nsupdate Command in Linux
nsupdate is a command-line tool used on Unix and Linux systems to update DNS records dynamically. It's part of the BIND (Berkeley Internet Name Domain) software suite and allows you to add, modify, or delete DNS records without restarting the DNS server.
This allows resource records to be added or removed from a zone without manually editing the zone file. A single update request can contain requests to add or remove more than one resource record. Zones under dynamic control via nsupdate or a DHCP server should not be edited manually, as manual edits could conflict with dynamic updates and cause data loss.
The resource records that are dynamically added or removed with nsupdate must be in the same zone. Requests are sent to the zoneâs master server, identified by the MNAME field of the zoneâs SOA record. By default, nsupdate uses UDP to send update requests unless they are too large, in which case TCP is used.
nsupdate reads input from a filename or standard input, with each command supplied on a single line. Some commands serve administrative purposes, while others are update instructions or prerequisite checks on the zone's contents. These checks set conditions on whether a name or a set of resource records (RRset) exist or are absent in the zone. Updates are rejected if prerequisite tests fail.
Every update request consists of zero or more prerequisites and updates. This allows authenticated update requests to proceed if specified resource records are present or missing in the zone. A blank input line or the send command sends the accumulated commands as one Dynamic DNS update request to the name server.
Table of Contents
Here is a comprehensive guide to the options available with the nsupdate command â
Syntax of nsupdate Command
The general syntax for nsupdate is as follows −
nsupdate [options] [filename]
nsupdate Command Options
The following options can help you customize and control the behavior of nsupdate when making dynamic DNS update requests −
| Options | Description |
|---|---|
| -d | Operates in debug mode, providing tracing information about update requests and replies. |
| -y | Uses a shared secret (HMAC-MD5 key) to generate a TSIG record for authenticating Dynamic DNS update requests. Format: keyname:secret. (Discouraged) |
| -k | Reads the shared secret from a specified file (HMAC-MD5 or SIG(0) key) to generate a TSIG record for authenticating Dynamic DNS update requests. |
| -v | Forces nsupdate to use a TCP connection for sending update requests. |
| -t | Sets the maximum time an update request can take before being aborted. Default is 300 seconds. |
| -u | Sets the UDP retry interval. Default is 3 seconds. |
| -r | Sets the number of UDP retries. Default is 3. |
Examples of nsupdate Command in Linux
The examples below illustrate various uses of the nsupdate command to manage DNS records dynamically.
- Adding a New "A Record"
- Deleting an Existing "A Record"
- Deleting an MX Record
- Updating a TXT Record
- Debugging DNS Updates
- Forcing TCP Connection
- Setting Maximum Update Time
- Specifying Local Address
- Specifying Zone for Updates
- Displaying Current Update Message
Adding a New "A Record"
To add a new "A record" for example.com with an IP address of 192.168.1.1 and a TTL of 1 hour (3600 seconds), run the following command −
sudo nsupdate > server 127.0.0.1 > update add example.com 3600 A 192.168.1.1 > send
This command adds an "A record" for example.com with the specified IP address and TTL. The send command ensures that your DNS update instructions are transmitted to the DNS server in one cohesive request.
Deleting an Existing "A Record"
To delete an existing "A record" for example.com, use the following command −
sudo nsupdate > server 127.0.0.1 > update delete example.com A > send
This command deletes any A records associated with example.com.
Deleting an MX Record
To delete an existing MX record for example.com, run the following command −
sudo nsupdate > server 127.0.0.1 > update delete example.com MX > send
This command deletes any MX records associated with example.com.
Updating a TXT Record
To update a TXT record for example.com with new text data, use this command −
sudo nsupdate > server 127.0.0.1 > update delete example.com TXT > update add example.com 86400 TXT "New text data" > send
This command first deletes any existing TXT record and then adds a new one with the specified text data.
Debugging DNS Updates
To debug DNS update requests and responses, use the â-dâ option −
sudo nsupdate -d > server 127.0.0.1 > update delete example.com A > update add example.com 86400 A 172.16.1.1 > send
This command provides detailed tracing information about the update requests and responses.
Forcing TCP Connection
To send DNS update requests over TCP instead of the default UDP, use the â-vâ option −
sudo nsupdate -v > server 127.0.0.1 > update delete example.com A > update add example.com 86400 A 172.16.1.1 > send
This command forces nsupdate to use a TCP connection for the update requests.
Setting Maximum Update Time
To set the maximum time an update request can take before it is aborted, use the â-tâ option −
sudo nsupdate -t 600 > server 127.0.0.1 > update add example.com 86400 A 192.168.2.2 > send
This command sets the maximum update request time to 600 seconds.
Specifying Local Address
To send dynamic update requests using a specified local address and port, use the local command −
sudo nsupdate > server 127.0.0.1 > local 192.168.1.100 1053 > update add example.com 86400 A 192.168.2.2 > send
This command sends update requests using the specified local address 192.168.1.100 and port 1053.
Specifying Zone for Updates
To specify the zone to be updated, use the zone command −
sudo nsupdate > server 127.0.0.1 > zone example.com > update add example.com 86400 A 192.168.2.2 > send
Displaying Current Update Message
To display the current message containing all prerequisites and updates specified since the last send, use the show command −
sudo nsupdate > server 127.0.0.1 > update add example.com 3600 A 192.168.2.4 > show > send
The show command displays the current update message, allowing you to review the updates before sending them.
Conclusion
The nsupdate command is a powerful tool for managing DNS records dynamically on Unix and Linux systems. By enabling real-time updates to DNS zones without restarting the server, nsupdate enhances the efficiency and flexibility of DNS management.
It supports a variety of functions, such as adding, modifying, or deleting records, and offers features like authentication via shared secrets and debug options to streamline the process.
Whether youâre adding new records or troubleshooting existing configurations, mastering nsupdate will provide you with the control needed for robust and seamless DNS management.