man.nsupdate.html revision b2f07642fd712c8fda81a116bcdde229ab291f33
7d98a1783f222964bcde7d56dab77b822706204dBob Halley - Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC")
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence - Copyright (C) 2000-2003 Internet Software Consortium.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson - Permission to use, copy, modify, and/or distribute this software for any
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson - purpose with or without fee is hereby granted, provided that the above
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence - copyright notice and this permission notice appear in all copies.
15a44745412679c30a6d022733925af70a38b715David Lawrence - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
15a44745412679c30a6d022733925af70a38b715David Lawrence - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
15a44745412679c30a6d022733925af70a38b715David Lawrence - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
15a44745412679c30a6d022733925af70a38b715David Lawrence - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15a44745412679c30a6d022733925af70a38b715David Lawrence - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
15a44745412679c30a6d022733925af70a38b715David Lawrence - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15a44745412679c30a6d022733925af70a38b715David Lawrence - PERFORMANCE OF THIS SOFTWARE.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
8a47ea1dadd3b985f5266f198423e01e225e218dDavid Lawrence<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
999ae80184e3df1016ac74514124b0459ace4d01Andreas Gustafsson<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
66c41c5b4ff384aae100772a3f2d722391202f63Andreas Gustafsson<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson<link rel="prev" href="man.named-journalprint.html" title="named-journalprint">
d60f5b9bc8c1e1f7ddebc6c7834f7550a8e8be6fBob Halley<link rel="next" href="man.rndc.html" title="rndc">
d60f5b9bc8c1e1f7ddebc6c7834f7550a8e8be6fBob Halley<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
4bf54f182d5ac0bde48800af9000801cbc39ee15Brian Wellington<table width="100%" summary="Navigation header">
d60f5b9bc8c1e1f7ddebc6c7834f7550a8e8be6fBob Halley<tr><th colspan="3" align="center"><span class="application">nsupdate</span></th></tr>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson<a accesskey="p" href="man.named-journalprint.html">Prev</a>�</td>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson<th width="60%" align="center">Manual pages</th>
84feab0fad8ce53c5d26dff9bde89c4cae285908Brian Wellington<td width="20%" align="right">�<a accesskey="n" href="man.rndc.html">Next</a>
a1747570262ed336c213aaf6bd31bc91993a46deAndreas Gustafsson<a name="man.nsupdate"></a><div class="titlepage"></div>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson<p><span class="application">nsupdate</span> — Dynamic DNS update utility</p>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-l</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [<code class="option">-T</code>] [<code class="option">-P</code>] [filename]</p></div>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson<a name="id2642172"></a><h2>DESCRIPTION</h2>
f4c0131a46ea183238027ef9c3400cc6079b8b85Andreas Gustafsson<p><span><strong class="command">nsupdate</strong></span>
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson is used to submit Dynamic DNS Update requests as defined in RFC 2136
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson to a name server.
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson This allows resource records to be added or removed from a zone
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson without manually editing the zone file.
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson A single update request can contain requests to add or remove more than
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson resource record.
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson Zones that are under dynamic control via
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson <span><strong class="command">nsupdate</strong></span>
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson or a DHCP server should not be edited by hand.
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson Manual edits could
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson conflict with dynamic updates and cause data to be lost.
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson The resource records that are dynamically added or removed with
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson <span><strong class="command">nsupdate</strong></span>
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson have to be in the same zone.
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson Requests are sent to the zone's master server.
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson This is identified by the MNAME field of the zone's SOA record.
f4c0131a46ea183238027ef9c3400cc6079b8b85Andreas Gustafsson <span><strong class="command">nsupdate</strong></span>
f4c0131a46ea183238027ef9c3400cc6079b8b85Andreas Gustafsson operate in debug mode.
f4c0131a46ea183238027ef9c3400cc6079b8b85Andreas Gustafsson This provides tracing information about the update requests that are
f4c0131a46ea183238027ef9c3400cc6079b8b85Andreas Gustafsson made and the replies received from the name server.
