diff options
Diffstat (limited to 'contrib/bind9/bin/nsupdate/nsupdate.1')
| -rw-r--r-- | contrib/bind9/bin/nsupdate/nsupdate.1 | 51 |
1 files changed, 44 insertions, 7 deletions
diff --git a/contrib/bind9/bin/nsupdate/nsupdate.1 b/contrib/bind9/bin/nsupdate/nsupdate.1 index 454f50560f20..b0688a3ac263 100644 --- a/contrib/bind9/bin/nsupdate/nsupdate.1 +++ b/contrib/bind9/bin/nsupdate/nsupdate.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: nsupdate.1,v 1.1.4.2 2008/09/01 02:29:00 tbox Exp $ +.\" $Id: nsupdate.1,v 1.3.48.2 2009/03/10 01:54:11 tbox Exp $ .\" .hy 0 .ad l @@ -33,7 +33,7 @@ nsupdate \- Dynamic DNS update utility .SH "SYNOPSIS" .HP 9 -\fBnsupdate\fR [\fB\-d\fR] [[\fB\-y\ \fR\fB\fI[hmac:]\fR\fIkeyname:secret\fR\fR] | [\fB\-k\ \fR\fB\fIkeyfile\fR\fR]] [\fB\-t\ \fR\fB\fItimeout\fR\fR] [\fB\-u\ \fR\fB\fIudptimeout\fR\fR] [\fB\-r\ \fR\fB\fIudpretries\fR\fR] [\fB\-v\fR] [filename] +\fBnsupdate\fR [\fB\-d\fR] [\fB\-D\fR] [[\fB\-g\fR] | [\fB\-o\fR] | [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIkeyname:secret\fR\fR] | [\fB\-k\ \fR\fB\fIkeyfile\fR\fR]] [\fB\-t\ \fR\fB\fItimeout\fR\fR] [\fB\-u\ \fR\fB\fIudptimeout\fR\fR] [\fB\-r\ \fR\fB\fIudpretries\fR\fR] [\fB\-R\ \fR\fB\fIrandomdev\fR\fR] [\fB\-v\fR] [filename] .SH "DESCRIPTION" .PP \fBnsupdate\fR @@ -53,7 +53,14 @@ option makes \fBnsupdate\fR operate in debug mode. This provides tracing information about the update requests that are made and the replies received from the name server. .PP -Transaction signatures can be used to authenticate the Dynamic DNS updates. These use the TSIG resource record type described in RFC2845 or the SIG(0) record described in RFC3535 and RFC2931. TSIG relies on a shared secret that should only be known to +The +\fB\-D\fR +option makes +\fBnsupdate\fR +report additional debugging information to +\fB\-d\fR. +.PP +Transaction signatures can be used to authenticate the Dynamic DNS updates. These use the TSIG resource record type described in RFC2845 or the SIG(0) record described in RFC3535 and RFC2931 or GSS\-TSIG as described in RFC3645. TSIG relies on a shared secret that should only be known to \fBnsupdate\fR and the name server. Currently, the only supported encryption algorithm for TSIG is HMAC\-MD5, which is defined in RFC 2104. Once other algorithms are defined for TSIG, applications will need to ensure they select the appropriate algorithm as well as the key when authenticating each other. For instance, suitable \fBkey\fR @@ -64,7 +71,7 @@ statements would be added to so that the name server can associate the appropriate secret key and algorithm with the IP address of the client application that will be using TSIG authentication. SIG(0) uses public key cryptography. To use a SIG(0) key, the public key must be stored in a KEY record in a zone served by the name server. \fBnsupdate\fR does not read -\fI/etc/named.conf\fR. +\fI/etc/named.conf\fR. GSS\-TSIG uses Kerberos credentials. .PP \fBnsupdate\fR uses the @@ -96,7 +103,15 @@ The \fB\-k\fR may also be used to specify a SIG(0) key used to authenticate Dynamic DNS update requests. In this case, the key specified is not an HMAC\-MD5 key. .PP -By default +The +\fB\-g\fR +and +\fB\-o\fR +specify that GSS\-TSIG is to be used. The +\fB\-o\fR +should only be used with old Microsoft Windows 2000 servers. +.PP +By default, \fBnsupdate\fR uses UDP to send update requests to the name server unless they are too large to fit in a UDP request in which case TCP will be used. The \fB\-v\fR @@ -115,6 +130,16 @@ option sets the UDP retry interval. The default is 3 seconds. If zero, the inter The \fB\-r\fR option sets the number of UDP retries. The default is 3. If zero, only one update request will be made. +.PP +The +\fB\-R \fR\fB\fIrandomdev\fR\fR +option specifies a source of randomness. If the operating system does not provide a +\fI/dev/random\fR +or equivalent device, the default source of randomness is keyboard input. +\fIrandomdev\fR +specifies the name of a character device or file containing random data to be used instead of the default. The special value +\fIkeyboard\fR +indicates that keyboard input should be used. This option may be specified multiple times. .SH "INPUT FORMAT" .PP \fBnsupdate\fR @@ -168,6 +193,13 @@ is specified, the default class is \fIIN\fR. .RE .PP +\fBttl\fR {seconds} +.RS 4 +Specify the default time to live for records to be added. The value +\fInone\fR +will clear the default ttl. +.RE +.PP \fBkey\fR {name} {secret} .RS 4 Specifies that all updates are to be TSIG\-signed using the @@ -271,6 +303,11 @@ Sends the current message. This is equivalent to entering a blank line. Displays the answer. .RE .PP +\fBdebug\fR +.RS 4 +Turn on debugging. +.RE +.PP Lines beginning with a semicolon are comments and are ignored. .SH "EXAMPLES" .PP @@ -342,7 +379,7 @@ base\-64 encoding of HMAC\-MD5 key created by .PP The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library for its cryptographic operations, and may change in future releases. .SH "COPYRIGHT" -Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2009 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000\-2003 Internet Software Consortium. .br |