1<!--
2 - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
3 - Copyright (C) 2000-2003 Internet Software Consortium.
4 -
5 - Permission to use, copy, modify, and/or distribute this software for any
6 - purpose with or without fee is hereby granted, provided that the above
7 - copyright notice and this permission notice appear in all copies.
8 -
9 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 - PERFORMANCE OF THIS SOFTWARE.
16-->
17<html>
18<head>
19<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
20<title>nsupdate</title>
21<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
22<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
23<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
24<link rel="prev" href="man.named-journalprint.html" title="named-journalprint">
25<link rel="next" href="man.rndc.html" title="rndc">
26</head>
27<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
28<div class="navheader">
29<table width="100%" summary="Navigation header">
30<tr><th colspan="3" align="center"><span class="application">nsupdate</span></th></tr>
31<tr>
32<td width="20%" align="left">
33<a accesskey="p" href="man.named-journalprint.html">Prev</a>�</td>
34<th width="60%" align="center">Manual pages</th>
35<td width="20%" align="right">�<a accesskey="n" href="man.rndc.html">Next</a>
36</td>
37</tr>
38</table>
39<hr>
40</div>
41<div class="refentry">
42<a name="man.nsupdate"></a><div class="titlepage"></div>
43<div class="refnamediv">
44<h2>Name</h2>
45<p><span class="application">nsupdate</span> &#8212; Dynamic DNS update utility</p>
46</div>
47<div class="refsynopsisdiv">
48<h2>Synopsis</h2>
49<div class="cmdsynopsis"><p><code class="command">nsupdate</code>  [<code class="option">-d</code>] [<code class="option">-D</code>] [<code class="option">-L <em class="replaceable"><code>level</code></em></code>] [[<code class="option">-g</code>] |  [<code class="option">-o</code>] |  [<code class="option">-l</code>] |  [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] |  [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [filename]</p></div>
50</div>
51<div class="refsection">
52<a name="id-1.14.20.7"></a><h2>DESCRIPTION</h2>
53<p><span class="command"><strong>nsupdate</strong></span>
54      is used to submit Dynamic DNS Update requests as defined in RFC 2136
55      to a name server.
56      This allows resource records to be added or removed from a zone
57      without manually editing the zone file.
58      A single update request can contain requests to add or remove more than
59      one
60      resource record.
61    </p>
62<p>
63      Zones that are under dynamic control via
64      <span class="command"><strong>nsupdate</strong></span>
65      or a DHCP server should not be edited by hand.
66      Manual edits could
67      conflict with dynamic updates and cause data to be lost.
68    </p>
69<p>
70      The resource records that are dynamically added or removed with
71      <span class="command"><strong>nsupdate</strong></span>
72      have to be in the same zone.
73      Requests are sent to the zone's master server.
74      This is identified by the MNAME field of the zone's SOA record.
75    </p>
76<p>
77      Transaction signatures can be used to authenticate the Dynamic
78      DNS updates.  These use the TSIG resource record type described
79      in RFC 2845 or the SIG(0) record described in RFC 2535 and
80      RFC 2931 or GSS-TSIG as described in RFC 3645.
81    </p>
82<p>
83      TSIG relies on
84      a shared secret that should only be known to
85      <span class="command"><strong>nsupdate</strong></span> and the name server.
86      For instance, suitable <span class="type">key</span> and
87      <span class="type">server</span> statements would be added to
88      <code class="filename">/etc/named.conf</code> so that the name server
89      can associate the appropriate secret key and algorithm with
90      the IP address of the client application that will be using
91      TSIG authentication. You can use <span class="command"><strong>ddns-confgen</strong></span>
92      to generate suitable configuration fragments.
93      <span class="command"><strong>nsupdate</strong></span>
94      uses the <code class="option">-y</code> or <code class="option">-k</code> options
95      to provide the TSIG shared secret.  These options are mutually exclusive.
96    </p>
97<p>
98      SIG(0) uses public key cryptography.
99      To use a SIG(0) key, the public key must be stored in a KEY
100      record in a zone served by the name server.
101    </p>
102<p>
103      GSS-TSIG uses Kerberos credentials.  Standard GSS-TSIG mode
104      is switched on with the <code class="option">-g</code> flag.  A
105      non-standards-compliant variant of GSS-TSIG used by Windows
106      2000 can be switched on with the <code class="option">-o</code> flag.