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff The <code class="option">-D</code> option makes <span><strong class="command">nsupdate</strong></span>
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson report additional debugging information to <code class="option">-d</code>.
f4c0131a46ea183238027ef9c3400cc6079b8b85Andreas Gustafsson The <code class="option">-L</code> option with an integer argument of zero or
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff higher sets the logging debug level. If zero, logging is disabled.
f2fdfe7c42f3b10f3653f851ce5a0a90ee5ac1f9David Lawrence Transaction signatures can be used to authenticate the Dynamic
f2fdfe7c42f3b10f3653f851ce5a0a90ee5ac1f9David Lawrence DNS updates. These use the TSIG resource record type described
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson in RFC 2845 or the SIG(0) record described in RFC 2535 and
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson RFC 2931 or GSS-TSIG as described in RFC 3645. TSIG relies on
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson a shared secret that should only be known to
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson <span><strong class="command">nsupdate</strong></span> and the name server. Currently,
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson the only supported encryption algorithm for TSIG is HMAC-MD5,
553727079c69cacf56aaa8fd2722d04bfbbc8ce1David Lawrence which is defined in RFC 2104. Once other algorithms are
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson defined for TSIG, applications will need to ensure they select
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson the appropriate algorithm as well as the key when authenticating
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson each other. For instance, suitable <span class="type">key</span> and
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson <span class="type">server</span> statements would be added to
f2fdfe7c42f3b10f3653f851ce5a0a90ee5ac1f9David Lawrence <code class="filename">/etc/named.conf</code> so that the name server
f2fdfe7c42f3b10f3653f851ce5a0a90ee5ac1f9David Lawrence can associate the appropriate secret key and algorithm with
f4c0131a46ea183238027ef9c3400cc6079b8b85Andreas Gustafsson the IP address of the client application that will be using
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson TSIG authentication. SIG(0) uses public key cryptography.
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson To use a SIG(0) key, the public key must be stored in a KEY
ea398d3eba82ec4d18a636e4e6e9e120e337dad2Andreas Gustafsson record in a zone served by the name server.
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson <span><strong class="command">nsupdate</strong></span> does not read
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson <code class="filename">/etc/named.conf</code>.
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson GSS-TSIG uses Kerberos credentials. Standard GSS-TSIG mode
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson is switched on with the <code class="option">-g</code> flag. A
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson non-standards-compliant variant of GSS-TSIG used by Windows
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson 2000 can be switched on with the <code class="option">-o</code> flag.
f2fdfe7c42f3b10f3653f851ce5a0a90ee5ac1f9David Lawrence<p><span><strong class="command">nsupdate</strong></span>
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson uses the <code class="option">-y</code> or <code class="option">-k</code> option
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson to provide the shared secret needed to generate a TSIG record
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson for authenticating Dynamic DNS update requests, default type
ea398d3eba82ec4d18a636e4e6e9e120e337dad2Andreas Gustafsson HMAC-MD5. These options are mutually exclusive.
553727079c69cacf56aaa8fd2722d04bfbbc8ce1David Lawrence When the <code class="option">-y</code> option is used, a signature is
94296c8d5b9c3c1ed13cf91c1f7b1d76d7fa0607David Lawrence generated from
8803b0510877fd08044542edbb55e2be72fae36fAndreas Gustafsson [<span class="optional"><em class="parameter"><code>hmac:</code></em></span>]<em class="parameter"><code>keyname:secret.</code></em>
f4c0131a46ea183238027ef9c3400cc6079b8b85Andreas Gustafsson <em class="parameter"><code>keyname</code></em> is the name of the key, and
f4c0131a46ea183238027ef9c3400cc6079b8b85Andreas Gustafsson <em class="parameter"><code>secret</code></em> is the base64 encoded shared secret.
f4c0131a46ea183238027ef9c3400cc6079b8b85Andreas Gustafsson Use of the <code class="option">-y</code> option is discouraged because the
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson shared secret is supplied as a command line argument in clear text.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson This may be visible in the output from
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson or in a history file maintained by the user's shell.
581db30788a4920ba8558287a0dccf3c1a210c5aAndreas Gustafsson <code class="option">-k</code> option, <span><strong class="command">nsupdate</strong></span> reads
581db30788a4920ba8558287a0dccf3c1a210c5aAndreas Gustafsson the shared secret from the file <em class="parameter"><code>keyfile</code></em>.
