I’m trying to configure the DNS update (RFC2136) service. However, I noticed the TSIG name and key are mandatory fields. In our setup, TSIG is not necessary. Would it be possible to make these fields optional?
We were discussing the same topic here:
Looks like this is going to be officially resolved, but in the meantime,
I have a totally-not-at-all-supported, ymmv, you’re-on-your-own… docker image of the rancher-external-dns client we are using with tsig removed. We use it to talk directly to our AD DNS servers since I can’t find a go dns client that supports GSS-TSIG:
github: https://github.com/jgreat/external-dns
docker: jgreat/rancher-external-dns:0.6.0-ad-1
docker-compose.yml
external-dns-ad:
image: jgreat/rancher-external-dns:0.6.0-ad-1
command: "-provider=ad"
expose:
- 1000
environment:
AD_HOST: ${AD_HOST}
AD_PORT: 53
ROOT_DOMAIN: ${ROOT_DOMAIN}
TTL: ${TTL}
labels:
io.rancher.container.pull_image: always
io.rancher.container.create_agent: "true"
io.rancher.container.agent.role: "external-dns"
rancher-compose.yml
.catalog:
name: "Rancher-External-DNS (Active Directory)"
version: "0.6.0-ad-1"
description: Rancher External DNS service publish to AD DNS.
minimum_rancher_version: v0.44.0
uuid: external-dns-ad:0.6.0-ad-1
questions:
- variable: AD_HOST
label: DNS Server
type: string
required: true
- variable: TTL
label: TTL
description: "The resource record cache time to live (TTL), in seconds"
type: int
default: 60
required: false
- variable: ROOT_DOMAIN
label: Hosted zone name
description: Hosted zone name (zone has to be pre-created). DNS entries will be created for <service>.<stack>.<environment>.<root zone>
type: string
required: true
external-dns-ad:
health_check:
port: 1000
interval: 30000
unhealthy_threshold: 3
request_line: GET / HTTP/1.0
healthy_threshold: 2
response_timeout: 2000