doc/arm/man.nsupdate.html

	man.nsupdate.html revision 6ea2385360e9e2167e65f9286447da9eea189457
2665d7759e63acff0bcd4135678f2cc6f2041d46Christian Maeder<!--
9658657e918981d91c8647ed8c220464f10a6235Christian Maeder - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
e9458b1a7a19a63aa4c179f9ab20f4d50681c168Jens Elkner - Copyright (C) 2000-2003 Internet Software Consortium.
e6d40133bc9f858308654afb1262b8b483ec5922Till Mossakowski -
d5fe06af711a6912ae028ebf873eada4ee8733f8Christian Maeder - Permission to use, copy, modify, and/or distribute this software for any
98890889ffb2e8f6f722b00e265a211f13b5a861Corneliu-Claudiu Prodescu - purpose with or without fee is hereby granted, provided that the above
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder - copyright notice and this permission notice appear in all copies.
3f69b6948966979163bdfe8331c38833d5d90ecdChristian Maeder -
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
e6d40133bc9f858308654afb1262b8b483ec5922Till Mossakowski - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
a7a43d265fef55ddfd7c4412cd96c621ef9738ffChristian Maeder - PERFORMANCE OF THIS SOFTWARE.
a7a43d265fef55ddfd7c4412cd96c621ef9738ffChristian Maeder-->
a7a43d265fef55ddfd7c4412cd96c621ef9738ffChristian Maeder<!-- $Id$ -->
a7a43d265fef55ddfd7c4412cd96c621ef9738ffChristian Maeder<html>
a7a43d265fef55ddfd7c4412cd96c621ef9738ffChristian Maeder<head>
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
ae35311385999d91f812155fe99439724d54063bChristian Maeder<title>nsupdate</title>
46b207daf66b64930a59f3615c8b127aac0b8e43Christian Maeder<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
eaa88a5cefdc814e61039c5dcc1bffc324a2f93eChristian Maeder<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
50a3afe91cef447a03d579976c179dc266290c93Christian Maeder<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
50a3afe91cef447a03d579976c179dc266290c93Christian Maeder<link rel="prev" href="man.named-journalprint.html" title="named-journalprint">
eaa88a5cefdc814e61039c5dcc1bffc324a2f93eChristian Maeder<link rel="next" href="man.rndc.html" title="rndc">
eaa88a5cefdc814e61039c5dcc1bffc324a2f93eChristian Maeder</head>
b33c310b053e6a4a48dc40e51ba56c50ac37d547notanartist<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
eaa88a5cefdc814e61039c5dcc1bffc324a2f93eChristian Maeder<div class="navheader">
ab9b86500ed66416e1a7c01be54491ed72c7d633Christian Maeder<table width="100%" summary="Navigation header">
ab9b86500ed66416e1a7c01be54491ed72c7d633Christian Maeder<tr><th colspan="3" align="center"><span class="application">nsupdate</span></th></tr>
78e7910c3360f74f1db172d63d20bb07c64e56e3Christian Maeder<tr>
8ddb1f6f0aa4eb1836867ba3dde21ac1ec79a58dcmaeder<td width="20%" align="left">
024703c9d1326c23e307c0b0d453ed3358e87fe4cmaeder<a accesskey="p" href="man.named-journalprint.html">Prev</a>�</td>
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder<th width="60%" align="center">Manual pages</th>
f9e0b18852b238ddb649d341194e05d7200d1bbeChristian Maeder<td width="20%" align="right">�<a accesskey="n" href="man.rndc.html">Next</a>
697e63e30aa3c309a1ef1f9357745111f8dfc5a9Christian Maeder</td>
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder</tr>
8e537a087207fb2ea9073ea66776c36b821a58c6Christian Maeder</table>
8ddb1f6f0aa4eb1836867ba3dde21ac1ec79a58dcmaeder<hr>
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder</div>
ad270004874ce1d0697fb30d7309f180553bb315Christian Maeder<div class="refentry" lang="en">
38824a7dba4f7d82532afec67e0b594a5af5d76bChristian Maeder<a name="man.nsupdate"></a><div class="titlepage"></div>
520c5bce318eff52d9315f7c4491c3381a0c4336Christian Maeder<div class="refnamediv">
649fdc0d0502d62d160c150684356fef2c273484Eugen Kuksa<h2>Name</h2>
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<p><span class="application">nsupdate</span> &#8212; Dynamic DNS update utility</p>
eaa88a5cefdc814e61039c5dcc1bffc324a2f93eChristian Maeder</div>
eaa88a5cefdc814e61039c5dcc1bffc324a2f93eChristian Maeder<div class="refsynopsisdiv">
46b1095ba983ce859e17c2a12f48b50583b7150cChristian Maeder<h2>Synopsis</h2>
411392046c2ba1752cde81eaa92a95a2c28b672dChristian Maeder<div class="cmdsynopsis"><p><code class="command">nsupdate</code>  [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] |  [<code class="option">-o</code>] |  [<code class="option">-l</code>] |  [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] |  [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [<code class="option">-T</code>] [<code class="option">-P</code>] [filename]</p></div>
78e7910c3360f74f1db172d63d20bb07c64e56e3Christian Maeder</div>
f527d5da7cd679c1a9b50a4906a0c12d395a6087Christian Maeder<div class="refsect1" lang="en">
e38219f3dd2f5711440478cbffa76ce3db530543cmaeder<a name="id2638231"></a><h2>DESCRIPTION</h2>
9175e29c044318498a40f323f189f9dfd50378efChristian Maeder<p><span><strong class="command">nsupdate</strong></span>
9175e29c044318498a40f323f189f9dfd50378efChristian Maeder      is used to submit Dynamic DNS Update requests as defined in RFC 2136
eaa88a5cefdc814e61039c5dcc1bffc324a2f93eChristian Maeder      to a name server.
eaa88a5cefdc814e61039c5dcc1bffc324a2f93eChristian Maeder      This allows resource records to be added or removed from a zone
eaa88a5cefdc814e61039c5dcc1bffc324a2f93eChristian Maeder      without manually editing the zone file.
eaa88a5cefdc814e61039c5dcc1bffc324a2f93eChristian Maeder      A single update request can contain requests to add or remove more than
eaa88a5cefdc814e61039c5dcc1bffc324a2f93eChristian Maeder      one
eaa88a5cefdc814e61039c5dcc1bffc324a2f93eChristian Maeder      resource record.
eaa88a5cefdc814e61039c5dcc1bffc324a2f93eChristian Maeder    </p>
eaa88a5cefdc814e61039c5dcc1bffc324a2f93eChristian Maeder<p>
eaa88a5cefdc814e61039c5dcc1bffc324a2f93eChristian Maeder      Zones that are under dynamic control via
46b207daf66b64930a59f3615c8b127aac0b8e43Christian Maeder      <span><strong class="command">nsupdate</strong></span>
024703c9d1326c23e307c0b0d453ed3358e87fe4cmaeder      or a DHCP server should not be edited by hand.
a389e88e0acb83d8489bdc5e55bc5522b152bbecEugen Kuksa      Manual edits could
a389e88e0acb83d8489bdc5e55bc5522b152bbecEugen Kuksa      conflict with dynamic updates and cause data to be lost.