581db30788a4920ba8558287a0dccf3c1a210c5aAndreas Gustafsson Keyfiles may be in two formats: a single file containing
581db30788a4920ba8558287a0dccf3c1a210c5aAndreas Gustafsson a <code class="filename">named.conf</code>-format <span><strong class="command">key</strong></span>
581db30788a4920ba8558287a0dccf3c1a210c5aAndreas Gustafsson statement, which may be generated automatically by
581db30788a4920ba8558287a0dccf3c1a210c5aAndreas Gustafsson <span><strong class="command">ddns-confgen</strong></span>, or a pair of files whose names are
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff of the format <code class="filename">K{name}.+157.+{random}.key</code> and
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence <code class="filename">K{name}.+157.+{random}.private</code>, which can be
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson generated by <span><strong class="command">dnssec-keygen</strong></span>.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson The <code class="option">-k</code> may also be used to specify a SIG(0) key used
581db30788a4920ba8558287a0dccf3c1a210c5aAndreas Gustafsson to authenticate Dynamic DNS update requests. In this case, the key
581db30788a4920ba8558287a0dccf3c1a210c5aAndreas Gustafsson specified is not an HMAC-MD5 key.
581db30788a4920ba8558287a0dccf3c1a210c5aAndreas Gustafsson <span><strong class="command">nsupdate</strong></span> can be run in a local-host only mode
581db30788a4920ba8558287a0dccf3c1a210c5aAndreas Gustafsson using the <code class="option">-l</code> flag. This sets the server address to
581db30788a4920ba8558287a0dccf3c1a210c5aAndreas Gustafsson localhost (disabling the <span><strong class="command">server</strong></span> so that the server
459e901f905e09a2e98f3ff70cb19fb2061aef83Mark Andrews address cannot be overridden). Connections to the local server will
581db30788a4920ba8558287a0dccf3c1a210c5aAndreas Gustafsson use a TSIG key found in <code class="filename">/var/run/named/session.key</code>,
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson which is automatically generated by <span><strong class="command">named</strong></span> if any
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson local master zone has set <span><strong class="command">update-policy</strong></span> to
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <span><strong class="command">local</strong></span>. The location of this key file can be
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson overridden with the <code class="option">-k</code> option.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson By default, <span><strong class="command">nsupdate</strong></span>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson uses UDP to send update requests to the name server unless they are too
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson large to fit in a UDP request in which case TCP will be used.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <span><strong class="command">nsupdate</strong></span>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson use a TCP connection.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson This may be preferable when a batch of update requests is made.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence The <code class="option">-p</code> sets the default port number to use for
cfefc47443d2035d13c827837e286f12c23e6eb4David Lawrence connections to a name server. The default is 53.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson The <code class="option">-t</code> option sets the maximum time an update request
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson take before it is aborted. The default is 300 seconds. Zero can be
cfefc47443d2035d13c827837e286f12c23e6eb4David Lawrence to disable the timeout.
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff The <code class="option">-u</code> option sets the UDP retry interval. The default
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson 3 seconds. If zero, the interval will be computed from the timeout
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson and number of UDP retries.
cfefc47443d2035d13c827837e286f12c23e6eb4David Lawrence The <code class="option">-r</code> option sets the number of UDP retries. The
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson 3. If zero, only one update request will be made.
cfefc47443d2035d13c827837e286f12c23e6eb4David Lawrence The <code class="option">-R <em class="replaceable"><code>randomdev</code></em></code> option
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff specifies a source of randomness. If the operating system
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson does not provide a <code class="filename">/dev/random</code> or
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence equivalent device, the default source of randomness is keyboard
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff input. <code class="filename">randomdev</code> specifies the name of
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson a character device or file containing random data to be used
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence instead of the default. The special value
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <code class="filename">keyboard</code> indicates that keyboard input
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson should be used. This option may be specified multiple times.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson Other types can be entered using "TYPEXXXXX" where "XXXXX" is the
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson decimal value of the type with no leading zeros. The rdata,
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff if present, will be parsed using the UNKNOWN rdata format,
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson (<backslash> <hash> <space> <length>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <space> <hexstring>).
