mirror of
https://github.com/kubernetes-sigs/external-dns.git
synced 2025-10-17 04:41:18 +02:00
34 lines
1.3 KiB
Markdown
34 lines
1.3 KiB
Markdown
# Configuring RFC2136 provider
|
|
|
|
## Server credentials:
|
|
- RFC2136 was developed for and tested with [BIND](https://www.isc.org/downloads/bind/) DNS server.
|
|
Next is assuming that you already have configured and working server, other way please check first BIND documents or tutorials.
|
|
- So you should obtain from your administrators TSIG key. It will look like:
|
|
```text
|
|
key "externaldns-key" {
|
|
algorithm hmac-sha256;
|
|
secret "XXXXXXXXXXXXXXXXXXXXXX==";
|
|
};
|
|
```
|
|
- `Warning!` Bind server configuration should enable for this key AFXR zone transfer protocol. It is used for listing DNS records.
|
|
|
|
## RFC2136 provider configuration:
|
|
- Example fragment of real configuration of ExternalDNS service pod.
|
|
|
|
```text
|
|
...
|
|
- --provider=rfc2136
|
|
- --rfc2136-host=123.123.123.123
|
|
- --rfc2136-port=53
|
|
- --rfc2136-zone=your-domain.com
|
|
- --rfc2136-tsig-secret=${rfc2136_tsig_secret}
|
|
- --rfc2136-tsig-secret-alg=hmac-sha256
|
|
- --rfc2136-tsig-keyname=externaldns-key
|
|
- --rfc2136-tsig-axfr
|
|
...
|
|
```
|
|
- `rfc2136_tsig_secret` - environment variable containing actual secret value from TSIG key. Something like `XXXXXXXXXXXXXXXXXXXXXX==`.
|
|
- `rfc2136-tsig-keyname` - this is string parameter with secret key name it is should `MATCH!` with server key name. In example it is `externaldns-key`.
|
|
|
|
|
|
|