update requests to the name server unless they are too
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor large to fit in a UDP request in which case TCP will be used.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor The
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <code class="option">-v</code>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor option makes
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <span><strong class="command">nsupdate</strong></span>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor use a TCP connection.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor This may be preferable when a batch of update requests is made.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor The <code class="option">-t</code> option sets the maximum time an update request
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor can
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor take before it is aborted. The default is 300 seconds. Zero can be
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor used
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor to disable the timeout.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor The <code class="option">-u</code> option sets the UDP retry interval. The default
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor is
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor 3 seconds. If zero, the interval will be computed from the timeout
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor interval
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor and number of UDP retries.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor The <code class="option">-r</code> option sets the number of UDP retries. The
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor default is
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor 3. If zero, only one update request will be made.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor The <code class="option">-R <em class="replaceable"><code>randomdev</code></em></code> option
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor specifies a source of randomness. If the operating system
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor does not provide a <code class="filename">/dev/random</code> or
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor equivalent device, the default source of randomness is keyboard
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor input. <code class="filename">randomdev</code> specifies the name of
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor a character device or file containing random data to be used
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor instead of the default. The special value
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <code class="filename">keyboard</code> indicates that keyboard input
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor should be used. This option may be specified multiple times.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor</div>
3c08156e511e20e221c69dfd20006c2269d1e3cdrjung<div class="refsect1" lang="en">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<a name="id2609084"></a><h2>INPUT FORMAT</h2>
3c08156e511e20e221c69dfd20006c2269d1e3cdrjung<p><span><strong class="command">nsupdate</strong></span>
3c08156e511e20e221c69dfd20006c2269d1e3cdrjung reads input from
3c08156e511e20e221c69dfd20006c2269d1e3cdrjung <em class="parameter"><code>filename</code></em>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor or standard input.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor Each command is supplied on exactly one line of input.
3c08156e511e20e221c69dfd20006c2269d1e3cdrjung Some commands are for administrative purposes.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor The others are either update instructions or prerequisite checks on the
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor contents of the zone.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor These checks set conditions that some name or set of
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor resource records (RRset) either exists or is absent from the zone.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor These conditions must be met if the entire update request is to succeed.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor Updates will be rejected if the tests for the prerequisite conditions
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor fail.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor Every update request consists of zero or more prerequisites
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor and zero or more updates.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor This allows a suitably authenticated update request to proceed if some
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor specified resource records are present or missing from the zone.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor A blank input line (or the <span><strong class="command">send</strong></span> command)
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor causes the
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor accumulated commands to be sent as one Dynamic DNS update request to the
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor name server.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor The command formats and their meaning are as follows:
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </p>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<div class="variablelist"><dl>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<dt><span class="term">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <span><strong class="command">server</strong></span>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor {servername}
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor [port]
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </span></dt>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<dd><p>
3c08156e511e20e221c69dfd20006c2269d1e3cdrjung Sends all dynamic update requests to the name server
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <em class="parameter"><code>servername</code></em>.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor When no server statement is provided,
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <span><strong class="command">nsupdate</strong></span>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor will send updates to the master server of the correct zone.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor The MNAME field of that zone's SOA record will identify the
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor master
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor server for that zone.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <em class="parameter"><code>port</code></em>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor is the port number on
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <em class="parameter"><code>servername</code></em>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor where the dynamic update requests get sent.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor If no port number is specified, the default DNS port number of
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor 53 is
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor used.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor </p></dd>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor<dt><span class="term">
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <span><strong class="command">local</strong></span>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor {address}
f086b4b402fa9a2fefc7dda85de2a3cc1cd0a654rjung [port]
727872d18412fc021f03969b8641810d8896820bhumbedooh </span></dt>
0d0ba3a410038e179b695446bb149cce6264e0abnd<dd><p>
727872d18412fc021f03969b8641810d8896820bhumbedooh Sends all dynamic update requests using the local
cc7e1025de9ac63bd4db6fe7f71c158b2cf09fe4humbedooh <em class="parameter"><code>address</code></em>.
0d0ba3a410038e179b695446bb149cce6264e0abnd
cc7e1025de9ac63bd4db6fe7f71c158b2cf09fe4humbedooh When no local statement is provided,
727872d18412fc021f03969b8641810d8896820bhumbedooh <span><strong class="command">nsupdate</strong></span>
0d0ba3a410038e179b695446bb149cce6264e0abnd will send updates using an address and port chosen by the
0d0ba3a410038e179b695446bb149cce6264e0abnd system.
0d0ba3a410038e179b695446bb149cce6264e0abnd <em class="parameter"><code>port</code></em>
ac082aefa89416cbdc9a1836eaf3bed9698201c8humbedooh can additionally be used to make requests come from a specific
0d0ba3a410038e179b695446bb149cce6264e0abnd port.