46b1095ba983ce859e17c2a12f48b50583b7150cChristian Maeder    </p>
46b1095ba983ce859e17c2a12f48b50583b7150cChristian Maeder<p>
4cc271fa22221d0d20cf303553f86c4e3b1a56e4Christian Maeder      The resource records that are dynamically added or removed with
c8a9d35be2207e0d4fbd26a2411e1ba17e3e4c96Christian Maeder      <span><strong class="command">nsupdate</strong></span>
c2257f94016aeb9e5c3ff3d4d675a81f8f873f0dChristian Maeder      have to be in the same zone.
3986813db69106b9bb1b62faa77532af42512a0cChristian Maeder      Requests are sent to the zone's master server.
4cc271fa22221d0d20cf303553f86c4e3b1a56e4Christian Maeder      This is identified by the MNAME field of the zone's SOA record.
3986813db69106b9bb1b62faa77532af42512a0cChristian Maeder    </p>
726baec6dfb69adb27f2afb4b2027fe5e7670c4aTill Mossakowski<p>
726baec6dfb69adb27f2afb4b2027fe5e7670c4aTill Mossakowski      The
726baec6dfb69adb27f2afb4b2027fe5e7670c4aTill Mossakowski      <code class="option">-d</code>
596a8e9039bd2f42c09cc0da4a57c8073f96fbddChristian Maeder      option makes
596a8e9039bd2f42c09cc0da4a57c8073f96fbddChristian Maeder      <span><strong class="command">nsupdate</strong></span>
596a8e9039bd2f42c09cc0da4a57c8073f96fbddChristian Maeder      operate in debug mode.
eaa88a5cefdc814e61039c5dcc1bffc324a2f93eChristian Maeder      This provides tracing information about the update requests that are
46b1095ba983ce859e17c2a12f48b50583b7150cChristian Maeder      made and the replies received from the name server.
e982190515f83fe6615436530ebe89bb320770d6Christian Maeder    </p>
ab9b86500ed66416e1a7c01be54491ed72c7d633Christian Maeder<p>
eaa88a5cefdc814e61039c5dcc1bffc324a2f93eChristian Maeder      The <code class="option">-D</code> option makes <span><strong class="command">nsupdate</strong></span>
f04e8f3ff56405901be968fd4c6e9769239f1a9bKlaus Luettich      report additional debugging information to <code class="option">-d</code>.
08d506ebb78da1e8656a73a349492e042f4c9f72Christian Maeder    </p>
d27d203b3f42f0e0ecea00e3f19f55f66045bd96Christian Maeder<p>
46b1095ba983ce859e17c2a12f48b50583b7150cChristian Maeder      The <code class="option">-L</code> option with an integer argument of zero or
7bb0a9e92bc7a6f868eaa0b9c3212c0af4f96b7fEugen Kuksa      higher sets the logging debug level.  If zero, logging is disabled.
7bb0a9e92bc7a6f868eaa0b9c3212c0af4f96b7fEugen Kuksa    </p>
7bb0a9e92bc7a6f868eaa0b9c3212c0af4f96b7fEugen Kuksa<p>
53a3042e1da2253fd3f103bfef4deb47fc0bf6a6Ewaryst Schulz      Transaction signatures can be used to authenticate the Dynamic
53a3042e1da2253fd3f103bfef4deb47fc0bf6a6Ewaryst Schulz      DNS updates.  These use the TSIG resource record type described
53a3042e1da2253fd3f103bfef4deb47fc0bf6a6Ewaryst Schulz      in RFC 2845 or the SIG(0) record described in RFC 2535 and
38824a7dba4f7d82532afec67e0b594a5af5d76bChristian Maeder      RFC 2931 or GSS-TSIG as described in RFC 3645.  TSIG relies on
38824a7dba4f7d82532afec67e0b594a5af5d76bChristian Maeder      a shared secret that should only be known to
38824a7dba4f7d82532afec67e0b594a5af5d76bChristian Maeder      <span><strong class="command">nsupdate</strong></span> and the name server.  Currently,
ec351e60425e2f99448cb44e933d3828f8025dddChristian Maeder      the only supported encryption algorithm for TSIG is HMAC-MD5,
32607d06fe7826eb0711c19d348ee4e395f2577aChristian Maeder      which is defined in RFC 2104.  Once other algorithms are
411588cc915b27cef4e7e66fb23e67514b3a0c92Christian Maeder      defined for TSIG, applications will need to ensure they select
7af6ad49991a7f73b5d4233c89648a5a523f72bdTill Mossakowski      the appropriate algorithm as well as the key when authenticating
411588cc915b27cef4e7e66fb23e67514b3a0c92Christian Maeder      each other.  For instance, suitable <span class="type">key</span> and
21dbca247d5964daf2c5abd2de2ac1101e3e1ef4Christian Maeder      <span class="type">server</span> statements would be added to
ec351e60425e2f99448cb44e933d3828f8025dddChristian Maeder      <code class="filename">/etc/named.conf</code> so that the name server
56440c7ae61e7277a3494452d0165ee52e677b29Christian Maeder      can associate the appropriate secret key and algorithm with
e4f0eaffd002e9e553ee113be33f9aa6e4181c43Christian Maeder      the IP address of the client application that will be using
961978c71545e0177683279f8b63358b3e3804b8Christian Maeder      TSIG authentication.  SIG(0) uses public key cryptography.
961978c71545e0177683279f8b63358b3e3804b8Christian Maeder      To use a SIG(0) key, the public key must be stored in a KEY
e4f0eaffd002e9e553ee113be33f9aa6e4181c43Christian Maeder      record in a zone served by the name server.
c4076ff1721f8901a30e4b7aa004479ecb2631e0Felix Gabriel Mance      <span><strong class="command">nsupdate</strong></span> does not read
3ec3a22fe2b9c38a3575c98a82b4e3f988af64a6Eugen Kuksa      <code class="filename">/etc/named.conf</code>.
3ec3a22fe2b9c38a3575c98a82b4e3f988af64a6Eugen Kuksa    </p>
3ec3a22fe2b9c38a3575c98a82b4e3f988af64a6Eugen Kuksa<p>
4c872eeb600fe8479dbda395405cf13c3d573c24Soeren D. Schulze      GSS-TSIG uses Kerberos credentials.  Standard GSS-TSIG mode
3ec3a22fe2b9c38a3575c98a82b4e3f988af64a6Eugen Kuksa      is switched on with the <code class="option">-g</code> flag.  A
64c2422e1ba0691556a6639e959820add102315cChristian Maeder      non-standards-compliant variant of GSS-TSIG used by Windows
938677803842b384a91fef21f58f86b8e3188b43Ewaryst Schulz      2000 can be switched on with the <code class="option">-o</code> flag.