107    </p>
108</div>
109<div class="refsection">
110<a name="id-1.14.20.8"></a><h2>OPTIONS</h2>
111<div class="variablelist"><dl class="variablelist">
112<dt><span class="term">-d</span></dt>
113<dd><p>
114	    Debug mode. This provides tracing information about the
115	    update requests that are made and the replies received
116	    from the name server.
117	  </p></dd>
118<dt><span class="term">-D</span></dt>
119<dd><p>
120	    Extra debug mode.
121	  </p></dd>
122<dt><span class="term">-k <em class="replaceable"><code>keyfile</code></em></span></dt>
123<dd><p>
124	    The file containing the TSIG authentication key.
125	    Keyfiles may be in two formats: a single file containing
126	    a <code class="filename">named.conf</code>-format <span class="command"><strong>key</strong></span>
127	    statement, which may be generated automatically by
128	    <span class="command"><strong>ddns-confgen</strong></span>, or a pair of files whose names are
129	    of the format <code class="filename">K{name}.+157.+{random}.key</code> and
130	    <code class="filename">K{name}.+157.+{random}.private</code>, which can be
131	    generated by <span class="command"><strong>dnssec-keygen</strong></span>.
132	    The <code class="option">-k</code> may also be used to specify a SIG(0) key used
133	    to authenticate Dynamic DNS update requests.  In this case, the key
134	    specified is not an HMAC-MD5 key.
135	  </p></dd>
136<dt><span class="term">-l</span></dt>
137<dd><p>
138	    Local-host only mode. This sets the server address to
139	    localhost (disabling the <span class="command"><strong>server</strong></span> so that the server
140	    address cannot be overridden).  Connections to the local server will
141	    use a TSIG key found in <code class="filename">/var/run/named/session.key</code>,
142	    which is automatically generated by <span class="command"><strong>named</strong></span> if any
143	    local master zone has set <span class="command"><strong>update-policy</strong></span> to
144	    <span class="command"><strong>local</strong></span>.  The location of this key file can be
145	    overridden with the <code class="option">-k</code> option.
146	  </p></dd>
147<dt><span class="term">-L <em class="replaceable"><code>level</code></em></span></dt>
148<dd><p>
149	    Set the logging debug level.  If zero, logging is disabled.
150	  </p></dd>
151<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
152<dd><p>
153	    Set the port to use for connections to a name server. The
154	    default is 53.
155	  </p></dd>
156<dt><span class="term">-r <em class="replaceable"><code>udpretries</code></em></span></dt>
157<dd><p>
158	    The number of UDP retries. The default is 3. If zero, only
159	    one update request will be made.
160	  </p></dd>
161<dt><span class="term">-R <em class="replaceable"><code>randomdev</code></em></span></dt>
162<dd><p>
163	  Where to obtain randomness. If the operating system
164	  does not provide a <code class="filename">/dev/random</code> or
165	  equivalent device, the default source of randomness is keyboard
166	  input.  <code class="filename">randomdev</code> specifies the name of
167	  a character device or file containing random data to be used
168	  instead of the default.  The special value
169	  <code class="filename">keyboard</code> indicates that keyboard input
170	  should be used.  This option may be specified multiple times.
171	</p></dd>
172<dt><span class="term">-t <em class="replaceable"><code>timeout</code></em></span></dt>
173<dd><p>
174	    The maximum time an update request can take before it is
175	    aborted. The default is 300 seconds. Zero can be used to
176	    disable the timeout.
177	  </p></dd>
178<dt><span class="term">-u <em class="replaceable"><code>udptimeout</code></em></span></dt>
179<dd><p>
180	    The UDP retry interval. The default is 3 seconds. If zero,
181	    the interval will be computed from the timeout interval and
182	    number of UDP retries.
183	  </p></dd>
184<dt><span class="term">-v</span></dt>
185<dd><p>
186	    Use TCP even for small update requests.
187	    By default, <span class="command"><strong>nsupdate</strong></span>
188	    uses UDP to send update requests to the name server unless they are too
189	    large to fit in a UDP request in which case TCP will be used.
