man.nsupdate.html revision a8a5c3eb62ea3256fd015fffd12a8a7552331df9
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith - Copyright (C) 2000-2003 Internet Software Consortium.
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith - Permission to use, copy, modify, and/or distribute this software for any
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith - purpose with or without fee is hereby granted, provided that the above
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith - copyright notice and this permission notice appear in all copies.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith - PERFORMANCE OF THIS SOFTWARE.
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith<!-- $Id$ -->
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
a9d49e77274be440ba8447c626f31bbda9734091Luke Smith<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
a9d49e77274be440ba8447c626f31bbda9734091Luke Smith<link rel="prev" href="man.named-rrchecker.html" title="named-rrchecker">
a9d49e77274be440ba8447c626f31bbda9734091Luke Smith<link rel="next" href="man.rndc.html" title="rndc">
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith<tr><th colspan="3" align="center"><span class="application">nsupdate</span></th></tr>
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith<a accesskey="p" href="man.named-rrchecker.html">Prev</a>�</td>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith<td width="20%" align="right">�<a accesskey="n" href="man.rndc.html">Next</a>
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith<a name="man.nsupdate"></a><div class="titlepage"></div>
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith<p><span class="application">nsupdate</span> — Dynamic DNS update utility</p>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-l</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [<code class="option">-T</code>] [<code class="option">-P</code>] [<code class="option">-V</code>] [filename]</p></div>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith<p><span><strong class="command">nsupdate</strong></span>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith is used to submit Dynamic DNS Update requests as defined in RFC 2136
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith to a name server.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith This allows resource records to be added or removed from a zone
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith without manually editing the zone file.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith A single update request can contain requests to add or remove more than
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith resource record.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith Zones that are under dynamic control via
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <span><strong class="command">nsupdate</strong></span>
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith or a DHCP server should not be edited by hand.
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith Manual edits could
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith conflict with dynamic updates and cause data to be lost.
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith The resource records that are dynamically added or removed with
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith <span><strong class="command">nsupdate</strong></span>
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith have to be in the same zone.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith Requests are sent to the zone's master server.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith This is identified by the MNAME field of the zone's SOA record.
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith option makes
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith <span><strong class="command">nsupdate</strong></span>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith operate in debug mode.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith This provides tracing information about the update requests that are
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith made and the replies received from the name server.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith The <code class="option">-D</code> option makes <span><strong class="command">nsupdate</strong></span>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith report additional debugging information to <code class="option">-d</code>.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith The <code class="option">-L</code> option with an integer argument of zero or
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith higher sets the logging debug level. If zero, logging is disabled.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith Transaction signatures can be used to authenticate the Dynamic
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith DNS updates. These use the TSIG resource record type described
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith in RFC 2845 or the SIG(0) record described in RFC 2535 and
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith RFC 2931 or GSS-TSIG as described in RFC 3645. TSIG relies on
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith a shared secret that should only be known to
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <span><strong class="command">nsupdate</strong></span> and the name server. Currently,
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith the only supported encryption algorithm for TSIG is HMAC-MD5,
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith which is defined in RFC 2104. Once other algorithms are
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith defined for TSIG, applications will need to ensure they select
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith the appropriate algorithm as well as the key when authenticating
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith each other. For instance, suitable <span class="type">key</span> and
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith <span class="type">server</span> statements would be added to
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith <code class="filename">/etc/named.conf</code> so that the name server
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith can associate the appropriate secret key and algorithm with
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith the IP address of the client application that will be using
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith TSIG authentication. SIG(0) uses public key cryptography.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith To use a SIG(0) key, the public key must be stored in a KEY
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith record in a zone served by the name server.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <span><strong class="command">nsupdate</strong></span> does not read
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith GSS-TSIG uses Kerberos credentials. Standard GSS-TSIG mode
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith is switched on with the <code class="option">-g</code> flag. A
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith non-standards-compliant variant of GSS-TSIG used by Windows
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith 2000 can be switched on with the <code class="option">-o</code> flag.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith<p><span><strong class="command">nsupdate</strong></span>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith uses the <code class="option">-y</code> or <code class="option">-k</code> option
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith to provide the shared secret needed to generate a TSIG record
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith for authenticating Dynamic DNS update requests, default type
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith HMAC-MD5. These options are mutually exclusive.