4c8d3c5a9e938633f6147b5a595b9b93bfca99e6Christian Maeder    </p>
b53688bfed888214b485cf76439d57262d80e0a7Christian Maeder<p><span><strong class="command">nsupdate</strong></span>
63da71bfb4226f504944b293fb77177ebcaea7d4Ewaryst Schulz      uses the <code class="option">-y</code> or <code class="option">-k</code> option
63da71bfb4226f504944b293fb77177ebcaea7d4Ewaryst Schulz      to provide the shared secret needed to generate a TSIG record
f8cc2399c16fcda7e3bf9d901a0de0cc8a455f86Ewaryst Schulz      for authenticating Dynamic DNS update requests, default type
b83ff3749d99d03b641adee264b781039a551addChristian Maeder      HMAC-MD5.  These options are mutually exclusive.
649fdc0d0502d62d160c150684356fef2c273484Eugen Kuksa    </p>
649fdc0d0502d62d160c150684356fef2c273484Eugen Kuksa<p>
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder      When the <code class="option">-y</code> option is used, a signature is
520c5bce318eff52d9315f7c4491c3381a0c4336Christian Maeder      generated from
c2257f94016aeb9e5c3ff3d4d675a81f8f873f0dChristian Maeder      [<span class="optional"><em class="parameter"><code>hmac:</code></em></span>]<em class="parameter"><code>keyname:secret.</code></em>
0850c3e5fb6285405ebaeb5aa433985203ac892dEwaryst Schulz      <em class="parameter"><code>keyname</code></em> is the name of the key, and
bdf2e01977470bedcb4425e2dadabc9e9f6ba149Ewaryst Schulz      <em class="parameter"><code>secret</code></em> is the base64 encoded shared secret.
bdf2e01977470bedcb4425e2dadabc9e9f6ba149Ewaryst Schulz      Use of the <code class="option">-y</code> option is discouraged because the
bdf2e01977470bedcb4425e2dadabc9e9f6ba149Ewaryst Schulz      shared secret is supplied as a command line argument in clear text.
0850c3e5fb6285405ebaeb5aa433985203ac892dEwaryst Schulz      This may be visible in the output from
961978c71545e0177683279f8b63358b3e3804b8Christian Maeder      <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span>
938677803842b384a91fef21f58f86b8e3188b43Ewaryst Schulz      or in a history file maintained by the user's shell.
0850c3e5fb6285405ebaeb5aa433985203ac892dEwaryst Schulz    </p>
e49fd57c63845c7806860a9736ad09f6d44dbaedChristian Maeder<p>
4067eba4f5605d9569d78085deb1a27f08ac34e2Christian Maeder      With the
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder      <code class="option">-k</code> option, <span><strong class="command">nsupdate</strong></span> reads
bbba6dd86153aacb0f662b182b128df0eb09fd54Christian Maeder      the shared secret from the file <em class="parameter"><code>keyfile</code></em>.
bbba6dd86153aacb0f662b182b128df0eb09fd54Christian Maeder      Keyfiles may be in two formats: a single file containing
4067eba4f5605d9569d78085deb1a27f08ac34e2Christian Maeder      a <code class="filename">named.conf</code>-format <span><strong class="command">key</strong></span>
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder      statement, which may be generated automatically by
a43c1a7fa08c12524415386aa13a566cc9e53a4fChristian Maeder      <span><strong class="command">ddns-confgen</strong></span>, or a pair of files whose names are
034d9e2e9ada5aaa5665180720744d51166dacd4Christian Maeder      of the format <code class="filename">K{name}.+157.+{random}.key</code> and
a389e88e0acb83d8489bdc5e55bc5522b152bbecEugen Kuksa      <code class="filename">K{name}.+157.+{random}.private</code>, which can be
024703c9d1326c23e307c0b0d453ed3358e87fe4cmaeder      generated by <span><strong class="command">dnssec-keygen</strong></span>.
024703c9d1326c23e307c0b0d453ed3358e87fe4cmaeder      The <code class="option">-k</code> may also be used to specify a SIG(0) key used
427ff3172ae2dfebe3c8fc972735158999997e8aChristian Maeder      to authenticate Dynamic DNS update requests.  In this case, the key
7bb0a9e92bc7a6f868eaa0b9c3212c0af4f96b7fEugen Kuksa      specified is not an HMAC-MD5 key.
72079df98b3cb7cc1fd82a0a24984893dcd05ecaEwaryst Schulz    </p>
5ca1fe655d7d4e35e59a082b5955b306643329d0Ewaryst Schulz<p>
5f2c34b8971f9ca7e63364b69e167851d001168eEwaryst Schulz      <span><strong class="command">nsupdate</strong></span> can be run in a local-host only mode
5f2c34b8971f9ca7e63364b69e167851d001168eEwaryst Schulz      using the <code class="option">-l</code> flag.  This sets the server address to
bdf2e01977470bedcb4425e2dadabc9e9f6ba149Ewaryst Schulz      localhost (disabling the <span><strong class="command">server</strong></span> so that the server
0850c3e5fb6285405ebaeb5aa433985203ac892dEwaryst Schulz      address cannot be overridden).  Connections to the local server will
5f2c34b8971f9ca7e63364b69e167851d001168eEwaryst Schulz      use a TSIG key found in <code class="filename">/var/run/named/session.key</code>,
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder      which is automatically generated by <span><strong class="command">named</strong></span> if any
4d54e7814b18ce142359c92a5868e6dcff9219b5Christian Maeder      local master zone has set <span><strong class="command">update-policy</strong></span> to
ce900a84ed9d9882c64fccbd6300f6b0d67efa82Christian Maeder      <span><strong class="command">local</strong></span>.  The location of this key file can be
48a98aa04f4c2c1f5f8f79c007e1ff95e699b31aFlorian Mossakowski      overridden with the <code class="option">-k</code> option.
aad8b6ac810a08fca14ce0fbbf324fcce5305ad6Christian Maeder    </p>
4067eba4f5605d9569d78085deb1a27f08ac34e2Christian Maeder<p>
aad8b6ac810a08fca14ce0fbbf324fcce5305ad6Christian Maeder      By default, <span><strong class="command">nsupdate</strong></span>
53e165a53dfa59f717588d1f8236c9a763826525Christian Maeder      uses UDP to send update requests to the name server unless they are too
53e165a53dfa59f717588d1f8236c9a763826525Christian Maeder      large to fit in a UDP request in which case TCP will be used.
1937dccb04b363364f7a7de17fdaae1d70583af9Christian Maeder      The
aad8b6ac810a08fca14ce0fbbf324fcce5305ad6Christian Maeder      <code class="option">-v</code>
53e165a53dfa59f717588d1f8236c9a763826525Christian Maeder      option makes
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder      <span><strong class="command">nsupdate</strong></span>
4067eba4f5605d9569d78085deb1a27f08ac34e2Christian Maeder      use a TCP connection.
08d506ebb78da1e8656a73a349492e042f4c9f72Christian Maeder      This may be preferable when a batch of update requests is made.
08d506ebb78da1e8656a73a349492e042f4c9f72Christian Maeder    </p>
d27d203b3f42f0e0ecea00e3f19f55f66045bd96Christian Maeder<p>
d27d203b3f42f0e0ecea00e3f19f55f66045bd96Christian Maeder      The <code class="option">-p</code> sets the default port number to use for
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder      connections to a name server.  The default is 53.
