mirror of
https://github.com/kubernetes-sigs/external-dns.git
synced 2025-10-31 02:31:00 +01:00
1.8 KiB
1.8 KiB
Configuring RFC2136 provider
Server credentials:
- RFC2136 was developed for and tested with BIND DNS server. Next is assuming that you already have configured and working server, other way please check first BIND documents or tutorials.
- So you should obtain from your administrators TSIG key. It will look like:
key "externaldns-key" {
algorithm hmac-sha256;
secret "XXXXXXXXXXXXXXXXXXXXXX==";
};
Warning!Bind server configuration should enable for this key AFXR zone transfer protocol. It is used for listing DNS records.
# cat /etc/named.conf
...
include "/etc/rndc.key";
controls {
inet 123.123.123.123 port 953 allow { 10.x.y.151; } keys { "externaldns-key"; };
};
options {
include "/etc/named/options.conf";
};
include "/etc/named/zones.conf";
...
# cat /etc/named/options.conf
...
dnssec-enable yes;
dnssec-validation yes;
...
# cat /etc/named/zones.conf
...
zone "example.com" {
type master;
file "/var/named/dynamic/db.example.com";
update-policy {
grant externaldns-key zonesub ANY;
};
};
...
RFC2136 provider configuration:
- Example fragment of real configuration of ExternalDNS service pod.
...
- --provider=rfc2136
- --rfc2136-host=123.123.123.123
- --rfc2136-port=53
- --rfc2136-zone=your-domain.com
- --rfc2136-tsig-secret=${rfc2136_tsig_secret}
- --rfc2136-tsig-secret-alg=hmac-sha256
- --rfc2136-tsig-keyname=externaldns-key
- --rfc2136-tsig-axfr
...
rfc2136_tsig_secret- environment variable containing actual secret value from TSIG key. Something likeXXXXXXXXXXXXXXXXXXXXXX==.rfc2136-tsig-keyname- this is string parameter with secret key name it is shouldMATCH!with server key name. In example it isexternaldns-key.