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson The <code class="option">-T</code> and <code class="option">-P</code> options print out
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson lists of non-meta types for which the type-specific presentation
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson formats are known. <code class="option">-T</code> prints out the list of
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson IANA-assigned types. <code class="option">-P</code> prints out the list of
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence private types specific to <span><strong class="command">named</strong></span>. These options
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson may be combined. <span><strong class="command">nsupdate</strong></span> will exit after the
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson lists are printed.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson<a name="id2679882"></a><h2>INPUT FORMAT</h2>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson<p><span><strong class="command">nsupdate</strong></span>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson reads input from
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <em class="parameter"><code>filename</code></em>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson or standard input.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson Each command is supplied on exactly one line of input.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson Some commands are for administrative purposes.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson The others are either update instructions or prerequisite checks on the
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson contents of the zone.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson These checks set conditions that some name or set of
cfefc47443d2035d13c827837e286f12c23e6eb4David Lawrence resource records (RRset) either exists or is absent from the zone.
cfefc47443d2035d13c827837e286f12c23e6eb4David Lawrence These conditions must be met if the entire update request is to succeed.
cfefc47443d2035d13c827837e286f12c23e6eb4David Lawrence Updates will be rejected if the tests for the prerequisite conditions
cfefc47443d2035d13c827837e286f12c23e6eb4David Lawrence Every update request consists of zero or more prerequisites
cfefc47443d2035d13c827837e286f12c23e6eb4David Lawrence and zero or more updates.
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff This allows a suitably authenticated update request to proceed if some
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson specified resource records are present or missing from the zone.
cfefc47443d2035d13c827837e286f12c23e6eb4David Lawrence A blank input line (or the <span><strong class="command">send</strong></span> command)
cfefc47443d2035d13c827837e286f12c23e6eb4David Lawrence accumulated commands to be sent as one Dynamic DNS update request to the
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson The command formats and their meaning are as follows:
cfefc47443d2035d13c827837e286f12c23e6eb4David Lawrence <span><strong class="command">server</strong></span>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson Sends all dynamic update requests to the name server
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff <em class="parameter"><code>servername</code></em>.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson When no server statement is provided,
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <span><strong class="command">nsupdate</strong></span>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson will send updates to the master server of the correct zone.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson The MNAME field of that zone's SOA record will identify the
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson server for that zone.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson is the port number on
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <em class="parameter"><code>servername</code></em>
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff where the dynamic update requests get sent.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson If no port number is specified, the default DNS port number of
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <span><strong class="command">local</strong></span>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson Sends all dynamic update requests using the local
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff <em class="parameter"><code>address</code></em>.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson When no local statement is provided,
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <span><strong class="command">nsupdate</strong></span>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson will send updates using an address and port chosen by the
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <em class="parameter"><code>port</code></em>
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff can additionally be used to make requests come from a specific
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson If no port number is specified, the system will assign one.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <span><strong class="command">zone</strong></span>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson Specifies that all updates are to be made to the zone
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence <em class="parameter"><code>zonename</code></em>.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <em class="parameter"><code>zone</code></em>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson statement is provided,
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff <span><strong class="command">nsupdate</strong></span>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson will attempt determine the correct zone to update based on the
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson rest of the input.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <span><strong class="command">class</strong></span>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson Specify the default class.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson If no <em class="parameter"><code>class</code></em> is specified, the
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson default class is
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <em class="parameter"><code>IN</code></em>.