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder    </p>
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder<p>
4067eba4f5605d9569d78085deb1a27f08ac34e2Christian Maeder      The <code class="option">-t</code> option sets the maximum time an update request
074f8feaf71e0b71a95145e7439746f8eb8e2a7cChristian Maeder      can
c1d06b3018b34ede2b3fb6c7fe2ad28cd5ce5b68Christian Maeder      take before it is aborted.  The default is 300 seconds.  Zero can be
53a3042e1da2253fd3f103bfef4deb47fc0bf6a6Ewaryst Schulz      used
53a3042e1da2253fd3f103bfef4deb47fc0bf6a6Ewaryst Schulz      to disable the timeout.
53a3042e1da2253fd3f103bfef4deb47fc0bf6a6Ewaryst Schulz    </p>
53a3042e1da2253fd3f103bfef4deb47fc0bf6a6Ewaryst Schulz<p>
ea8e98e298f33f9362293f392c8fb192722b8904Eugen Kuksa      The <code class="option">-u</code> option sets the UDP retry interval.  The default
ab9b86500ed66416e1a7c01be54491ed72c7d633Christian Maeder      is
e6ac593966607b1da5b619e0f9492d37820eed74Christian Maeder      3 seconds.  If zero, the interval will be computed from the timeout
f6b2c6c33c635279973b8f378470da7dbb8ecee8Christian Maeder      interval
074f8feaf71e0b71a95145e7439746f8eb8e2a7cChristian Maeder      and number of UDP retries.
e6ac593966607b1da5b619e0f9492d37820eed74Christian Maeder    </p>
f6b2c6c33c635279973b8f378470da7dbb8ecee8Christian Maeder<p>
f6b2c6c33c635279973b8f378470da7dbb8ecee8Christian Maeder      The <code class="option">-r</code> option sets the number of UDP retries. The
f6b2c6c33c635279973b8f378470da7dbb8ecee8Christian Maeder      default is
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder      3.  If zero, only one update request will be made.
f6b2c6c33c635279973b8f378470da7dbb8ecee8Christian Maeder    </p>
e6ac593966607b1da5b619e0f9492d37820eed74Christian Maeder<p>
11c3a215d5cf043181e83929f1ce214df65cb587Christian Maeder      The <code class="option">-R <em class="replaceable"><code>randomdev</code></em></code> option
e6ac593966607b1da5b619e0f9492d37820eed74Christian Maeder      specifies a source of randomness.  If the operating system
e6ac593966607b1da5b619e0f9492d37820eed74Christian Maeder      does not provide a <code class="filename">/dev/random</code> or
ab9b86500ed66416e1a7c01be54491ed72c7d633Christian Maeder      equivalent device, the default source of randomness is keyboard
ab9b86500ed66416e1a7c01be54491ed72c7d633Christian Maeder      input.  <code class="filename">randomdev</code> specifies the name of
ab9b86500ed66416e1a7c01be54491ed72c7d633Christian Maeder      a character device or file containing random data to be used
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder      instead of the default.  The special value
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder      <code class="filename">keyboard</code> indicates that keyboard input
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder      should be used.  This option may be specified multiple times.
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder    </p>
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder<p>
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder      Other types can be entered using "TYPEXXXXX" where "XXXXX" is the
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder      decimal value of the type with no leading zeros.  The rdata,
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder      if present, will be parsed using the UNKNOWN rdata format,
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder      (&lt;backslash&gt; &lt;hash&gt; &lt;space&gt; &lt;length&gt;
ab9b86500ed66416e1a7c01be54491ed72c7d633Christian Maeder      &lt;space&gt; &lt;hexstring&gt;).
ab9b86500ed66416e1a7c01be54491ed72c7d633Christian Maeder    </p>
a7b34c1a61dabe150288424d90389d5988bf9d7aChristian Maeder<p>
ea8e98e298f33f9362293f392c8fb192722b8904Eugen Kuksa      The <code class="option">-T</code> and <code class="option">-P</code> options print out
a7b34c1a61dabe150288424d90389d5988bf9d7aChristian Maeder      lists of non-meta types for which the type-specific presentation
c1d06b3018b34ede2b3fb6c7fe2ad28cd5ce5b68Christian Maeder      formats are known.  <code class="option">-T</code> prints out the list of
9e6789e67e329416d7f3acf0e7b8367b8dea991bnotanartist      IANA-assigned types.  <code class="option">-P</code> prints out the list of
9e6789e67e329416d7f3acf0e7b8367b8dea991bnotanartist      private types specific to <span><strong class="command">named</strong></span>.  These options
5382091fd2a705e6f026026e8a6adcd3607bdb9fChristian Maeder      may be combined.  <span><strong class="command">nsupdate</strong></span> will exit after the
38824a7dba4f7d82532afec67e0b594a5af5d76bChristian Maeder      lists are printed.
21dbca247d5964daf2c5abd2de2ac1101e3e1ef4Christian Maeder    </p>
4067eba4f5605d9569d78085deb1a27f08ac34e2Christian Maeder</div>
074f8feaf71e0b71a95145e7439746f8eb8e2a7cChristian Maeder<div class="refsect1" lang="en">
e6ac593966607b1da5b619e0f9492d37820eed74Christian Maeder<a name="id2644197"></a><h2>INPUT FORMAT</h2>
aad8b6ac810a08fca14ce0fbbf324fcce5305ad6Christian Maeder<p><span><strong class="command">nsupdate</strong></span>
7bb0a9e92bc7a6f868eaa0b9c3212c0af4f96b7fEugen Kuksa      reads input from
7bb0a9e92bc7a6f868eaa0b9c3212c0af4f96b7fEugen Kuksa      <em class="parameter"><code>filename</code></em>
7bb0a9e92bc7a6f868eaa0b9c3212c0af4f96b7fEugen Kuksa      or standard input.
7bb0a9e92bc7a6f868eaa0b9c3212c0af4f96b7fEugen Kuksa      Each command is supplied on exactly one line of input.
7bb0a9e92bc7a6f868eaa0b9c3212c0af4f96b7fEugen Kuksa      Some commands are for administrative purposes.
7bb0a9e92bc7a6f868eaa0b9c3212c0af4f96b7fEugen Kuksa      The others are either update instructions or prerequisite checks on the
38824a7dba4f7d82532afec67e0b594a5af5d76bChristian Maeder      contents of the zone.
38824a7dba4f7d82532afec67e0b594a5af5d76bChristian Maeder      These checks set conditions that some name or set of
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder      resource records (RRset) either exists or is absent from the zone.
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder      These conditions must be met if the entire update request is to succeed.
21dbca247d5964daf2c5abd2de2ac1101e3e1ef4Christian Maeder      Updates will be rejected if the tests for the prerequisite conditions
38824a7dba4f7d82532afec67e0b594a5af5d76bChristian Maeder      fail.
154be5bfac61cf5b61fd1571e7bfc2572c4b546aMihai Codescu    </p>
154be5bfac61cf5b61fd1571e7bfc2572c4b546aMihai Codescu<p>
25662bf82f592e3268fddcc2c86e83c203b82e53Ewaryst Schulz      Every update request consists of zero or more prerequisites
21489db35f79507a68ee6e6926e01b8e8ea60c6bChristian Maeder      and zero or more updates.