190	    TCP may be preferable when a batch of update requests is made.
191	  </p></dd>
192<dt><span class="term">-V</span></dt>
193<dd><p>
194	    Print the version number and exit.
195	  </p></dd>
196<dt><span class="term">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></span></dt>
197<dd>
198<p>
199	    Literal TSIG authentication key.
200	    <em class="parameter"><code>keyname</code></em> is the name of the key, and
201	    <em class="parameter"><code>secret</code></em> is the base64 encoded shared secret.
202	    <em class="parameter"><code>hmac</code></em> is the name of the key algorithm;
203	    valid choices are <code class="literal">hmac-md5</code>,
204	    <code class="literal">hmac-sha1</code>, <code class="literal">hmac-sha224</code>,
205	    <code class="literal">hmac-sha256</code>, <code class="literal">hmac-sha384</code>, or
206	    <code class="literal">hmac-sha512</code>.  If <em class="parameter"><code>hmac</code></em>
207	    is not specified, the default is <code class="literal">hmac-md5</code>.
208	  </p>
209<p>
210	    NOTE: Use of the <code class="option">-y</code> option is discouraged because the
211	    shared secret is supplied as a command line argument in clear text.
212	    This may be visible in the output from
213	    <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span>
214	    or in a history file maintained by the user's shell.
215	  </p>
216</dd>
217</dl></div>
218</div>
219<div class="refsection">
220<a name="id-1.14.20.9"></a><h2>INPUT FORMAT</h2>
221<p><span class="command"><strong>nsupdate</strong></span>
222      reads input from
223      <em class="parameter"><code>filename</code></em>
224      or standard input.
225      Each command is supplied on exactly one line of input.
226      Some commands are for administrative purposes.
227      The others are either update instructions or prerequisite checks on the
228      contents of the zone.
229      These checks set conditions that some name or set of
230      resource records (RRset) either exists or is absent from the zone.
231      These conditions must be met if the entire update request is to succeed.
232      Updates will be rejected if the tests for the prerequisite conditions
233      fail.
234    </p>
235<p>
236      Every update request consists of zero or more prerequisites
237      and zero or more updates.
238      This allows a suitably authenticated update request to proceed if some
239      specified resource records are present or missing from the zone.
240      A blank input line (or the <span class="command"><strong>send</strong></span> command)
241      causes the
242      accumulated commands to be sent as one Dynamic DNS update request to the
243      name server.
244    </p>
245<p>
246      The command formats and their meaning are as follows:
247      </p>
248<div class="variablelist"><dl class="variablelist">
249<dt><span class="term">
250	      <span class="command"><strong>server</strong></span>
251	       {servername}
252	       [port]
253	    </span></dt>
254<dd><p>
255	      Sends all dynamic update requests to the name server
256	      <em class="parameter"><code>servername</code></em>.
257	      When no server statement is provided,
258	      <span class="command"><strong>nsupdate</strong></span>
259	      will send updates to the master server of the correct zone.
260	      The MNAME field of that zone's SOA record will identify the
261	      master
262	      server for that zone.
263	      <em class="parameter"><code>port</code></em>
264	      is the port number on
265	      <em class="parameter"><code>servername</code></em>
266	      where the dynamic update requests get sent.
267	      If no port number is specified, the default DNS port number of
268	      53 is
269	      used.
270	    </p></dd>
271<dt><span class="term">
272	      <span class="command"><strong>local</strong></span>
273	       {address}
274	       [port]
275	    </span></dt>
276<dd><p>
277	      Sends all dynamic update requests using the local
278	      <em class="parameter"><code>address</code></em>.
279
280	      When no local statement is provided,
281	      <span class="command"><strong>nsupdate</strong></span>
282	      will send updates using an address and port chosen by the
283	      system.
284	      <em class="parameter"><code>port</code></em>
285	      can additionally be used to make requests come from a specific
286	      port.
287	      If no port number is specified, the system will assign one.
288	    </p></dd>
289<dt><span class="term">
290	      <span class="command"><strong>zone</strong></span>
291	       {zonename}
292	    </span></dt>
293<dd><p>
294	      Specifies that all updates are to be made to the zone
295	      <em class="parameter"><code>zonename</code></em>.
