- RFC2136 was developed for and tested with BIND DNS server. Next is assuming that you already have configured and working server, other way please check first BIND documents or tutorials.
- So you should obtain from your administrators TSIG key. It will look like:
key "externaldns-key" {
algorithm hmac-sha256;
secret "XXXXXXXXXXXXXXXXXXXXXX==";
};
Warning!Bind server configuration should enable for this key AFXR zone transfer protocol. It is used for listing DNS records.
- Example fragment of real configuration of ExternalDNS service pod.
...
- --provider=rfc2136
- --rfc2136-host=123.123.123.123
- --rfc2136-port=53
- --rfc2136-zone=your-domain.com
- --rfc2136-tsig-secret=${rfc2136_tsig_secret}
- --rfc2136-tsig-secret-alg=hmac-sha256
- --rfc2136-tsig-keyname=externaldns-key
- --rfc2136-tsig-axfr
...
rfc2136_tsig_secret- environment variable containing actual secret value from TSIG key. Something likeXXXXXXXXXXXXXXXXXXXXXX==.rfc2136-tsig-keyname- this is string parameter with secret key name it is shouldMATCH!with server key name. In example it isexternaldns-key.