0d0ba3a410038e179b695446bb149cce6264e0abnd If no port number is specified, the system will assign one.
0d0ba3a410038e179b695446bb149cce6264e0abnd </p></dd>
727872d18412fc021f03969b8641810d8896820bhumbedooh<dt><span class="term">
0d0ba3a410038e179b695446bb149cce6264e0abnd <span><strong class="command">zone</strong></span>
0d0ba3a410038e179b695446bb149cce6264e0abnd {zonename}
30471a4650391f57975f60bbb6e4a90be7b284bfhumbedooh </span></dt>
1a1356f375e36db7bee379ea0684ab389579f798rbowen<dd><p>
af33a4994ae2ff15bc67d19ff1a7feb906745bf8rbowen Specifies that all updates are to be made to the zone
0d0ba3a410038e179b695446bb149cce6264e0abnd <em class="parameter"><code>zonename</code></em>.
7fec19672a491661b2fe4b29f685bc7f4efa64d4nd If no
7fec19672a491661b2fe4b29f685bc7f4efa64d4nd <em class="parameter"><code>zone</code></em>
7fec19672a491661b2fe4b29f685bc7f4efa64d4nd statement is provided,
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor <span><strong class="command">nsupdate</strong></span>
will attempt determine the correct zone to update based on the
rest of the input.
</p></dd>
<dt><span class="term">
<span><strong class="command">class</strong></span>
{classname}
</span></dt>
<dd><p>
Specify the default class.
If no <em class="parameter"><code>class</code></em> is specified, the
default class is
<em class="parameter"><code>IN</code></em>.
</p></dd>
<dt><span class="term">
<span><strong class="command">ttl</strong></span>
{seconds}
</span></dt>
<dd><p>
Specify the default time to live for records to be added.
The value <em class="parameter"><code>none</code></em> will clear the default
ttl.
</p></dd>
<dt><span class="term">
<span><strong class="command">key</strong></span>
{name}
{secret}
</span></dt>
<dd><p>
Specifies that all updates are to be TSIG-signed using the
<em class="parameter"><code>keyname</code></em> <em class="parameter"><code>keysecret</code></em> pair.
The <span><strong class="command">key</strong></span> command
overrides any key specified on the command line via
<code class="option">-y</code> or <code class="option">-k</code>.
</p></dd>
<dt><span class="term">
<span><strong class="command">prereq nxdomain</strong></span>
{domain-name}
</span></dt>
<dd><p>
Requires that no resource record of any type exists with name
<em class="parameter"><code>domain-name</code></em>.
</p></dd>
<dt><span class="term">
<span><strong class="command">prereq yxdomain</strong></span>
{domain-name}
</span></dt>
<dd><p>
Requires that
<em class="parameter"><code>domain-name</code></em>
exists (has as at least one resource record, of any type).
</p></dd>
<dt><span class="term">
<span><strong class="command">prereq nxrrset</strong></span>
{domain-name}
[class]
{type}
</span></dt>
<dd><p>
Requires that no resource record exists of the specified
<em class="parameter"><code>type</code></em>,
<em class="parameter"><code>class</code></em>
and
<em class="parameter"><code>domain-name</code></em>.
If
<em class="parameter"><code>class</code></em>
is omitted, IN (internet) is assumed.
</p></dd>
<dt><span class="term">
<span><strong class="command">prereq yxrrset</strong></span>
{domain-name}
[class]
{type}
</span></dt>
<dd><p>
This requires that a resource record of the specified
<em class="parameter"><code>type</code></em>,
<em class="parameter"><code>class</code></em>
and
<em class="parameter"><code>domain-name</code></em>
must exist.
If
<em class="parameter"><code>class</code></em>
is omitted, IN (internet) is assumed.
</p></dd>
<dt><span class="term">
<span><strong class="command">prereq yxrrset</strong></span>
{domain-name}
[class]
{type}
{data...}
</span></dt>
<dd><p>
The
<em class="parameter"><code>data</code></em>
from each set of prerequisites of this form
sharing a common
<em class="parameter"><code>type</code></em>,
<em class="parameter"><code>class</code></em>,
and
<em class="parameter"><code>domain-name</code></em>
are combined to form a set of RRs. This set of RRs must
exactly match the set of RRs existing in the zone at the
given
<em class="parameter"><code>type</code></em>,
<em class="parameter"><code>class</code></em>,
and
<em class="parameter"><code>domain-name</code></em>.
The
<em class="parameter"><code>data</code></em>
are written in the standard text representation of the resource
record's
RDATA.
