---
kind: compose
metadata:
  name: BIND9
  description: >
    BIND9 is the most widely used DNS server on the Internet.
    This template provides an authoritative and recursive DNS server with example zones,
    TSIG authentication for secure zone transfers, and DNSSEC support.


    Project: https://www.isc.org/bind/

    Documentation: https://bind9.readthedocs.io/
  version: 9.20-24.10_edge
  author: Christian Lempa
  date: '2025-10-02'
  tags:
    - bind9
    - dns
    - nameserver
    - authoritative
    - recursive
  next_steps: |
    1. Start the DNS server:
       docker compose up -d

    2. View the auto-generated TSIG key:
       cat config/tsig.key

    3. Test DNS queries:
       dig @localhost home.arpa

    4. Customize your zone:
       - Edit config/named.conf.zones to add more zones
       - Add zone files to /var/lib/bind/ volume
       - Update config/named.conf to adjust forwarders and ACLs

    5. Reload configuration after changes:
       docker exec bind9 rndc reload

    6. Check BIND9 configuration syntax:
       docker exec bind9 named-checkconf /etc/bind/named.conf
       docker exec bind9 named-checkzone home.arpa /var/lib/bind/db.home.arpa

    For more information, visit: https://bind9.readthedocs.io/
  draft: true
spec:
  general:
    vars:
      bind9_version:
        type: str
        description: BIND9 Docker image tag
        default: "9.20-24.10_edge"
      domain_name:
        type: str
        description: "Primary domain name for your zone (e.g., home.arpa)"
        default: "home.arpa"
      tsig_key_name:
        type: str
        description: "TSIG key name for secure zone transfers"
        default: "transfer-key"
      tsig_key_secret:
        type: str
        description: "TSIG key secret (base64, auto-generated if empty)"
        default: ""
        sensitive: true
        autogenerated: true
  ports:
    vars:
      ports_enabled:
        default: true
  network:
    vars:
      network_enabled:
        default: false