296	      If no
297	      <em class="parameter"><code>zone</code></em>
298	      statement is provided,
299	      <span class="command"><strong>nsupdate</strong></span>
300	      will attempt determine the correct zone to update based on the
301	      rest of the input.
302	    </p></dd>
303<dt><span class="term">
304	      <span class="command"><strong>class</strong></span>
305	       {classname}
306	    </span></dt>
307<dd><p>
308	      Specify the default class.
309	      If no <em class="parameter"><code>class</code></em> is specified, the
310	      default class is
311	      <em class="parameter"><code>IN</code></em>.
312	    </p></dd>
313<dt><span class="term">
314	      <span class="command"><strong>ttl</strong></span>
315	       {seconds}
316	    </span></dt>
317<dd><p>
318	      Specify the default time to live for records to be added.
319	      The value <em class="parameter"><code>none</code></em> will clear the default
320	      ttl.
321	    </p></dd>
322<dt><span class="term">
323	      <span class="command"><strong>key</strong></span>
324	       [hmac:] {keyname}
325	       {secret}
326	    </span></dt>
327<dd><p>
328	      Specifies that all updates are to be TSIG-signed using the
329	      <em class="parameter"><code>keyname</code></em> <em class="parameter"><code>secret</code></em> pair.
330	      If <em class="parameter"><code>hmac</code></em> is specified, then it sets the
331	      signing algorithm in use; the default is
332	      <code class="literal">hmac-md5</code>.  The <span class="command"><strong>key</strong></span>
333	      command overrides any key specified on the command line via
334	      <code class="option">-y</code> or <code class="option">-k</code>.
335	    </p></dd>
336<dt><span class="term">
337	    <span class="command"><strong>gsstsig</strong></span>
338	  </span></dt>
339<dd><p>
340	      Use GSS-TSIG to sign the updated.  This is equivalent to
341	      specifying <code class="option">-g</code> on the commandline.
342	    </p></dd>
343<dt><span class="term">
344	    <span class="command"><strong>oldgsstsig</strong></span>
345	  </span></dt>
346<dd><p>
347	      Use the Windows 2000 version of GSS-TSIG to sign the updated.
348	      This is equivalent to specifying <code class="option">-o</code> on the
349	      commandline.
350	    </p></dd>
351<dt><span class="term">
352	    <span class="command"><strong>realm</strong></span>
353	     {[<span class="optional">realm_name</span>]}
354	  </span></dt>
355<dd><p>
356	      When using GSS-TSIG use <em class="parameter"><code>realm_name</code></em> rather
357	      than the default realm in <code class="filename">krb5.conf</code>.  If no
358	      realm is specified the saved realm is cleared.
359	    </p></dd>
360<dt><span class="term">
361	      <span class="command"><strong>[<span class="optional">prereq</span>] nxdomain</strong></span>
362	       {domain-name}
363	    </span></dt>
364<dd><p>
365	      Requires that no resource record of any type exists with name
366	      <em class="parameter"><code>domain-name</code></em>.
367	    </p></dd>
368<dt><span class="term">
369	      <span class="command"><strong>[<span class="optional">prereq</span>] yxdomain</strong></span>
370	       {domain-name}
371	    </span></dt>
372<dd><p>
373	      Requires that
374	      <em class="parameter"><code>domain-name</code></em>
375	      exists (has as at least one resource record, of any type).
376	    </p></dd>
377<dt><span class="term">
378	      <span class="command"><strong>[<span class="optional">prereq</span>] nxrrset</strong></span>
379	       {domain-name}
380	       [class]
381	       {type}
382	    </span></dt>
383<dd><p>
384	      Requires that no resource record exists of the specified
385	      <em class="parameter"><code>type</code></em>,
386	      <em class="parameter"><code>class</code></em>
387	      and
388	      <em class="parameter"><code>domain-name</code></em>.
389	      If
390	      <em class="parameter"><code>class</code></em>
391	      is omitted, IN (internet) is assumed.
392	    </p></dd>
393<dt><span class="term">
394	      <span class="command"><strong>[<span class="optional">prereq</span>] yxrrset</strong></span>
395	       {domain-name}
396	       [class]
397	       {type}
398	    </span></dt>
399<dd><p>
400	      This requires that a resource record of the specified
401	      <em class="parameter"><code>type</code></em>,
402	      <em class="parameter"><code>class</code></em>
403	      and
404	      <em class="parameter"><code>domain-name</code></em>
405	      must exist.
