mirrors/external-dns
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/external-dns.git synced 2025-08-12 12:36:57 +02:00
Code Issues Packages Projects Releases Wiki Activity
gh-pages
external-dns/v0.18.0/docs/tutorials/rfc2136/index.html

4061 lines
113 KiB
HTML
Raw Permalink Blame History

<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="author" content="external-dns maintainers">
<link rel="prev" href="../plural/">
<link rel="next" href="../scaleway/">
<link rel="icon" href="../../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.5.17">
<title>RFC2136 provider - external-dns</title>
<link rel="stylesheet" href="../../../assets/stylesheets/main.bcfcd587.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
<script>__md_scope=new URL("../../..",location),__md_hash=e=>[...e].reduce((e,_)=>(e<<5)-e+_.charCodeAt(0),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
</head>
<body dir="ltr">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#rfc2136-provider" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<div data-md-color-scheme="default" data-md-component="outdated" hidden>
</div>
<header class="md-header md-header--shadow md-header--lifted" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href="../../.." title="external-dns" class="md-header__button md-logo" aria-label="external-dns" data-md-component="logo">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54Z"/></svg>
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
external-dns
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
RFC2136 provider
</span>
</div>
</div>
</div>
<script>var media,input,key,value,palette=__md_get("__palette");if(palette&&palette.color){"(prefers-color-scheme)"===palette.color.media&&(media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']"),palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent"));for([key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41Z"/></svg>
</button>
</nav>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header__source">
<a href="https://github.com/kubernetes-sigs/external-dns/" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.5.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2023 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
</div>
<div class="md-source__repository">
kubernetes-sigs/external-dns
</div>
</a>
</div>
</nav>
<nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
<div class="md-grid">
<ul class="md-tabs__list">
<li class="md-tabs__item">
<a href="../../.." class="md-tabs__link">
Home
</a>
</li>
<li class="md-tabs__item">
<a href="../../../charts/external-dns/" class="md-tabs__link">
Chart
</a>
</li>
<li class="md-tabs__item">
<a href="../../faq/" class="md-tabs__link">
About
</a>
</li>
<li class="md-tabs__item md-tabs__item--active">
<a href="../akamai-edgedns/" class="md-tabs__link">
Tutorials
</a>
</li>
<li class="md-tabs__item">
<a href="../../annotations/annotations/" class="md-tabs__link">
Annotations
</a>
</li>
<li class="md-tabs__item">
<a href="../../sources/about/" class="md-tabs__link">
Sources
</a>
</li>
<li class="md-tabs__item">
<a href="../../registry/registry/" class="md-tabs__link">
Registries
</a>
</li>
<li class="md-tabs__item">
<a href="../../initial-design/" class="md-tabs__link">
Advanced Topics
</a>
</li>
<li class="md-tabs__item">
<a href="../../../CONTRIBUTING/" class="md-tabs__link">
Contributing
</a>
</li>
</ul>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="../../.." title="external-dns" class="md-nav__button md-logo" aria-label="external-dns" data-md-component="logo">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54Z"/></svg>
</a>
external-dns
</label>
<div class="md-nav__source">
<a href="https://github.com/kubernetes-sigs/external-dns/" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.5.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2023 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg>
</div>
<div class="md-source__repository">
kubernetes-sigs/external-dns
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../.." class="md-nav__link">
<span class="md-ellipsis">
Home
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" >
<div class="md-nav__link md-nav__container">
<a href="../../../charts/external-dns/" class="md-nav__link ">
<span class="md-ellipsis">
Chart
</span>
</a>
<label class="md-nav__link " for="__nav_2" id="__nav_2_label" tabindex="0">
<span class="md-nav__icon md-icon"></span>
</label>
</div>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_2">
<span class="md-nav__icon md-icon"></span>
Chart
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../charts/external-dns/CHANGELOG/" class="md-nav__link">
<span class="md-ellipsis">
Changelog
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" >
<label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="0">
<span class="md-ellipsis">
About
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3">
<span class="md-nav__icon md-icon"></span>
About
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../faq/" class="md-nav__link">
<span class="md-ellipsis">
FAQ
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../flags/" class="md-nav__link">
<span class="md-ellipsis">
Flags
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../20190708-external-dns-incubator/" class="md-nav__link">
<span class="md-ellipsis">
Out of Incubator
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../code-of-conduct/" class="md-nav__link">
<span class="md-ellipsis">
Code of Conduct
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../LICENSE/" class="md-nav__link">
<span class="md-ellipsis">
License
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../providers/" class="md-nav__link">
<span class="md-ellipsis">
Providers
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4" checked>
<label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="">
<span class="md-ellipsis">
Tutorials
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_4">
<span class="md-nav__icon md-icon"></span>
Tutorials
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../akamai-edgedns/" class="md-nav__link">
<span class="md-ellipsis">
Akamai Edge DNS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../alibabacloud/" class="md-nav__link">
<span class="md-ellipsis">
Alibaba Cloud
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../aws-filters/" class="md-nav__link">
<span class="md-ellipsis">
AWS Filters
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../aws-load-balancer-controller/" class="md-nav__link">
<span class="md-ellipsis">
AWS Load Balancer Controller
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../aws-public-private-route53/" class="md-nav__link">
<span class="md-ellipsis">
AWS Route53 with same domain for public and private zones
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../aws-sd/" class="md-nav__link">
<span class="md-ellipsis">
AWS Cloud Map API
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../aws/" class="md-nav__link">
<span class="md-ellipsis">
AWS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../azure-private-dns/" class="md-nav__link">
<span class="md-ellipsis">
Azure Private DNS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../azure/" class="md-nav__link">
<span class="md-ellipsis">
Azure DNS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../civo/" class="md-nav__link">
<span class="md-ellipsis">
Civo DNS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../cloudflare/" class="md-nav__link">
<span class="md-ellipsis">
Cloudflare DNS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../contour/" class="md-nav__link">
<span class="md-ellipsis">
Contour HTTPProxy
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../coredns/" class="md-nav__link">
<span class="md-ellipsis">
CoreDNS with minikube
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../crd/" class="md-nav__link">
<span class="md-ellipsis">
Using CRD Source for DNS Records
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../digitalocean/" class="md-nav__link">
<span class="md-ellipsis">
DigitalOcean DNS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../dnsimple/" class="md-nav__link">
<span class="md-ellipsis">
DNSimple
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../exoscale/" class="md-nav__link">
<span class="md-ellipsis">
Exoscale
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../externalname/" class="md-nav__link">
<span class="md-ellipsis">
ExternalName Services
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../gandi/" class="md-nav__link">
<span class="md-ellipsis">
Gandi
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../gke-nginx/" class="md-nav__link">
<span class="md-ellipsis">
GKE with nginx-ingress-controller
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../gke/" class="md-nav__link">
<span class="md-ellipsis">
GKE with default controller
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../godaddy/" class="md-nav__link">
<span class="md-ellipsis">
GoDaddy
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../hostport/" class="md-nav__link">
<span class="md-ellipsis">
Headless Services
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../ionoscloud/" class="md-nav__link">
<span class="md-ellipsis">
IONOS Cloud
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../kops-dns-controller/" class="md-nav__link">
<span class="md-ellipsis">
kOps dns-controller
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../kube-ingress-aws/" class="md-nav__link">
<span class="md-ellipsis">
kube-ingress-aws-controller
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../linode/" class="md-nav__link">
<span class="md-ellipsis">
Linode
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../ns1/" class="md-nav__link">
<span class="md-ellipsis">
NS1
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../oracle/" class="md-nav__link">
<span class="md-ellipsis">
Oracle Cloud Infrastructure
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../ovh/" class="md-nav__link">
<span class="md-ellipsis">
OVHcloud
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../pdns/" class="md-nav__link">
<span class="md-ellipsis">
PowerDNS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../pihole/" class="md-nav__link">
<span class="md-ellipsis">
Pi-hole
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../plural/" class="md-nav__link">
<span class="md-ellipsis">
Plural
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
<span class="md-ellipsis">
RFC2136 provider
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
<span class="md-ellipsis">
RFC2136 provider
</span>
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#using-with-bind" class="md-nav__link">
<span class="md-ellipsis">
Using with BIND
</span>
</a>
<nav class="md-nav" aria-label="Using with BIND">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#server-credentials" class="md-nav__link">
<span class="md-ellipsis">
Server credentials
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#bind-configuration" class="md-nav__link">
<span class="md-ellipsis">
BIND Configuration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#using-external-dns" class="md-nav__link">
