From 280a36a5911f1445717803920849a7234fe9c6d4 Mon Sep 17 00:00:00 2001
From: j <repobase@j7b.net>
Date: Tue, 1 Jul 2025 15:00:48 +1000
Subject: [PATCH] Master to require key for transfer

---
 deployments/dns/bind.yaml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/deployments/dns/bind.yaml b/deployments/dns/bind.yaml
index fd03c7f..28432a6 100644
--- a/deployments/dns/bind.yaml
+++ b/deployments/dns/bind.yaml
@@ -45,6 +45,7 @@ data:
       type master;
       file "/etc/bind/db.hxme.net";
       allow-update { key "externaldns-key"; };
+      allow-transfer { key "bind-slave-key"; };
     };
   db.hxme.net: |
     $TTL    3600
@@ -77,10 +78,14 @@ data:
     };
 
     include "/etc/bind/tsig-key.conf";
+
+    masters "hxme-master" {
+      bind-master.dns.svc.cluster.local key "bind-slave-key";
+    };
     
     zone "hxme.net" {
         type slave;
-        masters { bind-master.dns.svc.cluster.local key "bind-slave-key"; };
+        masters { "hxme-master"; };
         file "slaves/db.hxme.net";
     };
 ---