man.nsupdate.html revision dd1ce8b52478fa98c844720af9e77fae2978f18d
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering - Copyright (C) 2000-2003 Internet Software Consortium.
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering - Permission to use, copy, modify, and/or distribute this software for any
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering - purpose with or without fee is hereby granted, provided that the above
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering - copyright notice and this permission notice appear in all copies.
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering - PERFORMANCE OF THIS SOFTWARE.
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
8bdbb8d9cbe1d35708385573d70984ab4533812dLennart Poettering<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering<link rel="prev" href="man.named-journalprint.html" title="named-journalprint">
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering<link rel="next" href="man.rndc.html" title="rndc">
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering<table width="100%" summary="Navigation header">
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering<tr><th colspan="3" align="center"><span class="application">nsupdate</span></th></tr>
f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering<a accesskey="p" href="man.named-journalprint.html">Prev</a>�</td>
d538bfc71331d2e48363283decd77a61599021dbCristian Rodríguez<th width="60%" align="center">Manual pages</th>
a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen<td width="20%" align="right">�<a accesskey="n" href="man.rndc.html">Next</a>
a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen<a name="man.nsupdate"></a><div class="titlepage"></div>
aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering<p><span class="application">nsupdate</span> — Dynamic DNS update utility</p>
04d39279245834494baccfdb9349db8bf80abd13Lennart Poettering<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-l</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [<code class="option">-T</code>] [<code class="option">-P</code>] [filename]</p></div>
785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering<a name="id2642145"></a><h2>DESCRIPTION</h2>
f2cbe59e113f08549949a76ac5b9b3972df4cc30Lennart Poettering<p><span><strong class="command">nsupdate</strong></span>
56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering is used to submit Dynamic DNS Update requests as defined in RFC 2136
3d7415f43f0fe6a821d7bc4a341ba371e8a30ef3Lennart Poettering to a name server.
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering This allows resource records to be added or removed from a zone
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering without manually editing the zone file.
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering A single update request can contain requests to add or remove more than
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering resource record.
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering Zones that are under dynamic control via
d21ed1ead18d16d35c30299a69d3366847f8a039Lennart Poettering <span><strong class="command">nsupdate</strong></span>
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering or a DHCP server should not be edited by hand.
785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering Manual edits could
785890acf6d629ff881a1f065f431df1b7fc8c7aLennart Poettering conflict with dynamic updates and cause data to be lost.
8b0cc9a36c8f92f010f2e8465942d2cd7c580d78Lennart Poettering The resource records that are dynamically added or removed with
8b0cc9a36c8f92f010f2e8465942d2cd7c580d78Lennart Poettering <span><strong class="command">nsupdate</strong></span>
3d7415f43f0fe6a821d7bc4a341ba371e8a30ef3Lennart Poettering have to be in the same zone.
3d7415f43f0fe6a821d7bc4a341ba371e8a30ef3Lennart Poettering Requests are sent to the zone's master server.
3d7415f43f0fe6a821d7bc4a341ba371e8a30ef3Lennart Poettering This is identified by the MNAME field of the zone's SOA record.
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering <span><strong class="command">nsupdate</strong></span>
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering operate in debug mode.
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering This provides tracing information about the update requests that are
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering made and the replies received from the name server.
acf97e213e69a97e63ab8f7fad7ecd53608c757aLennart Poettering The <code class="option">-D</code> option makes <span><strong class="command">nsupdate</strong></span>
acf97e213e69a97e63ab8f7fad7ecd53608c757aLennart Poettering report additional debugging information to <code class="option">-d</code>.
acf97e213e69a97e63ab8f7fad7ecd53608c757aLennart Poettering The <code class="option">-L</code> option with an integer argument of zero or
acf97e213e69a97e63ab8f7fad7ecd53608c757aLennart Poettering higher sets the logging debug level. If zero, logging is disabled.