<span class="md-ellipsis">
Using external-dns
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#custom-ttl" class="md-nav__link">
<span class="md-ellipsis">
Custom TTL
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#generate-reverse-dns-records" class="md-nav__link">
<span class="md-ellipsis">
Generate reverse DNS records
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#test-with-external-dns-installed-on-local-machine-optional" class="md-nav__link">
<span class="md-ellipsis">
Test with external-dns installed on local machine (optional)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#rfc2136-provider-configuration" class="md-nav__link">
<span class="md-ellipsis">
RFC2136 provider configuration
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#microsoft-dns" class="md-nav__link">
<span class="md-ellipsis">
Microsoft DNS
</span>
</a>
<nav class="md-nav" aria-label="Microsoft DNS">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#secure-updates-using-rfc3645-gss-tsig" class="md-nav__link">
<span class="md-ellipsis">
Secure Updates Using RFC3645 (GSS-TSIG)
</span>
</a>
<nav class="md-nav" aria-label="Secure Updates Using RFC3645 (GSS-TSIG)">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#dns-side-configuration" class="md-nav__link">
<span class="md-ellipsis">
DNS-side configuration
</span>
</a>
<nav class="md-nav" aria-label="DNS-side configuration">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#kerberos-configuration" class="md-nav__link">
<span class="md-ellipsis">
Kerberos Configuration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#external-dns-configuration" class="md-nav__link">
<span class="md-ellipsis">
external-dns configuration
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#insecure-updates" class="md-nav__link">
<span class="md-ellipsis">
Insecure Updates
</span>
</a>
<nav class="md-nav" aria-label="Insecure Updates">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#dns-side-configuration_1" class="md-nav__link">
<span class="md-ellipsis">
DNS-side configuration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#external-dns-configuration_1" class="md-nav__link">
<span class="md-ellipsis">
external-dns configuration
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#dns-over-tls-rfcs-7858-and-9103" class="md-nav__link">
<span class="md-ellipsis">
DNS Over TLS (RFCs 7858 and 9103)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#configuring-rfc2136-provider-with-multiple-hosts-and-load-balancing" class="md-nav__link">
<span class="md-ellipsis">
Configuring RFC2136 Provider with Multiple Hosts and Load Balancing
</span>
</a>
<nav class="md-nav" aria-label="Configuring RFC2136 Provider with Multiple Hosts and Load Balancing">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#enhancements-overview" class="md-nav__link">
<span class="md-ellipsis">
Enhancements Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#configuration-steps" class="md-nav__link">
<span class="md-ellipsis">
Configuration Steps
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example-configuration" class="md-nav__link">
<span class="md-ellipsis">
Example Configuration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#helm" class="md-nav__link">
<span class="md-ellipsis">
Helm
</span>
</a>
<nav class="md-nav" aria-label="Helm">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#secret-creation" class="md-nav__link">
<span class="md-ellipsis">
Secret creation
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#benefits" class="md-nav__link">
<span class="md-ellipsis">
Benefits
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../scaleway/" class="md-nav__link">
<span class="md-ellipsis">
Scaleway
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../security-context/" class="md-nav__link">
<span class="md-ellipsis">
Running ExternalDNS with limited privileges
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../transip/" class="md-nav__link">
<span class="md-ellipsis">
TransIP
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../webhook-provider/" class="md-nav__link">
<span class="md-ellipsis">
Webhook provider
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5" >
<label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="0">
<span class="md-ellipsis">
Annotations
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5">
<span class="md-nav__icon md-icon"></span>
Annotations
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../annotations/annotations/" class="md-nav__link">
<span class="md-ellipsis">
About
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_6" >
<label class="md-nav__link" for="__nav_6" id="__nav_6_label" tabindex="0">
<span class="md-ellipsis">
Sources
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_6_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_6">
<span class="md-nav__icon md-icon"></span>
Sources
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../sources/about/" class="md-nav__link">
<span class="md-ellipsis">
About
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../sources/crd/" class="md-nav__link">
<span class="md-ellipsis">
CRD Source
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../sources/f5-transportserver/" class="md-nav__link">
<span class="md-ellipsis">
F5 Networks TransportServer Source
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../sources/f5-virtualserver/" class="md-nav__link">
<span class="md-ellipsis">
F5 Networks VirtualServer Source
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../sources/gateway-api/" class="md-nav__link">
<span class="md-ellipsis">
Gateway API Route Sources
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../sources/gateway/" class="md-nav__link">
<span class="md-ellipsis">
Gateway sources
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../sources/gloo-proxy/" class="md-nav__link">
<span class="md-ellipsis">
Gloo Proxy Source
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../sources/ingress/" class="md-nav__link">
<span class="md-ellipsis">
Ingress source
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../sources/istio/" class="md-nav__link">
<span class="md-ellipsis">
Istio Gateway / Virtual Service Source
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../sources/kong/" class="md-nav__link">
<span class="md-ellipsis">
Kong TCPIngress Source
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../sources/mx-record/" class="md-nav__link">
<span class="md-ellipsis">
MX record with CRD source
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../sources/nodes/" class="md-nav__link">
<span class="md-ellipsis">
Cluster Nodes as Source
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../sources/ns-record/" class="md-nav__link">
<span class="md-ellipsis">
NS record with CRD source
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../sources/openshift/" class="md-nav__link">
<span class="md-ellipsis">
OpenShift Route Source
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../sources/pod/" class="md-nav__link">
<span class="md-ellipsis">
Pod Source
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../sources/service/" class="md-nav__link">
<span class="md-ellipsis">
Service source
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../sources/traefik-proxy/" class="md-nav__link">
<span class="md-ellipsis">
Traefik Proxy Source
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../sources/txt-record/" class="md-nav__link">
<span class="md-ellipsis">
Creating TXT record with CRD source
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_7" >
<label class="md-nav__link" for="__nav_7" id="__nav_7_label" tabindex="0">
<span class="md-ellipsis">
Registries
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_7_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_7">
<span class="md-nav__icon md-icon"></span>
Registries
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../registry/registry/" class="md-nav__link">
<span class="md-ellipsis">
About
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../registry/txt/" class="md-nav__link">
<span class="md-ellipsis">
TXT
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../registry/dynamodb/" class="md-nav__link">
<span class="md-ellipsis">
DynamoDB
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_8" >
<label class="md-nav__link" for="__nav_8" id="__nav_8_label" tabindex="0">
<span class="md-ellipsis">
Advanced Topics
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_8_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_8">
<span class="md-nav__icon md-icon"></span>
Advanced Topics
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../initial-design/" class="md-nav__link">
<span class="md-ellipsis">
Initial Design
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../proposal/001-leader-election/" class="md-nav__link">
<span class="md-ellipsis">
Leader Election
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_8_3" >
<div class="md-nav__link md-nav__container">
<a href="../../monitoring/" class="md-nav__link ">
<span class="md-ellipsis">
Monitoring
</span>
</a>
<label class="md-nav__link " for="__nav_8_3" id="__nav_8_3_label" tabindex="0">
<span class="md-nav__icon md-icon"></span>
</label>
</div>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_8_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_8_3">
<span class="md-nav__icon md-icon"></span>
Monitoring
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../monitoring/metrics/" class="md-nav__link">
<span class="md-ellipsis">
Available Metrics
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../proposal/multi-target/" class="md-nav__link">
<span class="md-ellipsis">
MultiTarget
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../advanced/nat64/" class="md-nav__link">
<span class="md-ellipsis">
NAT64
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../advanced/rate-limits/" class="md-nav__link">
<span class="md-ellipsis">
Rate Limits
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../advanced/ttl/" class="md-nav__link">
<span class="md-ellipsis">
TTL
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../advanced/fqdn-templating/" class="md-nav__link">
<span class="md-ellipsis">
FQDN Templating
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_8_9" >
<label class="md-nav__link" for="__nav_8_9" id="__nav_8_9_label" tabindex="0">
<span class="md-ellipsis">
Decisions
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_8_9_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_8_9">
<span class="md-nav__icon md-icon"></span>
Decisions
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../proposal/002-internal-ipv6-handling-rollback/" class="md-nav__link">
<span class="md-ellipsis">
002 internal ipv6 handling rollback
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../proposal/003-dnsendpoint-graduation-to-beta/" class="md-nav__link">
<span class="md-ellipsis">
003 dnsendpoint graduation to beta
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_9" >
<div class="md-nav__link md-nav__container">
<a href="../../contributing/" class="md-nav__link ">
<span class="md-ellipsis">
