| Where allowed to run: All environments (*ALL) Threadsafe: Conditional |
Parameters Examples Error messages |
The Run DNS Update (RUNDNSUPD) command, or its alias NSUPDATE, is used to submit Dynamic Updates requests to a Domain Name System (DNS) server. This allows resource records to be added or removed from a zone without manually editing the zone file. A single update request can contain requests to add or remove more than one resource record.
Zones that are under dynamic control via RUNDNSUPD or a DHCP server should not be edited by hand. Manual edits could conflict with dynamic updates and cause data to be lost.
The resource records that are dynamically added or removed with RUNDNSUPD have to be in the same zone. Requests are sent to the zones master server. This is identified by the MNAME field of the zones SOA record.
This utility will be run in interactive mode if *NONE is specified for the Batch input file (BCHFILE) parameter. To run this utility in non-interactive mode, specify a file name for the BCHFILE parameter.
Restrictions:
| Top |
| Keyword | Description | Choices | Notes |
|---|---|---|---|
| BCHFILE | Batch input file | Path name, *NONE | Optional, Positional 1 |
| DEBUG | Show debug information | *NO, *YES | Optional, Positional 2 |
| KEYNAME | Key name | Character value, *NONE | Optional |
| KEYFILE | Key file | Path name, *NONE | Optional |
| TIMEOUT | Update timeout | 1-300, 300, *NOMAX | Optional |
| UDPRTYITV | UDP timeout | 1-65535, 3, *CALC | Optional |
| UDPNBRRTY | UDP retry | 0-100, 3 | Optional |
| PROTOCOL | Network protocol | *UDP, *TCP | Optional |
| TOSTMF | Output file | Path name, *STDOUT | Optional |
| Top |
Specifies a stream file with all update commands to be used as batch input.
Each command in the file is supplied on exactly one line of input. Some commands are for administrative purposes. The others are either update instructions or prerequisite checks on the contents of the zone. These checks set conditions that some name or set of resource records (RRset) either exists or is absent from the zone. These conditions must be met if the entire update request is to succeed. Updates will be rejected if the tests for the prerequisite conditions fail.
Every update request consists of zero or more prerequisites and zero or more updates. This allows a suitably authenticated update request to proceed if some specified resource records are present or missing from the zone. A blank input line (or the send command) causes the accumulated commands to be sent as one Dynamic DNS update request to the name server.
The command formats are as follows. Lines in the file beginning with a semicolon are considered comments and are ignored:
server {servername} [port]
local {address} [port]
zone {zonename}
class {classname}
key {name} {secret}
prereq nxdomain {domain-name}
prereq yxdomain {domain-name}
prereq nxrrset {domain-name} [class] {type}
prereq yxrrset {domain-name} [class] {type}
prereq yxrrset {domain-name} [class] {type} {data...}
update delete {domain-name} [ttl] [class] [type [data...]]
update add {domain-name} {ttl} [class] {type} {data...}
show
send
answer
quit
See the examples for descriptions of these commands.
Note: This value is only valid if the command is run in an interactive job.
| Top |
Specifies whether or not to turn debugging mode on. More information is displayed about the packet sent to the server and the resulting answer when debugging mode is on.
| Top |
Specifies a Transaction Signature (TSIG) key to sign the DNS queries. The only message digest algorithm currently used for TSIG is HMAC-MD5, although others may be added later. The TSIG key is a base-64 encoded string, typically generated by the Generate DNS Key (GENDNSKEY) command. The DNS server that is queried needs to be configured with the TSIG key and algorithm that is being used or the transaction will fail. See RFC 2845 for TSIG.
my-tsig-key:JNvcpnxysbJ2hsdOqQ5qrQ==
The key name in this case is 'my-tsig-key' and the base-64 encoded key is 'JNvcpnxysbJ2hsdOqQ5qrQ=='.
The DNS server being queried needs to include this key and algorithm in its configuration in order to accept this TSIG key from clients.
| Top |
Specifies a file containing a SIG(0) key used to authenticate Dynamic DNS update requests. In this case, the key specified is not an HMAC-MD5 key. SIG(0) uses public key cryptography. To use a SIG(0) key, the public key must be stored in a KEY record in a zone served by the name server. See RFC 3535 and RFC 2931 for SIG(0).
Note: If a value other than *NONE is specified for this parameter, do not specify a value for the KEYNAME parameter.
| Top |
Specifies the maximum time an update request can take before it is aborted.
| Top |
Specifies the interval, in seconds, between UDP retries.
| Top |
Specifies the number of UDP retries.
| Top |
Specified whether to use TCP or UDP when sending requests to the server.
| Top |
Specifies the name of a stream file where all command output is written.
| Top |
The command formats and their meaning are as follows:
Example 1: Update Example
RUNDNSUPD BCHFILE(*NONE) > update delete oldhost.example.com A > update add newhost.example.com 86400 A 172.16.1.1 > send > quit
This command will start the interactive mode for the update utiulity. The lines that have the '>' prefix are interactive commands.
Insert and delete resource records from the 'example.com' zone. Notice that the input in each example contains a trailing blank line so that a group of commands are sent as one dynamic update request to the master DNS server for example.com.
Any A records for oldhost.example.com are deleted and an A record for newhost.example.com with IP address 172.16.1.1 is added. The newly-added record has a 1 day TTL (86400 seconds)
Example 2: Pre-requisite Example
RUNDNSUPD > prereq nxdomain nickname.example.com > update add nickname.example.com 86400 CNAME somehost.example.com > send > quit
The prerequisite condition gets the DNS server to check that there are no resource records of any type for nickname.example.com. If there are, the update request fails. If this name does not exist, a CNAME for it is added. This ensures that when the CNAME is added, it cannot conflict with the long-standing rule in RFC1034 that a name must not exist as any other record type if it exists as a CNAME. (The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have RRSIG, DNSKEY and NSEC records.)
Example 3: Batch File Example
RUNDNSUPD BCHFILE('/home/ibmuser/my-updates')
This command sends the updates in the file '/home/ibmuser/my-updates' to the server defined in the files server command. For example, the contents of the file might look like this:
server myserver.i5os.ibm.com 53 zone i5os.ibm.com class in prereq yxdomain box1.i5os.ibm.com. update delete box1.i5os.ibm.com. A update add box1.i5os.ibm.com. 3600 A 10.9.9.9 prereq yxdomain box2.i5os.ibm.com. update delete box2.i5os.ibm.com. A update add box2.i5os.ibm.com. 3600 A 10.9.9.10
And the results displayed on the screen might look like this:
; TSIG error with server: tsig indicates error update failed: NOTAUTH(BADKEY)
Or the results displayed on the screen might look like this:
; TSIG error with server: tsig indicates error update failed: REFUSED
The first example represent the case when the key in the file is not valid. The second example represents the case when the server is not allowing dynamic updates from you. No output or blank output only means the update was successful.
| Top |
*ESCAPE Messages
| Top |