man.nsupdate.html revision be6c1c506161e6f45fcff5d0425f78801bc267c1
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe - Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe - Copyright (C) 2000-2003 Internet Software Consortium.
ed22c7109fc5dd9e1b7a5d0333bdc7ad2718e2abYuri Pankov - Permission to use, copy, modify, and/or distribute this software for any
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe - purpose with or without fee is hereby granted, provided that the above
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe - copyright notice and this permission notice appear in all copies.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
ed22c7109fc5dd9e1b7a5d0333bdc7ad2718e2abYuri Pankov - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe - PERFORMANCE OF THIS SOFTWARE.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<!-- $Id: man.nsupdate.html,v 1.114 2011/03/06 01:14:20 tbox Exp $ -->
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
ed22c7109fc5dd9e1b7a5d0333bdc7ad2718e2abYuri Pankov<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<link rel="prev" href="man.named-journalprint.html" title="named-journalprint">
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<link rel="next" href="man.rndc.html" title="rndc">
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<table width="100%" summary="Navigation header">
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<tr><th colspan="3" align="center"><span class="application">nsupdate</span></th></tr>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<a accesskey="p" href="man.named-journalprint.html">Prev</a>�</td>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<th width="60%" align="center">Manual pages</th>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<td width="20%" align="right">�<a accesskey="n" href="man.rndc.html">Next</a>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<a name="man.nsupdate"></a><div class="titlepage"></div>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<p><span class="application">nsupdate</span> — Dynamic DNS update utility</p>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-l</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [filename]</p></div>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<p><span><strong class="command">nsupdate</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe is used to submit Dynamic DNS Update requests as defined in RFC 2136
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe to a name server.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe This allows resource records to be added or removed from a zone
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe without manually editing the zone file.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe A single update request can contain requests to add or remove more than
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe resource record.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Zones that are under dynamic control via
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">nsupdate</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe or a DHCP server should not be edited by hand.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Manual edits could
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe conflict with dynamic updates and cause data to be lost.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe The resource records that are dynamically added or removed with
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">nsupdate</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe have to be in the same zone.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Requests are sent to the zone's master server.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe This is identified by the MNAME field of the zone's SOA record.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe option makes
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">nsupdate</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe operate in debug mode.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe This provides tracing information about the update requests that are
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe made and the replies received from the name server.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe The <code class="option">-D</code> option makes <span><strong class="command">nsupdate</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe report additional debugging information to <code class="option">-d</code>.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe The <code class="option">-L</code> option with an integer argument of zero or
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe higher sets the logging debug level. If zero, logging is disabled.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Transaction signatures can be used to authenticate the Dynamic
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe DNS updates. These use the TSIG resource record type described
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe in RFC 2845 or the SIG(0) record described in RFC 2535 and
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe RFC 2931 or GSS-TSIG as described in RFC 3645. TSIG relies on
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe a shared secret that should only be known to
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">nsupdate</strong></span> and the name server. Currently,
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe the only supported encryption algorithm for TSIG is HMAC-MD5,
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe which is defined in RFC 2104. Once other algorithms are
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe defined for TSIG, applications will need to ensure they select
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe the appropriate algorithm as well as the key when authenticating
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe each other. For instance, suitable <span class="type">key</span> and
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span class="type">server</span> statements would be added to
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <code class="filename">/etc/named.conf</code> so that the name server
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe can associate the appropriate secret key and algorithm with
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe the IP address of the client application that will be using
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe TSIG authentication. SIG(0) uses public key cryptography.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe To use a SIG(0) key, the public key must be stored in a KEY
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe record in a zone served by the name server.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">nsupdate</strong></span> does not read
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe GSS-TSIG uses Kerberos credentials. Standard GSS-TSIG mode
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe is switched on with the <code class="option">-g</code> flag. A
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe non-standards-compliant variant of GSS-TSIG used by Windows
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe 2000 can be switched on with the <code class="option">-o</code> flag.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<p><span><strong class="command">nsupdate</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe uses the <code class="option">-y</code> or <code class="option">-k</code> option
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe to provide the shared secret needed to generate a TSIG record
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe for authenticating Dynamic DNS update requests, default type
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe HMAC-MD5. These options are mutually exclusive.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe When the <code class="option">-y</code> option is used, a signature is
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe generated from
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe [<span class="optional"><em class="parameter"><code>hmac:</code></em></span>]<em class="parameter"><code>keyname:secret.</code></em>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <em class="parameter"><code>keyname</code></em> is the name of the key, and
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <em class="parameter"><code>secret</code></em> is the base64 encoded shared secret.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Use of the <code class="option">-y</code> option is discouraged because the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe shared secret is supplied as a command line argument in clear text.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe This may be visible in the output from
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe or in a history file maintained by the user's shell.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <code class="option">-k</code> option, <span><strong class="command">nsupdate</strong></span> reads
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe the shared secret from the file <em class="parameter"><code>keyfile</code></em>.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Keyfiles may be in two formats: a single file containing
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe a <code class="filename">named.conf</code>-format <span><strong class="command">key</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe statement, which may be generated automatically by
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">ddns-confgen</strong></span>, or a pair of files whose names are
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe of the format <code class="filename">K{name}.+157.+{random}.key</code> and
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <code class="filename">K{name}.+157.+{random}.private</code>, which can be
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe generated by <span><strong class="command">dnssec-keygen</strong></span>.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe The <code class="option">-k</code> may also be used to specify a SIG(0) key used
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe to authenticate Dynamic DNS update requests. In this case, the key
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe specified is not an HMAC-MD5 key.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">nsupdate</strong></span> can be run in a local-host only mode
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe using the <code class="option">-l</code> flag. This sets the server address to
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe localhost (disabling the <span><strong class="command">server</strong></span> so that the server
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe address cannot be overridden). Connections to the local server will
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe use a TSIG key found in <code class="filename">/var/run/named/session.key</code>,