7fe976d9f9c4af1aa7636c568d9919859523de0aChristian Maeder      This allows a suitably authenticated update request to proceed if some
7fe976d9f9c4af1aa7636c568d9919859523de0aChristian Maeder      specified resource records are present or missing from the zone.
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder      A blank input line (or the <span><strong class="command">send</strong></span> command)
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder      causes the
21dbca247d5964daf2c5abd2de2ac1101e3e1ef4Christian Maeder      accumulated commands to be sent as one Dynamic DNS update request to the
154be5bfac61cf5b61fd1571e7bfc2572c4b546aMihai Codescu      name server.
154be5bfac61cf5b61fd1571e7bfc2572c4b546aMihai Codescu    </p>
7fe976d9f9c4af1aa7636c568d9919859523de0aChristian Maeder<p>
154be5bfac61cf5b61fd1571e7bfc2572c4b546aMihai Codescu      The command formats and their meaning are as follows:
486db0a875bcdd0b80cf0d447d14c9c00a92ae94Simon Ulbricht      </p>
7bb0a9e92bc7a6f868eaa0b9c3212c0af4f96b7fEugen Kuksa<div class="variablelist"><dl>
4067eba4f5605d9569d78085deb1a27f08ac34e2Christian Maeder<dt><span class="term">
4067eba4f5605d9569d78085deb1a27f08ac34e2Christian Maeder              <span><strong class="command">server</strong></span>
4067eba4f5605d9569d78085deb1a27f08ac34e2Christian Maeder               {servername}
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder               [port]
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder            </span></dt>
4067eba4f5605d9569d78085deb1a27f08ac34e2Christian Maeder<dd><p>
21dbca247d5964daf2c5abd2de2ac1101e3e1ef4Christian Maeder              Sends all dynamic update requests to the name server
38824a7dba4f7d82532afec67e0b594a5af5d76bChristian Maeder              <em class="parameter"><code>servername</code></em>.
38824a7dba4f7d82532afec67e0b594a5af5d76bChristian Maeder              When no server statement is provided,
38824a7dba4f7d82532afec67e0b594a5af5d76bChristian Maeder              <span><strong class="command">nsupdate</strong></span>
4067eba4f5605d9569d78085deb1a27f08ac34e2Christian Maeder              will send updates to the master server of the correct zone.
706201451843aa76b8d862de800570c9838c9910Christian Maeder              The MNAME field of that zone's SOA record will identify the
4067eba4f5605d9569d78085deb1a27f08ac34e2Christian Maeder              master
38824a7dba4f7d82532afec67e0b594a5af5d76bChristian Maeder              server for that zone.
726baec6dfb69adb27f2afb4b2027fe5e7670c4aTill Mossakowski              <em class="parameter"><code>port</code></em>
726baec6dfb69adb27f2afb4b2027fe5e7670c4aTill Mossakowski              is the port number on
726baec6dfb69adb27f2afb4b2027fe5e7670c4aTill Mossakowski              <em class="parameter"><code>servername</code></em>
726baec6dfb69adb27f2afb4b2027fe5e7670c4aTill Mossakowski              where the dynamic update requests get sent.
726baec6dfb69adb27f2afb4b2027fe5e7670c4aTill Mossakowski              If no port number is specified, the default DNS port number of
726baec6dfb69adb27f2afb4b2027fe5e7670c4aTill Mossakowski              53 is
726baec6dfb69adb27f2afb4b2027fe5e7670c4aTill Mossakowski              used.
726baec6dfb69adb27f2afb4b2027fe5e7670c4aTill Mossakowski            </p></dd>
bbba10ee00dcf6bcbc9f22473b1acd0983b10512notanartist<dt><span class="term">
8762d0e3d492aba4d1621fb0de685f0be1372864notanartist              <span><strong class="command">local</strong></span>
bbba10ee00dcf6bcbc9f22473b1acd0983b10512notanartist               {address}
bbba10ee00dcf6bcbc9f22473b1acd0983b10512notanartist               [port]
bbba10ee00dcf6bcbc9f22473b1acd0983b10512notanartist            </span></dt>
bbba10ee00dcf6bcbc9f22473b1acd0983b10512notanartist<dd><p>
8762d0e3d492aba4d1621fb0de685f0be1372864notanartist              Sends all dynamic update requests using the local
bbba10ee00dcf6bcbc9f22473b1acd0983b10512notanartist              <em class="parameter"><code>address</code></em>.
ec351e60425e2f99448cb44e933d3828f8025dddChristian Maeder
7bf6fd9cf7a2649a7ec8c72e47ebc69855e3ca84notanartist              When no local statement is provided,
7bf6fd9cf7a2649a7ec8c72e47ebc69855e3ca84notanartist              <span><strong class="command">nsupdate</strong></span>
7bf6fd9cf7a2649a7ec8c72e47ebc69855e3ca84notanartist              will send updates using an address and port chosen by the
7bf6fd9cf7a2649a7ec8c72e47ebc69855e3ca84notanartist              system.
7bf6fd9cf7a2649a7ec8c72e47ebc69855e3ca84notanartist              <em class="parameter"><code>port</code></em>
411588cc915b27cef4e7e66fb23e67514b3a0c92Christian Maeder              can additionally be used to make requests come from a specific
411588cc915b27cef4e7e66fb23e67514b3a0c92Christian Maeder              port.
411588cc915b27cef4e7e66fb23e67514b3a0c92Christian Maeder              If no port number is specified, the system will assign one.
411588cc915b27cef4e7e66fb23e67514b3a0c92Christian Maeder            </p></dd>
411588cc915b27cef4e7e66fb23e67514b3a0c92Christian Maeder<dt><span class="term">
32607d06fe7826eb0711c19d348ee4e395f2577aChristian Maeder              <span><strong class="command">zone</strong></span>
411588cc915b27cef4e7e66fb23e67514b3a0c92Christian Maeder               {zonename}
feeab95fdf7ec92bcce607c104d9dc98e0e6ea90Soeren D. Schulze            </span></dt>
ec351e60425e2f99448cb44e933d3828f8025dddChristian Maeder<dd><p>
ec351e60425e2f99448cb44e933d3828f8025dddChristian Maeder              Specifies that all updates are to be made to the zone
7bf6fd9cf7a2649a7ec8c72e47ebc69855e3ca84notanartist              <em class="parameter"><code>zonename</code></em>.
b33c310b053e6a4a48dc40e51ba56c50ac37d547notanartist              If no
b33c310b053e6a4a48dc40e51ba56c50ac37d547notanartist              <em class="parameter"><code>zone</code></em>
b33c310b053e6a4a48dc40e51ba56c50ac37d547notanartist              statement is provided,
b33c310b053e6a4a48dc40e51ba56c50ac37d547notanartist              <span><strong class="command">nsupdate</strong></span>
b33c310b053e6a4a48dc40e51ba56c50ac37d547notanartist              will attempt determine the correct zone to update based on the
e4f0eaffd002e9e553ee113be33f9aa6e4181c43Christian Maeder              rest of the input.
