create an "nsupdate" script from DNS zone file differences
The nsdiff program examines the old and new versions of a DNS zone, and outputs the differences as a script for use by BIND's nsupdate program. It provides a bridge between static zone files and dynamic updates.
The nspatch script is a wrapper around
`nsdiff | nsupdate` that checks and reports errors in a manner suitable for running from cron.
The nsvi script makes it easy to edit a dynamic zone.
I've fallen in <3 with nsdiff/nsvi - JP Mens
If you use BIND 9.7 or 9.8, you can use nsdiff as an alternative to the DNSSEC
inline-signing feature which appeared in BIND 9.9. The server updates the DNSSEC records dynamically, but you can continue to manage the unsigned static zone file as before and use
`nsdiff | nsupdate` to push changes to the server.
There are other situations where you have a zone which is partly dynamic and partly static, for example, a reverse DNS zone mostly updated by a DHCP server, which also has a few static entries. You can use nsdiff to update the static part of the zone.
To run nsdiff you need perl-5.10 or newer, and BIND version 9.7 or newer, specifically the dig, named-compilezone, and nsupdate utilities.
The nsdiff homepage is https://dotat.at/prog/nsdiff/
Read the nsdiff manual: https://dotat.at/prog/nsdiff/nsdiff.html
Read the nspatch manual: https://dotat.at/prog/nsdiff/nspatch.html
Read the nsvi manual: https://dotat.at/prog/nsdiff/nsvi.html
Download the bare nsdiff perl source: https://dotat.at/prog/nsdiff/nsdiff
Download the full source archives:
- Source repositories
You can clone or browse the repository from:
Please send bug reports or patches to me at <email@example.com>.
You may do anything with nsdiff. It has no warranty. https://creativecommons.org/publicdomain/zero/1.0/