Contributing
</span>
</a>
<label class="md-nav__link " for="__nav_9" id="__nav_9_label" tabindex="0">
<span class="md-nav__icon md-icon"></span>
</label>
</div>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_9_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_9">
<span class="md-nav__icon md-icon"></span>
Contributing
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../CONTRIBUTING/" class="md-nav__link">
<span class="md-ellipsis">
Kubernetes Contributions
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../release/" class="md-nav__link">
<span class="md-ellipsis">
Release
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../deprecation/" class="md-nav__link">
<span class="md-ellipsis">
Deprecation Policy
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../contributing/chart/" class="md-nav__link">
<span class="md-ellipsis">
Helm Chart
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../contributing/design/" class="md-nav__link">
<span class="md-ellipsis">
Design
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../contributing/dev-guide/" class="md-nav__link">
<span class="md-ellipsis">
Developer Reference
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../contributing/sources-and-providers/" class="md-nav__link">
<span class="md-ellipsis">
Sources and Providers
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#using-with-bind" class="md-nav__link">
<span class="md-ellipsis">
Using with BIND
</span>
</a>
<nav class="md-nav" aria-label="Using with BIND">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#server-credentials" class="md-nav__link">
<span class="md-ellipsis">
Server credentials
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#bind-configuration" class="md-nav__link">
<span class="md-ellipsis">
BIND Configuration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#using-external-dns" class="md-nav__link">
<span class="md-ellipsis">
Using external-dns
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#custom-ttl" class="md-nav__link">
<span class="md-ellipsis">
Custom TTL
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#generate-reverse-dns-records" class="md-nav__link">
<span class="md-ellipsis">
Generate reverse DNS records
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#test-with-external-dns-installed-on-local-machine-optional" class="md-nav__link">
<span class="md-ellipsis">
Test with external-dns installed on local machine (optional)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#rfc2136-provider-configuration" class="md-nav__link">
<span class="md-ellipsis">
RFC2136 provider configuration
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#microsoft-dns" class="md-nav__link">
<span class="md-ellipsis">
Microsoft DNS
</span>
</a>
<nav class="md-nav" aria-label="Microsoft DNS">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#secure-updates-using-rfc3645-gss-tsig" class="md-nav__link">
<span class="md-ellipsis">
Secure Updates Using RFC3645 (GSS-TSIG)
</span>
</a>
<nav class="md-nav" aria-label="Secure Updates Using RFC3645 (GSS-TSIG)">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#dns-side-configuration" class="md-nav__link">
<span class="md-ellipsis">
DNS-side configuration
</span>
</a>
<nav class="md-nav" aria-label="DNS-side configuration">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#kerberos-configuration" class="md-nav__link">
<span class="md-ellipsis">
Kerberos Configuration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#external-dns-configuration" class="md-nav__link">
<span class="md-ellipsis">
external-dns configuration
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#insecure-updates" class="md-nav__link">
<span class="md-ellipsis">
Insecure Updates
</span>
</a>
<nav class="md-nav" aria-label="Insecure Updates">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#dns-side-configuration_1" class="md-nav__link">
<span class="md-ellipsis">
DNS-side configuration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#external-dns-configuration_1" class="md-nav__link">
<span class="md-ellipsis">
external-dns configuration
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#dns-over-tls-rfcs-7858-and-9103" class="md-nav__link">
<span class="md-ellipsis">
DNS Over TLS (RFCs 7858 and 9103)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#configuring-rfc2136-provider-with-multiple-hosts-and-load-balancing" class="md-nav__link">
<span class="md-ellipsis">
Configuring RFC2136 Provider with Multiple Hosts and Load Balancing
</span>
</a>
<nav class="md-nav" aria-label="Configuring RFC2136 Provider with Multiple Hosts and Load Balancing">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#enhancements-overview" class="md-nav__link">
<span class="md-ellipsis">
Enhancements Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#configuration-steps" class="md-nav__link">
<span class="md-ellipsis">
Configuration Steps
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#example-configuration" class="md-nav__link">
<span class="md-ellipsis">
Example Configuration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#helm" class="md-nav__link">
<span class="md-ellipsis">
Helm
</span>
</a>
<nav class="md-nav" aria-label="Helm">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#secret-creation" class="md-nav__link">
<span class="md-ellipsis">
Secret creation
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#benefits" class="md-nav__link">
<span class="md-ellipsis">
Benefits
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<h1 id="rfc2136-provider">RFC2136 provider<a class="headerlink" href="#rfc2136-provider" title="Permanent link">&para;</a></h1>
<p>This tutorial describes how to use the RFC2136 with either BIND or Windows DNS.</p>
<h2 id="using-with-bind">Using with BIND<a class="headerlink" href="#using-with-bind" title="Permanent link">&para;</a></h2>
<p>To use external-dns with BIND: generate/procure a key, configure DNS and add a<br />
deployment of external-dns.</p>
<h3 id="server-credentials">Server credentials<a class="headerlink" href="#server-credentials" title="Permanent link">&para;</a></h3>
<ul>
<li>RFC2136 was developed for and tested with <a href="https://www.isc.org/downloads/bind/">BIND</a> DNS server.<br />
This documentation assumes that you already have a configured and working server. If you don&rsquo;t,<br />
please check BIND documents or tutorials.</li>
<li>If your DNS is provided for you, ask for a TSIG key authorized to update and<br />
transfer the zone you wish to update. The key will look something like below.<br />
Skip the next steps wrt BIND setup.</li>
</ul>
<div class="highlight"><pre><span></span><code><a id="__codelineno-0-1" name="__codelineno-0-1" href="#__codelineno-0-1"></a>key &quot;externaldns-key&quot; {
<a id="__codelineno-0-2" name="__codelineno-0-2" href="#__codelineno-0-2"></a> algorithm hmac-sha256;
<a id="__codelineno-0-3" name="__codelineno-0-3" href="#__codelineno-0-3"></a> secret &quot;96Ah/a2g0/nLeFGK+d/0tzQcccf9hCEIy34PoXX2Qg8=&quot;;
<a id="__codelineno-0-4" name="__codelineno-0-4" href="#__codelineno-0-4"></a>};
</code></pre></div>
<ul>
<li>If you are your own DNS administrator create a TSIG key. Use<br />
<code>tsig-keygen -a hmac-sha256 externaldns</code> or on older distributions<br />
<code>dnssec-keygen -a HMAC-SHA256 -b 256 -n HOST externaldns</code>. You will end up with<br />
a key printed to standard out like above (or in the case of dnssec-keygen in a<br />
file called <code>Kexternaldns......key</code>).</li>
</ul>
<h3 id="bind-configuration">BIND Configuration<a class="headerlink" href="#bind-configuration" title="Permanent link">&para;</a></h3>
<p>If you do not administer your own DNS, skip to RFC provider configuration</p>
<ul>
<li>Edit your named.conf file (or appropriate included file) and add/change the<br />
following.</li>
<li>Make sure You are listening on the right interfaces. At least whatever<br />
interface external-dns will be communicating over and the interface that<br />
faces the internet.</li>
<li>Add the key that you generated/was given to you above. Copy paste the four<br />
lines that you got (not the same as the example key) into your file.</li>
<li>Create a zone for kubernetes. If you already have a zone, skip to the next<br />
step. (I put the zone in it&rsquo;s own subdirectory because named,<br />
which shouldn&rsquo;t be running as root, needs to create a journal file and the<br />
default zone directory isn&rsquo;t writeable by named).</li>
</ul>
<div class="highlight"><pre><span></span><code><a id="__codelineno-1-1" name="__codelineno-1-1" href="#__codelineno-1-1"></a>zone &quot;k8s.example.org&quot; {
<a id="__codelineno-1-2" name="__codelineno-1-2" href="#__codelineno-1-2"></a> type master;
<a id="__codelineno-1-3" name="__codelineno-1-3" href="#__codelineno-1-3"></a> file &quot;/etc/bind/pri/k8s/k8s.zone&quot;;
<a id="__codelineno-1-4" name="__codelineno-1-4" href="#__codelineno-1-4"></a>};
</code></pre></div>
<ul>
<li>Add your key to both transfer and update. For instance with our previous<br />
zone.</li>
</ul>
<div class="highlight"><pre><span></span><code><a id="__codelineno-2-1" name="__codelineno-2-1" href="#__codelineno-2-1"></a>zone &quot;k8s.example.org&quot; {
<a id="__codelineno-2-2" name="__codelineno-2-2" href="#__codelineno-2-2"></a> type master;
<a id="__codelineno-2-3" name="__codelineno-2-3" href="#__codelineno-2-3"></a> file &quot;/etc/bind/pri/k8s/k8s.zone&quot;;
<a id="__codelineno-2-4" name="__codelineno-2-4" href="#__codelineno-2-4"></a> allow-transfer {
<a id="__codelineno-2-5" name="__codelineno-2-5" href="#__codelineno-2-5"></a> key &quot;externaldns-key&quot;;
<a id="__codelineno-2-6" name="__codelineno-2-6" href="#__codelineno-2-6"></a> };
<a id="__codelineno-2-7" name="__codelineno-2-7" href="#__codelineno-2-7"></a> update-policy {
<a id="__codelineno-2-8" name="__codelineno-2-8" href="#__codelineno-2-8"></a> grant externaldns-key zonesub ANY;
<a id="__codelineno-2-9" name="__codelineno-2-9" href="#__codelineno-2-9"></a> };
<a id="__codelineno-2-10" name="__codelineno-2-10" href="#__codelineno-2-10"></a>};
</code></pre></div>
<ul>
<li>Create a zone file (k8s.zone):</li>
</ul>
<div class="highlight"><pre><span></span><code><a id="__codelineno-3-1" name="__codelineno-3-1" href="#__codelineno-3-1"></a>$TTL 60 ; 1 minute
<a id="__codelineno-3-2" name="__codelineno-3-2" href="#__codelineno-3-2"></a>k8s.example.org IN SOA k8s.example.org. root.k8s.example.org. (
<a id="__codelineno-3-3" name="__codelineno-3-3" href="#__codelineno-3-3"></a> 16 ; serial
<a id="__codelineno-3-4" name="__codelineno-3-4" href="#__codelineno-3-4"></a> 60 ; refresh (1 minute)
<a id="__codelineno-3-5" name="__codelineno-3-5" href="#__codelineno-3-5"></a> 60 ; retry (1 minute)
<a id="__codelineno-3-6" name="__codelineno-3-6" href="#__codelineno-3-6"></a> 60 ; expire (1 minute)
<a id="__codelineno-3-7" name="__codelineno-3-7" href="#__codelineno-3-7"></a> 60 ; minimum (1 minute)
<a id="__codelineno-3-8" name="__codelineno-3-8" href="#__codelineno-3-8"></a> )
<a id="__codelineno-3-9" name="__codelineno-3-9" href="#__codelineno-3-9"></a> NS ns.k8s.example.org.
