man.nsupdate.html revision 0e9e255d1643375056aa9ed7fe2a279713ffae78
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek - Copyright (C) 2000-2003 Internet Software Consortium.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek - Permission to use, copy, modify, and/or distribute this software for any
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek - purpose with or without fee is hereby granted, provided that the above
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek - copyright notice and this permission notice appear in all copies.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek - PERFORMANCE OF THIS SOFTWARE.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek<!-- $Id: man.nsupdate.html,v 1.104 2010/12/24 01:14:21 tbox Exp $ -->
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek<link rel="prev" href="man.named-journalprint.html" title="named-journalprint">
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek<link rel="next" href="man.rndc.html" title="rndc">
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek<table width="100%" summary="Navigation header">
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek<tr><th colspan="3" align="center"><span class="application">nsupdate</span></th></tr>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek<a accesskey="p" href="man.named-journalprint.html">Prev</a>�</td>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek<th width="60%" align="center">Manual pages</th>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek<td width="20%" align="right">�<a accesskey="n" href="man.rndc.html">Next</a>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek<a name="man.nsupdate"></a><div class="titlepage"></div>
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek<p><span class="application">nsupdate</span> — Dynamic DNS update utility</p>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-l</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [filename]</p></div>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek<p><span><strong class="command">nsupdate</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek is used to submit Dynamic DNS Update requests as defined in RFC 2136
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek to a name server.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek This allows resource records to be added or removed from a zone
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek without manually editing the zone file.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek A single update request can contain requests to add or remove more than
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek resource record.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Zones that are under dynamic control via
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">nsupdate</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek or a DHCP server should not be edited by hand.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Manual edits could
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek conflict with dynamic updates and cause data to be lost.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek The resource records that are dynamically added or removed with
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">nsupdate</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek have to be in the same zone.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Requests are sent to the zone's master server.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek This is identified by the MNAME field of the zone's SOA record.
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek option makes
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek <span><strong class="command">nsupdate</strong></span>
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek operate in debug mode.
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek This provides tracing information about the update requests that are
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek made and the replies received from the name server.
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek The <code class="option">-D</code> option makes <span><strong class="command">nsupdate</strong></span>
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek report additional debugging information to <code class="option">-d</code>.
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek The <code class="option">-L</code> option with an integer argument of zero or
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek higher sets the logging debug level. If zero, logging is disabled.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Transaction signatures can be used to authenticate the Dynamic
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek DNS updates. These use the TSIG resource record type described
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek in RFC 2845 or the SIG(0) record described in RFC 2535 and
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek RFC 2931 or GSS-TSIG as described in RFC 3645. TSIG relies on
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek a shared secret that should only be known to
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">nsupdate</strong></span> and the name server. Currently,
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek the only supported encryption algorithm for TSIG is HMAC-MD5,
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek which is defined in RFC 2104. Once other algorithms are
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek defined for TSIG, applications will need to ensure they select
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek the appropriate algorithm as well as the key when authenticating
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek each other. For instance, suitable <span class="type">key</span> and
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span class="type">server</span> statements would be added to
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <code class="filename">/etc/named.conf</code> so that the name server
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek can associate the appropriate secret key and algorithm with
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek the IP address of the client application that will be using
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek TSIG authentication. SIG(0) uses public key cryptography.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek To use a SIG(0) key, the public key must be stored in a KEY
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek record in a zone served by the name server.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">nsupdate</strong></span> does not read
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek GSS-TSIG uses Kerberos credentials. Standard GSS-TSIG mode
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek is switched on with the <code class="option">-g</code> flag. A
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek non-standards-compliant variant of GSS-TSIG used by Windows
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek 2000 can be switched on with the <code class="option">-o</code> flag.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek<p><span><strong class="command">nsupdate</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek uses the <code class="option">-y</code> or <code class="option">-k</code> option
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek to provide the shared secret needed to generate a TSIG record
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek for authenticating Dynamic DNS update requests, default type
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek HMAC-MD5. These options are mutually exclusive.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek When the <code class="option">-y</code> option is used, a signature is
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek generated from
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek [<span class="optional"><em class="parameter"><code>hmac:</code></em></span>]<em class="parameter"><code>keyname:secret.</code></em>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <em class="parameter"><code>keyname</code></em> is the name of the key, and
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <em class="parameter"><code>secret</code></em> is the base64 encoded shared secret.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Use of the <code class="option">-y</code> option is discouraged because the
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek shared secret is supplied as a command line argument in clear text.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek This may be visible in the output from
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek or in a history file maintained by the user's shell.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <code class="option">-k</code> option, <span><strong class="command">nsupdate</strong></span> reads
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek the shared secret from the file <em class="parameter"><code>keyfile</code></em>.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Keyfiles may be in two formats: a single file containing
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek a <code class="filename">named.conf</code>-format <span><strong class="command">key</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek statement, which may be generated automatically by
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">ddns-confgen</strong></span>, or a pair of files whose names are
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek of the format <code class="filename">K{name}.+157.+{random}.key</code> and
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <code class="filename">K{name}.+157.+{random}.private</code>, which can be
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek generated by <span><strong class="command">dnssec-keygen</strong></span>.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek The <code class="option">-k</code> may also be used to specify a SIG(0) key used
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek to authenticate Dynamic DNS update requests. In this case, the key
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek specified is not an HMAC-MD5 key.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">nsupdate</strong></span> can be run in a local-host only mode
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek using the <code class="option">-l</code> flag. This sets the server address to
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek localhost (disabling the <span><strong class="command">server</strong></span> so that the server
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek address cannot be overridden). Connections to the local server will
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek use a TSIG key found in <code class="filename">/var/run/named/session.key</code>,
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek which is automatically generated by <span><strong class="command">named</strong></span> if any
