Bind9Config

bindy::crd

Struct Bind9Config 

Source 
pub struct Bind9Config {
    pub recursion: Option<bool>,
    pub allow_query: Option<Vec<String>>,
    pub allow_transfer: Option<Vec<String>>,
    pub dnssec: Option<DNSSECConfig>,
    pub forwarders: Option<Vec<String>>,
    pub listen_on: Option<Vec<String>>,
    pub listen_on_v6: Option<Vec<String>>,
    pub rndc_secret_ref: Option<RndcSecretRef>,
    pub bindcar_config: Option<BindcarConfig>,
}
Expand description

BIND9 server configuration options

These settings configure the BIND9 DNS server behavior including recursion, access control lists, DNSSEC, and network listeners.

Fields§

§recursion: Option<bool>

Enable or disable recursive DNS queries

When enabled (true), the DNS server will recursively resolve queries by contacting other authoritative nameservers. When disabled (false), the server only answers for zones it is authoritative for.

Default: false (authoritative-only mode)

Important: Recursive resolvers should not be publicly accessible due to security risks (DNS amplification attacks, cache poisoning).

§allow_query: Option<Vec<String>>

Access control list for DNS queries

Specifies which IP addresses or networks are allowed to query this DNS server. Supports CIDR notation and special keywords.

Default: Not set (BIND9 defaults to localhost only)

Examples:

  • ["0.0.0.0/0"] - Allow queries from any IPv4 address
  • ["10.0.0.0/8", "172.16.0.0/12"] - Allow queries from private networks
  • ["any"] - Allow queries from any IP (IPv4 and IPv6)
  • ["none"] - Deny all queries
  • ["localhost"] - Allow only from localhost
§allow_transfer: Option<Vec<String>>

Access control list for zone transfers (AXFR/IXFR)

Specifies which IP addresses or networks are allowed to perform zone transfers from this server. Zone transfers are used for replication between primary and secondary DNS servers.

Default: Auto-detected cluster Pod CIDRs (e.g., ["10.42.0.0/16"])

Examples:

  • ["10.42.0.0/16"] - Allow transfers from specific Pod network
  • ["10.0.0.0/8"] - Allow transfers from entire private network
  • [] - Deny all zone transfers (empty list means “none”)
  • ["any"] - Allow transfers from any IP (not recommended for production)

Can be overridden at cluster level via spec.primary.allowTransfer or spec.secondary.allowTransfer for role-specific ACLs.

§dnssec: Option<DNSSECConfig>

DNSSEC (DNS Security Extensions) configuration

Configures DNSSEC signing and validation. DNSSEC provides cryptographic authentication of DNS data to prevent spoofing and cache poisoning attacks.

See DNSSECConfig for detailed options.

§forwarders: Option<Vec<String>>

DNS forwarders for recursive resolution

List of upstream DNS servers to forward queries to when recursion is enabled. Used for hybrid authoritative/recursive configurations.

Only relevant when recursion: true.

Examples:

  • ["8.8.8.8", "8.8.4.4"] - Google Public DNS
  • ["1.1.1.1", "1.0.0.1"] - Cloudflare DNS
  • ["10.0.0.53"] - Internal corporate DNS resolver
§listen_on: Option<Vec<String>>

IPv4 addresses to listen on for DNS queries

Specifies which IPv4 interfaces and ports the DNS server should bind to.

Default: All IPv4 interfaces on port 53

Examples:

  • ["any"] - Listen on all IPv4 interfaces
  • ["127.0.0.1"] - Listen only on localhost
  • ["10.0.0.1"] - Listen on specific IP address
§listen_on_v6: Option<Vec<String>>

IPv6 addresses to listen on for DNS queries

Specifies which IPv6 interfaces and ports the DNS server should bind to.

Default: All IPv6 interfaces on port 53 (if IPv6 is available)

Examples:

  • ["any"] - Listen on all IPv6 interfaces
  • ["::1"] - Listen only on IPv6 localhost
  • ["none"] - Disable IPv6 listening
§rndc_secret_ref: Option<RndcSecretRef>

Reference to an existing Kubernetes Secret containing RNDC key.

If specified at the global config level, all instances in the cluster will use this existing Secret instead of auto-generating individual secrets, unless overridden at the role (primary/secondary) or instance level.

This allows centralized RNDC key management for the entire cluster.

Precedence order (highest to lowest):

  1. Instance level (spec.rndcSecretRef)
  2. Role level (spec.primary.rndcSecretRef or spec.secondary.rndcSecretRef)
  3. Global level (spec.global.rndcSecretRef)
  4. Auto-generated (default)
§bindcar_config: Option<BindcarConfig>

Bindcar RNDC API sidecar container configuration.

The API container provides an HTTP interface for managing zones via rndc. This configuration is inherited by all instances unless overridden.

Trait Implementations§

Source§

impl Clone for Bind9Config

Source§

fn clone(&self) -> Bind9Config

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for Bind9Config

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for Bind9Config

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl JsonSchema for Bind9Config

Source§

fn schema_name() -> Cow<'static, str>

The name of the generated JSON Schema. Read more
Source§

fn schema_id() -> Cow<'static, str>

Returns a string that uniquely identifies the schema produced by this type. Read more
Source§

fn json_schema(generator: &mut SchemaGenerator) -> Schema

Generates a JSON Schema for this type. Read more
Source§

fn inline_schema() -> bool

Whether JSON Schemas generated for this type should be included directly in parent schemas, rather than being re-used where possible using the $ref keyword. Read more
Source§

impl Serialize for Bind9Config

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> FromRef<T> for T
where T: Clone,

§

fn from_ref(input: &T) -> T

Converts to this type from a reference to the input type.
§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
§

impl<T> PolicyExt for T
where T: ?Sized,

§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns [Action::Follow] only if self and other return Action::Follow. Read more
§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns [Action::Follow] if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

§

impl<A, B, T> HttpServerConnExec<A, B> for T
where B: Body,