<a id="__codelineno-3-10" name="__codelineno-3-10" href="#__codelineno-3-10"></a>ns A 123.456.789.012
</code></pre></div>
<ul>
<li>Reload (or restart) named</li>
</ul>
<h3 id="using-external-dns">Using external-dns<a class="headerlink" href="#using-external-dns" title="Permanent link">&para;</a></h3>
<p>To use external-dns add an ingress or a LoadBalancer service with a host that<br />
is part of the domain-filter. For example both of the following would produce<br />
A records.</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-4-1" name="__codelineno-4-1" href="#__codelineno-4-1"></a>apiVersion: v1
<a id="__codelineno-4-2" name="__codelineno-4-2" href="#__codelineno-4-2"></a>kind: Service
<a id="__codelineno-4-3" name="__codelineno-4-3" href="#__codelineno-4-3"></a>metadata:
<a id="__codelineno-4-4" name="__codelineno-4-4" href="#__codelineno-4-4"></a> name: nginx
<a id="__codelineno-4-5" name="__codelineno-4-5" href="#__codelineno-4-5"></a> annotations:
<a id="__codelineno-4-6" name="__codelineno-4-6" href="#__codelineno-4-6"></a> external-dns.alpha.kubernetes.io/hostname: svc.example.org
<a id="__codelineno-4-7" name="__codelineno-4-7" href="#__codelineno-4-7"></a>spec:
<a id="__codelineno-4-8" name="__codelineno-4-8" href="#__codelineno-4-8"></a> type: LoadBalancer
<a id="__codelineno-4-9" name="__codelineno-4-9" href="#__codelineno-4-9"></a> ports:
<a id="__codelineno-4-10" name="__codelineno-4-10" href="#__codelineno-4-10"></a> - port: 80
<a id="__codelineno-4-11" name="__codelineno-4-11" href="#__codelineno-4-11"></a> targetPort: 80
<a id="__codelineno-4-12" name="__codelineno-4-12" href="#__codelineno-4-12"></a> selector:
<a id="__codelineno-4-13" name="__codelineno-4-13" href="#__codelineno-4-13"></a> app: nginx
<a id="__codelineno-4-14" name="__codelineno-4-14" href="#__codelineno-4-14"></a>---
<a id="__codelineno-4-15" name="__codelineno-4-15" href="#__codelineno-4-15"></a>apiVersion: networking.k8s.io/v1
<a id="__codelineno-4-16" name="__codelineno-4-16" href="#__codelineno-4-16"></a>kind: Ingress
<a id="__codelineno-4-17" name="__codelineno-4-17" href="#__codelineno-4-17"></a>metadata:
<a id="__codelineno-4-18" name="__codelineno-4-18" href="#__codelineno-4-18"></a> name: my-ingress
<a id="__codelineno-4-19" name="__codelineno-4-19" href="#__codelineno-4-19"></a>spec:
<a id="__codelineno-4-20" name="__codelineno-4-20" href="#__codelineno-4-20"></a> rules:
<a id="__codelineno-4-21" name="__codelineno-4-21" href="#__codelineno-4-21"></a> - host: ingress.example.org
<a id="__codelineno-4-22" name="__codelineno-4-22" href="#__codelineno-4-22"></a> http:
<a id="__codelineno-4-23" name="__codelineno-4-23" href="#__codelineno-4-23"></a> paths:
<a id="__codelineno-4-24" name="__codelineno-4-24" href="#__codelineno-4-24"></a> - path: /
<a id="__codelineno-4-25" name="__codelineno-4-25" href="#__codelineno-4-25"></a> backend:
<a id="__codelineno-4-26" name="__codelineno-4-26" href="#__codelineno-4-26"></a> serviceName: my-service
<a id="__codelineno-4-27" name="__codelineno-4-27" href="#__codelineno-4-27"></a> servicePort: 8000
</code></pre></div>
<h3 id="custom-ttl">Custom TTL<a class="headerlink" href="#custom-ttl" title="Permanent link">&para;</a></h3>
<p>The default DNS record TTL (Time-To-Live) is 0 seconds. You can customize this value by setting the annotation <code>external-dns.alpha.kubernetes.io/ttl</code>. e.g., modify the service manifest YAML file above:</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-5-1" name="__codelineno-5-1" href="#__codelineno-5-1"></a><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span>
<a id="__codelineno-5-2" name="__codelineno-5-2" href="#__codelineno-5-2"></a><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Service</span>
<a id="__codelineno-5-3" name="__codelineno-5-3" href="#__codelineno-5-3"></a><span class="nt">metadata</span><span class="p">:</span>
<a id="__codelineno-5-4" name="__codelineno-5-4" href="#__codelineno-5-4"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">nginx</span>
<a id="__codelineno-5-5" name="__codelineno-5-5" href="#__codelineno-5-5"></a><span class="w"> </span><span class="nt">annotations</span><span class="p">:</span>
<a id="__codelineno-5-6" name="__codelineno-5-6" href="#__codelineno-5-6"></a><span class="w"> </span><span class="nt">external-dns.alpha.kubernetes.io/hostname</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">nginx.external-dns-test.my-org.com</span>
<a id="__codelineno-5-7" name="__codelineno-5-7" href="#__codelineno-5-7"></a><span class="w"> </span><span class="nt">external-dns.alpha.kubernetes.io/ttl</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">60</span>
<a id="__codelineno-5-8" name="__codelineno-5-8" href="#__codelineno-5-8"></a><span class="nt">spec</span><span class="p">:</span>
<a id="__codelineno-5-9" name="__codelineno-5-9" href="#__codelineno-5-9"></a><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">...</span>
</code></pre></div>
<p>This will set the DNS record&rsquo;s TTL to 60 seconds.</p>
<p>A default TTL for all records can be set using the the flag with a time in seconds, minutes or hours, such as <code>--rfc2136-min-ttl=60s</code></p>
<p>There are other annotation that can affect the generation of DNS records, but these are beyond the scope of this<br />
tutorial and are covered in the main documentation.</p>
<h3 id="generate-reverse-dns-records">Generate reverse DNS records<a class="headerlink" href="#generate-reverse-dns-records" title="Permanent link">&para;</a></h3>
<p>If you want to generate reverse DNS records for your services, you have to enable the functionality using the <code>--rfc2136-create-ptr</code><br />
flag. You have also to add the zone to the list of zones managed by ExternalDNS via the <code>--rfc2136-zone</code> and <code>--domain-filter</code> flags.<br />
An example of a valid configuration is the following:</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-6-1" name="__codelineno-6-1" href="#__codelineno-6-1"></a>--domain-filter<span class="o">=</span><span class="m">157</span>.168.192.in-addr.arpa<span class="w"> </span>--rfc2136-zone<span class="o">=</span><span class="m">157</span>.168.192.in-addr.arpa
</code></pre></div>
<p>PTR record tracking is managed by the A/AAAA record so you can&rsquo;t create PTR records for already generated A/AAAA records.</p>
<h3 id="test-with-external-dns-installed-on-local-machine-optional">Test with external-dns installed on local machine (optional)<a class="headerlink" href="#test-with-external-dns-installed-on-local-machine-optional" title="Permanent link">&para;</a></h3>
<p>You may install external-dns and test on a local machine by running:</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-7-1" name="__codelineno-7-1" href="#__codelineno-7-1"></a>external-dns<span class="w"> </span>--txt-owner-id<span class="w"> </span>k8s<span class="w"> </span>--provider<span class="w"> </span>rfc2136<span class="w"> </span><span class="se">\</span>
<a id="__codelineno-7-2" name="__codelineno-7-2" href="#__codelineno-7-2"></a><span class="w"> </span>--rfc2136-host<span class="o">=</span><span class="m">192</span>.168.0.1<span class="w"> </span>--rfc2136-port<span class="o">=</span><span class="m">53</span><span class="w"> </span><span class="se">\</span>
<a id="__codelineno-7-3" name="__codelineno-7-3" href="#__codelineno-7-3"></a><span class="w"> </span>--rfc2136-zone<span class="o">=</span>k8s.example.org<span class="w"> </span><span class="se">\</span>
<a id="__codelineno-7-4" name="__codelineno-7-4" href="#__codelineno-7-4"></a><span class="w"> </span>--rfc2136-tsig-secret<span class="o">=</span>96Ah/a2g0/nLeFGK+d/0tzQcccf9hCEIy34PoXX2Qg8<span class="o">=</span><span class="w"> </span><span class="se">\</span>
<a id="__codelineno-7-5" name="__codelineno-7-5" href="#__codelineno-7-5"></a><span class="w"> </span>--rfc2136-tsig-secret-alg<span class="o">=</span>hmac-sha256<span class="w"> </span><span class="se">\</span>
<a id="__codelineno-7-6" name="__codelineno-7-6" href="#__codelineno-7-6"></a><span class="w"> </span>--rfc2136-tsig-keyname<span class="o">=</span>externaldns-key<span class="w"> </span><span class="se">\</span>
<a id="__codelineno-7-7" name="__codelineno-7-7" href="#__codelineno-7-7"></a><span class="w"> </span>--rfc2136-tsig-axfr<span class="w"> </span><span class="se">\</span>
<a id="__codelineno-7-8" name="__codelineno-7-8" href="#__codelineno-7-8"></a><span class="w"> </span>--source<span class="w"> </span>ingress<span class="w"> </span>--once<span class="w"> </span><span class="se">\</span>
<a id="__codelineno-7-9" name="__codelineno-7-9" href="#__codelineno-7-9"></a><span class="w"> </span>--domain-filter<span class="o">=</span>k8s.example.org<span class="w"> </span>--dry-run
</code></pre></div>
<ul>
<li>host should be the IP of your master DNS server.</li>