406	      If
407	      <em class="parameter"><code>class</code></em>
408	      is omitted, IN (internet) is assumed.
409	    </p></dd>
410<dt><span class="term">
411	      <span class="command"><strong>[<span class="optional">prereq</span>] yxrrset</strong></span>
412	       {domain-name}
413	       [class]
414	       {type}
415	       {data...}
416	    </span></dt>
417<dd><p>
418	      The
419	      <em class="parameter"><code>data</code></em>
420	      from each set of prerequisites of this form
421	      sharing a common
422	      <em class="parameter"><code>type</code></em>,
423	      <em class="parameter"><code>class</code></em>,
424	      and
425	      <em class="parameter"><code>domain-name</code></em>
426	      are combined to form a set of RRs.  This set of RRs must
427	      exactly match the set of RRs existing in the zone at the
428	      given
429	      <em class="parameter"><code>type</code></em>,
430	      <em class="parameter"><code>class</code></em>,
431	      and
432	      <em class="parameter"><code>domain-name</code></em>.
433	      The
434	      <em class="parameter"><code>data</code></em>
435	      are written in the standard text representation of the resource
436	      record's
437	      RDATA.
438	    </p></dd>
439<dt><span class="term">
440	      <span class="command"><strong>[<span class="optional">update</span>] del[<span class="optional">ete</span>]</strong></span>
441	       {domain-name}
442	       [ttl]
443	       [class]
444	       [type [data...]]
445	    </span></dt>
446<dd><p>
447	      Deletes any resource records named
448	      <em class="parameter"><code>domain-name</code></em>.
449	      If
450	      <em class="parameter"><code>type</code></em>
451	      and
452	      <em class="parameter"><code>data</code></em>
453	      is provided, only matching resource records will be removed.
454	      The internet class is assumed if
455	      <em class="parameter"><code>class</code></em>
456	      is not supplied.  The
457	      <em class="parameter"><code>ttl</code></em>
458	      is ignored, and is only allowed for compatibility.
459	    </p></dd>
460<dt><span class="term">
461	      <span class="command"><strong>[<span class="optional">update</span>] add</strong></span>
462	       {domain-name}
463	       {ttl}
464	       [class]
465	       {type}
466	       {data...}
467	    </span></dt>
468<dd><p>
469	      Adds a new resource record with the specified
470	      <em class="parameter"><code>ttl</code></em>,
471	      <em class="parameter"><code>class</code></em>
472	      and
473	      <em class="parameter"><code>data</code></em>.
474	    </p></dd>
475<dt><span class="term">
476	      <span class="command"><strong>show</strong></span>
477	    </span></dt>
478<dd><p>
479	      Displays the current message, containing all of the
480	      prerequisites and
481	      updates specified since the last send.
482	    </p></dd>
483<dt><span class="term">
484	      <span class="command"><strong>send</strong></span>
485	    </span></dt>
486<dd><p>
487	      Sends the current message.  This is equivalent to entering a
488	      blank line.
489	    </p></dd>
490<dt><span class="term">
491	      <span class="command"><strong>answer</strong></span>
492	    </span></dt>
493<dd><p>
494	      Displays the answer.
495	    </p></dd>
496<dt><span class="term">
497	      <span class="command"><strong>debug</strong></span>
498	    </span></dt>
499<dd><p>
500	      Turn on debugging.
501	    </p></dd>
502<dt><span class="term">
503	      <span class="command"><strong>version</strong></span>
504	    </span></dt>
505<dd><p>
506	      Print version number.
507	    </p></dd>
508<dt><span class="term">
509	      <span class="command"><strong>help</strong></span>
510	    </span></dt>
511<dd><p>
512	      Print a list of commands.
513	    </p></dd>
514</dl></div>
515<p>
516    </p>
517<p>
518      Lines beginning with a semicolon are comments and are ignored.
519    </p>
520</div>
521<div class="refsection">
522<a name="id-1.14.20.10"></a><h2>EXAMPLES</h2>
523<p>
524      The examples below show how
525      <span class="command"><strong>nsupdate</strong></span>
526      could be used to insert and delete resource records from the
527      <span class="type">example.com</span>
528      zone.