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe which is automatically generated by <span><strong class="command">named</strong></span> if any
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe local master zone has set <span><strong class="command">update-policy</strong></span> to
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">local</strong></span>. The location of this key file can be
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe overridden with the <code class="option">-k</code> option.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe By default, <span><strong class="command">nsupdate</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe uses UDP to send update requests to the name server unless they are too
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe large to fit in a UDP request in which case TCP will be used.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe option makes
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">nsupdate</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe use a TCP connection.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe This may be preferable when a batch of update requests is made.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe The <code class="option">-p</code> sets the default port number to use for
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe connections to a name server. The default is 53.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe The <code class="option">-t</code> option sets the maximum time an update request
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe take before it is aborted. The default is 300 seconds. Zero can be
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe to disable the timeout.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe The <code class="option">-u</code> option sets the UDP retry interval. The default
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe 3 seconds. If zero, the interval will be computed from the timeout
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe and number of UDP retries.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe The <code class="option">-r</code> option sets the number of UDP retries. The
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe 3. If zero, only one update request will be made.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe The <code class="option">-R <em class="replaceable"><code>randomdev</code></em></code> option
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe specifies a source of randomness. If the operating system
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe does not provide a <code class="filename">/dev/random</code> or
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe equivalent device, the default source of randomness is keyboard
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe input. <code class="filename">randomdev</code> specifies the name of
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe a character device or file containing random data to be used
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe instead of the default. The special value
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <code class="filename">keyboard</code> indicates that keyboard input
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe should be used. This option may be specified multiple times.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<p><span><strong class="command">nsupdate</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe reads input from
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <em class="parameter"><code>filename</code></em>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe or standard input.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Each command is supplied on exactly one line of input.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Some commands are for administrative purposes.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe The others are either update instructions or prerequisite checks on the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe contents of the zone.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe These checks set conditions that some name or set of
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe resource records (RRset) either exists or is absent from the zone.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe These conditions must be met if the entire update request is to succeed.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Updates will be rejected if the tests for the prerequisite conditions
ed22c7109fc5dd9e1b7a5d0333bdc7ad2718e2abYuri Pankov Every update request consists of zero or more prerequisites
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe and zero or more updates.
ed22c7109fc5dd9e1b7a5d0333bdc7ad2718e2abYuri Pankov This allows a suitably authenticated update request to proceed if some
ed22c7109fc5dd9e1b7a5d0333bdc7ad2718e2abYuri Pankov specified resource records are present or missing from the zone.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe A blank input line (or the <span><strong class="command">send</strong></span> command)
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe accumulated commands to be sent as one Dynamic DNS update request to the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe name server.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe The command formats and their meaning are as follows:
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">server</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe {servername}
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Sends all dynamic update requests to the name server
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <em class="parameter"><code>servername</code></em>.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe When no server statement is provided,
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">nsupdate</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe will send updates to the master server of the correct zone.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe The MNAME field of that zone's SOA record will identify the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe server for that zone.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe is the port number on
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <em class="parameter"><code>servername</code></em>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe where the dynamic update requests get sent.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe If no port number is specified, the default DNS port number of
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">local</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Sends all dynamic update requests using the local
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <em class="parameter"><code>address</code></em>.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe When no local statement is provided,
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">nsupdate</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe will send updates using an address and port chosen by the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe can additionally be used to make requests come from a specific
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe If no port number is specified, the system will assign one.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">zone</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Specifies that all updates are to be made to the zone
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <em class="parameter"><code>zonename</code></em>.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe statement is provided,
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">nsupdate</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe will attempt determine the correct zone to update based on the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe rest of the input.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">class</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Specify the default class.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe If no <em class="parameter"><code>class</code></em> is specified, the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe default class is
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">ttl</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Specify the default time to live for records to be added.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe The value <em class="parameter"><code>none</code></em> will clear the default
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">key</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Specifies that all updates are to be TSIG-signed using the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <em class="parameter"><code>keyname</code></em> <em class="parameter"><code>keysecret</code></em> pair.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe The <span><strong class="command">key</strong></span> command
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe overrides any key specified on the command line via
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <code class="option">-y</code> or <code class="option">-k</code>.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">gsstsig</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Use GSS-TSIG to sign the updated. This is equivalent to
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe specifying <code class="option">-g</code> on the commandline.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">oldgsstsig</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Use the Windows 2000 version of GSS-TSIG to sign the updated.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe This is equivalent to specifying <code class="option">-o</code> on the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe commandline.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">realm</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe When using GSS-TSIG use <em class="parameter"><code>realm_name</code></em> rather
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe than the default realm in <code class="filename">krb5.conf</code>. If no
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe realm is specified the saved realm is cleared.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">prereq nxdomain</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe {domain-name}
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Requires that no resource record of any type exists with name
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <em class="parameter"><code>domain-name</code></em>.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">prereq yxdomain</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe {domain-name}
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Requires that
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <em class="parameter"><code>domain-name</code></em>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe exists (has as at least one resource record, of any type).
