Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PowerDNS: CNAME records get implicitly transformed into ALIAS record when zones don't match #3970

Closed
kellervater opened this issue Oct 4, 2023 · 2 comments · Fixed by #4162
Closed

PowerDNS: CNAME records get implicitly transformed into ALIAS record when zones don't match #3970

kellervater opened this issue Oct 4, 2023 · 2 comments · Fixed by #4162
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@kellervater
Copy link

What happened:
We wanted to introduce external-dns to handle automatic creation of our internal DNS-entries.
We want to point all our ingress DNS records against our keepalived-haproxy like this:

myentry.cluster01.frontzone01.location01.mydomain.com -> vrrp01-proxy-cluster01.frontzone01.location01.mydomain.com

But since these are intentionally different zones (cluster01.frontzone01.location01.mydomain.com vs frontzone01.location01.mydomain.com), this record is implicitly transformed to an ALIAS type instead of an CNAME.

And we do not want to use ALIAS records for different reasons. And they also don't work in our setting.

I found this commit (16b8192) in your history and wanted to ask, what the exact intention was to hardcode this part? It would be great if it at least was configurable

What you expected to happen:
I expect external-dns to work as described in the documentation: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/annotations/annotations.md#external-dnsalphakubernetesiotarget

"All other targets are published as CNAME records."

So in short: It would be beneficial if my records will be published as CNAME and not as ALIAS.

How to reproduce it (as minimally and precisely as possible):

Use pdns and create an ingress with a target in a different zone than the hostname like this:

annotations:
  external-dns.alpha.kubernetes.io/hostname: myentry.cluster01.frontzone01.location01.mydomain.com
  external-dns.alpha.kubernetes.io/target: vrrp01-proxy-cluster01.frontzone01.location01.mydomain.com

Anything else we need to know?:

Environment:

  • External-DNS version (use external-dns --version): 0.13.6
  • DNS provider: pdns
  • Others:
@kellervater kellervater added the kind/bug Categorizes issue or PR as related to a bug. label Oct 4, 2023
@Limdel
Copy link

Limdel commented Dec 7, 2023

Have the same problem. Also it shows that it is creating CNAME in the logs, which is not true.

@tmaroschik
Copy link
Contributor

We are 0.14.0 and have the same problem.

@tmaroschik tmaroschik mentioned this issue Jan 8, 2024
Merged
2 tasks
tmaroschik added a commit to toujou/external-dns that referenced this issue Jan 8, 2024
@tmaroschik
fix(pdns): provider implicitly changes CNAME to ALIAS
60450d0 
Fixes: kubernetes-sigs#3970
@tmaroschik tmaroschik mentioned this issue Jan 8, 2024
Merged
1 task
pull bot pushed a commit to 6ixfalls/external-dns that referenced this issue Jan 14, 2024
@tmaroschik @pull
fix(pdns): provider implicitly changes CNAME to ALIAS
e69b500 
Fixes: kubernetes-sigs#3970
AndrewCharlesHay pushed a commit to AndrewCharlesHay/external-dns that referenced this issue Feb 7, 2024
@tmaroschik @AndrewCharlesHay
fix(pdns): provider implicitly changes CNAME to ALIAS
209a71d 
Fixes: kubernetes-sigs#3970
k8s-ci-robot pushed a commit that referenced this issue Feb 10, 2024
@AndrewCharlesHay @tmaroschik
@mloiseleur @gabe565 @szuecs @jkroepke @webwurst @orenlevi111 @stevehipwell @dependabot @gdubicki @thiagoluiznunes
Update link to current workshop (#4170)
e7987e1 
* Update link to current workshop

The old link shows that the workshop has been updated and points you to a different one

* fix(pdns): provider implicitly changes CNAME to ALIAS

Fixes: #3970

* feat: add debug message to CNAME to ALIAS conversion

Co-authored-by: Michel Loiseleur <97035654+mloiseleur@users.noreply.github.com>

* fix(chart): Fix webhook install failure (#4173)

* fix(chart): Fix webhook install failure

* chore(chart): Update chart metadata

* fix: provide possibility to have a soft error mode to only log error and not fatal