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith When the <code class="option">-y</code> option is used, a signature is
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith generated from
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith [<span class="optional"><em class="parameter"><code>hmac:</code></em></span>]<em class="parameter"><code>keyname:secret.</code></em>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <em class="parameter"><code>keyname</code></em> is the name of the key, and
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith <em class="parameter"><code>secret</code></em> is the base64 encoded shared secret.
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith <em class="parameter"><code>hmac</code></em> is the name of the key algorithm;
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith valid choices are <code class="literal">hmac-md5</code>,
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <code class="literal">hmac-sha1</code>, <code class="literal">hmac-sha224</code>,
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith <code class="literal">hmac-sha256</code>, <code class="literal">hmac-sha384</code>, or
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith <code class="literal">hmac-sha512</code>. If <em class="parameter"><code>hmac</code></em>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith is not specified, the default is <code class="literal">hmac-md5</code>.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith NOTE: Use of the <code class="option">-y</code> option is discouraged because the
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith shared secret is supplied as a command line argument in clear text.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith This may be visible in the output from
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith or in a history file maintained by the user's shell.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <code class="option">-k</code> option, <span><strong class="command">nsupdate</strong></span> reads
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith the shared secret from the file <em class="parameter"><code>keyfile</code></em>.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith Keyfiles may be in two formats: a single file containing
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith a <code class="filename">named.conf</code>-format <span><strong class="command">key</strong></span>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith statement, which may be generated automatically by
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <span><strong class="command">ddns-confgen</strong></span>, or a pair of files whose names are
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith of the format <code class="filename">K{name}.+157.+{random}.key</code> and
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <code class="filename">K{name}.+157.+{random}.private</code>, which can be
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith generated by <span><strong class="command">dnssec-keygen</strong></span>.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith The <code class="option">-k</code> may also be used to specify a SIG(0) key used
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith to authenticate Dynamic DNS update requests. In this case, the key
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith specified is not an HMAC-MD5 key.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <span><strong class="command">nsupdate</strong></span> can be run in a local-host only mode
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith using the <code class="option">-l</code> flag. This sets the server address to
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith localhost (disabling the <span><strong class="command">server</strong></span> so that the server
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith address cannot be overridden). Connections to the local server will
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith use a TSIG key found in <code class="filename">/var/run/named/session.key</code>,
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith which is automatically generated by <span><strong class="command">named</strong></span> if any
a9d49e77274be440ba8447c626f31bbda9734091Luke Smith local master zone has set <span><strong class="command">update-policy</strong></span> to
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <span><strong class="command">local</strong></span>. The location of this key file can be
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith overridden with the <code class="option">-k</code> option.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith By default, <span><strong class="command">nsupdate</strong></span>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith uses UDP to send update requests to the name server unless they are too
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith large to fit in a UDP request in which case TCP will be used.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith option makes
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith <span><strong class="command">nsupdate</strong></span>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith use a TCP connection.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith This may be preferable when a batch of update requests is made.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith The <code class="option">-p</code> sets the default port number to use for
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith connections to a name server. The default is 53.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith The <code class="option">-t</code> option sets the maximum time an update request
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith take before it is aborted. The default is 300 seconds. Zero can be
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith to disable the timeout.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith The <code class="option">-u</code> option sets the UDP retry interval. The default
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith 3 seconds. If zero, the interval will be computed from the timeout
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith and number of UDP retries.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith The <code class="option">-r</code> option sets the number of UDP retries. The
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith 3. If zero, only one update request will be made.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith The <code class="option">-R <em class="replaceable"><code>randomdev</code></em></code> option
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith specifies a source of randomness. If the operating system
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith does not provide a <code class="filename">/dev/random</code> or
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith equivalent device, the default source of randomness is keyboard
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith input. <code class="filename">randomdev</code> specifies the name of
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith a character device or file containing random data to be used
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith instead of the default. The special value
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <code class="filename">keyboard</code> indicates that keyboard input
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith should be used. This option may be specified multiple times.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith Other types can be entered using "TYPEXXXXX" where "XXXXX" is the
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith decimal value of the type with no leading zeros. The rdata,
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith if present, will be parsed using the UNKNOWN rdata format,
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith (<backslash> <hash> <space> <length>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <space> <hexstring>).
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith The <code class="option">-T</code> and <code class="option">-P</code> options print out
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith lists of non-meta types for which the type-specific presentation
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith formats are known. <code class="option">-T</code> prints out the list of
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith IANA-assigned types. <code class="option">-P</code> prints out the list of
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith private types specific to <span><strong class="command">named</strong></span>. These options
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith may be combined. <span><strong class="command">nsupdate</strong></span> will exit after the
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith lists are printed.