3ec3a22fe2b9c38a3575c98a82b4e3f988af64a6Eugen Kuksa            </p></dd>
3ec3a22fe2b9c38a3575c98a82b4e3f988af64a6Eugen Kuksa<dt><span class="term">
961978c71545e0177683279f8b63358b3e3804b8Christian Maeder              <span><strong class="command">class</strong></span>
3ec3a22fe2b9c38a3575c98a82b4e3f988af64a6Eugen Kuksa               {classname}
feeab95fdf7ec92bcce607c104d9dc98e0e6ea90Soeren D. Schulze            </span></dt>
3ec3a22fe2b9c38a3575c98a82b4e3f988af64a6Eugen Kuksa<dd><p>
3ec3a22fe2b9c38a3575c98a82b4e3f988af64a6Eugen Kuksa              Specify the default class.
3ec3a22fe2b9c38a3575c98a82b4e3f988af64a6Eugen Kuksa              If no <em class="parameter"><code>class</code></em> is specified, the
3ec3a22fe2b9c38a3575c98a82b4e3f988af64a6Eugen Kuksa              default class is
3ec3a22fe2b9c38a3575c98a82b4e3f988af64a6Eugen Kuksa              <em class="parameter"><code>IN</code></em>.
4c872eeb600fe8479dbda395405cf13c3d573c24Soeren D. Schulze            </p></dd>
4c872eeb600fe8479dbda395405cf13c3d573c24Soeren D. Schulze<dt><span class="term">
4c872eeb600fe8479dbda395405cf13c3d573c24Soeren D. Schulze              <span><strong class="command">ttl</strong></span>
4c872eeb600fe8479dbda395405cf13c3d573c24Soeren D. Schulze               {seconds}
4c872eeb600fe8479dbda395405cf13c3d573c24Soeren D. Schulze            </span></dt>
4c872eeb600fe8479dbda395405cf13c3d573c24Soeren D. Schulze<dd><p>
4c872eeb600fe8479dbda395405cf13c3d573c24Soeren D. Schulze              Specify the default time to live for records to be added.
4067eba4f5605d9569d78085deb1a27f08ac34e2Christian Maeder          The value <em class="parameter"><code>none</code></em> will clear the default
4067eba4f5605d9569d78085deb1a27f08ac34e2Christian Maeder          ttl.
96ae1a1d2197d0e0d5b80da2474b64c456feb1b0Christian Maeder            </p></dd>
c1d06b3018b34ede2b3fb6c7fe2ad28cd5ce5b68Christian Maeder<dt><span class="term">
b085709d4b69dc84724000b7b917f348edfa932eChristian Maeder              <span><strong class="command">key</strong></span>
4067eba4f5605d9569d78085deb1a27f08ac34e2Christian Maeder               {name}
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder               {secret}
4067eba4f5605d9569d78085deb1a27f08ac34e2Christian Maeder            </span></dt>
c1168d10047d2c1394b82953158747775a9b4556Christian Maeder<dd><p>
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder              Specifies that all updates are to be TSIG-signed using the
c1168d10047d2c1394b82953158747775a9b4556Christian Maeder              <em class="parameter"><code>keyname</code></em> <em class="parameter"><code>keysecret</code></em> pair.
57075b3ac70f37e55f72aa86aa1b70c6ccca8207Christian Maeder              The <span><strong class="command">key</strong></span> command
57075b3ac70f37e55f72aa86aa1b70c6ccca8207Christian Maeder              overrides any key specified on the command line via
57075b3ac70f37e55f72aa86aa1b70c6ccca8207Christian Maeder              <code class="option">-y</code> or <code class="option">-k</code>.
96ae1a1d2197d0e0d5b80da2474b64c456feb1b0Christian Maeder            </p></dd>
35cb254f1f46a6f33b5c24111a37fbab49d79cfeChristian Maeder<dt><span class="term">
35cb254f1f46a6f33b5c24111a37fbab49d79cfeChristian Maeder            <span><strong class="command">gsstsig</strong></span>
35cb254f1f46a6f33b5c24111a37fbab49d79cfeChristian Maeder          </span></dt>
d34c6711bc746459074986c06f7c28b083b4be2fChristian Maeder<dd><p>
b085709d4b69dc84724000b7b917f348edfa932eChristian Maeder          Use GSS-TSIG to sign the updated.  This is equivalent to
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder          specifying <code class="option">-g</code> on the commandline.
4067eba4f5605d9569d78085deb1a27f08ac34e2Christian Maeder            </p></dd>
48a98aa04f4c2c1f5f8f79c007e1ff95e699b31aFlorian Mossakowski<dt><span class="term">
8865728716566f42fa73e7e0bc080ba3225df764Christian Maeder            <span><strong class="command">oldgsstsig</strong></span>
ea8e98e298f33f9362293f392c8fb192722b8904Eugen Kuksa          </span></dt>
1937dccb04b363364f7a7de17fdaae1d70583af9Christian Maeder<dd><p>
bb9642ff292545658dc11251b83a7b7af3c1fccbChristian Maeder          Use the Windows 2000 version of GSS-TSIG to sign the updated.
a7b34c1a61dabe150288424d90389d5988bf9d7aChristian Maeder          This is equivalent to specifying <code class="option">-o</code> on the
bb9642ff292545658dc11251b83a7b7af3c1fccbChristian Maeder          commandline.
bb9642ff292545658dc11251b83a7b7af3c1fccbChristian Maeder            </p></dd>
f6b2c6c33c635279973b8f378470da7dbb8ecee8Christian Maeder<dt><span class="term">
f6b2c6c33c635279973b8f378470da7dbb8ecee8Christian Maeder            <span><strong class="command">realm</strong></span>
6c08e47c4275556c18f4f89521bf21fe94c28dd5Christian Maeder             {[<span class="optional">realm_name</span>]}
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder          </span></dt>
f6b2c6c33c635279973b8f378470da7dbb8ecee8Christian Maeder<dd><p>
78e7910c3360f74f1db172d63d20bb07c64e56e3Christian Maeder          When using GSS-TSIG use <em class="parameter"><code>realm_name</code></em> rather
78e7910c3360f74f1db172d63d20bb07c64e56e3Christian Maeder          than the default realm in <code class="filename">krb5.conf</code>.  If no
eaa88a5cefdc814e61039c5dcc1bffc324a2f93eChristian Maeder          realm is specified the saved realm is cleared.
eaa88a5cefdc814e61039c5dcc1bffc324a2f93eChristian Maeder            </p></dd>
eaa88a5cefdc814e61039c5dcc1bffc324a2f93eChristian Maeder<dt><span class="term">
eaa88a5cefdc814e61039c5dcc1bffc324a2f93eChristian Maeder              <span><strong class="command">[<span class="optional">prereq</span>] nxdomain</strong></span>
eaa88a5cefdc814e61039c5dcc1bffc324a2f93eChristian Maeder               {domain-name}
eaa88a5cefdc814e61039c5dcc1bffc324a2f93eChristian Maeder            </span></dt>
eaa88a5cefdc814e61039c5dcc1bffc324a2f93eChristian Maeder<dd><p>
4067eba4f5605d9569d78085deb1a27f08ac34e2Christian Maeder              Requires that no resource record of any type exists with name
eaa88a5cefdc814e61039c5dcc1bffc324a2f93eChristian Maeder              <em class="parameter"><code>domain-name</code></em>.
