indent update; initcontainer for root hints

2025-07-01 11:31:57 +10:00 · 2025-07-01 11:31:57 +10:00 · 398257eb6c
commit 398257eb6c
parent f59f82e778
1 changed files with 47 additions and 32 deletions
--- a/deployments/dns/bind.yaml
+++ b/deployments/dns/bind.yaml
@ -100,40 +100,55 @@ spec:
    spec:
      securityContext:
        fsGroup: 999
+      initContainers:
+        - name: fetch-root-hints
+          image: curlimages/curl:latest
+          command:
+            - sh
+            - -c
+            - >
+              curl -o /hints/root.hints https://www.internic.net/domain/named.cache
+          volumeMounts:
+          - mountPath: /hints
+            name: root-hints
      containers:
-      - name: bind-master
-        image: internetsystemsconsortium/bind9:9.18
-        command: ["named", "-g", "-c", "/etc/bind/named.conf"]
-        ports:
-        - containerPort: 53
-          protocol: UDP
-        - containerPort: 53
-          protocol: TCP
-        volumeMounts:
-        - name: config
-          mountPath: /etc/bind/named.conf
-          subPath: named.conf
-        - name: config
-          mountPath: /etc/bind/db.hxme.net
-          subPath: db.hxme.net
-        - name: dns-secrets
-          mountPath: /etc/bind/externaldns-key.conf
-          subPath: externaldns-key.conf
-        - name: bind-cache
-          mountPath: /var/cache/bind
-        - name: bind-rundir
-          mountPath: /run/named
+        - name: bind-master
+          image: internetsystemsconsortium/bind9:9.18
+          command: ["named", "-g", "-c", "/etc/bind/named.conf"]
+          ports:
+          - containerPort: 53
+            protocol: UDP
+          - containerPort: 53
+            protocol: TCP
+          volumeMounts:
+          - name: config
+            mountPath: /etc/bind/named.conf
+            subPath: named.conf
+          - name: config
+            mountPath: /etc/bind/db.hxme.net
+            subPath: db.hxme.net
+          - name: dns-secrets
+            mountPath: /etc/bind/externaldns-key.conf
+            subPath: externaldns-key.conf
+          - name: bind-cache
+            mountPath: /var/cache/bind
+          - name: bind-rundir
+            mountPath: /run/named
+          - name: root-hints
+            mountPath: /usr/share/dns
      volumes:
-      - name: dns-secrets
-        secret:
-          secretName: dns-secrets
-      - name: config
-        configMap:
-          name: bind-master-config
-      - name: bind-cache
-        emptyDir: {}
-      - name: bind-rundir
-        emptyDir: {}
+        - name: dns-secrets
+          secret:
+            secretName: dns-secrets
+        - name: config
+          configMap:
+            name: bind-master-config
+        - name: bind-cache
+          emptyDir: {}
+        - name: bind-rundir
+          emptyDir: {}
+        - name: root-hints
+          emptyDir: {}
 ---
 apiVersion: apps/v1
 kind: DaemonSet