From 398257eb6c36b9fddbc7b49c6df1309923be4004 Mon Sep 17 00:00:00 2001
From: j <repobase@j7b.net>
Date: Tue, 1 Jul 2025 11:31:57 +1000
Subject: [PATCH] indent update; initcontainer for root hints

---
 deployments/dns/bind.yaml | 79 +++++++++++++++++++++++----------------
 1 file changed, 47 insertions(+), 32 deletions(-)

diff --git a/deployments/dns/bind.yaml b/deployments/dns/bind.yaml
index fede872..b331cb6 100644
--- a/deployments/dns/bind.yaml
+++ b/deployments/dns/bind.yaml
@@ -100,40 +100,55 @@ spec:
     spec:
       securityContext:
         fsGroup: 999
+      initContainers:
+        - name: fetch-root-hints
+          image: curlimages/curl:latest
+          command:
+            - sh
+            - -c
+            - >
+              curl -o /hints/root.hints https://www.internic.net/domain/named.cache
+          volumeMounts:
+          - mountPath: /hints
+            name: root-hints
       containers:
-      - name: bind-master
-        image: internetsystemsconsortium/bind9:9.18
-        command: ["named", "-g", "-c", "/etc/bind/named.conf"]
-        ports:
-        - containerPort: 53
-          protocol: UDP
-        - containerPort: 53
-          protocol: TCP
-        volumeMounts:
-        - name: config
-          mountPath: /etc/bind/named.conf
-          subPath: named.conf
-        - name: config
-          mountPath: /etc/bind/db.hxme.net
-          subPath: db.hxme.net
-        - name: dns-secrets
-          mountPath: /etc/bind/externaldns-key.conf
-          subPath: externaldns-key.conf
-        - name: bind-cache
-          mountPath: /var/cache/bind
-        - name: bind-rundir
-          mountPath: /run/named
+        - name: bind-master
+          image: internetsystemsconsortium/bind9:9.18
+          command: ["named", "-g", "-c", "/etc/bind/named.conf"]
+          ports:
+          - containerPort: 53
+            protocol: UDP
+          - containerPort: 53
+            protocol: TCP
+          volumeMounts:
+          - name: config
+            mountPath: /etc/bind/named.conf
+            subPath: named.conf
+          - name: config
+            mountPath: /etc/bind/db.hxme.net
+            subPath: db.hxme.net
+          - name: dns-secrets
+            mountPath: /etc/bind/externaldns-key.conf
+            subPath: externaldns-key.conf
+          - name: bind-cache
+            mountPath: /var/cache/bind
+          - name: bind-rundir
+            mountPath: /run/named
+          - name: root-hints
+            mountPath: /usr/share/dns
       volumes:
-      - name: dns-secrets
-        secret:
-          secretName: dns-secrets
-      - name: config
-        configMap:
-          name: bind-master-config
-      - name: bind-cache
-        emptyDir: {}
-      - name: bind-rundir
-        emptyDir: {}
+        - name: dns-secrets
+          secret:
+            secretName: dns-secrets
+        - name: config
+          configMap:
+            name: bind-master-config
+        - name: bind-cache
+          emptyDir: {}
+        - name: bind-rundir
+          emptyDir: {}
+        - name: root-hints
+          emptyDir: {}
 ---
 apiVersion: apps/v1
 kind: DaemonSet