96ae1a1d2197d0e0d5b80da2474b64c456feb1b0Christian Maeder            </p></dd>
eaa88a5cefdc814e61039c5dcc1bffc324a2f93eChristian Maeder<dt><span class="term">
bb9642ff292545658dc11251b83a7b7af3c1fccbChristian Maeder              <span><strong class="command">[<span class="optional">prereq</span>] yxdomain</strong></span>
3143271856dbf456bd7acc1c07193173f886d986Christian Maeder               {domain-name}
e49fd57c63845c7806860a9736ad09f6d44dbaedChristian Maeder            </span></dt>
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder<dd><p>
938677803842b384a91fef21f58f86b8e3188b43Ewaryst Schulz              Requires that
3143271856dbf456bd7acc1c07193173f886d986Christian Maeder              <em class="parameter"><code>domain-name</code></em>
35cb254f1f46a6f33b5c24111a37fbab49d79cfeChristian Maeder              exists (has as at least one resource record, of any type).
35cb254f1f46a6f33b5c24111a37fbab49d79cfeChristian Maeder            </p></dd>
35cb254f1f46a6f33b5c24111a37fbab49d79cfeChristian Maeder<dt><span class="term">
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder              <span><strong class="command">[<span class="optional">prereq</span>] nxrrset</strong></span>
35cb254f1f46a6f33b5c24111a37fbab49d79cfeChristian Maeder               {domain-name}
35cb254f1f46a6f33b5c24111a37fbab49d79cfeChristian Maeder               [class]
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder               {type}
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder            </span></dt>
3143271856dbf456bd7acc1c07193173f886d986Christian Maeder<dd><p>
3143271856dbf456bd7acc1c07193173f886d986Christian Maeder              Requires that no resource record exists of the specified
1937dccb04b363364f7a7de17fdaae1d70583af9Christian Maeder              <em class="parameter"><code>type</code></em>,
7bb0a9e92bc7a6f868eaa0b9c3212c0af4f96b7fEugen Kuksa              <em class="parameter"><code>class</code></em>
bc263f610d20a9cd3014ddfca903026127fa0d48Christian Maeder              and
024703c9d1326c23e307c0b0d453ed3358e87fe4cmaeder              <em class="parameter"><code>domain-name</code></em>.
938677803842b384a91fef21f58f86b8e3188b43Ewaryst Schulz              If
3143271856dbf456bd7acc1c07193173f886d986Christian Maeder              <em class="parameter"><code>class</code></em>
3143271856dbf456bd7acc1c07193173f886d986Christian Maeder              is omitted, IN (internet) is assumed.
bbba10ee00dcf6bcbc9f22473b1acd0983b10512notanartist            </p></dd>
3ec3a22fe2b9c38a3575c98a82b4e3f988af64a6Eugen Kuksa<dt><span class="term">
4c872eeb600fe8479dbda395405cf13c3d573c24Soeren D. Schulze              <span><strong class="command">[<span class="optional">prereq</span>] yxrrset</strong></span>
53a3042e1da2253fd3f103bfef4deb47fc0bf6a6Ewaryst Schulz               {domain-name}
3143271856dbf456bd7acc1c07193173f886d986Christian Maeder               [class]
3143271856dbf456bd7acc1c07193173f886d986Christian Maeder               {type}
726baec6dfb69adb27f2afb4b2027fe5e7670c4aTill Mossakowski            </span></dt>
c30231257d9116b514dce02703a515fe21cd427dTill Mossakowski<dd><p>
3143271856dbf456bd7acc1c07193173f886d986Christian Maeder              This requires that a resource record of the specified
3143271856dbf456bd7acc1c07193173f886d986Christian Maeder              <em class="parameter"><code>type</code></em>,
00df6fd583c19393fa141d5a0e21ac74c7bf5b19Christian Maeder              <em class="parameter"><code>class</code></em>
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder              and
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder              <em class="parameter"><code>domain-name</code></em>
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder              must exist.
3143271856dbf456bd7acc1c07193173f886d986Christian Maeder              If
ef2affdc0cdf3acd5c051597c04ab9b08a346a7dChristian Maeder              <em class="parameter"><code>class</code></em>
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder              is omitted, IN (internet) is assumed.
1937dccb04b363364f7a7de17fdaae1d70583af9Christian Maeder            </p></dd>
1937dccb04b363364f7a7de17fdaae1d70583af9Christian Maeder<dt><span class="term">
3143271856dbf456bd7acc1c07193173f886d986Christian Maeder              <span><strong class="command">[<span class="optional">prereq</span>] yxrrset</strong></span>
35cb254f1f46a6f33b5c24111a37fbab49d79cfeChristian Maeder               {domain-name}
00df6fd583c19393fa141d5a0e21ac74c7bf5b19Christian Maeder               [class]
35cb254f1f46a6f33b5c24111a37fbab49d79cfeChristian Maeder               {type}
88e08f20c80fea4b7892bbb5e70c5002f7c1da18Christian Maeder               {data...}
ef4c609cebc5260771dae6e4f3a54a8959e81ed9Christian Maeder            </span></dt>
180ab8c3df8cb0c88f0e881bca93354df6b5d560Christian Maeder<dd><p>
00df6fd583c19393fa141d5a0e21ac74c7bf5b19Christian Maeder              The
52e573502bb19ca616ea63283d58ba73f39675d2Christian Maeder              <em class="parameter"><code>data</code></em>
3143271856dbf456bd7acc1c07193173f886d986Christian Maeder              from each set of prerequisites of this form
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder              sharing a common
ea8e98e298f33f9362293f392c8fb192722b8904Eugen Kuksa              <em class="parameter"><code>type</code></em>,
3143271856dbf456bd7acc1c07193173f886d986Christian Maeder              <em class="parameter"><code>class</code></em>,
3143271856dbf456bd7acc1c07193173f886d986Christian Maeder              and
3143271856dbf456bd7acc1c07193173f886d986Christian Maeder              <em class="parameter"><code>domain-name</code></em>
ef2affdc0cdf3acd5c051597c04ab9b08a346a7dChristian Maeder              are combined to form a set of RRs.  This set of RRs must
3143271856dbf456bd7acc1c07193173f886d986Christian Maeder              exactly match the set of RRs existing in the zone at the
63719301448519453f66383f4e583d9fd5b89ecbChristian Maeder              given
ce900a84ed9d9882c64fccbd6300f6b0d67efa82Christian Maeder              <em class="parameter"><code>type</code></em>,
ce900a84ed9d9882c64fccbd6300f6b0d67efa82Christian Maeder              <em class="parameter"><code>class</code></em>,
fb37a248ebad4696bbc9d9b94ce1cfc6497a9160Christian Maeder              and
fb37a248ebad4696bbc9d9b94ce1cfc6497a9160Christian Maeder              <em class="parameter"><code>domain-name</code></em>.
f527d5da7cd679c1a9b50a4906a0c12d395a6087Christian Maeder              The
f527d5da7cd679c1a9b50a4906a0c12d395a6087Christian Maeder              <em class="parameter"><code>data</code></em>
9175e29c044318498a40f323f189f9dfd50378efChristian Maeder              are written in the standard text representation of the resource
9175e29c044318498a40f323f189f9dfd50378efChristian Maeder              record's
9175e29c044318498a40f323f189f9dfd50378efChristian Maeder              RDATA.
