rndc stuff

Dockerfile

@@ -14,6 +14,7 @@ RUN \
   echo 'named ALL=(ALL) NOPASSWD: /bin/chown, /bin/chmod' >> /etc/sudoers
 
 COPY named.conf /etc/named/
+COPY rndc.conf /etc/named/
 COPY whiskeylimahotel.de.zone /etc/named-dist/
 COPY zones.conf /etc/named-dist/
 COPY start.sh /usr/local/bin/start.sh

named.conf

@@ -1,3 +1,10 @@
+include "/etc/named/rndc.key";
+
+controls {
+    inet 127.0.0.1 port 953
+        allow { 127.0.0.1; } keys { "rndc-key"; };
+};
+
 options {
     directory "/etc/named/zones";
     pid-file "/etc/named/zones/named.pid";

rndc.conf

@@ -0,0 +1,16 @@
+# RNDC Configuration
+# This file allows local rndc access to the BIND server
+
+# Include the same key file as named uses
+include "/etc/named/rndc.key";
+
+options {
+    default-server  localhost;
+    default-port    953;
+    default-key     "rndc-key";
+};
+
+server localhost {
+    key     "rndc-key";
+    port    953;
+};

start.sh

@@ -7,7 +7,16 @@ echo "Starting BIND initialization..."
 echo "Fixing permissions for /etc/named/zones"
 sudo chown -R named:named /etc/named/zones
 sudo chmod -R 750 /etc/named/zones
-ls -la /etc/named/zones
+
+# Generate rndc key if it doesn't exist
+if [ ! -f /etc/named/rndc.key ]; then
+    echo "Generating new rndc key..."
+    rndc-confgen -a -k rndc-key -c /etc/named/rndc.key
+    echo "Generated rndc key:"
+    cat /etc/named/rndc.key
+else
+    echo "Using existing rndc key"
+fi
 
 INITIALLY_INSTALLED_FLAG="/etc/named/zones/initialized"
 # Copy template files to working directories if they don't exist