Why does nsupdate fail with "operation canceled"?

Question

I'm trying to dynamically update a DNS server using nsupdate, running nsupdate -k mykey.private -d -v ./my-nsupdate-commands.txt.

But I get the error:

Communication with 192.0.2.0#53 failed: operation canceled

In which cases can nsupdate result in operation canceled?

Full output:

Creating key...
Sending update to 192.0.2.0#53
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  47216
;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 2, ADDITIONAL: 1
;; ZONE SECTION:
;example.com.        IN  SOA

;; UPDATE SECTION:
mydomain.example.com.    0 ANY A 
mydomain.example.com.    61  IN  A 212.51.139.142

;; TSIG PSEUDOSECTION:
mydomain.example.com.    0 ANY TSIG  hmac-sha512. 1623020003 300 64 ... ... 47216 NOERROR 0 

; Communication with 192.0.2.0#53 failed: operation canceled

nh2 · Accepted Answer · 2022-02-22T22:56:18.403

1

The target server's firewall may be blocking TCP port 53.

Even though DNS usually uses UDP, nsupdate sometimes needs TCP; see man nsupdate:

By default, nsupdate uses UDP to send update requests to the name server unless they are too large to fit in a UDP request, in which case TCP is used.

edited Feb 22 '22 at 22:56

answered Jun 06 '21 at 23:04

nh2

818
3
11
21

1

« `nsupdate` sometimes needs UDP » — did you mean to say TCP here? – Alexis Wilke Feb 20 '22 at 23:31

Why does nsupdate fail with "operation canceled"?

1 Answers1