However with this option, nsdiff does not correctly handle records that only differ in case. It is sometimes necessary to take manual control over a zone's DNSKEY RRset, for instance to include a foreign DNSKEY records during migration to or from another hosting provider.If you use this option your un-signed zone file should include the complete DNSKEY RRset; if not, nsdiff will try to delete the DNSKEY records.The nsdiff program bridges the gap between the two operational styles.
Normally named will reject the update, unless the zone is configured with the dnssec-secure-to-insecure option. By default, nsdiff strips out DNSSEC RRs (except for DS) before comparing zones.You can exclude irrelevant changes from the diff by supplying a regex that matches the unwanted RRs.Transfer the new version of the zone from the server given in this option, for example, a back-end hidden master server.You can specify the server host name or IP address, optionally followed by a "#" and the port number.There is still a small risk of clients not seeing a change applied atomically when that matters (e.g.
altering an MX and creating the new target in the same transaction).
Choose the SOA serial number update mode: the default master takes the serial number from the new input zone; date uses a number of the form YYYYMMDDnn and allows for up to 100 updates per day; serial just increments the serial number in the old input zone; unix uses the UNIX "seconds since the epoch" value.
You can also specify an explicit serial number value.
Say all the static equipment has IP addresses between 192.0.2.250 and 192.0.2.255, then you can run the command pipeline: By default nsdiff does not maintain the transactional semantics of native DNS update requests when the diff is big: it applies large changes in multiple update requests.
To minimise the problems this may cause, nsdiff ensures each domain name's changes are all in the same update request.
The input files are typically in standard DNS master file format.