Table of Contents

• What is ncl?
• looking up the names
• updating the names
• list of options

What is ncl?

ncl stands for name client or newbie client. ncl acts as client of DNS. Of course, we have good name lookup tool like nslookup, dig, or other, but it has several special ability with newbie.

One of these ability is IPv6 communication. If you write IPv6 address in res_core.confnotyet, and enabled USE_IPV6 option on config.h, ncl transmits query over IP version 6.

Another ability is name update. ncl can make simple name update with simple command. ncl also provide a tiny shared-key signature for these update.

To use ncl, just type in `ncl' on your command line. It will appear in a second as following.

% ncl
ncl: Interactive mode
Type '?' for help
Type 'exit' to exit
ncl> 

`ncl>' is the prompt. You can type in several command here to lookup or update name database.

looking up the names

To lookup name database, type `search [domainname] [rtype]' It looks up the record specified with [domainname] and [rtype]. If [rtype] omitted, A record will be looked up. `?' could be used instead of `search'.

Output will be like following.

ncl> ? bono.sfc.wide.ad.jp.
id = 44834      flags = QR AA RA
opcode = 0 /  rcode = 0
; Answers
bono.sfc.wide.ad.jp.    10800   IN      A       203.178.140.101
; name servers
sfc.wide.ad.jp. 10800   IN      NS      shonan.sfc.wide.ad.jp.
sfc.wide.ad.jp. 10800   IN      NS      endo.wide.ad.jp.
; additional records
shonan.sfc.wide.ad.jp.  10800   IN      A       203.178.139.86
shonan.sfc.wide.ad.jp.  10800   IN      A       203.178.139.227
shonan.sfc.wide.ad.jp.  10800   IN      A       203.178.140.7
endo.wide.ad.jp.        3600    IN      AAAA    3ffe:0501:1000:0000:0000:0000:0000:0002
endo.wide.ad.jp.        3600    IN      A       203.178.137.71
ncl> 

For those who aren't familiar with DNS, it will be really unfriendly. I apologize for it and recommend `nslookup' instead.

updating the names

Updating record, in specification, has many variations and folks who aren't name wizards will panic on this. Actually I don't use such variations for updating, I simplified it on ncl command.

You can do only one of two actions at once. Adding a record, or deleting a record. You may set prerequisite optionally.

To do such updating, there's only two commands. These are `add' and `del', with following syntax.

add [domainname] [ttl] [type] [rdata]
del [domainname] [type] [rdata]

They are very similar to add and del commands in nconsole.

You can prepend `+' sign and ncl acts like TTL in nconsole does. But if target server isn't newbie, it won't work and the record will show up with very large TTL over 28 years. It's really catastrophic, please take care.

You can omit [type] and [rdata] argument of `del' command in same manner. You may use `+' instead of `add', and `-' instead of `del'.

Difference is how does update performed. Because ncl command is not connected to name server directly, it sends UPDATE message to corresponding name server. If target zone or nameserver is `static' or `protected by shared key', the update will fail and response code will be other than 0. ncl command can't update out-of-zone(glue) records.

For updating, ncl doesn't respond friendly. It only prints result code of update message. What you must remember is 0 is an successful result, and non-zero is failure. Here's definition of response code.

0 : no error
1 : format error
2 : internal server error
3 : name does not exist
4 : not implimented
5 : refused
6 : request domain exists
7 : request rrset exists
8 : request rrset does not exist
9 : non-authorative zone
10 : out of zone

list of options

You may set series of options by typing `set [optionlabel]=[value]' or just `$ [optionlabel]=[value]'. Whitespace is not allowed around `='(equal) character, for example

ncl> set prereq=dext

is valid but

ncl> set prereq = dext

is invalid.

ncl currently accepts these options.

type

`type' option takes resource type like A, MX, AAAA... and set it as default resource type during name lookup.

ttl

'ttl' option takes number as default TTL of added record. This also accepts time notation like `4H'(4 hours), `2D15H' (2 days and 15 hours) and so on.

prereq

`prereq' option takes an string and make it a prerequisite of update. If prerequisite doesn't match with current name database, name server rejects update request. Possible values for `prereq' options are below.

• dext(target domain name exists)
• dnext(target domain name dos not exist)
• rrexti(target resource record type exists -- value independent)
• rrextd(target resource record type exists -- value dependent)
• rrnext(target resource record type does not exists)

authkey

`authkey' option specifies the shared key file used to authorize dynamic update. The key must be created with `newkey' command and configured with newbie.

If the target zone is protected by some key, and you have same key file which is used by name server, you can update the name database. With shared key, name server checks the sigunature added on update message. It mean name server checks if update requestor knows the shared key which name server knows.

Usually, shared key is a secret and who know the secret is allience, name server allow update of name database only if the update message has correct signature.

For example, if you have update secret key in the file `foo.secret', you may type like following to use this secret as shared key.

set authfile=foo.secret

Then, your update request during this session of ncl is signed by that shared secret.