<li>tsig-secret should be changed to match your secret.</li>
<li>tsig-keyname needs to match the keyname you used (if you changed it).</li>
<li>domain-filter can be used as shown to filter the domains you wish to update.</li>
</ul>
<h3 id="rfc2136-provider-configuration">RFC2136 provider configuration<a class="headerlink" href="#rfc2136-provider-configuration" title="Permanent link">&para;</a></h3>
<p>In order to use external-dns with your cluster you need to add a deployment<br />
with access to your ingress and service resources. The following are two<br />
example manifests with and without RBAC respectively.</p>
<ul>
<li>With RBAC:</li>
</ul>
<div class="highlight"><pre><span></span><code><a id="__codelineno-8-1" name="__codelineno-8-1" href="#__codelineno-8-1"></a>apiVersion: v1
<a id="__codelineno-8-2" name="__codelineno-8-2" href="#__codelineno-8-2"></a>kind: Namespace
<a id="__codelineno-8-3" name="__codelineno-8-3" href="#__codelineno-8-3"></a>metadata:
<a id="__codelineno-8-4" name="__codelineno-8-4" href="#__codelineno-8-4"></a> name: external-dns
<a id="__codelineno-8-5" name="__codelineno-8-5" href="#__codelineno-8-5"></a> labels:
<a id="__codelineno-8-6" name="__codelineno-8-6" href="#__codelineno-8-6"></a> name: external-dns
<a id="__codelineno-8-7" name="__codelineno-8-7" href="#__codelineno-8-7"></a>---
<a id="__codelineno-8-8" name="__codelineno-8-8" href="#__codelineno-8-8"></a>apiVersion: rbac.authorization.k8s.io/v1
<a id="__codelineno-8-9" name="__codelineno-8-9" href="#__codelineno-8-9"></a>kind: ClusterRole
<a id="__codelineno-8-10" name="__codelineno-8-10" href="#__codelineno-8-10"></a>metadata:
<a id="__codelineno-8-11" name="__codelineno-8-11" href="#__codelineno-8-11"></a> name: external-dns
<a id="__codelineno-8-12" name="__codelineno-8-12" href="#__codelineno-8-12"></a> namespace: external-dns
<a id="__codelineno-8-13" name="__codelineno-8-13" href="#__codelineno-8-13"></a>rules:
<a id="__codelineno-8-14" name="__codelineno-8-14" href="#__codelineno-8-14"></a>- apiGroups:
<a id="__codelineno-8-15" name="__codelineno-8-15" href="#__codelineno-8-15"></a> - &quot;&quot;
<a id="__codelineno-8-16" name="__codelineno-8-16" href="#__codelineno-8-16"></a> resources:
<a id="__codelineno-8-17" name="__codelineno-8-17" href="#__codelineno-8-17"></a> - services
<a id="__codelineno-8-18" name="__codelineno-8-18" href="#__codelineno-8-18"></a> - endpoints
<a id="__codelineno-8-19" name="__codelineno-8-19" href="#__codelineno-8-19"></a> - pods
<a id="__codelineno-8-20" name="__codelineno-8-20" href="#__codelineno-8-20"></a> - nodes
<a id="__codelineno-8-21" name="__codelineno-8-21" href="#__codelineno-8-21"></a> verbs:
<a id="__codelineno-8-22" name="__codelineno-8-22" href="#__codelineno-8-22"></a> - get
<a id="__codelineno-8-23" name="__codelineno-8-23" href="#__codelineno-8-23"></a> - watch
<a id="__codelineno-8-24" name="__codelineno-8-24" href="#__codelineno-8-24"></a> - list
<a id="__codelineno-8-25" name="__codelineno-8-25" href="#__codelineno-8-25"></a>- apiGroups:
<a id="__codelineno-8-26" name="__codelineno-8-26" href="#__codelineno-8-26"></a> - extensions
<a id="__codelineno-8-27" name="__codelineno-8-27" href="#__codelineno-8-27"></a> - networking.k8s.io
<a id="__codelineno-8-28" name="__codelineno-8-28" href="#__codelineno-8-28"></a> resources:
<a id="__codelineno-8-29" name="__codelineno-8-29" href="#__codelineno-8-29"></a> - ingresses
<a id="__codelineno-8-30" name="__codelineno-8-30" href="#__codelineno-8-30"></a> verbs:
<a id="__codelineno-8-31" name="__codelineno-8-31" href="#__codelineno-8-31"></a> - get
<a id="__codelineno-8-32" name="__codelineno-8-32" href="#__codelineno-8-32"></a> - list
<a id="__codelineno-8-33" name="__codelineno-8-33" href="#__codelineno-8-33"></a> - watch
<a id="__codelineno-8-34" name="__codelineno-8-34" href="#__codelineno-8-34"></a>---
<a id="__codelineno-8-35" name="__codelineno-8-35" href="#__codelineno-8-35"></a>apiVersion: v1
<a id="__codelineno-8-36" name="__codelineno-8-36" href="#__codelineno-8-36"></a>kind: ServiceAccount
<a id="__codelineno-8-37" name="__codelineno-8-37" href="#__codelineno-8-37"></a>metadata:
<a id="__codelineno-8-38" name="__codelineno-8-38" href="#__codelineno-8-38"></a> name: external-dns
<a id="__codelineno-8-39" name="__codelineno-8-39" href="#__codelineno-8-39"></a> namespace: external-dns
<a id="__codelineno-8-40" name="__codelineno-8-40" href="#__codelineno-8-40"></a>---
<a id="__codelineno-8-41" name="__codelineno-8-41" href="#__codelineno-8-41"></a>apiVersion: rbac.authorization.k8s.io/v1
<a id="__codelineno-8-42" name="__codelineno-8-42" href="#__codelineno-8-42"></a>kind: ClusterRoleBinding
<a id="__codelineno-8-43" name="__codelineno-8-43" href="#__codelineno-8-43"></a>metadata:
<a id="__codelineno-8-44" name="__codelineno-8-44" href="#__codelineno-8-44"></a> name: external-dns-viewer
<a id="__codelineno-8-45" name="__codelineno-8-45" href="#__codelineno-8-45"></a> namespace: external-dns
<a id="__codelineno-8-46" name="__codelineno-8-46" href="#__codelineno-8-46"></a>roleRef:
<a id="__codelineno-8-47" name="__codelineno-8-47" href="#__codelineno-8-47"></a> apiGroup: rbac.authorization.k8s.io
<a id="__codelineno-8-48" name="__codelineno-8-48" href="#__codelineno-8-48"></a> kind: ClusterRole
<a id="__codelineno-8-49" name="__codelineno-8-49" href="#__codelineno-8-49"></a> name: external-dns
<a id="__codelineno-8-50" name="__codelineno-8-50" href="#__codelineno-8-50"></a>subjects:
<a id="__codelineno-8-51" name="__codelineno-8-51" href="#__codelineno-8-51"></a>- kind: ServiceAccount
<a id="__codelineno-8-52" name="__codelineno-8-52" href="#__codelineno-8-52"></a> name: external-dns
<a id="__codelineno-8-53" name="__codelineno-8-53" href="#__codelineno-8-53"></a> namespace: external-dns
<a id="__codelineno-8-54" name="__codelineno-8-54" href="#__codelineno-8-54"></a>---
<a id="__codelineno-8-55" name="__codelineno-8-55" href="#__codelineno-8-55"></a>apiVersion: apps/v1
<a id="__codelineno-8-56" name="__codelineno-8-56" href="#__codelineno-8-56"></a>kind: Deployment
<a id="__codelineno-8-57" name="__codelineno-8-57" href="#__codelineno-8-57"></a>metadata:
<a id="__codelineno-8-58" name="__codelineno-8-58" href="#__codelineno-8-58"></a> name: external-dns
<a id="__codelineno-8-59" name="__codelineno-8-59" href="#__codelineno-8-59"></a> namespace: external-dns
<a id="__codelineno-8-60" name="__codelineno-8-60" href="#__codelineno-8-60"></a>spec:
<a id="__codelineno-8-61" name="__codelineno-8-61" href="#__codelineno-8-61"></a> selector:
<a id="__codelineno-8-62" name="__codelineno-8-62" href="#__codelineno-8-62"></a> matchLabels:
<a id="__codelineno-8-63" name="__codelineno-8-63" href="#__codelineno-8-63"></a> app: external-dns
<a id="__codelineno-8-64" name="__codelineno-8-64" href="#__codelineno-8-64"></a> template:
<a id="__codelineno-8-65" name="__codelineno-8-65" href="#__codelineno-8-65"></a> metadata:
<a id="__codelineno-8-66" name="__codelineno-8-66" href="#__codelineno-8-66"></a> labels:
<a id="__codelineno-8-67" name="__codelineno-8-67" href="#__codelineno-8-67"></a> app: external-dns
<a id="__codelineno-8-68" name="__codelineno-8-68" href="#__codelineno-8-68"></a> spec:
<a id="__codelineno-8-69" name="__codelineno-8-69" href="#__codelineno-8-69"></a> serviceAccountName: external-dns
<a id="__codelineno-8-70" name="__codelineno-8-70" href="#__codelineno-8-70"></a> containers:
<a id="__codelineno-8-71" name="__codelineno-8-71" href="#__codelineno-8-71"></a> - name: external-dns
<a id="__codelineno-8-72" name="__codelineno-8-72" href="#__codelineno-8-72"></a> image: registry.k8s.io/external-dns/external-dns:v0.17.0
<a id="__codelineno-8-73" name="__codelineno-8-73" href="#__codelineno-8-73"></a> args:
<a id="__codelineno-8-74" name="__codelineno-8-74" href="#__codelineno-8-74"></a> - --registry=txt
<a id="__codelineno-8-75" name="__codelineno-8-75" href="#__codelineno-8-75"></a> - --txt-prefix=external-dns-
<a id="__codelineno-8-76" name="__codelineno-8-76" href="#__codelineno-8-76"></a> - --txt-owner-id=k8s
<a id="__codelineno-8-77" name="__codelineno-8-77" href="#__codelineno-8-77"></a> - --provider=rfc2136
<a id="__codelineno-8-78" name="__codelineno-8-78" href="#__codelineno-8-78"></a> - --rfc2136-host=192.168.0.1
<a id="__codelineno-8-79" name="__codelineno-8-79" href="#__codelineno-8-79"></a> - --rfc2136-port=53
<a id="__codelineno-8-80" name="__codelineno-8-80" href="#__codelineno-8-80"></a> - --rfc2136-zone=k8s.example.org
<a id="__codelineno-8-81" name="__codelineno-8-81" href="#__codelineno-8-81"></a> - --rfc2136-zone=k8s.your-zone.org
<a id="__codelineno-8-82" name="__codelineno-8-82" href="#__codelineno-8-82"></a> - --rfc2136-tsig-secret=96Ah/a2g0/nLeFGK+d/0tzQcccf9hCEIy34PoXX2Qg8=
<a id="__codelineno-8-83" name="__codelineno-8-83" href="#__codelineno-8-83"></a> - --rfc2136-tsig-secret-alg=hmac-sha256