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">prereq nxrrset</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe {domain-name}
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Requires that no resource record exists of the specified
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <em class="parameter"><code>domain-name</code></em>.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe is omitted, IN (internet) is assumed.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">prereq yxrrset</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe {domain-name}
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe This requires that a resource record of the specified
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <em class="parameter"><code>domain-name</code></em>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe is omitted, IN (internet) is assumed.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">prereq yxrrset</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe {domain-name}
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe from each set of prerequisites of this form
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe sharing a common
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <em class="parameter"><code>domain-name</code></em>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe are combined to form a set of RRs. This set of RRs must
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe exactly match the set of RRs existing in the zone at the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <em class="parameter"><code>domain-name</code></em>.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe are written in the standard text representation of the resource
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">update delete</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe {domain-name}
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe [type [data...]]
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Deletes any resource records named
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <em class="parameter"><code>domain-name</code></em>.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe is provided, only matching resource records will be removed.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe The internet class is assumed if
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe is not supplied. The
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe is ignored, and is only allowed for compatibility.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">update add</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe {domain-name}
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Adds a new resource record with the specified
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">show</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Displays the current message, containing all of the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe prerequisites and
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe updates specified since the last send.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">send</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Sends the current message. This is equivalent to entering a
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">answer</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Displays the answer.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">debug</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Turn on debugging.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Lines beginning with a semicolon are comments and are ignored.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe The examples below show how
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span><strong class="command">nsupdate</strong></span>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe could be used to insert and delete resource records from the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Notice that the input in each example contains a trailing blank line so
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe a group of commands are sent as one dynamic update request to the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe master name server for
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe> update delete oldhost.example.com A
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe> update add newhost.example.com 86400 A 172.16.1.1
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Any A records for
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe are deleted.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe And an A record for
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe with IP address 172.16.1.1 is added.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe The newly-added record has a 1 day TTL (86400 seconds).
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe> prereq nxdomain nickname.example.com
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe> update add nickname.example.com 86400 CNAME somehost.example.com
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe The prerequisite condition gets the name server to check that there
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe are no resource records of any type for
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span class="type">nickname.example.com</span>.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe If there are, the update request fails.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe If this name does not exist, a CNAME for it is added.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe This ensures that when the CNAME is added, it cannot conflict with the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe long-standing rule in RFC 1034 that a name must not exist as any other
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe record type if it exists as a CNAME.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe (The rule has been updated for DNSSEC in RFC 2535 to allow CNAMEs to have
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe RRSIG, DNSKEY and NSEC records.)
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe used to identify default name server
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<dt><span class="term"><code class="constant">/var/run/named/session.key</code></span></dt>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe sets the default TSIG key for use in local-only mode
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<dt><span class="term"><code class="constant">K{name}.+157.+{random}.key</code></span></dt>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe base-64 encoding of HMAC-MD5 key created by
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<dt><span class="term"><code class="constant">K{name}.+157.+{random}.private</code></span></dt>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe base-64 encoding of HMAC-MD5 key created by
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span class="citerefentry"><span class="refentrytitle">ddns-confgen</span>(8)</span>,
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
ed22c7109fc5dd9e1b7a5d0333bdc7ad2718e2abYuri Pankov The TSIG key is redundantly stored in two separate files.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe This is a consequence of nsupdate using the DST library
ed22c7109fc5dd9e1b7a5d0333bdc7ad2718e2abYuri Pankov for its cryptographic operations, and may change in future
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<table width="100%" summary="Navigation footer">
ed22c7109fc5dd9e1b7a5d0333bdc7ad2718e2abYuri Pankov<a accesskey="p" href="man.named-journalprint.html">Prev</a>�</td>
ed22c7109fc5dd9e1b7a5d0333bdc7ad2718e2abYuri Pankov<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<td width="40%" align="right">�<a accesskey="n" href="man.rndc.html">Next</a>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<span class="application">named-journalprint</span>�</td>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<td width="40%" align="right" valign="top">�<span class="application">rndc</span>