acf97e213e69a97e63ab8f7fad7ecd53608c757aLennart Poettering Transaction signatures can be used to authenticate the Dynamic
acf97e213e69a97e63ab8f7fad7ecd53608c757aLennart Poettering DNS updates. These use the TSIG resource record type described
acf97e213e69a97e63ab8f7fad7ecd53608c757aLennart Poettering in RFC 2845 or the SIG(0) record described in RFC 2535 and
8b0cc9a36c8f92f010f2e8465942d2cd7c580d78Lennart Poettering RFC 2931 or GSS-TSIG as described in RFC 3645. TSIG relies on
8b0cc9a36c8f92f010f2e8465942d2cd7c580d78Lennart Poettering a shared secret that should only be known to
8b0cc9a36c8f92f010f2e8465942d2cd7c580d78Lennart Poettering <span><strong class="command">nsupdate</strong></span> and the name server. Currently,
8b0cc9a36c8f92f010f2e8465942d2cd7c580d78Lennart Poettering the only supported encryption algorithm for TSIG is HMAC-MD5,
8b0cc9a36c8f92f010f2e8465942d2cd7c580d78Lennart Poettering which is defined in RFC 2104. Once other algorithms are
8b0cc9a36c8f92f010f2e8465942d2cd7c580d78Lennart Poettering defined for TSIG, applications will need to ensure they select
8b0cc9a36c8f92f010f2e8465942d2cd7c580d78Lennart Poettering the appropriate algorithm as well as the key when authenticating
8b0cc9a36c8f92f010f2e8465942d2cd7c580d78Lennart Poettering each other. For instance, suitable <span class="type">key</span> and
8b0cc9a36c8f92f010f2e8465942d2cd7c580d78Lennart Poettering <span class="type">server</span> statements would be added to
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering <code class="filename">/etc/named.conf</code> so that the name server
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering can associate the appropriate secret key and algorithm with
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering the IP address of the client application that will be using
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering TSIG authentication. SIG(0) uses public key cryptography.
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering To use a SIG(0) key, the public key must be stored in a KEY
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering record in a zone served by the name server.
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering <span><strong class="command">nsupdate</strong></span> does not read
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering <code class="filename">/etc/named.conf</code>.
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering GSS-TSIG uses Kerberos credentials. Standard GSS-TSIG mode
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering is switched on with the <code class="option">-g</code> flag. A
56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering non-standards-compliant variant of GSS-TSIG used by Windows
56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering 2000 can be switched on with the <code class="option">-o</code> flag.
a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen<p><span><strong class="command">nsupdate</strong></span>
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering uses the <code class="option">-y</code> or <code class="option">-k</code> option
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering to provide the shared secret needed to generate a TSIG record
a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen for authenticating Dynamic DNS update requests, default type
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering HMAC-MD5. These options are mutually exclusive.
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering When the <code class="option">-y</code> option is used, a signature is
56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering generated from
56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering [<span class="optional"><em class="parameter"><code>hmac:</code></em></span>]<em class="parameter"><code>keyname:secret.</code></em>
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering <em class="parameter"><code>keyname</code></em> is the name of the key, and
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering <em class="parameter"><code>secret</code></em> is the base64 encoded shared secret.
a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen Use of the <code class="option">-y</code> option is discouraged because the
a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen shared secret is supplied as a command line argument in clear text.
a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen This may be visible in the output from
a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span>
a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen or in a history file maintained by the user's shell.
3d7415f43f0fe6a821d7bc4a341ba371e8a30ef3Lennart Poettering <code class="option">-k</code> option, <span><strong class="command">nsupdate</strong></span> reads
a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen the shared secret from the file <em class="parameter"><code>keyfile</code></em>.
a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen Keyfiles may be in two formats: a single file containing
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering a <code class="filename">named.conf</code>-format <span><strong class="command">key</strong></span>
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering statement, which may be generated automatically by
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering <span><strong class="command">ddns-confgen</strong></span>, or a pair of files whose names are
3d7415f43f0fe6a821d7bc4a341ba371e8a30ef3Lennart Poettering of the format <code class="filename">K{name}.+157.+{random}.key</code> and
a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen <code class="filename">K{name}.+157.+{random}.private</code>, which can be
5b30bef856e89a571df57b7b953e9a1409d9acedLennart Poettering generated by <span><strong class="command">dnssec-keygen</strong></span>.
