danectl-nsupdate - Adapt danectl DNS RR output for BIND9 nsupdate


  danectl rollover <cert-name> | danectl-nsupdate <ttl> | nsupdate
  danectl tlsa-check <cert-name> | danectl-nsupdate <ttl> | nsupdate
  danectl sshfp-check <hostname> | danectl-nsupdate <ttl> | nsupdate
  danectl -1 smimea-check <cert.pem> | danectl-nsupdate <ttl> | nsupdate
  danectl -1 openpgpkey-check <email> | danectl-nsupdate <ttl> | nsupdate


danectl-nsupdate is an output adapter for danectl(1). Certain danectl(1) commands (see the examples above) produce output that indicates DNS RRs that need to be removed or added to the DNS.

This adapter is a filter that accepts that output from danectl(1), and produces the corresponding input for nsupdate(1) to implement the indicated changes via dynamic DNS updates.

There are many ways to implement changes to the DNS. danectl currently provides two adapters for this purpose. Contributions of more adapters would be welcomed.


The multi-line danectl(1) output for SMIMEA and OPENPGPKEY DNS RRs is not supported. The single-line output must be used (see the examples above).


danectl(1), nsupdate(1), danectl-zonefile(1).


raf <>