<a id="__codelineno-8-84" name="__codelineno-8-84" href="#__codelineno-8-84"></a> - --rfc2136-tsig-keyname=externaldns-key
<a id="__codelineno-8-85" name="__codelineno-8-85" href="#__codelineno-8-85"></a> - --rfc2136-tsig-axfr
<a id="__codelineno-8-86" name="__codelineno-8-86" href="#__codelineno-8-86"></a> - --source=ingress
<a id="__codelineno-8-87" name="__codelineno-8-87" href="#__codelineno-8-87"></a> - --domain-filter=k8s.example.org
</code></pre></div>
<ul>
<li>Without RBAC:</li>
</ul>
<div class="highlight"><pre><span></span><code><a id="__codelineno-9-1" name="__codelineno-9-1" href="#__codelineno-9-1"></a>apiVersion: v1
<a id="__codelineno-9-2" name="__codelineno-9-2" href="#__codelineno-9-2"></a>kind: Namespace
<a id="__codelineno-9-3" name="__codelineno-9-3" href="#__codelineno-9-3"></a>metadata:
<a id="__codelineno-9-4" name="__codelineno-9-4" href="#__codelineno-9-4"></a> name: external-dns
<a id="__codelineno-9-5" name="__codelineno-9-5" href="#__codelineno-9-5"></a> labels:
<a id="__codelineno-9-6" name="__codelineno-9-6" href="#__codelineno-9-6"></a> name: external-dns
<a id="__codelineno-9-7" name="__codelineno-9-7" href="#__codelineno-9-7"></a>---
<a id="__codelineno-9-8" name="__codelineno-9-8" href="#__codelineno-9-8"></a>apiVersion: apps/v1
<a id="__codelineno-9-9" name="__codelineno-9-9" href="#__codelineno-9-9"></a>kind: Deployment
<a id="__codelineno-9-10" name="__codelineno-9-10" href="#__codelineno-9-10"></a>metadata:
<a id="__codelineno-9-11" name="__codelineno-9-11" href="#__codelineno-9-11"></a> name: external-dns
<a id="__codelineno-9-12" name="__codelineno-9-12" href="#__codelineno-9-12"></a> namespace: external-dns
<a id="__codelineno-9-13" name="__codelineno-9-13" href="#__codelineno-9-13"></a>spec:
<a id="__codelineno-9-14" name="__codelineno-9-14" href="#__codelineno-9-14"></a> selector:
<a id="__codelineno-9-15" name="__codelineno-9-15" href="#__codelineno-9-15"></a> matchLabels:
<a id="__codelineno-9-16" name="__codelineno-9-16" href="#__codelineno-9-16"></a> app: external-dns
<a id="__codelineno-9-17" name="__codelineno-9-17" href="#__codelineno-9-17"></a> template:
<a id="__codelineno-9-18" name="__codelineno-9-18" href="#__codelineno-9-18"></a> metadata:
<a id="__codelineno-9-19" name="__codelineno-9-19" href="#__codelineno-9-19"></a> labels:
<a id="__codelineno-9-20" name="__codelineno-9-20" href="#__codelineno-9-20"></a> app: external-dns
<a id="__codelineno-9-21" name="__codelineno-9-21" href="#__codelineno-9-21"></a> spec:
<a id="__codelineno-9-22" name="__codelineno-9-22" href="#__codelineno-9-22"></a> containers:
<a id="__codelineno-9-23" name="__codelineno-9-23" href="#__codelineno-9-23"></a> - name: external-dns
<a id="__codelineno-9-24" name="__codelineno-9-24" href="#__codelineno-9-24"></a> image: registry.k8s.io/external-dns/external-dns:v0.17.0
<a id="__codelineno-9-25" name="__codelineno-9-25" href="#__codelineno-9-25"></a> args:
<a id="__codelineno-9-26" name="__codelineno-9-26" href="#__codelineno-9-26"></a> - --registry=txt
<a id="__codelineno-9-27" name="__codelineno-9-27" href="#__codelineno-9-27"></a> - --txt-prefix=external-dns-
<a id="__codelineno-9-28" name="__codelineno-9-28" href="#__codelineno-9-28"></a> - --txt-owner-id=k8s
<a id="__codelineno-9-29" name="__codelineno-9-29" href="#__codelineno-9-29"></a> - --provider=rfc2136
<a id="__codelineno-9-30" name="__codelineno-9-30" href="#__codelineno-9-30"></a> - --rfc2136-host=192.168.0.1
<a id="__codelineno-9-31" name="__codelineno-9-31" href="#__codelineno-9-31"></a> - --rfc2136-port=53
<a id="__codelineno-9-32" name="__codelineno-9-32" href="#__codelineno-9-32"></a> - --rfc2136-zone=k8s.example.org
<a id="__codelineno-9-33" name="__codelineno-9-33" href="#__codelineno-9-33"></a> - --rfc2136-zone=k8s.your-zone.org
<a id="__codelineno-9-34" name="__codelineno-9-34" href="#__codelineno-9-34"></a> - --rfc2136-tsig-secret=96Ah/a2g0/nLeFGK+d/0tzQcccf9hCEIy34PoXX2Qg8=
<a id="__codelineno-9-35" name="__codelineno-9-35" href="#__codelineno-9-35"></a> - --rfc2136-tsig-secret-alg=hmac-sha256
<a id="__codelineno-9-36" name="__codelineno-9-36" href="#__codelineno-9-36"></a> - --rfc2136-tsig-keyname=externaldns-key
<a id="__codelineno-9-37" name="__codelineno-9-37" href="#__codelineno-9-37"></a> - --rfc2136-tsig-axfr
<a id="__codelineno-9-38" name="__codelineno-9-38" href="#__codelineno-9-38"></a> - --source=ingress
<a id="__codelineno-9-39" name="__codelineno-9-39" href="#__codelineno-9-39"></a> - --domain-filter=k8s.example.org
</code></pre></div>
<h2 id="microsoft-dns">Microsoft DNS<a class="headerlink" href="#microsoft-dns" title="Permanent link">&para;</a></h2>
<p>While <code>external-dns</code> was not developed or tested against Microsoft DNS, it can be configured to work against it. YMMV.</p>
<h3 id="secure-updates-using-rfc3645-gss-tsig">Secure Updates Using RFC3645 (GSS-TSIG)<a class="headerlink" href="#secure-updates-using-rfc3645-gss-tsig" title="Permanent link">&para;</a></h3>
<h4 id="dns-side-configuration">DNS-side configuration<a class="headerlink" href="#dns-side-configuration" title="Permanent link">&para;</a></h4>
<ol>
<li>Create a DNS zone</li>
<li>Enable <strong>secure</strong> dynamic updates for the zone</li>
<li>Enable Zone Transfers to all servers and/or other domains</li>
<li>Create a user with permissions to create/update/delete records in that zone</li>
</ol>
<p>If you see any error messages which indicate that <code>external-dns</code> was somehow not able to fetch<br />
existing DNS records from your DNS server, this could mean that you forgot about step 3.</p>
<h5 id="kerberos-configuration">Kerberos Configuration<a class="headerlink" href="#kerberos-configuration" title="Permanent link">&para;</a></h5>
<p>DNS with secure updates relies upon a valid Kerberos configuration running within the <code>external-dns</code> container.<br />
At this time, you will need to create a ConfigMap for the <code>external-dns</code> container to use and mount it in your deployment.<br />
Below is an example of a working Kerberos configuration inside a ConfigMap definition. This may be different depending on many factors in your environment:</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-10-1" name="__codelineno-10-1" href="#__codelineno-10-1"></a><span class="nt">apiVersion</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">v1</span>
<a id="__codelineno-10-2" name="__codelineno-10-2" href="#__codelineno-10-2"></a><span class="nt">kind</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ConfigMap</span>
<a id="__codelineno-10-3" name="__codelineno-10-3" href="#__codelineno-10-3"></a><span class="nt">metadata</span><span class="p">:</span>
<a id="__codelineno-10-4" name="__codelineno-10-4" href="#__codelineno-10-4"></a><span class="w"> </span><span class="nt">creationTimestamp</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">null</span>
<a id="__codelineno-10-5" name="__codelineno-10-5" href="#__codelineno-10-5"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">krb5.conf</span>
<a id="__codelineno-10-6" name="__codelineno-10-6" href="#__codelineno-10-6"></a><span class="nt">data</span><span class="p">:</span>
<a id="__codelineno-10-7" name="__codelineno-10-7" href="#__codelineno-10-7"></a><span class="w"> </span><span class="nt">krb5.conf</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">|</span>
<a id="__codelineno-10-8" name="__codelineno-10-8" href="#__codelineno-10-8"></a><span class="w"> </span><span class="no">[logging]</span>
<a id="__codelineno-10-9" name="__codelineno-10-9" href="#__codelineno-10-9"></a><span class="w"> </span><span class="no">default = FILE:/var/log/krb5libs.log</span>
<a id="__codelineno-10-10" name="__codelineno-10-10" href="#__codelineno-10-10"></a><span class="w"> </span><span class="no">kdc = FILE:/var/log/krb5kdc.log</span>
<a id="__codelineno-10-11" name="__codelineno-10-11" href="#__codelineno-10-11"></a><span class="w"> </span><span class="no">admin_server = FILE:/var/log/kadmind.log</span>
<a id="__codelineno-10-12" name="__codelineno-10-12" href="#__codelineno-10-12"></a>
<a id="__codelineno-10-13" name="__codelineno-10-13" href="#__codelineno-10-13"></a><span class="w"> </span><span class="no">[libdefaults]</span>
<a id="__codelineno-10-14" name="__codelineno-10-14" href="#__codelineno-10-14"></a><span class="w"> </span><span class="no">dns_lookup_realm = false</span>
<a id="__codelineno-10-15" name="__codelineno-10-15" href="#__codelineno-10-15"></a><span class="w"> </span><span class="no">ticket_lifetime = 24h</span>
<a id="__codelineno-10-16" name="__codelineno-10-16" href="#__codelineno-10-16"></a><span class="w"> </span><span class="no">renew_lifetime = 7d</span>
<a id="__codelineno-10-17" name="__codelineno-10-17" href="#__codelineno-10-17"></a><span class="w"> </span><span class="no">forwardable = true</span>