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering The <code class="option">-k</code> may also be used to specify a SIG(0) key used
a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen to authenticate Dynamic DNS update requests. In this case, the key
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering specified is not an HMAC-MD5 key.
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering <span><strong class="command">nsupdate</strong></span> can be run in a local-host only mode
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering using the <code class="option">-l</code> flag. This sets the server address to
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering localhost (disabling the <span><strong class="command">server</strong></span> so that the server
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering address cannot be overridden). Connections to the local server will
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering use a TSIG key found in <code class="filename">/var/run/named/session.key</code>,
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering which is automatically generated by <span><strong class="command">named</strong></span> if any
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering local master zone has set <span><strong class="command">update-policy</strong></span> to
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering <span><strong class="command">local</strong></span>. The location of this key file can be
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering overridden with the <code class="option">-k</code> option.
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering By default, <span><strong class="command">nsupdate</strong></span>
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering uses UDP to send update requests to the name server unless they are too
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering large to fit in a UDP request in which case TCP will be used.
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering <span><strong class="command">nsupdate</strong></span>
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering use a TCP connection.
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering This may be preferable when a batch of update requests is made.
a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen The <code class="option">-p</code> sets the default port number to use for
a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen connections to a name server. The default is 53.
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering The <code class="option">-t</code> option sets the maximum time an update request
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering take before it is aborted. The default is 300 seconds. Zero can be
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering to disable the timeout.
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering The <code class="option">-u</code> option sets the UDP retry interval. The default
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering 3 seconds. If zero, the interval will be computed from the timeout
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering and number of UDP retries.
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering The <code class="option">-r</code> option sets the number of UDP retries. The
0b63e2789f984e84f40bf6e49f5da15c87298cedLennart Poettering 3. If zero, only one update request will be made.
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering The <code class="option">-R <em class="replaceable"><code>randomdev</code></em></code> option
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering specifies a source of randomness. If the operating system
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering does not provide a <code class="filename">/dev/random</code> or
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering equivalent device, the default source of randomness is keyboard
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering input. <code class="filename">randomdev</code> specifies the name of
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering a character device or file containing random data to be used
10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering instead of the default. The special value
10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering <code class="filename">keyboard</code> indicates that keyboard input
b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering should be used. This option may be specified multiple times.
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering Other types can be entered using "TYPEXXXXX" where "XXXXX" is the
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering decimal value of the type with no leading zeros. The rdata,
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering if present, will be parsed using the UNKNOWN rdata format,
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering (<backslash> <hash> <space> <length>
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering <space> <hexstring>).
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering The <code class="option">-T</code> and <code class="option">-P</code> options print out
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering lists of non-meta types for which the type-specific presentation
c19de71113f956809995fc68817e055e9f61f607Lennart Poettering formats are known. <code class="option">-T</code> prints out the list of
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering IANA-assigned types. <code class="option">-P</code> prints out the list of
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering private types specific to <span><strong class="command">named</strong></span>. These options
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering may be combined. <span><strong class="command">nsupdate</strong></span> will exit after the
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering lists are printed.
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering<a name="id2644356"></a><h2>INPUT FORMAT</h2>
56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering<p><span><strong class="command">nsupdate</strong></span>
56159e0d918e9a9be07988133bb2847779325de0Lennart Poettering reads input from
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering <em class="parameter"><code>filename</code></em>
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering or standard input.
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering Each command is supplied on exactly one line of input.
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering Some commands are for administrative purposes.
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering The others are either update instructions or prerequisite checks on the
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering contents of the zone.