</p></dd>
<dt><span class="term">
<span><strong class="command">update delete</strong></span>
{domain-name}
[ttl]
[class]
[type [data...]]
</span></dt>
<dd><p>
Deletes any resource records named
<em class="parameter"><code>domain-name</code></em>.
If
<em class="parameter"><code>type</code></em>
and
<em class="parameter"><code>data</code></em>
is provided, only matching resource records will be removed.
The internet class is assumed if
<em class="parameter"><code>class</code></em>
is not supplied. The
<em class="parameter"><code>ttl</code></em>
is ignored, and is only allowed for compatibility.
</p></dd>
<dt><span class="term">
<span><strong class="command">update add</strong></span>
{domain-name}
{ttl}
[class]
{type}
{data...}
</span></dt>
<dd><p>
Adds a new resource record with the specified
<em class="parameter"><code>ttl</code></em>,
<em class="parameter"><code>class</code></em>
and
<em class="parameter"><code>data</code></em>.
</p></dd>
<dt><span class="term">
<span><strong class="command">show</strong></span>
</span></dt>
<dd><p>
Displays the current message, containing all of the
prerequisites and
updates specified since the last send.
</p></dd>
<dt><span class="term">
<span><strong class="command">send</strong></span>
</span></dt>
<dd><p>
Sends the current message. This is equivalent to entering a
blank line.
</p></dd>
<dt><span class="term">
<span><strong class="command">answer</strong></span>
</span></dt>
<dd><p>
Displays the answer.
</p></dd>
<dt><span class="term">
<span><strong class="command">debug</strong></span>
</span></dt>
<dd><p>
Turn on debugging.
</p></dd>
</dl></div>
<p>
</p>
<p>
Lines beginning with a semicolon are comments and are ignored.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2664048"></a><h2>EXAMPLES</h2>
<p>
The examples below show how
<span><strong class="command">nsupdate</strong></span>
could be used to insert and delete resource records from the
<span class="type">example.com</span>
zone.
Notice that the input in each example contains a trailing blank line so
that
a group of commands are sent as one dynamic update request to the
master name server for
<span class="type">example.com</span>.
</p>
<pre class="programlisting">
# nsupdate
&gt; update delete oldhost.example.com A
&gt; update add newhost.example.com 86400 A 172.16.1.1
&gt; send
</pre>
<p>
</p>
<p>
Any A records for
<span class="type">oldhost.example.com</span>
are deleted.
And an A record for
<span class="type">newhost.example.com</span>
with IP address 172.16.1.1 is added.
The newly-added record has a 1 day TTL (86400 seconds).
</p>
<pre class="programlisting">
# nsupdate
&gt; prereq nxdomain nickname.example.com
&gt; update add nickname.example.com 86400 CNAME somehost.example.com
&gt; send
</pre>
<p>
</p>
<p>
The prerequisite condition gets the name server to check that there
are no resource records of any type for
<span class="type">nickname.example.com</span>.
If there are, the update request fails.
If this name does not exist, a CNAME for it is added.
This ensures that when the CNAME is added, it cannot conflict with the
long-standing rule in RFC1034 that a name must not exist as any other
record type if it exists as a CNAME.
(The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have
RRSIG, DNSKEY and NSEC records.)
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2664098"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
<dd><p>
used to identify default name server
</p></dd>
<dt><span class="term"><code class="constant">K{name}.+157.+{random}.key</code></span></dt>
<dd><p>
base-64 encoding of HMAC-MD5 key created by
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
</p></dd>
<dt><span class="term"><code class="constant">K{name}.+157.+{random}.private</code></span></dt>
<dd><p>
base-64 encoding of HMAC-MD5 key created by
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
</p></dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2664167"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">RFC2136</span></span>,
<span class="citerefentry"><span class="refentrytitle">RFC3007</span></span>,
<span class="citerefentry"><span class="refentrytitle">RFC2104</span></span>,
<span class="citerefentry"><span class="refentrytitle">RFC2845</span></span>,
<span class="citerefentry"><span class="refentrytitle">RFC1034</span></span>,
<span class="citerefentry"><span class="refentrytitle">RFC2535</span></span>,
<span class="citerefentry"><span class="refentrytitle">RFC2931</span></span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2664237"></a><h2>BUGS</h2>
<p>
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library
for its cryptographic operations, and may change in future
releases.
</p>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
<a accesskey="p" href="man.named.html">Prev</a>�</td>
<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
<td width="40%" align="right">�<a accesskey="n" href="man.rndc.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">
<span class="application">named</span>�</td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top">�<span class="application">rndc</span>
</td>
</tr>
</table>
</div>
</body>
</html>