man.nsupdate.html revision e4a70b8fdfc5d2db2d992d884327a1e1fec67a07
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - Copyright (C) 2000-2003 Internet Software Consortium.
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - Permission to use, copy, modify, and/or distribute this software for any
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User - purpose with or without fee is hereby granted, provided that the above
8c225507766814e78e168b17a24b8a47ca7f8c37Tinderbox User - copyright notice and this permission notice appear in all copies.
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User - PERFORMANCE OF THIS SOFTWARE.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User<link rel="prev" href="man.named-rrchecker.html" title="named-rrchecker">
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User<link rel="next" href="man.rndc.html" title="rndc">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<table width="100%" summary="Navigation header">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<tr><th colspan="3" align="center"><span class="application">nsupdate</span></th></tr>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<a accesskey="p" href="man.named-rrchecker.html">Prev</a>�</td>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<td width="20%" align="right">�<a accesskey="n" href="man.rndc.html">Next</a>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<a name="man.nsupdate"></a><div class="titlepage"></div>
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User<p><span class="application">nsupdate</span> — Dynamic DNS update utility</p>
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-l</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [<code class="option">-T</code>] [<code class="option">-P</code>] [<code class="option">-V</code>] [filename]</p></div>
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User<p><span><strong class="command">nsupdate</strong></span>
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User is used to submit Dynamic DNS Update requests as defined in RFC 2136
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User to a name server.
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User This allows resource records to be added or removed from a zone
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User without manually editing the zone file.
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User A single update request can contain requests to add or remove more than
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User resource record.
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User Zones that are under dynamic control via
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User <span><strong class="command">nsupdate</strong></span>
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User or a DHCP server should not be edited by hand.
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User Manual edits could
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User conflict with dynamic updates and cause data to be lost.
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User The resource records that are dynamically added or removed with
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User <span><strong class="command">nsupdate</strong></span>
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User have to be in the same zone.
33c9436ef1a43d3c0fc3d9be9b4b0509daa83223Tinderbox User Requests are sent to the zone's master server.
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User This is identified by the MNAME field of the zone's SOA record.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <span><strong class="command">nsupdate</strong></span>
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User operate in debug mode.
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User This provides tracing information about the update requests that are
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User made and the replies received from the name server.
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User The <code class="option">-D</code> option makes <span><strong class="command">nsupdate</strong></span>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User report additional debugging information to <code class="option">-d</code>.
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User The <code class="option">-L</code> option with an integer argument of zero or
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User higher sets the logging debug level. If zero, logging is disabled.
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User Transaction signatures can be used to authenticate the Dynamic
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User DNS updates. These use the TSIG resource record type described
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User in RFC 2845 or the SIG(0) record described in RFC 2535 and
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User RFC 2931 or GSS-TSIG as described in RFC 3645. TSIG relies on
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User a shared secret that should only be known to
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <span><strong class="command">nsupdate</strong></span> and the name server. Currently,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User the only supported encryption algorithm for TSIG is HMAC-MD5,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User which is defined in RFC 2104. Once other algorithms are
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User defined for TSIG, applications will need to ensure they select
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt the appropriate algorithm as well as the key when authenticating
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User each other. For instance, suitable <span class="type">key</span> and
550d3276d0490c4918f089ccb1528a3eb0951b0aTinderbox User <span class="type">server</span> statements would be added to
550d3276d0490c4918f089ccb1528a3eb0951b0aTinderbox User <code class="filename">/etc/named.conf</code> so that the name server
550d3276d0490c4918f089ccb1528a3eb0951b0aTinderbox User can associate the appropriate secret key and algorithm with
550d3276d0490c4918f089ccb1528a3eb0951b0aTinderbox User the IP address of the client application that will be using
550d3276d0490c4918f089ccb1528a3eb0951b0aTinderbox User TSIG authentication. SIG(0) uses public key cryptography.
550d3276d0490c4918f089ccb1528a3eb0951b0aTinderbox User To use a SIG(0) key, the public key must be stored in a KEY
550d3276d0490c4918f089ccb1528a3eb0951b0aTinderbox User record in a zone served by the name server.