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering These checks set conditions that some name or set of
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering resource records (RRset) either exists or is absent from the zone.
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering These conditions must be met if the entire update request is to succeed.
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering Updates will be rejected if the tests for the prerequisite conditions
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering Every update request consists of zero or more prerequisites
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering and zero or more updates.
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering This allows a suitably authenticated update request to proceed if some
b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering specified resource records are present or missing from the zone.
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering A blank input line (or the <span><strong class="command">send</strong></span> command)
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering accumulated commands to be sent as one Dynamic DNS update request to the
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering The command formats and their meaning are as follows:
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering <span><strong class="command">server</strong></span>
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering Sends all dynamic update requests to the name server
10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering <em class="parameter"><code>servername</code></em>.
10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering When no server statement is provided,
b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering <span><strong class="command">nsupdate</strong></span>
10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering will send updates to the master server of the correct zone.
10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering The MNAME field of that zone's SOA record will identify the
10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering server for that zone.
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering <em class="parameter"><code>port</code></em>
10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering is the port number on
10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering <em class="parameter"><code>servername</code></em>
10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering where the dynamic update requests get sent.
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering If no port number is specified, the default DNS port number of
10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering <span><strong class="command">local</strong></span>
10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering Sends all dynamic update requests using the local
10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering <em class="parameter"><code>address</code></em>.
b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering When no local statement is provided,
b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering <span><strong class="command">nsupdate</strong></span>
b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering will send updates using an address and port chosen by the
b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering <em class="parameter"><code>port</code></em>
b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering can additionally be used to make requests come from a specific
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering If no port number is specified, the system will assign one.
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering <span><strong class="command">zone</strong></span>
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering Specifies that all updates are to be made to the zone
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering <em class="parameter"><code>zonename</code></em>.
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering <em class="parameter"><code>zone</code></em>
b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering statement is provided,
10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering <span><strong class="command">nsupdate</strong></span>
10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering will attempt determine the correct zone to update based on the
10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering rest of the input.
10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering <span><strong class="command">class</strong></span>
10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering Specify the default class.
b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering If no <em class="parameter"><code>class</code></em> is specified, the
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering default class is
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering <em class="parameter"><code>IN</code></em>.
b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering <span><strong class="command">ttl</strong></span>
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering Specify the default time to live for records to be added.
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering The value <em class="parameter"><code>none</code></em> will clear the default
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering <span><strong class="command">key</strong></span>
aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering Specifies that all updates are to be TSIG-signed using the
8b0cc9a36c8f92f010f2e8465942d2cd7c580d78Lennart Poettering <em class="parameter"><code>keyname</code></em> <em class="parameter"><code>keysecret</code></em> pair.
aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering The <span><strong class="command">key</strong></span> command
aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering overrides any key specified on the command line via
aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering <code class="option">-y</code> or <code class="option">-k</code>.
d21ed1ead18d16d35c30299a69d3366847f8a039Lennart Poettering <span><strong class="command">gsstsig</strong></span>
aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering Use GSS-TSIG to sign the updated. This is equivalent to
aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering specifying <code class="option">-g</code> on the commandline.
a7893c6b28772edbc7e1fea3c209caa54d465648Lennart Poettering <span><strong class="command">oldgsstsig</strong></span>
aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering Use the Windows 2000 version of GSS-TSIG to sign the updated.
