man.nsupdate.html revision bafdc1ebe80e1bc359bfbb48aa88790c7bbdc749
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User - Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
71cef386fae61275b03e203825680b39fedaa8c6Tinderbox User - Copyright (C) 2000-2003 Internet Software Consortium.
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - Permission to use, copy, modify, and/or distribute this software for any
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - purpose with or without fee is hereby granted, provided that the above
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - copyright notice and this permission notice appear in all copies.
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User - PERFORMANCE OF THIS SOFTWARE.
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User<!-- $Id: man.nsupdate.html,v 1.141 2011/11/24 01:14:53 tbox Exp $ -->
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User<link rel="prev" href="man.named-journalprint.html" title="named-journalprint">
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User<link rel="next" href="man.rndc.html" title="rndc">
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User<table width="100%" summary="Navigation header">
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User<tr><th colspan="3" align="center"><span class="application">nsupdate</span></th></tr>
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User<a accesskey="p" href="man.named-journalprint.html">Prev</a>�</td>
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User<th width="60%" align="center">Manual pages</th>
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User<td width="20%" align="right">�<a accesskey="n" href="man.rndc.html">Next</a>
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User<a name="man.nsupdate"></a><div class="titlepage"></div>
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<p><span class="application">nsupdate</span> — Dynamic DNS update utility</p>
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-l</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [filename]</p></div>
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User<p><span><strong class="command">nsupdate</strong></span>
7e71f05d8643aca84914437c900cb716444507e4Tinderbox User is used to submit Dynamic DNS Update requests as defined in RFC 2136
7e71f05d8643aca84914437c900cb716444507e4Tinderbox User to a name server.
7e71f05d8643aca84914437c900cb716444507e4Tinderbox User This allows resource records to be added or removed from a zone
dec590a3deb8e87380a8bd3a77d535dba3729bf6Tinderbox User without manually editing the zone file.
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User A single update request can contain requests to add or remove more than
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User resource record.
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User Zones that are under dynamic control via
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User <span><strong class="command">nsupdate</strong></span>
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User or a DHCP server should not be edited by hand.
dec590a3deb8e87380a8bd3a77d535dba3729bf6Tinderbox User Manual edits could
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User conflict with dynamic updates and cause data to be lost.
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User The resource records that are dynamically added or removed with
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User <span><strong class="command">nsupdate</strong></span>
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User have to be in the same zone.
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User Requests are sent to the zone's master server.
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User This is identified by the MNAME field of the zone's SOA record.
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User <span><strong class="command">nsupdate</strong></span>
dec590a3deb8e87380a8bd3a77d535dba3729bf6Tinderbox User operate in debug mode.
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User This provides tracing information about the update requests that are
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User made and the replies received from the name server.
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User The <code class="option">-D</code> option makes <span><strong class="command">nsupdate</strong></span>
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User report additional debugging information to <code class="option">-d</code>.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The <code class="option">-L</code> option with an integer argument of zero or
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User higher sets the logging debug level. If zero, logging is disabled.
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User Transaction signatures can be used to authenticate the Dynamic
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User DNS updates. These use the TSIG resource record type described
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt in RFC 2845 or the SIG(0) record described in RFC 2535 and
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User RFC 2931 or GSS-TSIG as described in RFC 3645. TSIG relies on
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User a shared secret that should only be known to
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span><strong class="command">nsupdate</strong></span> and the name server. Currently,
ad8f23aed6c75f94f238c1f23f4e17515d28eb55Tinderbox User the only supported encryption algorithm for TSIG is HMAC-MD5,
ad8f23aed6c75f94f238c1f23f4e17515d28eb55Tinderbox User which is defined in RFC 2104. Once other algorithms are
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt defined for TSIG, applications will need to ensure they select
ad8f23aed6c75f94f238c1f23f4e17515d28eb55Tinderbox User the appropriate algorithm as well as the key when authenticating
ad8f23aed6c75f94f238c1f23f4e17515d28eb55Tinderbox User each other. For instance, suitable <span class="type">key</span> and
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User <span class="type">server</span> statements would be added to
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User <code class="filename">/etc/named.conf</code> so that the name server
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User can associate the appropriate secret key and algorithm with
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User the IP address of the client application that will be using
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User TSIG authentication. SIG(0) uses public key cryptography.
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User To use a SIG(0) key, the public key must be stored in a KEY
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User record in a zone served by the name server.
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User <span><strong class="command">nsupdate</strong></span> does not read
dec590a3deb8e87380a8bd3a77d535dba3729bf6Tinderbox User <code class="filename">/etc/named.conf</code>.