529      Notice that the input in each example contains a trailing blank line so
530      that
531      a group of commands are sent as one dynamic update request to the
532      master name server for
533      <span class="type">example.com</span>.
534
535      </p>
536<pre class="programlisting">
537# nsupdate
538&gt; update delete oldhost.example.com A
539&gt; update add newhost.example.com 86400 A 172.16.1.1
540&gt; send
541</pre>
542<p>
543    </p>
544<p>
545      Any A records for
546      <span class="type">oldhost.example.com</span>
547      are deleted.
548      And an A record for
549      <span class="type">newhost.example.com</span>
550      with IP address 172.16.1.1 is added.
551      The newly-added record has a 1 day TTL (86400 seconds).
552      </p>
553<pre class="programlisting">
554# nsupdate
555&gt; prereq nxdomain nickname.example.com
556&gt; update add nickname.example.com 86400 CNAME somehost.example.com
557&gt; send
558</pre>
559<p>
560    </p>
561<p>
562      The prerequisite condition gets the name server to check that there
563      are no resource records of any type for
564      <span class="type">nickname.example.com</span>.
565
566      If there are, the update request fails.
567      If this name does not exist, a CNAME for it is added.
568      This ensures that when the CNAME is added, it cannot conflict with the
569      long-standing rule in RFC 1034 that a name must not exist as any other
570      record type if it exists as a CNAME.
571      (The rule has been updated for DNSSEC in RFC 2535 to allow CNAMEs to have
572      RRSIG, DNSKEY and NSEC records.)
573    </p>
574</div>
575<div class="refsection">
576<a name="id-1.14.20.11"></a><h2>FILES</h2>
577<div class="variablelist"><dl class="variablelist">
578<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
579<dd><p>
580	    used to identify default name server
581	  </p></dd>
582<dt><span class="term"><code class="constant">/var/run/named/session.key</code></span></dt>
583<dd><p>
584	    sets the default TSIG key for use in local-only mode
585	  </p></dd>
586<dt><span class="term"><code class="constant">K{name}.+157.+{random}.key</code></span></dt>
587<dd><p>
588	    base-64 encoding of HMAC-MD5 key created by
589	    <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
590	  </p></dd>
591<dt><span class="term"><code class="constant">K{name}.+157.+{random}.private</code></span></dt>
592<dd><p>
593	    base-64 encoding of HMAC-MD5 key created by
594	    <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
595	  </p></dd>
596</dl></div>
597</div>
598<div class="refsection">
599<a name="id-1.14.20.12"></a><h2>SEE ALSO</h2>
600<p>
601      <em class="citetitle">RFC 2136</em>,
602      <em class="citetitle">RFC 3007</em>,
603      <em class="citetitle">RFC 2104</em>,
604      <em class="citetitle">RFC 2845</em>,
605      <em class="citetitle">RFC 1034</em>,
606      <em class="citetitle">RFC 2535</em>,
607      <em class="citetitle">RFC 2931</em>,
608      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
609      <span class="citerefentry"><span class="refentrytitle">ddns-confgen</span>(8)</span>,
610      <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
611    </p>
612</div>
613<div class="refsection">
614<a name="id-1.14.20.13"></a><h2>BUGS</h2>
615<p>
616      The TSIG key is redundantly stored in two separate files.
617      This is a consequence of nsupdate using the DST library
618      for its cryptographic operations, and may change in future
619      releases.
620    </p>
621</div>
622</div>
623<div class="navfooter">
624<hr>
625<table width="100%" summary="Navigation footer">
626<tr>
627<td width="40%" align="left">
628<a accesskey="p" href="man.named-journalprint.html">Prev</a>�</td>
629<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
630<td width="40%" align="right">�<a accesskey="n" href="man.rndc.html">Next</a>
631</td>
632</tr>
633<tr>
634<td width="40%" align="left" valign="top">
635<span class="application">named-journalprint</span>�</td>
636<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
637<td width="40%" align="right" valign="top">�<span class="application">rndc</span>
638</td>
639</tr>
640</table>
641</div>
642<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.9.9-P4 (Extended Support Version)</p>
643</body>
644</html>
645