The nsupdate program can be used to update Internet domain name servers that support dynamic update. nsupdate uses the DNS resolver library to pass messages to the DNS server requesting the addition or deletion of DNS resource records (RR's). nsupdate reads input from filename or from standard input.

nsupdate supports the following options:

-d

Debug mode.

-k

Sign updates with Secret Key Transaction Authentication for DNS (TSIG).

-v

Virtual circuit. Make use of TCP to communicate with the server. The default is UDP.

nsupdate reads input records, one per line. Each line contributes a resource record to an update request. All domain names used in a single update request must belong to the same DNS zone. Updates are sent ot the master server as defined in the SOA MNAME field. A blank line causes the accumulated records to be formatted into a single update request and transmitted to the zone's authoritative name servers. Additional records may follow, which are formed into additional, but completely independent, update requests. End the input with a blank line in order to transmit the last request.

Records take one of two general forms. Prerequisite records specify conditions that must be satisfied before the request will be processed. Update records specify changes to be made to the DNS database. An update request consists of zero or more prerequisites and one or more updates. Each update request is processed atomically. All prerequisites must be satisfied, then all updates will be performed.

nsupdate understands the following input record formats:

prereq nxdomain domain-name

This format requires that no RR of any type exist with name domain-name.

prereq yxdomain domain-name

This format requires that at least one RR names domain-name must exist.

prereq nxrrset domain-name [class] type

This format requires that no RR exist of the specified type and domain-name.

prereq yxrrset domain-name [class] type [data ...]

This format requires that an RR exist of the specified type and domain-name. If data is specified, it must match exactly.

update delete domain-name [class] [type [data ...]]

This format deletes RR's names domain-name. If type (and possibly data) are specified, only matching records will be deleted.

update add domain-name ttl [class] type data ...

This format adds a new RR of specified ttl, type and data.

/etc/resolv.conf

Initial domain name and name server addresses.

See attributes(5) for descriptions of the following attributes:

in.named(1M),resolver(3RESOLV), resolv.conf(4), attributes(5)

Mockapetris, P. RFC 1034, Domain Names - Concepts and Facilities. Network Working Group. November 1987.

Mockapetris, P. RFC 1035, Domain Names - Implementation and Specification. Network Working Group. November 1987.

Vixie, P., editor, Thomson, S., Rekhter, Y. Bound, J. RFC 2136, Dynamic Updates in the Domain Name System (DNS). Network Working Group. April 1997.

Qq send error

This message typically indicates that authoritative name servers could not be reached.

Qq failed update packet

This message typically indicates that the name server has rejected the update. Either the name server does not support dynamic update, or there was an authentication failure.

Qq res_mkupdate: packet size = size

If this is the only message sent, it indicates that the update was received and authenticated by the name server. However, the prerequisites may have prevented the update from being performed. Use debug mode (the -d option) to examine the status field in the name server's reply and determine if the update was performed.