Signed-off-by: Sandor Szücs <sandor.szuecs@zalando.de>

* fix: provide possibility to have a soft error mode to only log error and not fatal

Signed-off-by: Sandor Szücs <sandor.szuecs@zalando.de>

* doc: add godoc

Signed-off-by: Sandor Szücs <sandor.szuecs@zalando.de>

* [helm] Allow tpl in provider again (#4180)

* [helm] Allow tpl in provider again

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>

* bump version and changelog

Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>

* re-run helm-docs

Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>

---------

Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>
Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>

* Fix args for webhook deployment (#4202)

* Fix args for webhook deployment

The upfront bullet point resulted in `- ""` and could brake the webhook container.

* Add changeloog

* add RBAC fix to namespaces - get, watch, list to each gateway-*route (#4205)

* add RBAC fix to namespaces - get, watch, list to each gateway-*route

* fix conflicts

* resolve conflicts

* Apply suggestions from code review

Co-authored-by: Steve Hipwell <steve.hipwell@gmail.com>

---------

Co-authored-by: Steve Hipwell <steve.hipwell@gmail.com>

* chore: Released chart v1.14.3

Signed-off-by: Steve Hipwell <steve.hipwell@gmail.com>

* build(deps): bump the dev-dependencies group with 24 updates

Bumps the dev-dependencies group with 24 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) | `1.4.0` | `1.5.1` |
| [github.com/F5Networks/k8s-bigip-ctlr/v2](https://github.com/F5Networks/k8s-bigip-ctlr) | `2.15.0` | `2.15.1` |
| [github.com/IBM/go-sdk-core/v5](https://github.com/IBM/go-sdk-core) | `5.15.0` | `5.15.1` |
| [github.com/aliyun/alibaba-cloud-sdk-go](https://github.com/aliyun/alibaba-cloud-sdk-go) | `1.62.652` | `1.62.673` |
| [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) | `1.49.15` | `1.50.9` |
| [github.com/civo/civogo](https://github.com/civo/civogo) | `0.3.56` | `0.3.58` |
| [github.com/cloudflare/cloudflare-go](https://github.com/cloudflare/cloudflare-go) | `0.85.0` | `0.87.0` |
| [github.com/digitalocean/godo](https://github.com/digitalocean/godo) | `1.107.0` | `1.108.0` |
| [github.com/infobloxopen/infoblox-go-client/v2](https://github.com/infobloxopen/infoblox-go-client) | `2.4.0` | `2.5.0` |
| [github.com/linode/linodego](https://github.com/linode/linodego) | `1.26.0` | `1.28.0` |
| [github.com/miekg/dns](https://github.com/miekg/dns) | `1.1.57` | `1.1.58` |
| [github.com/oracle/oci-go-sdk/v65](https://github.com/oracle/oci-go-sdk) | `65.55.0` | `65.57.0` |
| [github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common](https://github.com/tencentcloud/tencentcloud-sdk-go) | `1.0.834` | `1.0.856` |
| [github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod](https://github.com/tencentcloud/tencentcloud-sdk-go) | `1.0.834` | `1.0.856` |
| [github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/privatedns](https://github.com/tencentcloud/tencentcloud-sdk-go) | `1.0.834` | `1.0.856` |
| [go.etcd.io/etcd/api/v3](https://github.com/etcd-io/etcd) | `3.5.11` | `3.5.12` |
| [go.etcd.io/etcd/client/v3](https://github.com/etcd-io/etcd) | `3.5.11` | `3.5.12` |
| [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.15.0` | `0.16.0` |
| [google.golang.org/api](https://github.com/googleapis/google-api-go-client) | `0.155.0` | `0.161.0` |
| [istio.io/api](https://github.com/istio/api) | `1.20.1` | `1.20.2` |
| [istio.io/client-go](https://github.com/istio/client-go) | `1.20.1` | `1.20.2` |
| [k8s.io/api](https://github.com/kubernetes/api) | `0.29.0` | `0.29.1` |
| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.29.0` | `0.29.1` |
| [k8s.io/klog/v2](https://github.com/kubernetes/klog) | `2.110.1` | `2.120.1` |


Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.4.0 to 1.5.1
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md)
- [Commits](Azure/azure-sdk-for-go@sdk/azcore/v1.4.0...sdk/internal/v1.5.1)

Updates `github.com/F5Networks/k8s-bigip-ctlr/v2` from 2.15.0 to 2.15.1
- [Release notes](https://github.com/F5Networks/k8s-bigip-ctlr/releases)
- [Changelog](https://github.com/F5Networks/k8s-bigip-ctlr/blob/v2.15.1/docs/RELEASE-NOTES.rst)
- [Commits](F5Networks/k8s-bigip-ctlr@v2.15.0...v2.15.1)

Updates `github.com/IBM/go-sdk-core/v5` from 5.15.0 to 5.15.1
- [Release notes](https://github.com/IBM/go-sdk-core/releases)
- [Changelog](https://github.com/IBM/go-sdk-core/blob/main/CHANGELOG.md)
- [Commits](IBM/go-sdk-core@v5.15.0...v5.15.1)

Updates `github.com/aliyun/alibaba-cloud-sdk-go` from 1.62.652 to 1.62.673
- [Release notes](https://github.com/aliyun/alibaba-cloud-sdk-go/releases)
- [Changelog](https://github.com/aliyun/alibaba-cloud-sdk-go/blob/master/ChangeLog.txt)
- [Commits](aliyun/alibaba-cloud-sdk-go@v1.62.652...v1.62.673)

Updates `github.com/aws/aws-sdk-go` from 1.49.15 to 1.50.9
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](aws/aws-sdk-go@v1.49.15...v1.50.9)

Updates `github.com/civo/civogo` from 0.3.56 to 0.3.58
- [Release notes](https://github.com/civo/civogo/releases)
- [Changelog](https://github.com/civo/civogo/blob/master/changelog.yml)
- [Commits](civo/civogo@v0.3.56...v0.3.58)

Updates `github.com/cloudflare/cloudflare-go` from 0.85.0 to 0.87.0
- [Release notes](https://github.com/cloudflare/cloudflare-go/releases)
- [Changelog](https://github.com/cloudflare/cloudflare-go/blob/master/CHANGELOG.md)
- [Commits](cloudflare/cloudflare-go@v0.85.0...v0.87.0)

Updates `github.com/digitalocean/godo` from 1.107.0 to 1.108.0
- [Release notes](https://github.com/digitalocean/godo/releases)
- [Changelog](https://github.com/digitalocean/godo/blob/main/CHANGELOG.md)
- [Commits](digitalocean/godo@v1.107.0...v1.108.0)

Updates `github.com/infobloxopen/infoblox-go-client/v2` from 2.4.0 to 2.5.0
- [Release notes](https://github.com/infobloxopen/infoblox-go-client/releases)
- [Changelog](https://github.com/infobloxopen/infoblox-go-client/blob/master/CHANGELOG.md)
- [Commits](https://github.com/infobloxopen/infoblox-go-client/commits)

Updates `github.com/linode/linodego` from 1.26.0 to 1.28.0
- [Release notes](https://github.com/linode/linodego/releases)
- [Commits](linode/linodego@v1.26.0...v1.28.0)

Updates `github.com/miekg/dns` from 1.1.57 to 1.1.58
- [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release)
- [Commits](miekg/dns@v1.1.57...v1.1.58)

Updates `github.com/oracle/oci-go-sdk/v65` from 65.55.0 to 65.57.0
- [Release notes](https://github.com/oracle/oci-go-sdk/releases)
- [Changelog](https://github.com/oracle/oci-go-sdk/blob/master/CHANGELOG.md)
- [Commits](oracle/oci-go-sdk@v65.55.0...v65.57.0)

Updates `github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common` from 1.0.834 to 1.0.856
- [Commits](TencentCloud/tencentcloud-sdk-go@v1.0.834...v1.0.856)

Updates `github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod` from 1.0.834 to 1.0.856
- [Commits](TencentCloud/tencentcloud-sdk-go@v1.0.834...v1.0.856)

Updates `github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/privatedns` from 1.0.834 to 1.0.856
- [Commits](TencentCloud/tencentcloud-sdk-go@v1.0.834...v1.0.856)