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek local master zone has set <span><strong class="command">update-policy</strong></span> to
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">local</strong></span>. The location of this key file can be
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek overridden with the <code class="option">-k</code> option.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek By default, <span><strong class="command">nsupdate</strong></span>
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek uses UDP to send update requests to the name server unless they are too
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek large to fit in a UDP request in which case TCP will be used.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek option makes
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek <span><strong class="command">nsupdate</strong></span>
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek use a TCP connection.
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek This may be preferable when a batch of update requests is made.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek The <code class="option">-p</code> sets the default port number to use for
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek connections to a name server. The default is 53.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek The <code class="option">-t</code> option sets the maximum time an update request
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek take before it is aborted. The default is 300 seconds. Zero can be
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek to disable the timeout.
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek The <code class="option">-u</code> option sets the UDP retry interval. The default
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek 3 seconds. If zero, the interval will be computed from the timeout
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek and number of UDP retries.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek The <code class="option">-r</code> option sets the number of UDP retries. The
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek 3. If zero, only one update request will be made.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek The <code class="option">-R <em class="replaceable"><code>randomdev</code></em></code> option
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek specifies a source of randomness. If the operating system
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek does not provide a <code class="filename">/dev/random</code> or
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek equivalent device, the default source of randomness is keyboard
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek input. <code class="filename">randomdev</code> specifies the name of
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek a character device or file containing random data to be used
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek instead of the default. The special value
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <code class="filename">keyboard</code> indicates that keyboard input
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek should be used. This option may be specified multiple times.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek<p><span><strong class="command">nsupdate</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek reads input from
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <em class="parameter"><code>filename</code></em>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek or standard input.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Each command is supplied on exactly one line of input.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Some commands are for administrative purposes.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek The others are either update instructions or prerequisite checks on the
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek contents of the zone.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek These checks set conditions that some name or set of
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek resource records (RRset) either exists or is absent from the zone.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek These conditions must be met if the entire update request is to succeed.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Updates will be rejected if the tests for the prerequisite conditions
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Every update request consists of zero or more prerequisites
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek and zero or more updates.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek This allows a suitably authenticated update request to proceed if some
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek specified resource records are present or missing from the zone.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek A blank input line (or the <span><strong class="command">send</strong></span> command)
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek accumulated commands to be sent as one Dynamic DNS update request to the
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek name server.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek The command formats and their meaning are as follows:
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">server</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek {servername}
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Sends all dynamic update requests to the name server
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <em class="parameter"><code>servername</code></em>.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek When no server statement is provided,
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">nsupdate</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek will send updates to the master server of the correct zone.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek The MNAME field of that zone's SOA record will identify the
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek server for that zone.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek is the port number on
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <em class="parameter"><code>servername</code></em>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek where the dynamic update requests get sent.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek If no port number is specified, the default DNS port number of
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">local</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Sends all dynamic update requests using the local
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <em class="parameter"><code>address</code></em>.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek When no local statement is provided,
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">nsupdate</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek will send updates using an address and port chosen by the
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek can additionally be used to make requests come from a specific
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek If no port number is specified, the system will assign one.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">zone</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Specifies that all updates are to be made to the zone
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <em class="parameter"><code>zonename</code></em>.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek statement is provided,
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">nsupdate</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek will attempt determine the correct zone to update based on the
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek rest of the input.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">class</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Specify the default class.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek If no <em class="parameter"><code>class</code></em> is specified, the
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek default class is
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">ttl</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Specify the default time to live for records to be added.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek The value <em class="parameter"><code>none</code></em> will clear the default
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">key</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Specifies that all updates are to be TSIG-signed using the
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <em class="parameter"><code>keyname</code></em> <em class="parameter"><code>keysecret</code></em> pair.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek The <span><strong class="command">key</strong></span> command
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek overrides any key specified on the command line via
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <code class="option">-y</code> or <code class="option">-k</code>.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">gsstsig</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Use GSS-TSIG to sign the updated. This is equivalent to
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek specifying <code class="option">-g</code> on the commandline.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">oldgsstsig</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Use the Windows 2000 version of GSS-TSIG to sign the updated.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek This is equivalent to specifying <code class="option">-o</code> on the
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek commandline.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">realm</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek When using GSS-TSIG use <em class="parameter"><code>realm_name</code></em> rather
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek than the default realm in <code class="filename">krb5.conf</code>. If no
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek realm is specified the saved realm is cleared.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">prereq nxdomain</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek {domain-name}
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Requires that no resource record of any type exists with name
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <em class="parameter"><code>domain-name</code></em>.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">prereq yxdomain</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek {domain-name}
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Requires that
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <em class="parameter"><code>domain-name</code></em>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek exists (has as at least one resource record, of any type).
