nsupdate - update Internet name servers interactively


nsupdate [-k keydir:keyname] [-d] [-v] [filename]


The nsupdate(1) utility is a program that is used to update Internet domain name servers supporting dynamic update. The nsupdate(1) utility uses the Domain Name System (DNS) resolver library to pass messages to a DNS server requesting the additional or deletion of DNS resource records (RRs). The nsupdate(1) utility reads input from filename or standard input.


Sign updates with transaction signature (TSIG).
Debug mode.
Virtual circuit - use Transmission Control Protocol (TCP) to communication with server. Default is User Datagram Protocol (UDP).


The nsupdate(1) utility reads input records, one per line. Each line contributes a resource record to an update request. All domain names used in a single update request must belong to the same DNS zone. Updates are sent to the master server as defined in the SOA MNAME field. A blank line causes the accumulated records to be formatted into a single update request and transmitted to the zone's authoritative name servers. Additional records can follow, which are formed into additional, completely independent update requests. For the last request to be transmitted, a blank line must end the input.

Records take one of two general forms: prerequisite or update. Prerequisite records specify conditions that must be satisfied before the request will be processed. Update records specify changes to be made to the DNS database. An update request consists of zero or more prerequisites and one or more updates. Each update request is processed atomically—all prerequisites must be satisfied, then all updates will be performed.

The nsupdate(1) utility uses the following input record formats:

prereq nxdomain domain-name
Requires that no resource record (RR) of any type exists with name domain-name.
prereq yxdomain domain-name
Requires that at least one RR named domain-name must exist.
prereq nxrrset domain-name [class] type
Requires that no RR exists of the specified type and domain-name.
prereq yxrrset domain-name [class] type [data...]
Requires that a RR exist of the specified type and domain-name. If data is specified, it must match exactly.
update delete domain-name [class] [type [data...]]
Deletes RRs named domain-name. If type (and possibly data) is specified, only matching records will be deleted.
update add domain-name ttl [class] type data...
Adds a new RR with specified ttl, type, and data.


This section provides several examples using nsupdate(1).

The first example illustrates the interactive use of nsupdate(1) to change an Internet Protocol (IP) address. It does so by deleting any existing A records for a domain name and then inserting a new one. Since no prerequisites are specified, the new record will be added even if there were no existing records to delete. Note the trailing blank line, which is required to process the request.

$ nsupdate
> update delete www.contoso.com A
> update add www.contoso.com 3600 A

In the next example, a CNAME alias is added to the database only if there are no existing A or CNAME records for the domain name:

$ nsupdate
> prereq nxrrset www.proseware.com A
> prereq nxrrset www.proseware.com CNAME
> update add www.proseware.com 3600 CNAME books.proseware.com

In the next example, nsupdate(1) will be signed with the key mykey, which is in the directory /var/named/keys:

$ nsupdate -k /var/named/keys:mykey
> update add ftp.proseware.com 60 A


send error
Typically indicates that the authoritative name servers could not be reached.
failed update packet
Typically indicates that the name server has rejected the update, either because the name server does not support dynamic update, or due to an authentication failure
res_mkupdate: packet size = size (and no other messages)
The update was successfully received and authenticated by the name server. The prerequisites, however, might have prevented the update from actually being performed. The only way to determine whether the update was performed is to first use debug mode (-d), and then examine the status field in the reply from the name server.


Initial domain name and name server addresses.