From this release, ExternalDNS can become aware of the records it is managing (enabled via `--registry=txt`), therefore ExternalDNS can safely manage non-empty hosted zones. We strongly encourage you to use `v0.5` (or greater) with `--registry=txt` enabled and `--txt-owner-id` set to a unique value that doesn't change for the lifetime of your cluster. You might also want to run ExternalDNS in a dry run mode (`--dry-run` flag) to see the changes to be submitted to your DNS Provider API.
...
...
@@ -64,6 +65,7 @@ The following tutorials are provided:
- RFC2136 was developed for and tested with [BIND](https://www.isc.org/downloads/bind/) DNS server.
Next is assuming that you already have configured and working server, other way please check first BIND documents or tutorials.
- So you should obtain from your administrators TSIG key. It will look like:
```text
key "externaldns-key" {
algorithm hmac-sha256;
secret "XXXXXXXXXXXXXXXXXXXXXX==";
};
```
-`Warning!` Bind server configuration should enable for this key AFXR zone transfer protocol. It is used for listing DNS records.
## RFC2136 provider configuration:
- Example fragment of real configuration of ExternalDNS service pod.
```text
...
- --provider=rfc2136
- --rfc2136-host=123.123.123.123
- --rfc2136-port=53
- --rfc2136-zone=your-domain.com
- --rfc2136-tsig-secret=${rfc2136_tsig_secret}
- --rfc2136-tsig-secret-alg=hmac-sha256
- --rfc2136-tsig-keyname=externaldns-key
- --rfc2136-tsig-axfr
...
```
-`rfc2136_tsig_secret` - environment variable containing actual secret value from TSIG key. Something like `XXXXXXXXXXXXXXXXXXXXXX==`.
-`rfc2136-tsig-keyname` - this is string parameter with secret key name it is should `MATCH!` with server key name. In example it is `externaldns-key`.
