dudders — update DNS record


dudders [-t] [-k PRIVKEY] [-n KEYNAME] [-m MNAME] [-z ZONE] DOMAIN TTL ADDRESS


Perform a DNS update request to set DOMAIN's A record to ADDRESS, with TTL seconds to live, overwriting any previous A records for the domain in the Internet class. An RSA private key is loaded from standard input, or from the file PRIVKEY. The update is sent to the zone's master server, and authenticated with SIG(0) using the private key's signature.

If the filename PRIVKEY is provided and it is in the dnssec-keygen(8) format, the keyname can be inferred from the filename. Otherwise, the keyname must be provided via the KEYNAME option.

The MNAME and ZONE options can be used to override the authority for testing purposes. If either of these options are not specified, the leading labels are stripped away from DOMAIN until an SOA record is found, and the missing values are filled from the SOA response.

The private key must be in the format generated by dnssec-keygen(8) using the "-a RSAMD5" option. The reference key format uses colon-separated key value pairs and base64-encoded unsigned multiprecision integer key components.


The dudders utility exits with 0 iff the server reports that the update was successful.

A DNS Server Failure error may indicate that PRIVKEY is not authorised for signing transactions for DOMAIN, or that the master server does not support the update protocol.



Send update message over TCP (default is UDP).


Look in the file PRIVKEY for the private key.


Use the fully qualified domain name KEYNAME to identify the key.


Assume the (authoritative) master server is the domain name MNAME.


Assume that the fully qualified domain name ZONE is authoritative for DOMAIN.


Output a brief help message and exit.


Output version information and exit.


Wildcards are not supported for DOMAIN.

Only RSA/MD5 keys/signatures are supported.

Only A records within the Internet class are supported.



dudders and its manual page were written by Dean Scarff.

Report bugs to <>.