bindcar 0.6.0

HTTP REST API for managing BIND9 zones via rndc
# Configuration

bindcar is configured through environment variables, making it easy to deploy in containerized environments.

## Configuration Overview

All configuration is done via environment variables. No configuration files are needed.

## Environment Variables

See [Environment Variables](./env-vars.md) for a complete reference of all available environment variables.

## Quick Configuration Examples

### Development

```bash
export RUST_LOG=debug
export BIND_ZONE_DIR=./zones
export API_PORT=8080
export DISABLE_AUTH=true

./bindcar
```

### Production (Docker)

```bash
docker run -d \
  -p 8080:8080 \
  -v /var/cache/bind:/var/cache/bind \
  -e RUST_LOG=info \
  -e BIND_ZONE_DIR=/var/cache/bind \
  -e API_PORT=8080 \
  -e DISABLE_AUTH=false \
  ghcr.io/firestoned/bindcar:latest
```

### Kubernetes

```yaml
apiVersion: v1
kind: Pod
metadata:
  name: dns-server
spec:
  containers:
  - name: bind9
    image: bind9:latest
    volumeMounts:
    - name: zones
      mountPath: /var/cache/bind

  - name: bindcar
    image: ghcr.io/firestoned/bindcar:latest
    ports:
    - containerPort: 8080
    env:
    - name: BIND_ZONE_DIR
      value: "/var/cache/bind"
    - name: API_PORT
      value: "8080"
    - name: RUST_LOG
      value: "info"
    - name: DISABLE_AUTH
      value: "false"
    volumeMounts:
    - name: zones
      mountPath: /var/cache/bind

  volumes:
  - name: zones
    emptyDir: {}
```

## Core Settings

### Zone Directory

```bash
BIND_ZONE_DIR=/var/cache/bind
```

Directory where BIND9 zone files are stored. Must be shared between bindcar and BIND9.

### API Port

```bash
API_PORT=8080
```

Port for the HTTP API server to listen on.

### RNDC Configuration

bindcar uses the native RNDC protocol to communicate with BIND9. Configuration can be provided via environment variables or automatically parsed from rndc.conf:

**Option 1: Environment Variables**

```bash
RNDC_SERVER=127.0.0.1:953
RNDC_ALGORITHM=sha256
RNDC_SECRET=dGVzdC1zZWNyZXQtaGVyZQ==
```

**Option 2: Using rndc.conf (automatic)**

If `RNDC_SECRET` is not set, bindcar automatically parses `/etc/bind/rndc.conf` or `/etc/rndc.conf`.

The configuration file can include separate key files using `include` directives:

```conf
# /etc/bind/rndc.conf
include "/etc/bind/rndc.key";

options {
    default-key "rndc-key";
    default-server 127.0.0.1;
};
```

See [RNDC Integration](../developer-guide/rndc-integration.md) for more details.

## Logging Configuration

### Log Level

```bash
RUST_LOG=info
```

Valid levels:
- `error` - Only errors
- `warn` - Warnings and errors
- `info` - Info, warnings, and errors (recommended)
- `debug` - Detailed debugging information
- `trace` - Very verbose tracing

### Structured Logging

Logs are output in JSON format for easy parsing by log aggregation systems:

```json
{"timestamp":"2025-12-03T10:30:45Z","level":"info","message":"Zone created successfully","zone":"example.com"}
```

## Authentication Configuration

See [Authentication](./authentication.md) for detailed authentication configuration.

### Disable Authentication

```bash
DISABLE_AUTH=true
```

**WARNING**: Only use this in trusted environments where authentication is handled by infrastructure (Linkerd service mesh, API gateway, etc.).

## Configuration Best Practices

1. **Use secrets management** - Store sensitive values in Kubernetes Secrets or similar
2. **Enable authentication** - Always use authentication in production
3. **Set appropriate log levels** - Use `info` in production, `debug` for troubleshooting
4. **Use shared volumes** - Ensure bindcar and BIND9 can access the same zone directory
5. **Configure health checks** - Use `/health` and `/ready` endpoints for liveness and readiness probes

## Configuration Validation

bindcar validates configuration on startup and will fail fast if misconfigured:

```bash
# Example error if zone directory doesn't exist
Error: Zone directory /var/cache/bind does not exist or is not writable
```

## Next Steps

- [Environment Variables]./env-vars.md - Complete environment variable reference
- [Authentication]./authentication.md - Authentication configuration
- [Deployment]./deployment.md - Deployment guides