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User <span><strong class="command">nsupdate</strong></span> does not read
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <code class="filename">/etc/named.conf</code>.
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User GSS-TSIG uses Kerberos credentials. Standard GSS-TSIG mode
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User is switched on with the <code class="option">-g</code> flag. A
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User non-standards-compliant variant of GSS-TSIG used by Windows
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User 2000 can be switched on with the <code class="option">-o</code> flag.
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User<p><span><strong class="command">nsupdate</strong></span>
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User uses the <code class="option">-y</code> or <code class="option">-k</code> option
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User to provide the shared secret needed to generate a TSIG record
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User for authenticating Dynamic DNS update requests, default type
51da15c88648a9e47d0cddff4b2b782665e99401Tinderbox User HMAC-MD5. These options are mutually exclusive.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User When the <code class="option">-y</code> option is used, a signature is
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User generated from
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User [<span class="optional"><em class="parameter"><code>hmac:</code></em></span>]<em class="parameter"><code>keyname:secret.</code></em>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <em class="parameter"><code>keyname</code></em> is the name of the key, and
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <em class="parameter"><code>secret</code></em> is the base64 encoded shared secret.
abe69df9a7de5cda07a2b8e19e8b7c981bcd7a9dTinderbox User Use of the <code class="option">-y</code> option is discouraged because the
abe69df9a7de5cda07a2b8e19e8b7c981bcd7a9dTinderbox User shared secret is supplied as a command line argument in clear text.
abe69df9a7de5cda07a2b8e19e8b7c981bcd7a9dTinderbox User This may be visible in the output from
abe69df9a7de5cda07a2b8e19e8b7c981bcd7a9dTinderbox User <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span>
abe69df9a7de5cda07a2b8e19e8b7c981bcd7a9dTinderbox User or in a history file maintained by the user's shell.
abe69df9a7de5cda07a2b8e19e8b7c981bcd7a9dTinderbox User <code class="option">-k</code> option, <span><strong class="command">nsupdate</strong></span> reads
abe69df9a7de5cda07a2b8e19e8b7c981bcd7a9dTinderbox User the shared secret from the file <em class="parameter"><code>keyfile</code></em>.
abe69df9a7de5cda07a2b8e19e8b7c981bcd7a9dTinderbox User Keyfiles may be in two formats: a single file containing
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User a <code class="filename">named.conf</code>-format <span><strong class="command">key</strong></span>
164ade1482251e1da962b42e5bf0d3aa02a11e03Tinderbox User statement, which may be generated automatically by
164ade1482251e1da962b42e5bf0d3aa02a11e03Tinderbox User <span><strong class="command">ddns-confgen</strong></span>, or a pair of files whose names are
164ade1482251e1da962b42e5bf0d3aa02a11e03Tinderbox User of the format <code class="filename">K{name}.+157.+{random}.key</code> and
164ade1482251e1da962b42e5bf0d3aa02a11e03Tinderbox User <code class="filename">K{name}.+157.+{random}.private</code>, which can be
164ade1482251e1da962b42e5bf0d3aa02a11e03Tinderbox User generated by <span><strong class="command">dnssec-keygen</strong></span>.
164ade1482251e1da962b42e5bf0d3aa02a11e03Tinderbox User The <code class="option">-k</code> may also be used to specify a SIG(0) key used
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User to authenticate Dynamic DNS update requests. In this case, the key
abe69df9a7de5cda07a2b8e19e8b7c981bcd7a9dTinderbox User specified is not an HMAC-MD5 key.