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">prereq nxrrset</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek {domain-name}
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Requires that no resource record exists of the specified
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <em class="parameter"><code>domain-name</code></em>.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek is omitted, IN (internet) is assumed.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">prereq yxrrset</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek {domain-name}
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek This requires that a resource record of the specified
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <em class="parameter"><code>domain-name</code></em>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek is omitted, IN (internet) is assumed.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">prereq yxrrset</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek {domain-name}
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek from each set of prerequisites of this form
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek sharing a common
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <em class="parameter"><code>domain-name</code></em>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek are combined to form a set of RRs. This set of RRs must
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek exactly match the set of RRs existing in the zone at the
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <em class="parameter"><code>domain-name</code></em>.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek are written in the standard text representation of the resource
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">update delete</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek {domain-name}
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek [type [data...]]
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Deletes any resource records named
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <em class="parameter"><code>domain-name</code></em>.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek is provided, only matching resource records will be removed.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek The internet class is assumed if
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek is not supplied. The
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek is ignored, and is only allowed for compatibility.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">update add</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek {domain-name}
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Adds a new resource record with the specified
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">show</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Displays the current message, containing all of the
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek prerequisites and
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek updates specified since the last send.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">send</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Sends the current message. This is equivalent to entering a
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">answer</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Displays the answer.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span><strong class="command">debug</strong></span>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Turn on debugging.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Lines beginning with a semicolon are comments and are ignored.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek The examples below show how
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek <span><strong class="command">nsupdate</strong></span>
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek could be used to insert and delete resource records from the
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek Notice that the input in each example contains a trailing blank line so
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek a group of commands are sent as one dynamic update request to the
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek master name server for
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek> update delete oldhost.example.com A
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek> update add newhost.example.com 86400 A 172.16.1.1
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek Any A records for
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek are deleted.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek And an A record for
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek with IP address 172.16.1.1 is added.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek The newly-added record has a 1 day TTL (86400 seconds).
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek> prereq nxdomain nickname.example.com
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek> update add nickname.example.com 86400 CNAME somehost.example.com
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek The prerequisite condition gets the name server to check that there
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek are no resource records of any type for
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span class="type">nickname.example.com</span>.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek If there are, the update request fails.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek If this name does not exist, a CNAME for it is added.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek This ensures that when the CNAME is added, it cannot conflict with the
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek long-standing rule in RFC 1034 that a name must not exist as any other
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek record type if it exists as a CNAME.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek (The rule has been updated for DNSSEC in RFC 2535 to allow CNAMEs to have
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek RRSIG, DNSKEY and NSEC records.)
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek used to identify default name server
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek<dt><span class="term"><code class="constant">/var/run/named/session.key</code></span></dt>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek sets the default TSIG key for use in local-only mode
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek<dt><span class="term"><code class="constant">K{name}.+157.+{random}.key</code></span></dt>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek base-64 encoding of HMAC-MD5 key created by
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek<dt><span class="term"><code class="constant">K{name}.+157.+{random}.private</code></span></dt>
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek base-64 encoding of HMAC-MD5 key created by
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span class="citerefentry"><span class="refentrytitle">ddns-confgen</span>(8)</span>,
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek The TSIG key is redundantly stored in two separate files.
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek This is a consequence of nsupdate using the DST library
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek for its cryptographic operations, and may change in future
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek<table width="100%" summary="Navigation footer">
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek<a accesskey="p" href="man.named-journalprint.html">Prev</a>�</td>
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek<td width="40%" align="right">�<a accesskey="n" href="man.rndc.html">Next</a>
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek<span class="application">named-journalprint</span>�</td>
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
95de2cd9ea8083115f3bbbf0867aaf6b218cb624Jakub Hrozek<td width="40%" align="right" valign="top">�<span class="application">rndc</span>