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering This is equivalent to specifying <code class="option">-o</code> on the
a7893c6b28772edbc7e1fea3c209caa54d465648Lennart Poettering <span><strong class="command">realm</strong></span>
aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering {[<span class="optional">realm_name</span>]}
aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering When using GSS-TSIG use <em class="parameter"><code>realm_name</code></em> rather
aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering than the default realm in <code class="filename">krb5.conf</code>. If no
a7893c6b28772edbc7e1fea3c209caa54d465648Lennart Poettering realm is specified the saved realm is cleared.
aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering <span><strong class="command">[<span class="optional">prereq</span>] nxdomain</strong></span>
9d12709626bccc0cae677a7035f62efe6aabb4abLennart Poettering Requires that no resource record of any type exists with name
9d12709626bccc0cae677a7035f62efe6aabb4abLennart Poettering <em class="parameter"><code>domain-name</code></em>.
aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering <span><strong class="command">[<span class="optional">prereq</span>] yxdomain</strong></span>
8b0cc9a36c8f92f010f2e8465942d2cd7c580d78Lennart Poettering <em class="parameter"><code>domain-name</code></em>
aa1936ea1a89c2bb968ba33e3274898a4eeae771Lennart Poettering exists (has as at least one resource record, of any type).
f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering <span><strong class="command">[<span class="optional">prereq</span>] nxrrset</strong></span>
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering Requires that no resource record exists of the specified
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering <em class="parameter"><code>type</code></em>,
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering <em class="parameter"><code>class</code></em>
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering <em class="parameter"><code>domain-name</code></em>.
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering <em class="parameter"><code>class</code></em>
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering is omitted, IN (internet) is assumed.
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering <span><strong class="command">[<span class="optional">prereq</span>] yxrrset</strong></span>
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering This requires that a resource record of the specified
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering <em class="parameter"><code>type</code></em>,
0dd25fb9f005d8ab7ac4bc10a609d00569f8c56aLennart Poettering <em class="parameter"><code>class</code></em>
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering <em class="parameter"><code>domain-name</code></em>
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering <em class="parameter"><code>class</code></em>
0dd25fb9f005d8ab7ac4bc10a609d00569f8c56aLennart Poettering is omitted, IN (internet) is assumed.
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering <span><strong class="command">[<span class="optional">prereq</span>] yxrrset</strong></span>
f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering <em class="parameter"><code>data</code></em>
f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering from each set of prerequisites of this form
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering sharing a common
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering <em class="parameter"><code>type</code></em>,
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering <em class="parameter"><code>class</code></em>,
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering <em class="parameter"><code>domain-name</code></em>
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering are combined to form a set of RRs. This set of RRs must
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering exactly match the set of RRs existing in the zone at the
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering <em class="parameter"><code>type</code></em>,
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering <em class="parameter"><code>class</code></em>,
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering <em class="parameter"><code>domain-name</code></em>.
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering <em class="parameter"><code>data</code></em>
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering are written in the standard text representation of the resource
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering <span><strong class="command">[<span class="optional">update</span>] del[<span class="optional">ete</span>]</strong></span>
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering [type [data...]]
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering Deletes any resource records named
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering <em class="parameter"><code>domain-name</code></em>.
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering <em class="parameter"><code>type</code></em>
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering <em class="parameter"><code>data</code></em>
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering is provided, only matching resource records will be removed.
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering The internet class is assumed if
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering <em class="parameter"><code>class</code></em>
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering is not supplied. The
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering <em class="parameter"><code>ttl</code></em>
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering is ignored, and is only allowed for compatibility.
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering <span><strong class="command">[<span class="optional">update</span>] add</strong></span>
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering Adds a new resource record with the specified
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering <em class="parameter"><code>ttl</code></em>,
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering <em class="parameter"><code>class</code></em>
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering <em class="parameter"><code>data</code></em>.
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering <span><strong class="command">show</strong></span>
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering Displays the current message, containing all of the
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering prerequisites and
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering updates specified since the last send.
9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers <span><strong class="command">send</strong></span>
9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers Sends the current message. This is equivalent to entering a
f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering <span><strong class="command">answer</strong></span>
a1da85830bfaa77b9eb9c54693e5573559c97e50Tom Gundersen Displays the answer.
f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering <span><strong class="command">debug</strong></span>
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering Turn on debugging.
