External-dns: External DNS attempts to delete unrelated TXT records.
I'm trying to use external DNS to manage the root of my domain. Among other things, though, I have TXT records containing SPF data. It seems that external DNS tries to change the record type. This is with the Google provider and the registry completely disabled to rule out any wonky issues.
Configuration:
---
rbac:
create: true
provider: google
google:
project: [...]
serviceAccountSecret: externaldns-credentials
logLevel: debug
registry: noop
policy: upsert-only
Logs (reverse chronological)
time="2018-05-31T17:56:35Z" level=error msg="googleapi: Error 412: Precondition not met for 'entity.change.deletions[0]', conditionNotMet"
-- | -- | --
time="2018-05-31T17:56:35Z" level=info msg="Add records: [...]. A [xx.xx.xx.xx] 300"
time="2018-05-31T17:56:35Z" level=info msg="Del records: [...]. TXT [\"google-site-verification=xxx;\" \"v=spf1 include:xxx include:xxx include:xxx ~all\"] 300"
time="2018-05-31T17:56:35Z" level=info msg="Change zone: [...]"
time="2018-05-31T17:56:35Z" level=debug msg="Considering zone: [...] (domain: [...].)"
time="2018-05-31T17:56:35Z" level=debug msg="Matched [...]. (zone: [...])"
time="2018-05-31T17:56:35Z" level=debug msg="Matching zones against domain filters: []"
time="2018-05-31T17:56:35Z" level=debug msg="Endpoints generated from ingress: default/[...]-a32befdc: [[...] 0 IN A xx.xx.xx.xx flower.[...] 0 IN A xx.xx.xx.xx]"
I think a solution would be to not consider TXT records for the planning phase. After all, the TXT registry should be taking care of adding/removing TXT records, right?
jchv
All 3 comments
Is this a duplicate of #573? Maybe also related to #449?
hjacobs
on 31 May 2018
@hjacobs I don't believe so. The proposed solution to use --txt-prefix will not work here because it doesn't relate to the TXT registry at all - FWIW, I was previously attempting to do this with --txt-prefix set and only disabled the TXT registry to make it easier to test - rather, it has to do with the planner. As far as I can tell, the planner takes into account TXT records as it would A or CNAME records. Usually, when external-dns is the only thing controlling the records, this is fine, because the A/CNAME records will be considered before the TXT record, and they will always come in pairs. However, here I have a TXT record with no A/CNAME record of the same name, and external DNS is trying to convert it into an A record.
I believe the behavior should be for the planner to avoid considering TXT records at all, as that's the domain of the TXT registry. If you agree with this, I can propose a PR that will do this.
jchv
on 31 May 2018
Alright, I went ahead and created a PR, because I'm now relatively confident that 1. there is a bug, 2. the bug seems to behave as I thought it did. Hopefully my approach is solid.
jchv
on 1 Jun 2018
Related issues
grahamhayes
路
5Comments
naveeng68
路
4Comments
neilhwatson
路
3Comments
Gnnng
路
3Comments
Fettah
路
4Comments
Most helpful comment
Alright, I went ahead and created a PR, because I'm now relatively confident that 1. there is a bug, 2. the bug seems to behave as I thought it did. Hopefully my approach is solid.