Containerized BIND specifically designed to be used with ExternalDNS. Can be used standalone, or in conjunction with your primary DNS for the domain.
See ExternalDNS documentation on RFC2136.
Configuration is covered by environment variables:
BIND_ZONE
- zone domainBIND_KEY
- TSIG secretBIND_KEY_ALG
- TSIG algorithm (defaults to hmac-sha256)BIND_KEY_NAME
- TSIG key name (defaults to "external-dns")
A Kubernetes secret manifest containing a TSIG key can be generated:
docker run --rm ghcr.io/p3lim/bind:latest tsig my-secret-name my-secret-namespace
# secret name and namespace are optional
kind: Namespace
apiVersion: v1
metadata:
name: external-dns
---
$(docker run --rm ghcr.io/p3lim/bind:latest tsig bind-tsig external-dns)
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: bind
namespace: external-dns
labels:
name: external-dns-bind
spec:
selector:
matchLabels:
name: external-dns-bind
template:
metadata:
labels:
name: external-dns-bind
spec:
containers:
- name: bind
image: ghcr.io/p3lim/bind:latest # should be pinned
imagePullPolicy: Always
ports:
- containerPort: 53
name: bind-dns-udp
protocol: UDP
- containerPort: 53
name: bind-dns-tcp
protocol: TCP
- containerPort: 8053 # optional, for bind_exporter
name: bind-stats
protocol: TCP
env:
- name: BIND_ZONE
value: example.com
- name: BIND_KEY
valueFrom:
secretKeyRef:
name: bind-tsig
key: rfc2136_tsig_secret
readinessProbe:
tcpSocket:
port: bind-dns-udp
initialDelaySeconds: 5
periodSeconds: 10
livenessProbe:
tcpSocket:
port: bind-dns-tcp
initialDelaySeconds: 5
periodSeconds: 10
---
kind: Service
apiVersion: v1
metadata:
name: bind
namespace: external-dns
spec:
selector:
name: external-dns-bind
ports:
- name: dns
port: 53
targetPort: bind-dns-udp
protocol: UDP
- name: dns-tcp
port: 53
targetPort: bind-dns-tcp
protocol: TCP
---
kind: Service
apiVersion: v1
metadata:
name: bind-external
namespace: external-dns
spec:
type: LoadBalancer # requires a loadbalancer, like MetalLB
selector:
name: external-dns-bind
ports:
- name: dns-external
port: 53
targetPort: bind-dns-udp
protocol: UDP
When using this with Bitnami's ExternalDNS chart these values are sufficient:
provider: rfc2136
policy: sync
rfc2136:
host: bind.external-dns.svc.cluster.local
zone: example.com
secretName: bind-tsig
tsigKeyname: external-dns
helm install external-dns oci://registry-1.docker.io/bitnamicharts/external-dns -n external-dns -f values.yaml