Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
Let The Music Play: Join EFF Today

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
Copyright Info
Terms of Use
Privacy Info
Masthead / Impressum
Your Account

Private Messages

News Archive
Submit News
User Articles
Web Links


The Web

Who's Online
There are currently, 63 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here




       nsupdate  [ -d ]  [  [ -y keyname:secret ]  [ -k keyfile ]
       ]  [ -v ]  [ filename ]


       nsupdate is used to submit Dynamic DNS Update requests  as
       defined in RFC2136 to a name server.  This allows resource
       records to be added or removed from a zone  without  manu­
       ally  editing  the zone file.  A single update request can
       contain requests to add or remove more than  one  resource

       Zones  that  are  under  dynamic control via nsupdate or a
       DHCP server should not be edited by  hand.   Manual  edits
       could  conflict  with dynamic updates and cause data to be

       The resource records that are dynamically added or removed
       with  nsupdate  have to be in the same zone.  Requests are
       sent to the zone's master server.  This is  identified  by
       the MNAME field of the zone's SOA record.

       The  -d option makes nsupdate operate in debug mode.  This
       provides tracing information  about  the  update  requests
       that  are  made  and  the  replies  received from the name

       Transaction signatures can be  used  to  authenticate  the
       Dynamic  DNS  updates.  These use the TSIG resource record
       type described in  RFC2845.   The  signatures  rely  on  a
       shared  secret  that  should only be known to nsupdate and
       the name server.  Currently, the only supported encryption
       algorithm  for  TSIG  is HMAC-MD5, which is defined in RFC
       2104.  Once other algorithms are defined for TSIG,  appli­
       cations  will  need  to ensure they select the appropriate
       algorithm as well as  the  key  when  authenticating  each
       other.   For  instance  suitable key and server statements
       would be added to /etc/named.conf so that the name  server
       can  associate  the  appropriate  secret key and algorithm
       with the IP address of the client application that will be
       using   TSIG   authentication.   nsupdate  does  not  read

       nsupdate uses the -y or -k option to  provide  the  shared
       secret needed to generate a TSIG record for authenticating
       Dynamic DNS update requests.  These options  are  mutually
       exclusive.   With the -k option, nsupdate reads the shared
       secret from the file keyfile, whose name is  of  the  form
       K{name}.+157.+{random}.private.   For  historical reasons,
       the file K{name}.+157.+{random}.key must also be  present.
       When  the -y option is used, a signature is generated from
       keyname:secret.  keyname is  the  name  of  the  key,  and
       Some commands are for administrative purposes.  The others
       are  either  update instructions or prerequisite checks on
       the contents of the zone.   These  checks  set  conditions
       that  some  name or set of resource records (RRset) either
       exists or is absent from the zone.  These conditions  must
       be  met  if  the  entire  update  request  is  to succeed.
       Updates will be rejected if the tests for the prerequisite
       conditions fail.

       Every  update  request  consists of zero or more prerequi­
       sites and zero or more updates.  This  allows  a  suitably
       authenticated  update request to proceed if some specified
       resource records are present or missing from the zone.   A
       blank  input line (or the send command) causes the accumu­
       lated commands to  be  sent  as  one  Dynamic  DNS  update
       request to the name server.

       The command formats and their meaning are as follows:

       server servername [ port ]
              Sends  all  dynamic  update  requests  to  the name
              server servername.  When  no  server  statement  is
              provided,  nsupdate will send updates to the master
              server of the correct zone.   The  MNAME  field  of
              that  zone's  SOA  record  will identify the master
              server for that zone.  port is the port  number  on
              servername  where  the  dynamic update requests get
              sent.  If no port number is specified, the  default
              DNS port number of 53 is used.

       local address [ port ]
              Sends  all  dynamic update requests using the local
              address.  When  no  local  statement  is  provided,
              nsupdate  will  send  updates  using an address and
              port choosen by the system.  port can  additionally
              be used to make requests come from a specific port.
              If no port number is  specified,  the  system  will
              assign one.

       zone zonename
              Specifies  that  all  updates are to be made to the
              zone zonename.  If no zone statement  is  provided,
              nsupdate will attempt determine the correct zone to
              update based on the rest of the input.

       key name secret
              Specifies that all updates are to  be  TSIG  signed
              using  the keyname keysecret pair.  The key command
              overrides any key specified on the command line via
              -y or -k.

       prereq nxdomain domain-name
              fied type, class and domain-name  must  exist.   If
              class is omitted, IN (internet) is assumed.

       prereq yxrrset domain-name [ class ]  type data...
              The  data  from  each  set of prerequisites of this
              form sharing a common type, class, and  domain-name
              are  combined to form a set of RRs. This set of RRs
              must exactly match the set of RRs existing  in  the
              zone  at  the  given  type, class, and domain-name.
              The data are written in the standard text represen­
              tation of the resource record's RDATA.

       update  delete  domain-name  [ ttl ]  [ class ]  [ type  [
       data... ]  ]
              Deletes any resource records named domain-name.  If
              type and data is provided, only  matching  resource
              records  will  be  removed.   The internet class is
              assumed if  class  is  not  supplied.  The  ttl  is
              ignored, and is only allowed for compatibility.

       update add domain-name ttl [ class ]  type data...
              Adds  a new resource record with the specified ttl,
              class and data.

       show   Displays the current message, containing all of the
              prerequisites  and updates specified since the last

       send   Sends the current message. This  is  equivalent  to
              entering a blank line.

       Lines  beginning  with  a  semicolon are comments, and are


       The examples below show how  nsupdate  could  be  used  to
       insert  and  delete  resource records from the example.com
       zone.  Notice that the input in each  example  contains  a
       trailing  blank  line so that a group of commands are sent
       as one dynamic update request to the  master  name  server
       for example.com.

       # nsupdate
       > update delete oldhost.example.com A
       > update add newhost.example.com 86400 A

       Any A records for oldhost.example.com are deleted.  and an
       A record for newhost.example.com it IP address
       is  added.   The newly-added record has a 1 day TTL (86400
       CNAME.   (The  rule has been updated for DNSSEC in RFC2535
       to allow CNAMEs to have SIG, KEY and NXT records.)


              used to identify default name server

              base-64 encoding of HMAC-MD5 key created by dnssec-

              base-64 encoding of HMAC-MD5 key created by dnssec-


       RFC2136,  RFC3007,  RFC2104,  RFC2845,  RFC1034,  RFC2535,
       named(8), dnssec-keygen(8).


       The  TSIG key is redundantly stored in two separate files.
       This is a consequence of nsupdate using  the  DST  library
       for its cryptographic operations, and may change in future

BIND9                      Jun 30, 2000               NSUPDATE(8)

The Linux Tutorial is always looking for new contributors.



Security Code
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!

Amazon Wish List

Did You Know?
You can get all the latest Site and Linux news by checking out our news page.


Tell a Friend About Us

Bookmark and Share

Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.15 Seconds