dnscontrol icon indicating copy to clipboard operation
dnscontrol copied to clipboard
verified publisher icon StackExchange

DNS Azure ignore record type:

Open lckz opened this issue 8 months ago • 6 comments

Is your feature request related to a problem? Please describe.

When managing multiple provider such as Oracle and Azure, sometimes we might need to have ALIAS record in Oracle we might ended up getting error:

 1.3) WARNING: There was output to stderr but not found expectation

        stderr: 2025/03/07 11:30:16 1 Validation errors:
        2025/03/07 11:30:16 ERROR: domain acme.com uses ALIAS records, but DNS provider type AZURE_DNS does not support them
        exiting due to validation errors

      # spec/dnscontrol_check_spec.sh:67-77

Describe the solution you'd like We would like that when we have ALIAS in the setup Azure provider would just ignore it and will do nothing.

Describe alternatives you've considered The only solution I found to bypass this is to have separated files for the same DNS record.

lckz avatar Apr 11 '25 12:04 lckz

@tlimoncelli I can also work on this solution if you agrees that it has some beneficial.

lckz avatar Apr 11 '25 12:04 lckz

Ping @vatsalyagoel, the maintainer of the Azure DNS provider.

cafferata avatar Apr 12 '25 19:04 cafferata

This is more a design conversation @cafferata @tlimoncelli. We can add the support for CanUseAlias however. the provider support for specific features is based on intent and what they actually support. The error messages would be meaningless otherwise.

  • Maybe we can add a DSL flag to ignore records in certain providers.
  • Or we can add a non-strict mode i.e. skip records but still print errors/warnings.

vatsalyagoel avatar Apr 14 '25 23:04 vatsalyagoel

That's an interesting idea! We definitely need to improve how unknown record types are handled.

What makes it difficult to handle unknown types is that some providers do updates by uploading the entire zone. Change a single A record? Upload the entire zone file. The reason this is a problem is that if we ignore unknown records, they'll all be deleted at the next "push".

One solution I'm thinking about is to have a new record type called "unknown":

  • When downloading the zone's records, "unknown" records would store a blob of data that DNSControl doesn't try to interpret.
  • When uploading a zone (or in similar situations) the provider is handed the blob and whatever happens to it is up to the provider.

In the meanwhile... how about a command-line flag that ignores records and warns that "push" might be dangerous?

tlimoncelli avatar Apr 15 '25 13:04 tlimoncelli

My proposal is as follows:

var REG_THIRDPARTY = NewRegistrar('none');

Add a Record Modifier IGNORE which takes in an array of registered providers

var ignoreThirdParty = IGNORE([REG_THIRDPARTY]);

Put that in the record:

ALIAS('@', 'google.com.', TTL(300), ignoreThirdParty)

ALIAS('ignorethis', 'google.com.', TTL(300), IGNORE([REG_AZURE]));

The command line flag is something that could work in the short term

dnscontrol push -IgnoreUnknownTypes

vatsalyagoel avatar Apr 16 '25 00:04 vatsalyagoel

I'll take that under consideration.

What I'd like to see is something that is more automatic. Something like:

D("example.com", REG_WHATEVER,
    DnsProvider(DNS_FOO),
    DnsProvider(DNS_BAR),
    UNKNOWN_TYPES_ARE_NOT_AN_ERROR,   // Print warnings, don't error out.
);

(Obviously the name could be something better)

tlimoncelli avatar May 13 '25 19:05 tlimoncelli

I'm going to close with with "won't fix". It's a very rare situation, mostly during conversions between providers. It can be automated with creative use of Javascript. For example, use Example 2 in https://docs.dnscontrol.org/advanced-features/cli-variables

tlimoncelli avatar Jul 25 '25 14:07 tlimoncelli