Updates `go.etcd.io/etcd/api/v3` from 3.5.11 to 3.5.12
- [Release notes](https://github.com/etcd-io/etcd/releases)
- [Commits](etcd-io/etcd@v3.5.11...v3.5.12)

Updates `go.etcd.io/etcd/client/v3` from 3.5.11 to 3.5.12
- [Release notes](https://github.com/etcd-io/etcd/releases)
- [Commits](etcd-io/etcd@v3.5.11...v3.5.12)

Updates `golang.org/x/oauth2` from 0.15.0 to 0.16.0
- [Commits](golang/oauth2@v0.15.0...v0.16.0)

Updates `google.golang.org/api` from 0.155.0 to 0.161.0
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.155.0...v0.161.0)

Updates `istio.io/api` from 1.20.1 to 1.20.2
- [Commits](istio/api@1.20.1...1.20.2)

Updates `istio.io/client-go` from 1.20.1 to 1.20.2
- [Commits](istio/client-go@1.20.1...1.20.2)

Updates `k8s.io/api` from 0.29.0 to 0.29.1
- [Commits](kubernetes/api@v0.29.0...v0.29.1)

Updates `k8s.io/client-go` from 0.29.0 to 0.29.1
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.29.0...v0.29.1)

Updates `k8s.io/klog/v2` from 2.110.1 to 2.120.1
- [Release notes](https://github.com/kubernetes/klog/releases)
- [Changelog](https://github.com/kubernetes/klog/blob/main/RELEASE.md)
- [Commits](kubernetes/klog@v2.110.1...v2.120.1)

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: github.com/F5Networks/k8s-bigip-ctlr/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/IBM/go-sdk-core/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/aliyun/alibaba-cloud-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: github.com/civo/civogo
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/cloudflare/cloudflare-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: github.com/digitalocean/godo
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: github.com/infobloxopen/infoblox-go-client/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: github.com/linode/linodego
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: github.com/miekg/dns
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/oracle/oci-go-sdk/v65
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/privatedns
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: go.etcd.io/etcd/api/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: go.etcd.io/etcd/client/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: istio.io/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: istio.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: k8s.io/klog/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix "workload identity" spelling

* feat(aws-provider): create flag to support sub-domains match parent

The current implementation of external-dns from sig-external-dns does
not support domain filtering (--domain-filter) for sub-domains on Route53,
such as test.sub-domain.domain.com. The function MatchParent was recently
removed from the base code, but it is still necessary for this purpose.
An example of a use case for this support is having a cluster per hosted
zone with a hundred ingress related to that zone with different variants of
sub-domains. With the matchParent function and zone-match-parent flag,
external-dns will now support an extended automatic match for sub-domains.

* test(types): adding missing test to aws-zone-match-parent flag

* docs(aws-provider): add aws-zone-match-parent use

* docs(aws): refactor explanation of aws-zone-match-parent

* fix(aws-provider): add aws-zone-match-parent flag value to aws config

---------

Signed-off-by: Sandor Szücs <sandor.szuecs@zalando.de>
Signed-off-by: Jan-Otto Kröpke <joe@cloudeteer.de>
Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
Signed-off-by: Steve Hipwell <steve.hipwell@gmail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Thomas Maroschik <tmaroschik@dfau.de>
Co-authored-by: Michel Loiseleur <97035654+mloiseleur@users.noreply.github.com>
Co-authored-by: Gabe Cook <gabe565@gmail.com>
Co-authored-by: Sandor Szücs <sandor.szuecs@zalando.de>
Co-authored-by: Jan-Otto Kröpke <mail@jkroepke.de>
Co-authored-by: Tobias Bradtke <webwurst@gmail.com>
Co-authored-by: orenlevi111 <121795464+orenlevi111@users.noreply.github.com>
Co-authored-by: Steve Hipwell <steve.hipwell@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Greg Dubicki <566632+gdubicki@users.noreply.github.com>
Co-authored-by: thiagoluiznunes <thiagoluiz.dev@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(pdns): provider implicitly changes CNAME to ALIAS toujou/external-dns
3 participants
@tmaroschik @Limdel @kellervater