# Configuring RFC2136 provider

## Server credentials:
- RFC2136 was developed for and tested with [BIND](https://www.isc.org/downloads/bind/) DNS server. 
Next is assuming that you already have configured and working server, other way please check first BIND documents or tutorials.
- So you should obtain from your administrators TSIG key. It will look like:
```text
key "externaldns-key" {
	algorithm hmac-sha256;
	secret "XXXXXXXXXXXXXXXXXXXXXX==";
};
```
- `Warning!` Bind server configuration should enable for this key AFXR zone transfer protocol. It is used for listing DNS records.

## RFC2136 provider configuration:
- Example fragment of real configuration of ExternalDNS service pod.

```text
...
        - --provider=rfc2136
        - --rfc2136-host=123.123.123.123
        - --rfc2136-port=53
        - --rfc2136-zone=your-domain.com
        - --rfc2136-tsig-secret=${rfc2136_tsig_secret}
        - --rfc2136-tsig-secret-alg=hmac-sha256
        - --rfc2136-tsig-keyname=externaldns-key
        - --rfc2136-tsig-axfr
...
```
- `rfc2136_tsig_secret` - environment variable containing actual secret value from TSIG key. Something like `XXXXXXXXXXXXXXXXXXXXXX==`.
- `rfc2136-tsig-keyname` - this is string parameter with secret key name it is should `MATCH!` with server key name. In example it is `externaldns-key`.