// named.conf — root BIND9 configuration for bindcar drone mode
//
// This is an example configuration for a standalone BIND9 instance
// managed by bindcar running outside the Kubernetes cluster ("drone" mode).
//
// BEFORE USE:
// 1. Generate a real RNDC key:
// tsig-keygen -a hmac-sha256 rndc-key > /etc/bind/rndc.key
// 2. Set the same secret in bindcar:
// RNDC_SECRET=<base64-secret-from-rndc.key>
// 3. Copy these files to /etc/bind/ on the BIND9 host.
// RNDC authentication key shared between named and bindcar
include "/etc/bind/rndc.key";
// RNDC control channel — localhost only
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; }
keys { "rndc-key"; };
};
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";