[rfc2136] Allow compression on dns updates

When facing large messages, one can have its dns refusing the update due
to "too large message" error.
The DNS library used propose to compress the message that is sent.

This commit exposes this feature. It adds a new command line option
named --enable-compression and adds a new field to the configuration.
The default value of the field is set to false to not change the current
behavior of external-dns.

We had this change pending locally on our side since a long time. As of
today, an alternative would be to use the rencent `batchChangeSize`
option from kubernetes-sigs#2127 to overcome the same issue.

docs/tutorials/rfc2136.md

@@ -277,6 +277,24 @@ spec:
         - --domain-filter=k8s.example.org
 ```
 
+### Batch updates
+
+When facing large batch, bind may refuse processing the update and return a "too large message" error. One option to circumvent this problem is to enable compression while comunicating with the bind server. It can be enabled using the `--rfc2136-enable-compression`:
+
+```text
+...
+        - --provider=rfc2136
+        - --rfc2136-host=192.168.0.1
+        - --rfc2136-port=53
+        - --rfc2136-zone=k8s.example.org
+        - --rfc2136-insecure
+        - --rfc2136-tsig-axfr
+        - --rfc2136-enable-compression
+...
+```
+
+The other way is to use the new `--rfc2136-batch-change-size` option, which is by default set to `50` since `v0.9.0`. Users who want to revert to the `v0.5` behavior without batching support can set their batch size to `1`.
+
 ## Microsoft DNS (Insecure Updates)
 
 While `external-dns` was not developed or tested against Microsoft DNS, it can be configured to work against it. YMMV.

main.go

@@ -297,7 +297,7 @@ func main() {
 			p, err = oci.NewOCIProvider(*config, domainFilter, zoneIDFilter, cfg.DryRun)
 		}
 	case "rfc2136":
-		p, err = rfc2136.NewRfc2136Provider(cfg.RFC2136Host, cfg.RFC2136Port, cfg.RFC2136Zone, cfg.RFC2136Insecure, cfg.RFC2136TSIGKeyName, cfg.RFC2136TSIGSecret, cfg.RFC2136TSIGSecretAlg, cfg.RFC2136TAXFR, domainFilter, cfg.DryRun, cfg.RFC2136MinTTL, cfg.RFC2136GSSTSIG, cfg.RFC2136KerberosUsername, cfg.RFC2136KerberosPassword, cfg.RFC2136KerberosRealm, cfg.RFC2136BatchChangeSize, nil)
+		p, err = rfc2136.NewRfc2136Provider(cfg.RFC2136Host, cfg.RFC2136Port, cfg.RFC2136Zone, cfg.RFC2136Insecure, cfg.RFC2136TSIGKeyName, cfg.RFC2136TSIGSecret, cfg.RFC2136TSIGSecretAlg, cfg.RFC2136TAXFR, domainFilter, cfg.DryRun, cfg.RFC2136MinTTL, cfg.RFC2136GSSTSIG, cfg.RFC2136KerberosUsername, cfg.RFC2136KerberosPassword, cfg.RFC2136KerberosRealm, cfg.RFC2136BatchChangeSize, cfg.RFC2136EnableCompression, nil)
 	case "ns1":
 		p, err = ns1.NewNS1Provider(
 			ns1.NS1Config{

pkg/apis/externaldns/types.go

@@ -147,6 +147,7 @@ type Config struct {
 	CFAPIEndpoint                     string
 	CFUsername                        string
 	CFPassword                        string
+	RFC2136EnableCompression          bool
 	RFC2136Host                       string
 	RFC2136Port                       int
 	RFC2136Zone                       string
@@ -271,6 +272,7 @@ var defaultConfig = &Config{
 	CFAPIEndpoint:               "",
 	CFUsername:                  "",
 	CFPassword:                  "",
+	RFC2136EnableCompression:    false,
 	RFC2136Host:                 "",
 	RFC2136Port:                 0,
 	RFC2136Zone:                 "",
@@ -456,6 +458,7 @@ func (cfg *Config) ParseFlags(args []string) error {
 	app.Flag("exoscale-apisecret", "Provide your API Secret for the Exoscale provider").Default(defaultConfig.ExoscaleAPISecret).StringVar(&cfg.ExoscaleAPISecret)
 
 	// Flags related to RFC2136 provider
+	app.Flag("rfc2136-enable-compression", "When using the RFC2136 provider, requires to use compression when sending message").Default(strconv.FormatBool(defaultConfig.RFC2136EnableCompression)).BoolVar(&cfg.RFC2136EnableCompression)
 	app.Flag("rfc2136-host", "When using the RFC2136 provider, specify the host of the DNS server").Default(defaultConfig.RFC2136Host).StringVar(&cfg.RFC2136Host)
