The nsupdate program can be used to update Internet domain name servers that support dynamic update. nsupdate uses the DNS resolver library to pass messages to the DNS server requesting the addition or deletion of DNS resource records (RR's). nsupdate reads input from filename or from standard input.
nsupdate supports the following options:
Sign updates with Secret Key Transaction Authentication for DNS (TSIG).
Virtual circuit. Make use of TCP to communicate with the server. The default is UDP.
nsupdate reads input records, one per line. Each line contributes a resource record to an update request. All domain names used in a single update request must belong to the same DNS zone. Updates are sent ot the master server as defined in the SOA MNAME field. A blank line causes the accumulated records to be formatted into a single update request and transmitted to the zone's authoritative name servers. Additional records may follow, which are formed into additional, but completely independent, update requests. End the input with a blank line in order to transmit the last request.
Records take one of two general forms. Prerequisite records specify conditions that must be satisfied before the request will be processed. Update records specify changes to be made to the DNS database. An update request consists of zero or more prerequisites and one or more updates. Each update request is processed atomically. All prerequisites must be satisfied, then all updates will be performed.
nsupdate understands the following input record formats:
prereq nxdomain domain-name
This format requires that no RR of any type exist with name domain-name.
prereq yxdomain domain-name
This format requires that at least one RR names domain-name must exist.
prereq nxrrset domain-name [class] type
This format requires that no RR exist of the specified type and domain-name.
prereq yxrrset domain-name [class] type [data ...]
This format requires that an RR exist of the specified type and domain-name. If data is specified, it must match exactly.
update delete domain-name [class] [type [data ...]]
This format deletes RR's names domain-name. If type (and possibly data) are specified, only matching records will be deleted.
update add domain-name ttl [class] type data ...
This format adds a new RR of specified ttl, type and data.
The following example shows the interactive use of nsupdate to change an IP address. It deletes any existing A records for a domain name and then inserts a new address. Since no prerequisites are specified, the new record will be added even if there are no existing records to delete. A trailing blank line is required to process the request.
example$ nsupdate >update delete test.example.com A >update add test.example.com 3600 A 10.1.1.1 >
example$ nsupdate >prereq nxrrset www.example.com A >prereq nxrrset www.example.com CNAME >update add www.example.com 3600 CNAME test.test.com >
In the following example, nsupdate is signed with the key mykey, which is located in the directory /var/named/keys.
example$ nsupdate -k /var/named/keys:mykey >update add ftp.example.com 60 A 192.168.5.1 >
See attributes(5) for descriptions of the following attributes:
Standard BIND 8.2.4
Mockapetris, P. RFC 1034, Domain Names - Concepts and Facilities. Network Working Group. November 1987.
Mockapetris, P. RFC 1035, Domain Names - Implementation and Specification. Network Working Group. November 1987.
Vixie, P., editor, Thomson, S., Rekhter, Y. Bound, J. RFC 2136, Dynamic Updates in the Domain Name System (DNS). Network Working Group. April 1997.
Qq send error
This message typically indicates that authoritative name servers could not be reached.
Qq failed update packet
This message typically indicates that the name server has rejected the update. Either the name server does not support dynamic update, or there was an authentication failure.
Qq res_mkupdate: packet size = size
If this is the only message sent, it indicates that the update was received and authenticated by the name server. However, the prerequisites may have prevented the update from being performed. Use debug mode (the -d option) to examine the status field in the name server's reply and determine if the update was performed.