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering Lines beginning with a semicolon are comments and are ignored.
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering The examples below show how
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering <span><strong class="command">nsupdate</strong></span>
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering could be used to insert and delete resource records from the
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering Notice that the input in each example contains a trailing blank line so
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering a group of commands are sent as one dynamic update request to the
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering master name server for
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering> update delete oldhost.example.com A
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering> update add newhost.example.com 86400 A 172.16.1.1
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering Any A records for
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering <span class="type">oldhost.example.com</span>
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering And an A record for
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering <span class="type">newhost.example.com</span>
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering with IP address 172.16.1.1 is added.
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering The newly-added record has a 1 day TTL (86400 seconds).
f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering> prereq nxdomain nickname.example.com
f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering> update add nickname.example.com 86400 CNAME somehost.example.com
f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering The prerequisite condition gets the name server to check that there
f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering are no resource records of any type for
f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering <span class="type">nickname.example.com</span>.
f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering If there are, the update request fails.
f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering If this name does not exist, a CNAME for it is added.
f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering This ensures that when the CNAME is added, it cannot conflict with the
f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering long-standing rule in RFC 1034 that a name must not exist as any other
f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering record type if it exists as a CNAME.
f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering (The rule has been updated for DNSSEC in RFC 2535 to allow CNAMEs to have
f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering RRSIG, DNSKEY and NSEC records.)
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering used to identify default name server
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering<dt><span class="term"><code class="constant">/var/run/named/session.key</code></span></dt>
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering sets the default TSIG key for use in local-only mode
8b0cc9a36c8f92f010f2e8465942d2cd7c580d78Lennart Poettering<dt><span class="term"><code class="constant">K{name}.+157.+{random}.key</code></span></dt>
8b0cc9a36c8f92f010f2e8465942d2cd7c580d78Lennart Poettering base-64 encoding of HMAC-MD5 key created by
8b0cc9a36c8f92f010f2e8465942d2cd7c580d78Lennart Poettering <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
8b0cc9a36c8f92f010f2e8465942d2cd7c580d78Lennart Poettering<dt><span class="term"><code class="constant">K{name}.+157.+{random}.private</code></span></dt>
8b0cc9a36c8f92f010f2e8465942d2cd7c580d78Lennart Poettering base-64 encoding of HMAC-MD5 key created by
8b0cc9a36c8f92f010f2e8465942d2cd7c580d78Lennart Poettering <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering <span class="citerefentry"><span class="refentrytitle">ddns-confgen</span>(8)</span>,
f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
e7e9b6bb0b0bc5b1eb256a44f8afec6b634f26efZbigniew Jędrzejewski-Szmek The TSIG key is redundantly stored in two separate files.
f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering This is a consequence of nsupdate using the DST library
f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering for its cryptographic operations, and may change in future
f48e75cb9a8112d35855c44a156934f2ee0edb2eLennart Poettering<table width="100%" summary="Navigation footer">
9f6eb1cd58f2ddf2eb6ba0e4de056e13d938af75Kay Sievers<a accesskey="p" href="man.named-journalprint.html">Prev</a>�</td>
8b0cc9a36c8f92f010f2e8465942d2cd7c580d78Lennart Poettering<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
8b0cc9a36c8f92f010f2e8465942d2cd7c580d78Lennart Poettering<td width="40%" align="right">�<a accesskey="n" href="man.rndc.html">Next</a>
8b0cc9a36c8f92f010f2e8465942d2cd7c580d78Lennart Poettering<td width="40%" align="left" valign="top">
8b0cc9a36c8f92f010f2e8465942d2cd7c580d78Lennart Poettering<span class="application">named-journalprint</span>�</td>
8b0cc9a36c8f92f010f2e8465942d2cd7c580d78Lennart Poettering<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
8b0cc9a36c8f92f010f2e8465942d2cd7c580d78Lennart Poettering<td width="40%" align="right" valign="top">�<span class="application">rndc</span>