 	app.Flag("rfc2136-port", "When using the RFC2136 provider, specify the port of the DNS server").Default(strconv.Itoa(defaultConfig.RFC2136Port)).IntVar(&cfg.RFC2136Port)
 	app.Flag("rfc2136-zone", "When using the RFC2136 provider, specify the zone entry of the DNS server to use").Default(defaultConfig.RFC2136Zone).StringVar(&cfg.RFC2136Zone)

provider/rfc2136/rfc2136.go

@@ -48,15 +48,16 @@ const (
 // rfc2136 provider type
 type rfc2136Provider struct {
 	provider.BaseProvider
-	nameserver      string
-	zoneName        string
-	tsigKeyName     string
-	tsigSecret      string
-	tsigSecretAlg   string
-	insecure        bool
-	axfr            bool
-	minTTL          time.Duration
-	batchChangeSize int
+	nameserver         string
+	zoneName           string
+	tsigKeyName        string
+	tsigSecret         string
+	tsigSecretAlg      string
+	insecure           bool
+	axfr               bool
+	minTTL             time.Duration
+	batchChangeSize    int
+	compressionEnabled bool
 
 	// options specific to rfc3645 gss-tsig support
 	gssTsig      bool
@@ -86,7 +87,7 @@ type rfc2136Actions interface {
 }
 
 // NewRfc2136Provider is a factory function for OpenStack rfc2136 providers
-func NewRfc2136Provider(host string, port int, zoneName string, insecure bool, keyName string, secret string, secretAlg string, axfr bool, domainFilter endpoint.DomainFilter, dryRun bool, minTTL time.Duration, gssTsig bool, krb5Username string, krb5Password string, krb5Realm string, batchChangeSize int, actions rfc2136Actions) (provider.Provider, error) {
+func NewRfc2136Provider(host string, port int, zoneName string, insecure bool, keyName string, secret string, secretAlg string, axfr bool, domainFilter endpoint.DomainFilter, dryRun bool, minTTL time.Duration, gssTsig bool, krb5Username string, krb5Password string, krb5Realm string, batchChangeSize int, enableCompression bool, actions rfc2136Actions) (provider.Provider, error) {
 	secretAlgChecked, ok := tsigAlgs[secretAlg]
 	if !ok && !insecure && !gssTsig {
 		return nil, errors.Errorf("%s is not supported TSIG algorithm", secretAlg)
@@ -97,18 +98,19 @@ func NewRfc2136Provider(host string, port int, zoneName string, insecure bool, k
 	}
 
 	r := &rfc2136Provider{
-		nameserver:      net.JoinHostPort(host, strconv.Itoa(port)),
-		zoneName:        dns.Fqdn(zoneName),
-		insecure:        insecure,
-		gssTsig:         gssTsig,
-		krb5Username:    krb5Username,
-		krb5Password:    krb5Password,
-		krb5Realm:       strings.ToUpper(krb5Realm),
-		domainFilter:    domainFilter,
-		dryRun:          dryRun,
-		axfr:            axfr,
-		minTTL:          minTTL,
-		batchChangeSize: batchChangeSize,
+		nameserver:         net.JoinHostPort(host, strconv.Itoa(port)),
+		zoneName:           dns.Fqdn(zoneName),
+		insecure:           insecure,
+		gssTsig:            gssTsig,
+		krb5Username:       krb5Username,
+		krb5Password:       krb5Password,
+		krb5Realm:          strings.ToUpper(krb5Realm),
+		domainFilter:       domainFilter,
+		dryRun:             dryRun,
+		axfr:               axfr,
+		minTTL:             minTTL,
+		batchChangeSize:    batchChangeSize,
+		compressionEnabled: enableCompression,
 	}
 	if actions != nil {
 		r.actions = actions
@@ -385,6 +387,7 @@ func (r rfc2136Provider) RemoveRecord(m *dns.Msg, ep *endpoint.Endpoint) error {
 }
 
 func (r rfc2136Provider) SendMessage(msg *dns.Msg) error {
+	msg.Compress = r.compressionEnabled
 	if r.dryRun {
 		log.Debugf("SendMessage.skipped")
 		return nil

provider/rfc2136/rfc2136_test.go

@@ -95,7 +95,7 @@ func (r *rfc2136Stub) IncomeTransfer(m *dns.Msg, a string) (env chan *dns.Envelo
 }
 
 func createRfc2136StubProvider(stub *rfc2136Stub) (provider.Provider, error) {
-	return NewRfc2136Provider("", 0, "", false, "key", "secret", "hmac-sha512", true, endpoint.DomainFilter{}, false, 300*time.Second, false, "", "", "", 50, stub)
+	return NewRfc2136Provider("", 0, "", false, "key", "secret", "hmac-sha512", true, endpoint.DomainFilter{}, false, 300*time.Second, false, "", "", "", 50, false, stub)
 }
 
 func extractAuthoritySectionFromMessage(msg fmt.Stringer) []string {