2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00

incorporated Brian's review comments and corrections

This commit is contained in:
Jim Reid
2000-07-12 18:29:33 +00:00
parent 9df4200a67
commit df5918b068
2 changed files with 90 additions and 20 deletions

View File

@@ -13,7 +13,7 @@
.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS .\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
.\" SOFTWARE. .\" SOFTWARE.
.\" .\"
.\" $Id: nsupdate.8,v 1.1 2000/07/12 17:17:03 jim Exp $ .\" $Id: nsupdate.8,v 1.2 2000/07/12 18:29:33 jim Exp $
.\" .\"
.Dd Jun 30, 2000 .Dd Jun 30, 2000
.Dt NSUPDATE 8 .Dt NSUPDATE 8
@@ -72,15 +72,18 @@ HMAC-MD5, which is defined in RFC 2104.
Once other algorithms are defined for TSIG, applications will need to Once other algorithms are defined for TSIG, applications will need to
ensure they select the appropriate algorithm as well as the key when ensure they select the appropriate algorithm as well as the key when
authenticating each other. authenticating each other.
Suitable For instance suitable
.Dv key{} .Dv key{}
and and
.Dv server{} .Dv server{}
statements will be added to statements would be added to
.Pa /etc/named.conf .Pa /etc/named.conf
so that the appropriate secret key and algorithm can be associated so that the name server can associate the appropriate secret key
with the IP address of the and algorithm with the IP address of the
client application that will be using TSIG authentication. client application that will be using TSIG authentication.
.Nm nsupdate
does not read
.Pa /etc/named.conf .
.Pp .Pp
.Nm nsupdate .Nm nsupdate
uses the uses the
@@ -104,7 +107,8 @@ is used, a signature is generated from
is the name of the key, is the name of the key,
and and
.Ar secret .Ar secret
is a string comprising the shared secret. is a string comprising the shared secret, typically written in base-64
encoding.
Use of the Use of the
.Fl y .Fl y
option is discouraged because the shared secret is supplied as a command option is discouraged because the shared secret is supplied as a command
@@ -126,12 +130,14 @@ This may be preferable when a batch of update requests are made.
.Nm nsupdate .Nm nsupdate
reads commands from its standard input. reads commands from its standard input.
Each command is supplied on exactly one line of input. Each command is supplied on exactly one line of input.
Commands can be update instructions or prerequisite checks on the Some commands are for administrative purposes.
The others are either update instructions or prerequisite checks on the
contents of the zone. contents of the zone.
These checks set conditions that some name or set of These checks set conditions that some name or set of
resource records (RRset) either exists or is absent from the zone. resource records (RRset) either exists or is absent from the zone.
These conditions must be met if the entire update request is to succeed. These conditions must be met if the entire update request is to succeed.
Updates will be rejected if the tests for the prerequisite conditions fail. Updates will be rejected if the tests for the prerequisite conditions fail.
.Pp
Every update request consists of zero or more prerequisites Every update request consists of zero or more prerequisites
and one or more updates. and one or more updates.
This allows a suitably authenticated update request to proceed if some This allows a suitably authenticated update request to proceed if some
@@ -142,6 +148,34 @@ DNS update request to the name server.
The command formats and their meaning are as follows: The command formats and their meaning are as follows:
.Bl -ohang indent .Bl -ohang indent
.It Xo .It Xo
.Ic server Va servername Op port
.Xc
.sp 1
Sends all dynamic update requests to the name server
.Va servername .
When no server statement is provided,
.Nm nsupdate
will send updates to the master server of the correct zone.
The MNAME field of that zone's SOA record will identify the master
server for that zone.
.Va port
is the port number on
.Va servername
where the dynamic update requests get sent.
If no port number is specified, the default DNS port number of 53 is
used.
.It Xo
.Ic zone Va zonename
.Xc
.sp 1
Specifies that all updates are to be made to the zone
.Va zonename .
.Nm nsupdate
will determine the correct zone to update based on the rest of the input
data if no
.Va zone
statement is provided.
.It Xo
.Ic prereq nxdomain Va domain-name .Ic prereq nxdomain Va domain-name
.Xc .Xc
.sp 1 .sp 1
@@ -258,6 +292,7 @@ long-standing rule in RFC1034 that a name must not exist as any other
record type if it exists as a CNAME. record type if it exists as a CNAME.
(The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have (The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have
SIG, KEY and NXT records.) SIG, KEY and NXT records.)
.Pp
.Sh NAME SERVER PROCESSING .Sh NAME SERVER PROCESSING
.Pp .Pp
When a successful update request is made, the BIND9 name server When a successful update request is made, the BIND9 name server
@@ -271,13 +306,13 @@ XXXJR WHEN DOES IT DO THAT???
It then sends a NOTIFY message to the zone's slave servers to inform It then sends a NOTIFY message to the zone's slave servers to inform
them that the zone's contents have changed. them that the zone's contents have changed.
.Sh FILES .Sh FILES
.Bl -tag -width Kname.+157.+{random}.private -compact .Bl -tag -width K{name}.+157.+{random}.private -compact
.It Pa /etc/named.conf .It Pa /etc/named.conf
name server configuration file name server configuration file
.It Pa Kname.+157.+{random}.key .It Pa K{name}.+157.+{random}.key
base-64 encoding of HMAC-MD5 key created by base-64 encoding of HMAC-MD5 key created by
.Xr dnssec-keygen 8 . .Xr dnssec-keygen 8 .
.It Pa Kname.+157.+{random}.private .It Pa K{name}.+157.+{random}.private
base-64 encoding of HMAC-MD5 key created by base-64 encoding of HMAC-MD5 key created by
.Xr dnssec-keygen 8 . .Xr dnssec-keygen 8 .
.El .El

