Managing DNS Zones¶
DNS zones are the containers for DNS records. In Bindy, zones are defined using the DNSZone custom resource.
Zone Types¶
Primary Zones¶
Primary (master) zones contain the authoritative data:
- Zone data is created and managed on the primary
- Changes are made by creating/updating DNS record resources
- Can be transferred to secondary servers
Secondary Zones¶
Secondary (slave) zones receive data from primary servers:
- Zone data is received via AXFR/IXFR transfers
- Read-only - cannot be modified directly
- Automatically updated when primary changes
Zone Lifecycle¶
- Create Bind9Instance resources to host zones
- Create DNSZone resource with instance selector
- Add DNS records (A, CNAME, MX, etc.)
- Monitor status to ensure zone is active
Instance Selection¶
Architecture: Zones select instances (not the other way around). A
DNSZonedeclares whichBind9Instanceresources should serve it.
Zones are deployed to Bind9Instance resources using one of three methods:
Method 1: Cluster Reference¶
Reference a cluster, and the zone will be served by all instances in that cluster:
Method 2: Label Selectors¶
Use label selectors to choose instances based on labels:
Method 3: Combined¶
Use both methods - the zone will be served by the UNION of instances from both:
For detailed guidance on instance selection, see Zone Selection Guide.
SOA Record¶
Every primary zone requires an SOA (Start of Authority) record:
spec:
soaRecord:
primaryNs: ns1.example.com. # Primary nameserver
adminEmail: admin@example.com # Admin email (@ becomes .)
serial: 2024010101 # Zone serial number
refresh: 3600 # Refresh interval
retry: 600 # Retry interval
expire: 604800 # Expiration time
negativeTtl: 86400 # Negative caching TTL
Zone Configuration¶
TTL (Time To Live)¶
Set the default TTL for records in the zone:
Individual records can override this with their own TTL values.
Zone Status¶
Check zone status:
Example output:
NAME ZONE RECORDS INSTANCES TTL READY AGE
example-com example.com 5 3 3600 True 10m
api-zone api.example 12 2 1800 True 5m
The Instances column shows how many Bind9Instance resources are serving the zone.
Status Fields¶
View detailed status information:
Key status fields:
bind9InstancesCount¶
Shows how many instances are serving the zone:
This field is automatically computed from the bind9Instances array length.
bind9Instances¶
Lists each instance serving the zone with its status:
status:
bind9Instances:
- name: primary-west
namespace: dns-system
status: Configured
message: "Zone synchronized successfully"
- name: primary-east
namespace: dns-system
status: Configured
message: "Zone synchronized successfully"
- name: primary-central
namespace: dns-system
status: Configured
message: "Zone synchronized successfully"
Possible instance statuses: - Claimed: Instance selected, synchronization pending - Configured: Zone successfully configured on instance - Failed: Synchronization failed (check message for details)
recordCount¶
Shows how many DNS records are selected by the zone:
conditions¶
Standard Kubernetes status conditions:
status:
conditions:
- type: Ready
status: "True"
reason: InstancesSynchronized
message: "Zone configured on 3 instances"
Possible conditions: - Ready: Zone is ready and serving DNS queries - Progressing: Zone synchronization in progress - Degraded: Some instances failed, but zone is partially operational
Common Operations¶
Listing Zones¶
# List all zones
kubectl get dnszones -n dns-system
# Show zones with custom columns
kubectl get dnszones -n dns-system -o custom-columns=\
NAME:.metadata.name,\
ZONE:.spec.zoneName,\
RECORDS:.status.recordCount,\
INSTANCES:.status.bind9InstancesCount,\
READY:.status.conditions[?(@.type=='Ready')].status
Example output:
NAME ZONE RECORDS INSTANCES READY
example-com example.com 5 3 True
api-zone api.example 12 2 True
dev-zone dev.local 8 1 True
Viewing Zone Details¶
Updating Zones¶
Edit the zone configuration:
Or apply an updated YAML file:
Deleting Zones¶
This removes the zone from all instances but doesn't delete the instance itself.