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff <span><strong class="command">ttl</strong></span>
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff Specify the default time to live for records to be added.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson The value <em class="parameter"><code>none</code></em> will clear the default
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <span><strong class="command">key</strong></span>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson Specifies that all updates are to be TSIG-signed using the
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <em class="parameter"><code>keyname</code></em> <em class="parameter"><code>keysecret</code></em> pair.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson The <span><strong class="command">key</strong></span> command
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson overrides any key specified on the command line via
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <code class="option">-y</code> or <code class="option">-k</code>.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <span><strong class="command">gsstsig</strong></span>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson Use GSS-TSIG to sign the updated. This is equivalent to
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson specifying <code class="option">-g</code> on the commandline.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <span><strong class="command">oldgsstsig</strong></span>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson Use the Windows 2000 version of GSS-TSIG to sign the updated.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson This is equivalent to specifying <code class="option">-o</code> on the
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <span><strong class="command">realm</strong></span>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson {[<span class="optional">realm_name</span>]}
732e0731dec1922747bb3b3147cf2c3d16b22eaaBob Halley When using GSS-TSIG use <em class="parameter"><code>realm_name</code></em> rather
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence than the default realm in <code class="filename">krb5.conf</code>. If no
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson realm is specified the saved realm is cleared.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <span><strong class="command">[<span class="optional">prereq</span>] nxdomain</strong></span>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson Requires that no resource record of any type exists with name
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <em class="parameter"><code>domain-name</code></em>.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <span><strong class="command">[<span class="optional">prereq</span>] yxdomain</strong></span>
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff Requires that
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <em class="parameter"><code>domain-name</code></em>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson exists (has as at least one resource record, of any type).
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence <span><strong class="command">[<span class="optional">prereq</span>] nxrrset</strong></span>
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff Requires that no resource record exists of the specified
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <em class="parameter"><code>class</code></em>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <em class="parameter"><code>domain-name</code></em>.
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff is omitted, IN (internet) is assumed.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <span><strong class="command">[<span class="optional">prereq</span>] yxrrset</strong></span>
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff {domain-name}
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson This requires that a resource record of the specified
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <em class="parameter"><code>type</code></em>,
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <em class="parameter"><code>class</code></em>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <em class="parameter"><code>domain-name</code></em>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <em class="parameter"><code>class</code></em>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson is omitted, IN (internet) is assumed.
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff <span><strong class="command">[<span class="optional">prereq</span>] yxrrset</strong></span>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <em class="parameter"><code>data</code></em>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson from each set of prerequisites of this form
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson sharing a common
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <em class="parameter"><code>type</code></em>,
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <em class="parameter"><code>class</code></em>,
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <em class="parameter"><code>domain-name</code></em>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson are combined to form a set of RRs. This set of RRs must
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson exactly match the set of RRs existing in the zone at the
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <em class="parameter"><code>type</code></em>,
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <em class="parameter"><code>class</code></em>,
cfefc47443d2035d13c827837e286f12c23e6eb4David Lawrence <em class="parameter"><code>domain-name</code></em>.
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff are written in the standard text representation of the resource
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <span><strong class="command">[<span class="optional">update</span>] del[<span class="optional">ete</span>]</strong></span>
f4c0131a46ea183238027ef9c3400cc6079b8b85Andreas Gustafsson [type [data...]]
f4c0131a46ea183238027ef9c3400cc6079b8b85Andreas Gustafsson Deletes any resource records named
f4c0131a46ea183238027ef9c3400cc6079b8b85Andreas Gustafsson <em class="parameter"><code>domain-name</code></em>.
f4c0131a46ea183238027ef9c3400cc6079b8b85Andreas Gustafsson <em class="parameter"><code>type</code></em>
f4c0131a46ea183238027ef9c3400cc6079b8b85Andreas Gustafsson <em class="parameter"><code>data</code></em>
f4c0131a46ea183238027ef9c3400cc6079b8b85Andreas Gustafsson is provided, only matching resource records will be removed.
f4c0131a46ea183238027ef9c3400cc6079b8b85Andreas Gustafsson The internet class is assumed if
f4c0131a46ea183238027ef9c3400cc6079b8b85Andreas Gustafsson <em class="parameter"><code>class</code></em>
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff is not supplied. The
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff is ignored, and is only allowed for compatibility.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence <span><strong class="command">[<span class="optional">update</span>] add</strong></span>
732e0731dec1922747bb3b3147cf2c3d16b22eaaBob Halley Adds a new resource record with the specified
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <em class="parameter"><code>ttl</code></em>,
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <em class="parameter"><code>data</code></em>.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <span><strong class="command">show</strong></span>
cfefc47443d2035d13c827837e286f12c23e6eb4David Lawrence Displays the current message, containing all of the
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff prerequisites and
cfefc47443d2035d13c827837e286f12c23e6eb4David Lawrence updates specified since the last send.
b2c71d98dfc4dab5c6b8c8f39cf8fed3d899e94cAndreas Gustafsson <span><strong class="command">send</strong></span>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson Sends the current message. This is equivalent to entering a
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <span><strong class="command">answer</strong></span>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson Displays the answer.