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith The -V option causes <span><strong class="command">nsupdate</strong></span> to print the
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith version number and exit.
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith<p><span><strong class="command">nsupdate</strong></span>
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith reads input from
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith or standard input.
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith Each command is supplied on exactly one line of input.
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith Some commands are for administrative purposes.
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith The others are either update instructions or prerequisite checks on the
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith contents of the zone.
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith These checks set conditions that some name or set of
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith resource records (RRset) either exists or is absent from the zone.
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith These conditions must be met if the entire update request is to succeed.
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith Updates will be rejected if the tests for the prerequisite conditions
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith Every update request consists of zero or more prerequisites
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith and zero or more updates.
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith This allows a suitably authenticated update request to proceed if some
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith specified resource records are present or missing from the zone.
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith A blank input line (or the <span><strong class="command">send</strong></span> command)
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith accumulated commands to be sent as one Dynamic DNS update request to the
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith name server.
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith The command formats and their meaning are as follows:
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith <span><strong class="command">server</strong></span>
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith {servername}
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith Sends all dynamic update requests to the name server
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith <em class="parameter"><code>servername</code></em>.
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith When no server statement is provided,
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith <span><strong class="command">nsupdate</strong></span>
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith will send updates to the master server of the correct zone.
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith The MNAME field of that zone's SOA record will identify the
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith server for that zone.
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith is the port number on
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith <em class="parameter"><code>servername</code></em>
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith where the dynamic update requests get sent.
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith If no port number is specified, the default DNS port number of
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith <span><strong class="command">local</strong></span>
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith Sends all dynamic update requests using the local
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith When no local statement is provided,
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith <span><strong class="command">nsupdate</strong></span>
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith will send updates using an address and port chosen by the
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith can additionally be used to make requests come from a specific
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith If no port number is specified, the system will assign one.
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith <span><strong class="command">zone</strong></span>
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith Specifies that all updates are to be made to the zone
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith <em class="parameter"><code>zonename</code></em>.
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith statement is provided,
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith <span><strong class="command">nsupdate</strong></span>
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith will attempt determine the correct zone to update based on the
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith rest of the input.
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith <span><strong class="command">class</strong></span>
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith Specify the default class.
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith If no <em class="parameter"><code>class</code></em> is specified, the
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith default class is
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith <span><strong class="command">ttl</strong></span>
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith Specify the default time to live for records to be added.
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith The value <em class="parameter"><code>none</code></em> will clear the default
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith <span><strong class="command">key</strong></span>
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith [hmac:] {keyname}
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith Specifies that all updates are to be TSIG-signed using the
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith <em class="parameter"><code>keyname</code></em> <em class="parameter"><code>secret</code></em> pair.
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith If <em class="parameter"><code>hmac</code></em> is specified, then it sets the
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith signing algorithm in use; the default is
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith <code class="literal">hmac-md5</code>. The <span><strong class="command">key</strong></span>
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith command overrides any key specified on the command line via
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith <code class="option">-y</code> or <code class="option">-k</code>.
2443526ef32df6fc65a30dc74f4f91ee12562f6cLuke Smith <span><strong class="command">gsstsig</strong></span>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith Use GSS-TSIG to sign the updated. This is equivalent to
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith specifying <code class="option">-g</code> on the commandline.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <span><strong class="command">oldgsstsig</strong></span>
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith Use the Windows 2000 version of GSS-TSIG to sign the updated.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith This is equivalent to specifying <code class="option">-o</code> on the
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith commandline.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <span><strong class="command">realm</strong></span>
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith When using GSS-TSIG use <em class="parameter"><code>realm_name</code></em> rather
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith than the default realm in <code class="filename">krb5.conf</code>. If no
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith realm is specified the saved realm is cleared.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <span><strong class="command">[<span class="optional">prereq</span>] nxdomain</strong></span>
a9d49e77274be440ba8447c626f31bbda9734091Luke Smith {domain-name}
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith Requires that no resource record of any type exists with name
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <em class="parameter"><code>domain-name</code></em>.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <span><strong class="command">[<span class="optional">prereq</span>] yxdomain</strong></span>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith {domain-name}
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith Requires that
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith <em class="parameter"><code>domain-name</code></em>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith exists (has as at least one resource record, of any type).