9175e29c044318498a40f323f189f9dfd50378efChristian Maeder            </p></dd>
a389e88e0acb83d8489bdc5e55bc5522b152bbecEugen Kuksa<dt><span class="term">
a389e88e0acb83d8489bdc5e55bc5522b152bbecEugen Kuksa              <span><strong class="command">[<span class="optional">update</span>] del[<span class="optional">ete</span>]</strong></span>
a389e88e0acb83d8489bdc5e55bc5522b152bbecEugen Kuksa               {domain-name}
a389e88e0acb83d8489bdc5e55bc5522b152bbecEugen Kuksa               [ttl]
a389e88e0acb83d8489bdc5e55bc5522b152bbecEugen Kuksa               [class]
a389e88e0acb83d8489bdc5e55bc5522b152bbecEugen Kuksa               [type [data...]]
a389e88e0acb83d8489bdc5e55bc5522b152bbecEugen Kuksa            </span></dt>
a389e88e0acb83d8489bdc5e55bc5522b152bbecEugen Kuksa<dd><p>
a389e88e0acb83d8489bdc5e55bc5522b152bbecEugen Kuksa              Deletes any resource records named
a389e88e0acb83d8489bdc5e55bc5522b152bbecEugen Kuksa              <em class="parameter"><code>domain-name</code></em>.
a389e88e0acb83d8489bdc5e55bc5522b152bbecEugen Kuksa              If
a389e88e0acb83d8489bdc5e55bc5522b152bbecEugen Kuksa              <em class="parameter"><code>type</code></em>
a389e88e0acb83d8489bdc5e55bc5522b152bbecEugen Kuksa              and
a389e88e0acb83d8489bdc5e55bc5522b152bbecEugen Kuksa              <em class="parameter"><code>data</code></em>
a389e88e0acb83d8489bdc5e55bc5522b152bbecEugen Kuksa              is provided, only matching resource records will be removed.
a389e88e0acb83d8489bdc5e55bc5522b152bbecEugen Kuksa              The internet class is assumed if
              <em class="parameter"><code>class</code></em>
              is not supplied.  The
              <em class="parameter"><code>ttl</code></em>
              is ignored, and is only allowed for compatibility.
            </p></dd>
<dt><span class="term">
              <span><strong class="command">[<span class="optional">update</span>] add</strong></span>
               {domain-name}
               {ttl}
               [class]
               {type}
               {data...}
            </span></dt>
<dd><p>
              Adds a new resource record with the specified
              <em class="parameter"><code>ttl</code></em>,
              <em class="parameter"><code>class</code></em>
              and
              <em class="parameter"><code>data</code></em>.
            </p></dd>
<dt><span class="term">
              <span><strong class="command">show</strong></span>
            </span></dt>
<dd><p>
              Displays the current message, containing all of the
              prerequisites and
              updates specified since the last send.
            </p></dd>
<dt><span class="term">
              <span><strong class="command">send</strong></span>
            </span></dt>
<dd><p>
              Sends the current message.  This is equivalent to entering a
              blank line.
            </p></dd>
<dt><span class="term">
              <span><strong class="command">answer</strong></span>
            </span></dt>
<dd><p>
              Displays the answer.
            </p></dd>
<dt><span class="term">
              <span><strong class="command">debug</strong></span>
            </span></dt>
<dd><p>
              Turn on debugging.
            </p></dd>
</dl></div>
<p>
    </p>
<p>
      Lines beginning with a semicolon are comments and are ignored.
    </p>
</div>
<div class="refsect1" lang="en">
<a name="id2680966"></a><h2>EXAMPLES</h2>
<p>
      The examples below show how
      <span><strong class="command">nsupdate</strong></span>
      could be used to insert and delete resource records from the
      <span class="type">example.com</span>
      zone.
      Notice that the input in each example contains a trailing blank line so
      that
      a group of commands are sent as one dynamic update request to the
      master name server for
      <span class="type">example.com</span>.

      </p>
<pre class="programlisting">
# nsupdate
&gt; update delete oldhost.example.com A
&gt; update add newhost.example.com 86400 A 172.16.1.1
&gt; send
</pre>
<p>
    </p>
<p>
      Any A records for
      <span class="type">oldhost.example.com</span>
      are deleted.
      And an A record for
      <span class="type">newhost.example.com</span>
      with IP address 172.16.1.1 is added.
      The newly-added record has a 1 day TTL (86400 seconds).
      </p>
<pre class="programlisting">
# nsupdate
&gt; prereq nxdomain nickname.example.com
&gt; update add nickname.example.com 86400 CNAME somehost.example.com
&gt; send
</pre>
<p>
    </p>
<p>
      The prerequisite condition gets the name server to check that there
      are no resource records of any type for
      <span class="type">nickname.example.com</span>.

      If there are, the update request fails.
      If this name does not exist, a CNAME for it is added.
      This ensures that when the CNAME is added, it cannot conflict with the
      long-standing rule in RFC 1034 that a name must not exist as any other
      record type if it exists as a CNAME.
      (The rule has been updated for DNSSEC in RFC 2535 to allow CNAMEs to have
      RRSIG, DNSKEY and NSEC records.)
    </p>
</div>
<div class="refsect1" lang="en">
<a name="id2681016"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
<dd><p>
            used to identify default name server
          </p></dd>
<dt><span class="term"><code class="constant">/var/run/named/session.key</code></span></dt>
<dd><p>
            sets the default TSIG key for use in local-only mode
          </p></dd>
<dt><span class="term"><code class="constant">K{name}.+157.+{random}.key</code></span></dt>
<dd><p>
            base-64 encoding of HMAC-MD5 key created by
            <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
          </p></dd>
<dt><span class="term"><code class="constant">K{name}.+157.+{random}.private</code></span></dt>
<dd><p>
            base-64 encoding of HMAC-MD5 key created by
            <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
          </p></dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2681099"></a><h2>SEE ALSO</h2>
<p>
      <em class="citetitle">RFC 2136</em>,
      <em class="citetitle">RFC 3007</em>,
      <em class="citetitle">RFC 2104</em>,
      <em class="citetitle">RFC 2845</em>,
      <em class="citetitle">RFC 1034</em>,
      <em class="citetitle">RFC 2535</em>,
      <em class="citetitle">RFC 2931</em>,
      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">ddns-confgen</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
    </p>
</div>
<div class="refsect1" lang="en">
<a name="id2681157"></a><h2>BUGS</h2>
<p>
      The TSIG key is redundantly stored in two separate files.
      This is a consequence of nsupdate using the DST library
      for its cryptographic operations, and may change in future
      releases.
    </p>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
<a accesskey="p" href="man.named-journalprint.html">Prev</a>�</td>
<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
<td width="40%" align="right">�<a accesskey="n" href="man.rndc.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">
<span class="application">named-journalprint</span>�</td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top">�<span class="application">rndc</span>
</td>
</tr>
</table>
</div>
</body>
</html>