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff <span><strong class="command">debug</strong></span>
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence Turn on debugging.
cfefc47443d2035d13c827837e286f12c23e6eb4David Lawrence Lines beginning with a semicolon are comments and are ignored.
66c41c5b4ff384aae100772a3f2d722391202f63Andreas Gustafsson The examples below show how
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <span><strong class="command">nsupdate</strong></span>
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff could be used to insert and delete resource records from the
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson Notice that the input in each example contains a trailing blank line so
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson a group of commands are sent as one dynamic update request to the
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff master name server for
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson> update delete oldhost.example.com A
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson> update add newhost.example.com 86400 A 172.16.1.1
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson Any A records for
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <span class="type">oldhost.example.com</span>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson And an A record for
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <span class="type">newhost.example.com</span>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson with IP address 172.16.1.1 is added.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson The newly-added record has a 1 day TTL (86400 seconds).
cfefc47443d2035d13c827837e286f12c23e6eb4David Lawrence> prereq nxdomain nickname.example.com
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson> update add nickname.example.com 86400 CNAME somehost.example.com
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff The prerequisite condition gets the name server to check that there
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson are no resource records of any type for
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <span class="type">nickname.example.com</span>.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence If there are, the update request fails.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson If this name does not exist, a CNAME for it is added.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson This ensures that when the CNAME is added, it cannot conflict with the
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson long-standing rule in RFC 1034 that a name must not exist as any other
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson record type if it exists as a CNAME.
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff (The rule has been updated for DNSSEC in RFC 2535 to allow CNAMEs to have
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson RRSIG, DNSKEY and NSEC records.)
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson used to identify default name server
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson<dt><span class="term"><code class="constant">/var/run/named/session.key</code></span></dt>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson sets the default TSIG key for use in local-only mode
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson<dt><span class="term"><code class="constant">K{name}.+157.+{random}.key</code></span></dt>
732e0731dec1922747bb3b3147cf2c3d16b22eaaBob Halley base-64 encoding of HMAC-MD5 key created by
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson<dt><span class="term"><code class="constant">K{name}.+157.+{random}.private</code></span></dt>
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson base-64 encoding of HMAC-MD5 key created by
cfefc47443d2035d13c827837e286f12c23e6eb4David Lawrence <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <span class="citerefentry"><span class="refentrytitle">ddns-confgen</span>(8)</span>,
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson The TSIG key is redundantly stored in two separate files.
4cd3d6df39927315e3fadc07a8da3788175f4195Andreas Gustafsson This is a consequence of nsupdate using the DST library
84feab0fad8ce53c5d26dff9bde89c4cae285908Brian Wellington for its cryptographic operations, and may change in future
84feab0fad8ce53c5d26dff9bde89c4cae285908Brian Wellington<table width="100%" summary="Navigation footer">
84feab0fad8ce53c5d26dff9bde89c4cae285908Brian Wellington<a accesskey="p" href="man.named-journalprint.html">Prev</a>�</td>
84feab0fad8ce53c5d26dff9bde89c4cae285908Brian Wellington<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
84feab0fad8ce53c5d26dff9bde89c4cae285908Brian Wellington<td width="40%" align="right">�<a accesskey="n" href="man.rndc.html">Next</a>
84feab0fad8ce53c5d26dff9bde89c4cae285908Brian Wellington<span class="application">named-journalprint</span>�</td>
84feab0fad8ce53c5d26dff9bde89c4cae285908Brian Wellington<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
84feab0fad8ce53c5d26dff9bde89c4cae285908Brian Wellington<td width="40%" align="right" valign="top">�<span class="application">rndc</span>