nsupdate

Summary

I'm developing a multi-host capability for my Orabuntu-LXC project https://github.com/gstanden/orabuntu-lxc and that work led to a discovery and exploration of the somewhat little-known and little-used "nsupdate" linux utility which is very useful for updating DNS zone files.

The background is that as new LXC host servers are added to a network of LXC hosts communicating over GRE tunnels, a way is needed to programatically add the LXC hosts to the central DNS and so nsupdate is a natural way to do this. A script like the one below can be created dynamically and then applied to the DNS to add the new LXC host to the DNS forward and reverse zones.

Unfortunately some of my notes on this were lost and so I had to reconstruct the work a bit so now I'm documenting it here at the blog.

References

Pretty good article here at Debian Administration that discusses it. There are also some other good discussions that can be found from going to google and searching "nsupdate" or "nsupdate delete" or "nsupdate add".

Example

We have a nameserver with DNS name olive with ipaddress 10.207.39.2 and we want to add a new forward and reverse lookup for LXC container ora73c10 at 10.207.39.10 and we want to do this with the nsupdate utility.

One thing most references don't discuss is how to use nsupdate if you have a typical "/etc/bind/rndc.key" and not some other type of key. Well, here's how you do it. The below just shows how to open up an interactive nsupdate session if you use an "rndc.key".

root@olive:~/scripts# nsupdate -k /etc/bind/rndc.key

> quit

root@olive:~/scripts#

If you want to do the updates non-interactively using a script, you can use for example a script like the one shown below. This script will add forward and reverse lookups to a dynamic DNS/DHCP setup for the ora73c10.urdomain1.com entry. The command takes the whole nsupdate set of commands, and pipes it to "nsupdate -k /etc/bind/rndc.key" as shown below.

root@olive:~# cat nsupdate_ora73c10_add.sh

echo "server 10.207.39.2

update add ora73c10.urdomain1.com 3600 IN A 10.207.39.10

send

update add 10.39.207.10.in-addr.arpa 3600 IN PTR ora73c10.urdomain1.com

send

quit

" | nsupdate -k /etc/bind/rndc.key

root@olive:~# cat nsupdate_ccbandb5_del.sh

echo "server 10.207.39.2

update delete 10.39.207.10.in-addr.arpa PTR

send

update delete ora73c10.urdomain1.com A

send

quit

" | nsupdate -k /etc/bind/rndc.key

root@olive:~#

Example of record delete

ubuntu@olive:~/Downloads$ sudo nsupdate -k /etc/bind/rndc.key

[sudo] password for ubuntu:

> server 10.207.29.2

> update delete mikonos.urdomain1.com. A

> send

> update delete 2.29.207.10.in-addr.arpa. PTR

> send

> quit

ubuntu@olive:~/Downloads$

Note: Updates take effect immediately and no restart of bind9 is needed.

Note: Recommend using the ip address of the nameserver instead of DNS name, e.g.

"server 10.207.39.2"

instead of

"server olive"