SYNOPSIS
dnsupdate [-INrvV] [-a auth-domain] [-C client-spn] [-h hostname] [-o option=value] [-s name-
server] [-S server-spn] [-t ttl] ip-addr
DESCRIPTION
The dnsupdate utility authenticates to an Microsoft DNS server as a computer object, and updates
its IP address record.
The dnsupdate utility should be run whenever the primary interface’s IP address is configured.
This is normally triggered by ipmond(8).
OPTIONS
-a auth-domain
Specifies the authoritative domain of the hostname to use when updating. This is normally
the "parent" domain of the hostname. For example, the authoritative domain of host.exam-
ple.com is typically example.com. The default is to determine the authoritative domain by
performing an SOA query.
-C client-spn
The Kerberos service principal name of the local host used in secure updates. The default
is "host/".
-h hostname
The fully qualified domain name of the entry to update. The default, when using secure
updates, is to the hostname of the computer object corresponding to the system host princi-
pal. When using unsecure updates, the default hostname is obtained from the operating sys-
tem, and suffixed if necessary by the resolver configuration.
-I Use the IETF’s gss-tsig algorithm name when securely updating (see RFC 3654). The default
is to use gss.microsoft.com which is understood by Active Directory.
-N Disable secure authentication. This option is the same as specifying -o UpdateSecu-
rityLevel=16.
-r Always attempt to update the reverse (PTR) record for the given ipaddr. This option is the
same as specifying -o RegisterReverseLookup=1.
-o option=value
Overrides an option setting. See the section on Configuration Options, below.
-s nameserver
A whitespace-separated list of nameservers to send the update requests to. The default is
to try the primary authoritative nameserver associated with the authoritative domain, and
if that fails, to try all the nameservers that serve the authoritative domain, in order.
-S server-spn
The Kerberos service principal name of the nameserver to use in secure updates. This typi-
cally only makes sense when the -s option is used. By default, the nameserver’s service
principal name is computed by prefixing its fully qualified domain name with "dns/".
-t ttl The updated records’ cache lifetime, in seconds. Defaults to fifteen minutes. Note that
this value is not the same as the DHCP lease time. If specified as zero, the DNS entry
will be deleted instead of updated. This option is the same as specifying -o Registra-
tionTtl=ttl.
-v Increases the verbosity of messages written to standard error and syslog. Provide this
option multiple times to increase verbosity.
-V Displays the version information of the program, then exits.
CONFIGURATION OPTIONS
The following options are read from the configuration file, /etc/opt/quest/dnsupdate.conf, before argument processing begins. These are deliberately similar to the Group Policy settings for Microsoft’s DNS client.
UpdateSecurityLevel = level
A level of 0 (the default) causes dnsupdate to try an unsecure update first, and if that
fails then a secure update. A level of 16 causes only unsecure updates to be attempted. A
level of 256 causes only secure updates to be attempted.
RegistrationTTL = ttl
See the description for the -t option, above.
RegisterReverseLookup = level
A level of 0 disables all PTR update attempts. A level of 1 enables all PTR update
attempts. A level of 2 (the default) enables PTR update attempts only if A or AAAA updates
succeed.
RegistrationEnabled = integer
If this option is set to 0 then dnsupdate will refuse to perform any dynamic updates. The
default setting is 1.
UpdateTopLevelDomainZones = integer
When this option is set to 0 (the default), then dnsupdate refuses to perform dynamic
updates when the authoritative domain is either the root domain ("."), or a top-level
domain (such as "com").
This option also applies to the ip6.arpa and in-addr.arpa top-level reverse zones.
TryNonAuthoritativeNameservers = integer
By default, dnsupdate will only send updates to the authoritative server named in the
domain’s SOA record. If this option is enabled, all nameservers (NS records) for the domain
will be tried until one succeeds.
If Vintela Group Policy (vasgp) is installed, the configuration file may be altered by
/opt/quest/libexec/vgp/xlators/Machine/quest-dnsupdate-xlator. See vgptool(1) for more information.
EXIT STATUS
The dnsupdate utility exits with status 0 if the update for the A or AAAA record succeeded.
SEE ALSO
DNSUPDATE(8)