<a id="__codelineno-10-18" name="__codelineno-10-18" href="#__codelineno-10-18"></a><span class="w"> </span><span class="no">rdns = false</span>
<a id="__codelineno-10-19" name="__codelineno-10-19" href="#__codelineno-10-19"></a><span class="w"> </span><span class="no">pkinit_anchors = /etc/pki/tls/certs/ca-bundle.crt</span>
<a id="__codelineno-10-20" name="__codelineno-10-20" href="#__codelineno-10-20"></a><span class="w"> </span><span class="no">default_ccache_name = KEYRING:persistent:%{uid}</span>
<a id="__codelineno-10-21" name="__codelineno-10-21" href="#__codelineno-10-21"></a>
<a id="__codelineno-10-22" name="__codelineno-10-22" href="#__codelineno-10-22"></a><span class="w"> </span><span class="no">default_realm = YOUR-REALM.COM</span>
<a id="__codelineno-10-23" name="__codelineno-10-23" href="#__codelineno-10-23"></a>
<a id="__codelineno-10-24" name="__codelineno-10-24" href="#__codelineno-10-24"></a><span class="w"> </span><span class="no">[realms]</span>
<a id="__codelineno-10-25" name="__codelineno-10-25" href="#__codelineno-10-25"></a><span class="w"> </span><span class="no">YOUR-REALM.COM = {</span>
<a id="__codelineno-10-26" name="__codelineno-10-26" href="#__codelineno-10-26"></a><span class="w"> </span><span class="no">kdc = dc1.yourdomain.com</span>
<a id="__codelineno-10-27" name="__codelineno-10-27" href="#__codelineno-10-27"></a><span class="w"> </span><span class="no">admin_server = dc1.yourdomain.com</span>
<a id="__codelineno-10-28" name="__codelineno-10-28" href="#__codelineno-10-28"></a><span class="w"> </span><span class="no">}</span>
<a id="__codelineno-10-29" name="__codelineno-10-29" href="#__codelineno-10-29"></a>
<a id="__codelineno-10-30" name="__codelineno-10-30" href="#__codelineno-10-30"></a><span class="w"> </span><span class="no">[domain_realm]</span>
<a id="__codelineno-10-31" name="__codelineno-10-31" href="#__codelineno-10-31"></a><span class="w"> </span><span class="no">yourdomain.com = YOUR-REALM.COM</span>
<a id="__codelineno-10-32" name="__codelineno-10-32" href="#__codelineno-10-32"></a><span class="w"> </span><span class="no">.yourdomain.com = YOUR-REALM.COM</span>
</code></pre></div>
<p>In most cases, the realm name will probably be the same as the domain name, so you can simply replace <code>YOUR-REALM.COM</code> with something like <code>YOURDOMAIN.COM</code>.</p>
<p>Once the ConfigMap is created, the container <code>external-dns</code> container needs to be told to mount that ConfigMap as a volume at the default Kerberos configuration location. The pod spec should include a similar configuration to the following:</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-11-1" name="__codelineno-11-1" href="#__codelineno-11-1"></a><span class="nn">...</span>
<a id="__codelineno-11-2" name="__codelineno-11-2" href="#__codelineno-11-2"></a><span class="w"> </span><span class="nt">volumeMounts</span><span class="p">:</span>
<a id="__codelineno-11-3" name="__codelineno-11-3" href="#__codelineno-11-3"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">mountPath</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/etc/krb5.conf</span>
<a id="__codelineno-11-4" name="__codelineno-11-4" href="#__codelineno-11-4"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kerberos-config-volume</span>
<a id="__codelineno-11-5" name="__codelineno-11-5" href="#__codelineno-11-5"></a><span class="w"> </span><span class="nt">subPath</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">krb5.conf</span>
<a id="__codelineno-11-6" name="__codelineno-11-6" href="#__codelineno-11-6"></a><span class="nn">...</span>
<a id="__codelineno-11-7" name="__codelineno-11-7" href="#__codelineno-11-7"></a><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span>
<a id="__codelineno-11-8" name="__codelineno-11-8" href="#__codelineno-11-8"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">configMap</span><span class="p">:</span>
<a id="__codelineno-11-9" name="__codelineno-11-9" href="#__codelineno-11-9"></a><span class="w"> </span><span class="nt">defaultMode</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">420</span>
<a id="__codelineno-11-10" name="__codelineno-11-10" href="#__codelineno-11-10"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">krb5.conf</span>
<a id="__codelineno-11-11" name="__codelineno-11-11" href="#__codelineno-11-11"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">kerberos-config-volume</span>
<a id="__codelineno-11-12" name="__codelineno-11-12" href="#__codelineno-11-12"></a><span class="nn">...</span>
</code></pre></div>
<h5 id="external-dns-configuration"><code>external-dns</code> configuration<a class="headerlink" href="#external-dns-configuration" title="Permanent link">&para;</a></h5>
<p>You&rsquo;ll want to configure <code>external-dns</code> similarly to the following:</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-12-1" name="__codelineno-12-1" href="#__codelineno-12-1"></a>...
<a id="__codelineno-12-2" name="__codelineno-12-2" href="#__codelineno-12-2"></a> - --provider=rfc2136
<a id="__codelineno-12-3" name="__codelineno-12-3" href="#__codelineno-12-3"></a> - --rfc2136-gss-tsig
<a id="__codelineno-12-4" name="__codelineno-12-4" href="#__codelineno-12-4"></a> - --rfc2136-host=dns-host.yourdomain.com
<a id="__codelineno-12-5" name="__codelineno-12-5" href="#__codelineno-12-5"></a> - --rfc2136-port=53
<a id="__codelineno-12-6" name="__codelineno-12-6" href="#__codelineno-12-6"></a> - --rfc2136-zone=your-zone.com
<a id="__codelineno-12-7" name="__codelineno-12-7" href="#__codelineno-12-7"></a> - --rfc2136-zone=your-secondary-zone.com
<a id="__codelineno-12-8" name="__codelineno-12-8" href="#__codelineno-12-8"></a> - --rfc2136-kerberos-username=your-domain-account
<a id="__codelineno-12-9" name="__codelineno-12-9" href="#__codelineno-12-9"></a> - --rfc2136-kerberos-password=your-domain-password
<a id="__codelineno-12-10" name="__codelineno-12-10" href="#__codelineno-12-10"></a> - --rfc2136-kerberos-realm=your-domain.com
<a id="__codelineno-12-11" name="__codelineno-12-11" href="#__codelineno-12-11"></a> - --rfc2136-tsig-axfr # needed to enable zone transfers, which is required for deletion of records.
<a id="__codelineno-12-12" name="__codelineno-12-12" href="#__codelineno-12-12"></a>...
</code></pre></div>
<p>As noted above, the <code>--rfc2136-kerberos-realm</code> flag is completely optional and won&rsquo;t be necessary in many cases.<br />
Most likely, you will only need it if you see errors similar to this: <code>KRB Error: (68) KDC_ERR_WRONG_REALM Reserved for future use</code>.</p>
<p>The flag <code>--rfc2136-host</code> can be set to the host&rsquo;s domain name or IP address.<br />
However, it also determines the name of the Kerberos principal which is used during authentication.<br />
This means that Active Directory might only work if this is set to a specific domain name, possibly leading to errors like this:<br />
<code>KDC_ERR_S_PRINCIPAL_UNKNOWN Server not found in Kerberos database</code>.<br />
To fix this, try setting <code>--rfc2136-host</code> to the &ldquo;actual&rdquo; hostname of your DNS server.</p>
<h3 id="insecure-updates">Insecure Updates<a class="headerlink" href="#insecure-updates" title="Permanent link">&para;</a></h3>
<h4 id="dns-side-configuration_1">DNS-side configuration<a class="headerlink" href="#dns-side-configuration_1" title="Permanent link">&para;</a></h4>
<ol>
<li>Create a DNS zone</li>
<li>Enable insecure dynamic updates for the zone</li>
<li>Enable Zone Transfers to all servers and/or other domains</li>
</ol>
<h4 id="external-dns-configuration_1"><code>external-dns</code> configuration<a class="headerlink" href="#external-dns-configuration_1" title="Permanent link">&para;</a></h4>
<p>You&rsquo;ll want to configure <code>external-dns</code> similarly to the following:</p>
<div class="highlight"><pre><span></span><code><a id="__codelineno-13-1" name="__codelineno-13-1" href="#__codelineno-13-1"></a>...
<a id="__codelineno-13-2" name="__codelineno-13-2" href="#__codelineno-13-2"></a> - --provider=rfc2136
<a id="__codelineno-13-3" name="__codelineno-13-3" href="#__codelineno-13-3"></a> - --rfc2136-host=192.168.0.1
<a id="__codelineno-13-4" name="__codelineno-13-4" href="#__codelineno-13-4"></a> - --rfc2136-port=53
<a id="__codelineno-13-5" name="__codelineno-13-5" href="#__codelineno-13-5"></a> - --rfc2136-zone=k8s.example.org
<a id="__codelineno-13-6" name="__codelineno-13-6" href="#__codelineno-13-6"></a> - --rfc2136-zone=k8s.your-zone.org
<a id="__codelineno-13-7" name="__codelineno-13-7" href="#__codelineno-13-7"></a> - --rfc2136-insecure
<a id="__codelineno-13-8" name="__codelineno-13-8" href="#__codelineno-13-8"></a> - --rfc2136-tsig-axfr # needed to enable zone transfers, which is required for deletion of records.
<a id="__codelineno-13-9" name="__codelineno-13-9" href="#__codelineno-13-9"></a>...