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <span><strong class="command">[<span class="optional">prereq</span>] nxrrset</strong></span>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith {domain-name}
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith Requires that no resource record exists of the specified
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <em class="parameter"><code>domain-name</code></em>.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith is omitted, IN (internet) is assumed.
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith <span><strong class="command">[<span class="optional">prereq</span>] yxrrset</strong></span>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith {domain-name}
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith This requires that a resource record of the specified
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <em class="parameter"><code>domain-name</code></em>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith is omitted, IN (internet) is assumed.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <span><strong class="command">[<span class="optional">prereq</span>] yxrrset</strong></span>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith {domain-name}
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith from each set of prerequisites of this form
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith sharing a common
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <em class="parameter"><code>domain-name</code></em>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith are combined to form a set of RRs. This set of RRs must
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith exactly match the set of RRs existing in the zone at the
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <em class="parameter"><code>domain-name</code></em>.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith are written in the standard text representation of the resource
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith <span><strong class="command">[<span class="optional">update</span>] del[<span class="optional">ete</span>]</strong></span>
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith {domain-name}
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith [type [data...]]
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith Deletes any resource records named
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <em class="parameter"><code>domain-name</code></em>.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith is provided, only matching resource records will be removed.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith The internet class is assumed if
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith is not supplied. The
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith is ignored, and is only allowed for compatibility.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <span><strong class="command">[<span class="optional">update</span>] add</strong></span>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith {domain-name}
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith Adds a new resource record with the specified
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <span><strong class="command">show</strong></span>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith Displays the current message, containing all of the
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith prerequisites and
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith updates specified since the last send.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <span><strong class="command">send</strong></span>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith Sends the current message. This is equivalent to entering a
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <span><strong class="command">answer</strong></span>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith Displays the answer.
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith <span><strong class="command">debug</strong></span>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith Turn on debugging.
a9d49e77274be440ba8447c626f31bbda9734091Luke Smith <span><strong class="command">version</strong></span>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith Print version number.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <span><strong class="command">help</strong></span>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith Print a list of commands.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith Lines beginning with a semicolon are comments and are ignored.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith The examples below show how
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <span><strong class="command">nsupdate</strong></span>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith could be used to insert and delete resource records from the
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith Notice that the input in each example contains a trailing blank line so
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith a group of commands are sent as one dynamic update request to the
a9d49e77274be440ba8447c626f31bbda9734091Luke Smith master name server for
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith> update delete oldhost.example.com A
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith> update add newhost.example.com 86400 A 172.16.1.1
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith Any A records for
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith are deleted.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith And an A record for
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith with IP address 172.16.1.1 is added.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith The newly-added record has a 1 day TTL (86400 seconds).
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith> prereq nxdomain nickname.example.com
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith> update add nickname.example.com 86400 CNAME somehost.example.com
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith The prerequisite condition gets the name server to check that there
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith are no resource records of any type for
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith If there are, the update request fails.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith If this name does not exist, a CNAME for it is added.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith This ensures that when the CNAME is added, it cannot conflict with the
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith long-standing rule in RFC 1034 that a name must not exist as any other
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith record type if it exists as a CNAME.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith (The rule has been updated for DNSSEC in RFC 2535 to allow CNAMEs to have
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith RRSIG, DNSKEY and NSEC records.)
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith used to identify default name server
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith<dt><span class="term"><code class="constant">/var/run/named/session.key</code></span></dt>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith sets the default TSIG key for use in local-only mode
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith<dt><span class="term"><code class="constant">K{name}.+157.+{random}.key</code></span></dt>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith base-64 encoding of HMAC-MD5 key created by
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith<dt><span class="term"><code class="constant">K{name}.+157.+{random}.private</code></span></dt>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith base-64 encoding of HMAC-MD5 key created by
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith <span class="citerefentry"><span class="refentrytitle">ddns-confgen</span>(8)</span>,
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith The TSIG key is redundantly stored in two separate files.
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith This is a consequence of nsupdate using the DST library
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith for its cryptographic operations, and may change in future
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith<a accesskey="p" href="man.named-rrchecker.html">Prev</a>�</td>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith<td width="40%" align="right">�<a accesskey="n" href="man.rndc.html">Next</a>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith<span class="application">named-rrchecker</span>�</td>
e8d16592842bdb884e0e4d938f334b6ac5b7cad0Luke Smith<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith<td width="40%" align="right" valign="top">�<span class="application">rndc</span>
4e85040322b4e582739e575b71d0c6f3b9d5c415Luke Smith<p style="text-align: center;">BIND Version 9.11</p>