View File

@@ -13,7 +13,7 @@
.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS .\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
.\" SOFTWARE. .\" SOFTWARE.
.\" .\"
.\" $Id: nsupdate.8,v 1.1 2000/07/12 17:17:03 jim Exp $ .\" $Id: nsupdate.8,v 1.2 2000/07/12 18:29:33 jim Exp $
.\" .\"
.Dd Jun 30, 2000 .Dd Jun 30, 2000
.Dt NSUPDATE 8 .Dt NSUPDATE 8
@@ -72,15 +72,18 @@ HMAC-MD5, which is defined in RFC 2104.
Once other algorithms are defined for TSIG, applications will need to Once other algorithms are defined for TSIG, applications will need to
ensure they select the appropriate algorithm as well as the key when ensure they select the appropriate algorithm as well as the key when
authenticating each other. authenticating each other.
Suitable For instance suitable
.Dv key{} .Dv key{}
and and
.Dv server{} .Dv server{}
statements will be added to statements would be added to
.Pa /etc/named.conf .Pa /etc/named.conf
so that the appropriate secret key and algorithm can be associated so that the name server can associate the appropriate secret key
with the IP address of the and algorithm with the IP address of the
client application that will be using TSIG authentication. client application that will be using TSIG authentication.
.Nm nsupdate
does not read
.Pa /etc/named.conf .
.Pp .Pp
.Nm nsupdate .Nm nsupdate
uses the uses the
@@ -104,7 +107,8 @@ is used, a signature is generated from
is the name of the key, is the name of the key,
and and
.Ar secret .Ar secret
is a string comprising the shared secret. is a string comprising the shared secret, typically written in base-64
encoding.
Use of the Use of the
.Fl y .Fl y
option is discouraged because the shared secret is supplied as a command option is discouraged because the shared secret is supplied as a command
@@ -126,12 +130,14 @@ This may be preferable when a batch of update requests are made.
.Nm nsupdate .Nm nsupdate
reads commands from its standard input. reads commands from its standard input.
Each command is supplied on exactly one line of input. Each command is supplied on exactly one line of input.
Commands can be update instructions or prerequisite checks on the Some commands are for administrative purposes.
The others are either update instructions or prerequisite checks on the
contents of the zone. contents of the zone.
These checks set conditions that some name or set of These checks set conditions that some name or set of
resource records (RRset) either exists or is absent from the zone. resource records (RRset) either exists or is absent from the zone.
These conditions must be met if the entire update request is to succeed. These conditions must be met if the entire update request is to succeed.
Updates will be rejected if the tests for the prerequisite conditions fail. Updates will be rejected if the tests for the prerequisite conditions fail.
.Pp
Every update request consists of zero or more prerequisites Every update request consists of zero or more prerequisites
and one or more updates. and one or more updates.
This allows a suitably authenticated update request to proceed if some This allows a suitably authenticated update request to proceed if some
@@ -142,6 +148,34 @@ DNS update request to the name server.
The command formats and their meaning are as follows: The command formats and their meaning are as follows:
.Bl -ohang indent .Bl -ohang indent
.It Xo .It Xo
.Ic server Va servername Op port
.Xc
.sp 1
Sends all dynamic update requests to the name server
.Va servername .
When no server statement is provided,
.Nm nsupdate
will send updates to the master server of the correct zone.
The MNAME field of that zone's SOA record will identify the master
server for that zone.
.Va port
is the port number on
.Va servername
where the dynamic update requests get sent.
If no port number is specified, the default DNS port number of 53 is
used.
.It Xo
.Ic zone Va zonename
.Xc
.sp 1
Specifies that all updates are to be made to the zone
.Va zonename .
.Nm nsupdate
will determine the correct zone to update based on the rest of the input
data if no
.Va zone
statement is provided.
.It Xo
.Ic prereq nxdomain Va domain-name .Ic prereq nxdomain Va domain-name
.Xc .Xc
.sp 1 .sp 1
@@ -258,6 +292,7 @@ long-standing rule in RFC1034 that a name must not exist as any other
record type if it exists as a CNAME. record type if it exists as a CNAME.
(The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have (The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have
SIG, KEY and NXT records.) SIG, KEY and NXT records.)
.Pp
.Sh NAME SERVER PROCESSING .Sh NAME SERVER PROCESSING
.Pp .Pp
When a successful update request is made, the BIND9 name server When a successful update request is made, the BIND9 name server
@@ -271,13 +306,13 @@ XXXJR WHEN DOES IT DO THAT???
It then sends a NOTIFY message to the zone's slave servers to inform It then sends a NOTIFY message to the zone's slave servers to inform
them that the zone's contents have changed. them that the zone's contents have changed.
.Sh FILES .Sh FILES
.Bl -tag -width Kname.+157.+{random}.private -compact .Bl -tag -width K{name}.+157.+{random}.private -compact
.It Pa /etc/named.conf .It Pa /etc/named.conf
name server configuration file name server configuration file
.It Pa Kname.+157.+{random}.key .It Pa K{name}.+157.+{random}.key
base-64 encoding of HMAC-MD5 key created by base-64 encoding of HMAC-MD5 key created by
.Xr dnssec-keygen 8 . .Xr dnssec-keygen 8 .
.It Pa Kname.+157.+{random}.private .It Pa K{name}.+157.+{random}.private
base-64 encoding of HMAC-MD5 key created by base-64 encoding of HMAC-MD5 key created by
.Xr dnssec-keygen 8 . .Xr dnssec-keygen 8 .
.El .El