This helm chart is based on the official ISC docker image.
By default, this chart will setup Bind9 as a resolver.
In case you want to forward a zone to your internal nameservers, you can create a secret containing valid named configuration that might look something like this:
apiVersion: v1
kind: Secret
metadata:
name: my-named-configuration-secret
stringData:
named.conf.local: |
zone "my.corporate-domain.example.org" {
type static-stub;
server-addresses {
192.168.1.1;
192.168.1.2;
};
};
Please pay attention that this can ONLY contain zone settings or similar, no options
blocks are allowed (as they are already set in the configuration generated by the chart).
You need to provide the name of this secret in the values.yaml
file like so:
[...]
mount_configuration_from_secret:
secretName: my-named-configuration-secret
[...]
After that, install the helm chart like described in the chart's README.
You can use this chart to set up an authoritative nameserver by setting the chartMode
value to authoritative
. This will generate a basic named.conf with recursion disabled. However, you need to create a secret containing the actual nameserver configuration (i.e. zones) and let the chart mount this secret into the pod.
First, create a secret like this:
apiVersion: v1
kind: Secret
metadata:
name: my-named-nameserver-configuration-secret
stringData:
named.conf.local: |
zone "example.org" in {
type master;
file "/named_config/example.org.zone";
notify no;
};
example.org.zone: |
$TTL 2h ; default TTL
@ IN SOA dns.example.org. dnsmaster.example.org. (
2022032900 ; serial
24h ; refresh
2h ; retry
1000h ; expire
2d ) ; minimum
[...]
Please pay attention that this can ONLY contain zone settings or similar, no options
blocks are allowed (as they are already set in the configuration generated by the chart).
Notice that there are two keys in that secret, one for the named.conf.local
and one for the zone file (example.org.zone
in the example). Both of these keys are being mounted as files to /named_config/
.
The zone file is referenced in the named configuration contained in the named.conf.local
part. The named.conf.local
is being loaded by bind automatically due to the configuration that the helm chart sets up.
To use your secret you need to provide the name of this secret in the values.yaml
file like so:
[...]
mount_configuration_from_secret:
secretName: my-named-nameserver-configuration-secret
[...]