From 54057f144d0c89659b3a6c2fc0d8aee3f1ea9100 Mon Sep 17 00:00:00 2001
From: Wolfgang Hottgenroth <wolfgang.hottgenroth@icloud.com>
Date: Tue, 28 Oct 2025 11:25:13 +0100
Subject: [PATCH] rndc stuff

---
 Dockerfile |  1 +
 named.conf |  7 +++++++
 rndc.conf  | 16 ++++++++++++++++
 start.sh   | 11 ++++++++++-
 4 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 rndc.conf

diff --git a/Dockerfile b/Dockerfile
index 1dcc9f8..44f4606 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,6 +14,7 @@ RUN \
   echo 'named ALL=(ALL) NOPASSWD: /bin/chown, /bin/chmod' >> /etc/sudoers
 
 COPY named.conf /etc/named/
+COPY rndc.conf /etc/named/
 COPY whiskeylimahotel.de.zone /etc/named-dist/
 COPY zones.conf /etc/named-dist/
 COPY start.sh /usr/local/bin/start.sh
diff --git a/named.conf b/named.conf
index 50776a5..2205173 100644
--- a/named.conf
+++ b/named.conf
@@ -1,3 +1,10 @@
+include "/etc/named/rndc.key";
+
+controls {
+    inet 127.0.0.1 port 953
+        allow { 127.0.0.1; } keys { "rndc-key"; };
+};
+
 options {
     directory "/etc/named/zones";
     pid-file "/etc/named/zones/named.pid";
diff --git a/rndc.conf b/rndc.conf
new file mode 100644
index 0000000..e088c88
--- /dev/null
+++ b/rndc.conf
@@ -0,0 +1,16 @@
+# RNDC Configuration
+# This file allows local rndc access to the BIND server
+
+# Include the same key file as named uses
+include "/etc/named/rndc.key";
+
+options {
+    default-server  localhost;
+    default-port    953;
+    default-key     "rndc-key";
+};
+
+server localhost {
+    key     "rndc-key";
+    port    953;
+};
\ No newline at end of file
diff --git a/start.sh b/start.sh
index c2fb2ba..6de4005 100755
--- a/start.sh
+++ b/start.sh
@@ -7,7 +7,16 @@ echo "Starting BIND initialization..."
 echo "Fixing permissions for /etc/named/zones"
 sudo chown -R named:named /etc/named/zones
 sudo chmod -R 750 /etc/named/zones
-ls -la /etc/named/zones
+
+# Generate rndc key if it doesn't exist
+if [ ! -f /etc/named/rndc.key ]; then
+    echo "Generating new rndc key..."
+    rndc-confgen -a -k rndc-key -c /etc/named/rndc.key
+    echo "Generated rndc key:"
+    cat /etc/named/rndc.key
+else
+    echo "Using existing rndc key"
+fi
 
 INITIALLY_INSTALLED_FLAG="/etc/named/zones/initialized"
 # Copy template files to working directories if they don't exist