c48fdfda7a8ae8973aadfeb88cbeaab013024a6cTinderbox User <span><strong class="command">nsupdate</strong></span> can be run in a local-host only mode
c48fdfda7a8ae8973aadfeb88cbeaab013024a6cTinderbox User using the <code class="option">-l</code> flag. This sets the server address to
c48fdfda7a8ae8973aadfeb88cbeaab013024a6cTinderbox User localhost (disabling the <span><strong class="command">server</strong></span> so that the server
c48fdfda7a8ae8973aadfeb88cbeaab013024a6cTinderbox User address cannot be overridden). Connections to the local server will
abe69df9a7de5cda07a2b8e19e8b7c981bcd7a9dTinderbox User use a TSIG key found in <code class="filename">/var/run/named/session.key</code>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User which is automatically generated by <span><strong class="command">named</strong></span> if any
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User local master zone has set <span><strong class="command">update-policy</strong></span> to
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <span><strong class="command">local</strong></span>. The location of this key file can be
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt overridden with the <code class="option">-k</code> option.
421ba11f3f07cbcb12c288ef7f4e7bad13fcc28fTinderbox User By default, <span><strong class="command">nsupdate</strong></span>
421ba11f3f07cbcb12c288ef7f4e7bad13fcc28fTinderbox User uses UDP to send update requests to the name server unless they are too
421ba11f3f07cbcb12c288ef7f4e7bad13fcc28fTinderbox User large to fit in a UDP request in which case TCP will be used.
99b30e26a6beb9092557cc9e5370b517309bff6eTinderbox User <span><strong class="command">nsupdate</strong></span>
ffe29868b4bbc64953fc5d0de51f988c20158967Tinderbox User use a TCP connection.
3b15473cedf41d48904f5b07bdc5e87afff6b58cTinderbox User This may be preferable when a batch of update requests is made.
3b15473cedf41d48904f5b07bdc5e87afff6b58cTinderbox User The <code class="option">-p</code> sets the default port number to use for
3b15473cedf41d48904f5b07bdc5e87afff6b58cTinderbox User connections to a name server. The default is 53.
99b30e26a6beb9092557cc9e5370b517309bff6eTinderbox User The <code class="option">-t</code> option sets the maximum time an update request
99b30e26a6beb9092557cc9e5370b517309bff6eTinderbox User take before it is aborted. The default is 300 seconds. Zero can be
99b30e26a6beb9092557cc9e5370b517309bff6eTinderbox User to disable the timeout.
99b30e26a6beb9092557cc9e5370b517309bff6eTinderbox User The <code class="option">-u</code> option sets the UDP retry interval. The default
c48fdfda7a8ae8973aadfeb88cbeaab013024a6cTinderbox User 3 seconds. If zero, the interval will be computed from the timeout
c48fdfda7a8ae8973aadfeb88cbeaab013024a6cTinderbox User and number of UDP retries.
99b30e26a6beb9092557cc9e5370b517309bff6eTinderbox User The <code class="option">-r</code> option sets the number of UDP retries. The
ffe29868b4bbc64953fc5d0de51f988c20158967Tinderbox User 3. If zero, only one update request will be made.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The <code class="option">-R <em class="replaceable"><code>randomdev</code></em></code> option
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User specifies a source of randomness. If the operating system
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt does not provide a <code class="filename">/dev/random</code> or
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt equivalent device, the default source of randomness is keyboard
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User input. <code class="filename">randomdev</code> specifies the name of
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt a character device or file containing random data to be used
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User instead of the default. The special value
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <code class="filename">keyboard</code> indicates that keyboard input
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt should be used. This option may be specified multiple times.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Other types can be entered using "TYPEXXXXX" where "XXXXX" is the
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt decimal value of the type with no leading zeros. The rdata,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt if present, will be parsed using the UNKNOWN rdata format,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt (<backslash> <hash> <space> <length>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <space> <hexstring>).
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The <code class="option">-T</code> and <code class="option">-P</code> options print out
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User lists of non-meta types for which the type-specific presentation
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User formats are known. <code class="option">-T</code> prints out the list of
<em class="parameter"><code>keyname</code></em> <em class="parameter"><code>keysecret</code></em> pair.
<span><strong class="command">[<span class="optional">update</span>] del[<span class="optional">ete</span>]</strong></span>
> update delete oldhost.example.com A
> update add newhost.example.com 86400 A 172.16.1.1
> prereq nxdomain nickname.example.com