Skip to content
create nsupdate script from zone file differences
Branch: master
Clone or download
Latest commit 5d56f91 Jan 30, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore gitignore doc build files Nov 26, 2017
nsdiff nsdiff-1.77 Jan 29, 2019



create an "nsupdate" script from DNS zone file differences

The nsdiff program examines the old and new versions of a DNS zone, and outputs the differences as a script for use by BIND's nsupdate program. It provides a bridge between static zone files and dynamic updates.

The nspatch script is a wrapper around `nsdiff | nsupdate` that checks and reports errors in a manner suitable for running from cron.

The nsvi script makes it easy to edit a dynamic zone.

    I've fallen in <3 with nsdiff/nsvi - JP Mens

If you use BIND 9.7 or 9.8, you can use nsdiff as an alternative to the DNSSEC inline-signing feature which appeared in BIND 9.9. The server updates the DNSSEC records dynamically, but you can continue to manage the unsigned static zone file as before and use `nsdiff | nsupdate` to push changes to the server.

There are other situations where you have a zone which is partly dynamic and partly static, for example, a reverse DNS zone mostly updated by a DHCP server, which also has a few static entries. You can use nsdiff to update the static part of the zone.


To run nsdiff you need perl-5.10 or newer, and BIND version 9.7 or newer, specifically the dig, named-compilezone, and nsupdate utilities.



The nsdiff homepage is

Read the nsdiff manual:

Read the nspatch manual:

Read the nsvi manual:


Download the bare nsdiff perl source:

Download the full source archives:

Source repositories

You can clone or browse the repository from:


Please send bug reports or patches to me at <>.

You may do anything with nsdiff. It has no warranty.

You can’t perform that action at this time.