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User GSS-TSIG uses Kerberos credentials. Standard GSS-TSIG mode
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User is switched on with the <code class="option">-g</code> flag. A
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User non-standards-compliant variant of GSS-TSIG used by Windows
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User 2000 can be switched on with the <code class="option">-o</code> flag.
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User<p><span><strong class="command">nsupdate</strong></span>
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User uses the <code class="option">-y</code> or <code class="option">-k</code> option
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User to provide the shared secret needed to generate a TSIG record
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User for authenticating Dynamic DNS update requests, default type
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User HMAC-MD5. These options are mutually exclusive.
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User When the <code class="option">-y</code> option is used, a signature is
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User generated from
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User [<span class="optional"><em class="parameter"><code>hmac:</code></em></span>]<em class="parameter"><code>keyname:secret.</code></em>
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User <em class="parameter"><code>keyname</code></em> is the name of the key, and
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User <em class="parameter"><code>secret</code></em> is the base64 encoded shared secret.
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User Use of the <code class="option">-y</code> option is discouraged because the
10b865e9187fc77cae02f106ddcc9e03eecdfe06Tinderbox User shared secret is supplied as a command line argument in clear text.
10b865e9187fc77cae02f106ddcc9e03eecdfe06Tinderbox User This may be visible in the output from
10b865e9187fc77cae02f106ddcc9e03eecdfe06Tinderbox User <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span>
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User or in a history file maintained by the user's shell.
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User <code class="option">-k</code> option, <span><strong class="command">nsupdate</strong></span> reads
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User the shared secret from the file <em class="parameter"><code>keyfile</code></em>.
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User Keyfiles may be in two formats: a single file containing
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User a <code class="filename">named.conf</code>-format <span><strong class="command">key</strong></span>
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User statement, which may be generated automatically by
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User <span><strong class="command">ddns-confgen</strong></span>, or a pair of files whose names are
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User of the format <code class="filename">K{name}.+157.+{random}.key</code> and
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User <code class="filename">K{name}.+157.+{random}.private</code>, which can be
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User generated by <span><strong class="command">dnssec-keygen</strong></span>.
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User The <code class="option">-k</code> may also be used to specify a SIG(0) key used
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User to authenticate Dynamic DNS update requests. In this case, the key
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User specified is not an HMAC-MD5 key.
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User <span><strong class="command">nsupdate</strong></span> can be run in a local-host only mode
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User using the <code class="option">-l</code> flag. This sets the server address to
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User localhost (disabling the <span><strong class="command">server</strong></span> so that the server
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User address cannot be overridden). Connections to the local server will
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User use a TSIG key found in <code class="filename">/var/run/named/session.key</code>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User which is automatically generated by <span><strong class="command">named</strong></span> if any
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User local master zone has set <span><strong class="command">update-policy</strong></span> to
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <span><strong class="command">local</strong></span>. The location of this key file can be
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User overridden with the <code class="option">-k</code> option.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User By default, <span><strong class="command">nsupdate</strong></span>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User uses UDP to send update requests to the name server unless they are too
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User large to fit in a UDP request in which case TCP will be used.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <span><strong class="command">nsupdate</strong></span>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User use a TCP connection.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User This may be preferable when a batch of update requests is made.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The <code class="option">-p</code> sets the default port number to use for
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User connections to a name server. The default is 53.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The <code class="option">-t</code> option sets the maximum time an update request
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User take before it is aborted. The default is 300 seconds. Zero can be
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User to disable the timeout.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The <code class="option">-u</code> option sets the UDP retry interval. The default
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User 3 seconds. If zero, the interval will be computed from the timeout
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User and number of UDP retries.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The <code class="option">-r</code> option sets the number of UDP retries. The
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User 3. If zero, only one update request will be made.
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User The <code class="option">-R <em class="replaceable"><code>randomdev</code></em></code> option
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User specifies a source of randomness. If the operating system
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User does not provide a <code class="filename">/dev/random</code> or
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User equivalent device, the default source of randomness is keyboard
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User input. <code class="filename">randomdev</code> specifies the name of
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User a character device or file containing random data to be used
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User instead of the default. The special value
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User <code class="filename">keyboard</code> indicates that keyboard input
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User should be used. This option may be specified multiple times.
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User<p><span><strong class="command">nsupdate</strong></span>
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User reads input from
c313914d0e66b20969215e519bbf2ab4ecf39512Tinderbox User <em class="parameter"><code>filename</code></em>
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User or standard input.
fae13836a33b474a6aa2c147df8334f5b1ffae45Tinderbox User Each command is supplied on exactly one line of input.
<em class="parameter"><code>keyname</code></em> <em class="parameter"><code>keysecret</code></em> pair.
> update delete oldhost.example.com A
> update add newhost.example.com 86400 A 172.16.1.1
> prereq nxdomain nickname.example.com