</code></pre></div>
<h2 id="dns-over-tls-rfcs-7858-and-9103">DNS Over TLS (RFCs 7858 and 9103)<a class="headerlink" href="#dns-over-tls-rfcs-7858-and-9103" title="Permanent link">&para;</a></h2>
<p>If your DNS server does zone transfers over TLS, you can instruct <code>external-dns</code> to connect over TLS with the following flags:</p>
<ul>
<li><code>--rfc2136-use-tls</code> Will enable TLS for both zone transfers and for updates.</li>
<li><code>--tls-ca=&lt;cert-file&gt;</code> Is the path to a file containing certificate(s) that can be used to verify the DNS server</li>
<li><code>--tls-client-cert=&lt;client-cert-file&gt;</code> and</li>
<li><code>--tls-client-cert-key=&lt;client-key-file&gt;</code> Set the client certificate and key for mutual verification</li>
<li><code>--rfc2136-skip-tls-verify</code> Disables verification of the certificate supplied by the DNS server.</li>
</ul>
<p>It is currently not supported to do only zone transfers over TLS, but not the updates. They are enabled and disabled together.</p>
<h2 id="configuring-rfc2136-provider-with-multiple-hosts-and-load-balancing">Configuring RFC2136 Provider with Multiple Hosts and Load Balancing<a class="headerlink" href="#configuring-rfc2136-provider-with-multiple-hosts-and-load-balancing" title="Permanent link">&para;</a></h2>
<p>This section describes how to configure the RFC2136 provider in ExternalDNS to support multiple DNS servers and load balancing options.</p>
<h3 id="enhancements-overview">Enhancements Overview<a class="headerlink" href="#enhancements-overview" title="Permanent link">&para;</a></h3>
<p>The RFC2136 provider now supports multiple DNS hosts and introduces load balancing options to distribute DNS update requests evenly across available DNS servers. This helps prevent a single server from becoming a bottleneck in environments with multiple DNS servers.</p>
<h3 id="configuration-steps">Configuration Steps<a class="headerlink" href="#configuration-steps" title="Permanent link">&para;</a></h3>
<ol>
<li>
<p><strong>Allow Multiple Hosts for <code>--rfc2136-host</code></strong></p>
<ul>
<li>Modify the <code>--rfc2136-host</code> command-line option to accept multiple hosts.</li>
<li>Example: <code>--rfc2136-host="dns-host-1.yourdomain.com" --rfc2136-host="dns-host-2.yourdomain.com"</code></li>
</ul>
</li>
<li>
<p><strong>Introduce Load Balancing Options</strong></p>
<ul>
<li>Add a new command-line option <code>--rfc2136-load-balancing-strategy</code> to specify the load balancing strategy.</li>
<li>Supported options:<ul>
<li><code>round-robin</code>: Distributes DNS updates evenly across all specified hosts in a round-robin manner.</li>
<li><code>random</code>: Randomly selects a host for each DNS update.</li>
<li><code>disabled</code> (default): Uses the first host in the list as the primary, only moving to the next host if a failure occurs.</li>
</ul>
</li>
</ul>
</li>
</ol>
<h3 id="example-configuration">Example Configuration<a class="headerlink" href="#example-configuration" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-14-1" name="__codelineno-14-1" href="#__codelineno-14-1"></a>external-dns<span class="w"> </span><span class="se">\</span>
<a id="__codelineno-14-2" name="__codelineno-14-2" href="#__codelineno-14-2"></a><span class="w"> </span>--provider<span class="o">=</span>rfc2136<span class="w"> </span><span class="se">\</span>
<a id="__codelineno-14-3" name="__codelineno-14-3" href="#__codelineno-14-3"></a><span class="w"> </span>--rfc2136-host<span class="o">=</span><span class="s2">&quot;dns-host-1.yourdomain.com&quot;</span><span class="w"> </span><span class="se">\</span>
<a id="__codelineno-14-4" name="__codelineno-14-4" href="#__codelineno-14-4"></a><span class="w"> </span>--rfc2136-host<span class="o">=</span><span class="s2">&quot;dns-host-2.yourdomain.com&quot;</span><span class="w"> </span><span class="se">\</span>
<a id="__codelineno-14-5" name="__codelineno-14-5" href="#__codelineno-14-5"></a><span class="w"> </span>--rfc2136-host<span class="o">=</span><span class="s2">&quot;dns-host-3.yourdomain.com&quot;</span><span class="w"> </span><span class="se">\</span>
<a id="__codelineno-14-6" name="__codelineno-14-6" href="#__codelineno-14-6"></a><span class="w"> </span>--rfc2136-load-balancing-strategy<span class="o">=</span><span class="s2">&quot;round-robin&quot;</span><span class="w"> </span><span class="se">\</span>
<a id="__codelineno-14-7" name="__codelineno-14-7" href="#__codelineno-14-7"></a><span class="w"> </span>--rfc2136-port<span class="o">=</span><span class="m">53</span><span class="w"> </span><span class="se">\</span>
<a id="__codelineno-14-8" name="__codelineno-14-8" href="#__codelineno-14-8"></a><span class="w"> </span>--rfc2136-zone<span class="o">=</span>example.com<span class="w"> </span><span class="se">\</span>
<a id="__codelineno-14-9" name="__codelineno-14-9" href="#__codelineno-14-9"></a><span class="w"> </span>--rfc2136-tsig-secret-alg<span class="o">=</span>hmac-sha256<span class="w"> </span><span class="se">\</span>
<a id="__codelineno-14-10" name="__codelineno-14-10" href="#__codelineno-14-10"></a><span class="w"> </span>--rfc2136-tsig-keyname<span class="o">=</span>example-key<span class="w"> </span><span class="se">\</span>
<a id="__codelineno-14-11" name="__codelineno-14-11" href="#__codelineno-14-11"></a><span class="w"> </span>--rfc2136-tsig-secret<span class="o">=</span>example-secret<span class="w"> </span><span class="se">\</span>
<a id="__codelineno-14-12" name="__codelineno-14-12" href="#__codelineno-14-12"></a><span class="w"> </span>--rfc2136-insecure
</code></pre></div>
<h3 id="helm">Helm<a class="headerlink" href="#helm" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-15-1" name="__codelineno-15-1" href="#__codelineno-15-1"></a><span class="nt">extraArgs</span><span class="p">:</span>
<a id="__codelineno-15-2" name="__codelineno-15-2" href="#__codelineno-15-2"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">--rfc2136-host=&quot;dns-host-1.yourdomain.com&quot;</span>
<a id="__codelineno-15-3" name="__codelineno-15-3" href="#__codelineno-15-3"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">--rfc2136-port=53</span>
<a id="__codelineno-15-4" name="__codelineno-15-4" href="#__codelineno-15-4"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">--rfc2136-zone=example.com</span>
<a id="__codelineno-15-5" name="__codelineno-15-5" href="#__codelineno-15-5"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">--rfc2136-tsig-secret-alg=hmac-sha256</span>
<a id="__codelineno-15-6" name="__codelineno-15-6" href="#__codelineno-15-6"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">--rfc2136-tsig-axfr</span>
<a id="__codelineno-15-7" name="__codelineno-15-7" href="#__codelineno-15-7"></a>
<a id="__codelineno-15-8" name="__codelineno-15-8" href="#__codelineno-15-8"></a><span class="nt">env</span><span class="p">:</span>
<a id="__codelineno-15-9" name="__codelineno-15-9" href="#__codelineno-15-9"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;EXTERNAL_DNS_RFC2136_TSIG_SECRET&quot;</span>
<a id="__codelineno-15-10" name="__codelineno-15-10" href="#__codelineno-15-10"></a><span class="w"> </span><span class="nt">valueFrom</span><span class="p">:</span>
<a id="__codelineno-15-11" name="__codelineno-15-11" href="#__codelineno-15-11"></a><span class="w"> </span><span class="nt">secretKeyRef</span><span class="p">:</span>
<a id="__codelineno-15-12" name="__codelineno-15-12" href="#__codelineno-15-12"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">rfc2136-keys</span>
<a id="__codelineno-15-13" name="__codelineno-15-13" href="#__codelineno-15-13"></a><span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">rfc2136-tsig-secret</span>
<a id="__codelineno-15-14" name="__codelineno-15-14" href="#__codelineno-15-14"></a><span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;EXTERNAL_DNS_RFC2136_TSIG_KEYNAME&quot;</span>
<a id="__codelineno-15-15" name="__codelineno-15-15" href="#__codelineno-15-15"></a><span class="w"> </span><span class="nt">valueFrom</span><span class="p">:</span>
<a id="__codelineno-15-16" name="__codelineno-15-16" href="#__codelineno-15-16"></a><span class="w"> </span><span class="nt">secretKeyRef</span><span class="p">:</span>
<a id="__codelineno-15-17" name="__codelineno-15-17" href="#__codelineno-15-17"></a><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">rfc2136-keys</span>
<a id="__codelineno-15-18" name="__codelineno-15-18" href="#__codelineno-15-18"></a><span class="w"> </span><span class="nt">key</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">rfc2136-tsig-keyname</span>
</code></pre></div>
<h4 id="secret-creation">Secret creation<a class="headerlink" href="#secret-creation" title="Permanent link">&para;</a></h4>
<div class="highlight"><pre><span></span><code><a id="__codelineno-16-1" name="__codelineno-16-1" href="#__codelineno-16-1"></a>kubectl<span class="w"> </span>create<span class="w"> </span>secret<span class="w"> </span>generic<span class="w"> </span>rfc2136-keys<span class="w"> </span>--from-literal<span class="o">=</span>rfc2136-tsig-secret<span class="o">=</span><span class="s1">&#39;xxx&#39;</span><span class="w"> </span>--from-literal<span class="o">=</span>rfc2136-tsig-keyname<span class="o">=</span><span class="s1">&#39;k8s-external-dns-key&#39;</span><span class="w"> </span>-n<span class="w"> </span>external-dns
</code></pre></div>
<h3 id="benefits">Benefits<a class="headerlink" href="#benefits" title="Permanent link">&para;</a></h3>
<ul>
<li>Distributes the load of DNS updates across multiple data centers, preventing any single DC from becoming a bottleneck.</li>
<li>Provides flexibility to choose different load balancing strategies based on the environment and requirements.</li>
<li>Improves the resilience and reliability of DNS updates by introducing a retry mechanism with a list of hosts.</li>
</ul>
<aside class="md-source-file">
<span class="md-source-file__fact">
<span class="md-icon" title="Last update">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M21 13.1c-.1 0-.3.1-.4.2l-1 1 2.1 2.1 1-1c.2-.2.2-.6 0-.8l-1.3-1.3c-.1-.1-.2-.2-.4-.2m-1.9 1.8-6.1 6V23h2.1l6.1-6.1-2.1-2M12.5 7v5.2l4 2.4-1 1L11 13V7h1.5M11 21.9c-5.1-.5-9-4.8-9-9.9C2 6.5 6.5 2 12 2c5.3 0 9.6 4.1 10 9.3-.3-.1-.6-.2-1-.2s-.7.1-1 .2C19.6 7.2 16.2 4 12 4c-4.4 0-8 3.6-8 8 0 4.1 3.1 7.5 7.1 7.9l-.1.2v1.8Z"/></svg>
</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">May 14, 2025</span>
</span>
</aside>
</article>
</div>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
<button type="button" class="md-top md-icon" data-md-component="top" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8v12Z"/></svg>
Back to top
</button>
</main>
<footer class="md-footer">
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<!--
Copyright (c) 2016-2024 Martin Donath <martin.donath@squidfunk.com>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to
deal in the Software without restriction, including without limitation the
rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
sell copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
IN THE SOFTWARE.
-->
<!-- Copyright and theme information -->
<div class="md-copyright">
Made with
<a
href="https://squidfunk.github.io/mkdocs-material/"
target="_blank" rel="noopener"
>
Material for MkDocs
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "../../..", "features": ["content.code.annotate", "navigation.top", "navigation.tracking", "navigation.indexes", "navigation.instant", "navigation.tabs", "navigation.tabs.sticky"], "search": "../../../assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"provider": "mike"}}</script>
<script src="../../../assets/javascripts/bundle.1e8ae164.min.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink