NSUpdate
nsupdate is a command-line utility that allows dynamic updates to DNS zones using the DNS UPDATE protocol defined in RFC 2136.
With the nsupdate method, you can update your domain's IP addresses or manage DNS records.
You can do the updates through the command line or by using a script which runs on a regular basis.
To use nsupdate, obtain the transaction signature's shared secret from the API Credentials area of the Control Panel.
The server api.dynu.com should be used for IP updates.
Below is an example where the IP update is performed through the command line for domain name test.mywire.org. The update server api.dynu.com auto-detects the IPv4 or IPv6 address from which the update originates. The key czNhTUdVY0E= should be replaced with the shared secret for your account.
Below is an example where the IP update is perform through the command line for domain name test.mywire.org. The IPv4 and IPv6 addresses are specified through the A and AAAA update records.
Below is a shell script which utilizes nsupdate to update the IPv4 and IPv6 addresses for domain name test.mywire.org.
The server ns1.dynu.com should be used manage DNS records. You can also not specify the server and it will default to ns1.dynu.com automatically.
Below is an example where a TXT record is added through the command line for domain name test.mywire.org. TXT records are commonly used for domain verification, SPF policies, DKIM keys and ACME DNS-01 challenges (for example, Let's Encrypt certificate issuance). The value of the TXT record must be enclosed in double quotes. Note that you do not need to specify the server name in this case, as nsupdate automatically looks up the SOA record of your domain and communicates directly with the authoritative DNS server to make changes to the DNS zone.
To add a TXT record to a sub-domain such as _acme-challenge.test.mywire.org (commonly required when using the ACME DNS-01 challenge to obtain SSL/TLS certificates), specify the fully qualified sub-domain as the owner name of the record.
To remove an existing TXT record, use the update delete command. This is useful when rotating verification tokens or cleaning up expired ACME challenge records. To replace the existing value, combine a delete followed by an add within the same update transaction before issuing send.
Below is a shell script which utilizes nsupdate to add a TXT record for domain name test.mywire.org. This pattern is often used by automated certificate issuance tools (such as certbot or acme.sh) to publish a DNS-01 challenge response.
For more information on free dynamic DNS update methodology or managing DNS records programmatically, you may refer to the IP Update Protocol and API page.
- IP Updates (API.DYNU.COM)
- Manage DNS records (NS1.DYNU.COM)
To use nsupdate, obtain the transaction signature's shared secret from the API Credentials area of the Control Panel.
IP Updates
The server api.dynu.com should be used for IP updates.
Below is an example where the IP update is performed through the command line for domain name test.mywire.org. The update server api.dynu.com auto-detects the IPv4 or IPv6 address from which the update originates. The key czNhTUdVY0E= should be replaced with the shared secret for your account.
# nsupdate
> server api.dynu.com
> zone test.mywire.org
> key hmac-sha256:test.mywire.org czNhTUdVY0E=
> send
Below is an example where the IP update is perform through the command line for domain name test.mywire.org. The IPv4 and IPv6 addresses are specified through the A and AAAA update records.
# nsupdate
> server api.dynu.com
> zone test.mywire.org
> update add test.mywire.org 180 A 93.151.158.15
> update add test.mywire.org 180 AAAA 2608:c07:3010::98
> key hmac-sha256:test.mywire.org czNhTUdVY0E=
> send
Below is a shell script which utilizes nsupdate to update the IPv4 and IPv6 addresses for domain name test.mywire.org.
#!/bin/sh
nsupdate <<EOF
server api.dynu.com
zone test.mywire.org
update add test.mywire.org 180 A 72.125.119.19
update add test.mywire.org 180 AAAA 2608:c07:3010::98
key hmac-sha256:test.mywire.org czNhTUdVY0E=
send
EOF
Manage DNS Records
The server ns1.dynu.com should be used manage DNS records. You can also not specify the server and it will default to ns1.dynu.com automatically.
Below is an example where a TXT record is added through the command line for domain name test.mywire.org. TXT records are commonly used for domain verification, SPF policies, DKIM keys and ACME DNS-01 challenges (for example, Let's Encrypt certificate issuance). The value of the TXT record must be enclosed in double quotes. Note that you do not need to specify the server name in this case, as nsupdate automatically looks up the SOA record of your domain and communicates directly with the authoritative DNS server to make changes to the DNS zone.
# nsupdate
> zone test.mywire.org
> update add test.mywire.org 180 TXT "v=spf1 include:_spf.dynu.com ~all"
> key hmac-sha256:test.mywire.org czNhTUdVY0E=
> send
To add a TXT record to a sub-domain such as _acme-challenge.test.mywire.org (commonly required when using the ACME DNS-01 challenge to obtain SSL/TLS certificates), specify the fully qualified sub-domain as the owner name of the record.
# nsupdate
> zone test.mywire.org
> update add _acme-challenge.test.mywire.org 180 TXT "LHDSfWqEdV-nFSKFIQxzYpY0qXG4dNBGh7oN1VTYhDE"
> key hmac-sha256:test.mywire.org czNhTUdVY0E=
> send
To remove an existing TXT record, use the update delete command. This is useful when rotating verification tokens or cleaning up expired ACME challenge records. To replace the existing value, combine a delete followed by an add within the same update transaction before issuing send.
# nsupdate
> zone test.mywire.org
> update delete _acme-challenge.test.mywire.org TXT
> update add _acme-challenge.test.mywire.org 180 TXT "new-verification-token-value"
> key hmac-sha256:test.mywire.org czNhTUdVY0E=
> send
Below is a shell script which utilizes nsupdate to add a TXT record for domain name test.mywire.org. This pattern is often used by automated certificate issuance tools (such as certbot or acme.sh) to publish a DNS-01 challenge response.
#!/bin/sh
nsupdate <<EOF
zone test.mywire.org
update delete _acme-challenge.test.mywire.org TXT
update add _acme-challenge.test.mywire.org 180 TXT "LHDSfWqEdV-nFSKFIQxzYpY0qXG4dNBGh7oN1VTYhDE"
key hmac-sha256:test.mywire.org czNhTUdVY0E=
send
EOF
For more information on free dynamic DNS update methodology or managing DNS records programmatically, you may refer to the IP Update Protocol and API page.
Custom
A1 Hybrid Box
Apple Airport
Arris
Bintec
BT Smart Hub
Cisco Router
Cudy AC1200
DD-WRT
D-Link DSR-250N
Dovado
DrayTek
E-Lins
Express VPN
HUAWEI HG 533/520v
HG8245/8045/8346M
FreeNAS
Fritzbox
IC Realtime
Maxis AC1200
Mikrotik
MultiTech
MOFI4500
Ooredoo
Open Wrt
OPNsense
pfSense
pfSense (IPv6)
QNAP
Raspberry Pi
Sagemcom
Synology NAS
Technicolor TG582n
Technicolor TG588
Technicolor TG789
TELTONIKA
Thomson TG585v7
Tomato USB
Tilgin
TP-Link ER605
TrueNAS
Ubiquiti EdgeRouter
WatchGuard Firebox
Windtre
ZTE
ZyWALL-USG50
Zyxel 5501
Zyxel-C1100Z
Zyxel VMG3925
Zyxel VMG3927-T50K