Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When enable encryption of TXT record, Deletion of the DNS record failed. #3668

Closed
vtj-mizuno opened this issue Jun 8, 2023 · 1 comment · Fixed by #3901
Closed

When enable encryption of TXT record, Deletion of the DNS record failed. #3668

vtj-mizuno opened this issue Jun 8, 2023 · 1 comment · Fixed by #3901
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@vtj-mizuno
Copy link

What happened:

I deployed external-dns in Amazon EKS using helm.
When enable encryption of TXT record and set to policy=sync, Deletion of the DNS record failed.

How to reproduce it (as minimally and precisely as possible):

  1. Deploy external-dns with following args.
    '--txt-encrypt-enabled'
    '--txt-encrypt-aes-key=(32Byte Key)'
    '--policy=sync'
  2. Deploy Ingress (registered DNS record by external-dns).
  3. Delete Ingress (A DNS record should be deleted by external-dns, but fails).

Anything else we need to know?:

"InvalidChangeBatch" error is reported by AWS Route53. The error message is as follows.

"[Tried to delete resource record set [name='cname-foo.example.com.', type='TXT'] but the values provided do not match the current values, Tried to delete resource record set [name='foo.example.com.', type='TXT'] but the values provided do not match the current values]",

value of resourceRecords changes every time when I confirm contents of ChangeResourceRecordSets event. Probably handling of Nonce is inappropriate.

Environment:

  • External-DNS version: 0.13.5
  • DNS provider: AWS
@vtj-mizuno vtj-mizuno added the kind/bug Categorizes issue or PR as related to a bug. label Jun 8, 2023
@szuecs
Copy link
Contributor

szuecs commented Jun 8, 2023
edited

@vsychov

@Sewci0 Sewci0 mentioned this issue Jun 26, 2023
Closed
1 task
vsychov added a commit to vsychov/external-dns that referenced this issue Jul 23, 2023
@vsychov
kubernetes-sigs#3668: Remove txt-encryption nonce, for prevent issues…
3178cae 
… with txt records deletion

Signed-off-by: Viacheslav Sychov <viacheslav.sychov@gmail.com>
@vsychov vsychov mentioned this issue Jul 23, 2023
Closed
@Sewci0 Sewci0 mentioned this issue Aug 31, 2023
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
2 participants
@szuecs @vtj-mizuno