Latest version of external-dns is making 2 TXT records per A record for some reason

[sharkymcdongles]

What happened: When external-dns creates records now, it creates 2 TXT records instead of 1. Each record has the same txt-prefix however the other one has an a at the end e.g.

txt-prefix-example.com txt-prefixa-example.com

Environment:

• External-DNS version (use external-dns --version): v0.13.1
• DNS provider: Google Cloud DNS via Workload Identity
• Others: external-dns --metrics-address=:7979 --log-level=warning --log-format=json --policy=sync --provider=google --registry=txt --interval=1m --txt-prefix=gke-infra --source=service --source=ingress --google-project=dns --google-batch-change-size=1000

[alebedev87]

@sharkymcdongles: This is the expected behavior after the introduction of the new TXT record format: registry.md.

[sharkymcdongles]

Ah nice thanks. Not sure how I missed that. Silly me. I do think a toggle to kill the old format would be nice for those who have no concerns with downgrading or issues.

On Thu, 17 Nov 2022, 19:35 Andrey Lebedev, @.***> wrote:

@sharkymcdongles https://github.com/sharkymcdongles: This is the expected behavior after the introduction of the new TXT record format: registry.md https://github.com/kubernetes-sigs/external-dns/blob/master/docs/registry.md .

— Reply to this email directly, view it on GitHub https://github.com/kubernetes-sigs/external-dns/issues/3167#issuecomment-1319046896, or unsubscribe https://github.com/notifications/unsubscribe-auth/AG6KEUOQVR2JJRELFQOZD73WIZ3IBANCNFSM6AAAAAASDDG55Q . You are receiving this because you were mentioned.Message ID: @.***>

[vonera]

@sharkymcdongles: This is the expected behavior after the introduction of the new TXT record format: registry.md.

It does not work for wildcards e.g. *.test.example.com. It tries to create a TXT record for a-*.test.example.com which fails. Moreover if you use CRD and manually define DNSEnpoint with multiple endpoints, where one contains wildcard, it will fail part way. If you then remove the DNSEnpoint (with sync enabled) it will also fail, which will result in orphan records that need to be removed manually.

EDIT: tried with digitalocean

[alebedev87]

@vonera : yes, you may have problems with this new format on some DNS providers, like Azure. You can use --txt-wildcard-replacement flag to work this around.

[benjimin]

Maybe this should be documented more prominently, as the 2x TXT records seems to be tripping up a lot of people (like https://github.com/kubernetes-sigs/external-dns/issues/3164#issuecomment-1317355753 for example).

[estif95]

I've upgraded from 0.8 to 0.13 and my Route53 HostedZone increased from 500 to 750 records. Is there any option to clean old TXT entries? Thanks!

[darkpixel]

According to the docs you linked:

It contains record type it manages, e.g.:

A record foo.example.com will be tracked with classic foo.example.com TXT record
At the same time a new TXT record will be created a-foo.example.com

That's not what it's doing for me.

Every time external-dns runs, it not only creates example.tld, but it attempts to create a-example.tld (which I obviously don't own). Shouldn't it be trying to create a- under example.tld? Seems to be missing a . when dealing with A records in the root of the domain...

For records under example.tld it appears to be working properly. i.e. the www.example.tld A record gets TXT records for www.example.tld and a-www.example.tld.

[4c74356b41]

so how do we remove the old style dns records? because for now I think it creates both types?

[akshaypatidar1999]

How can I remove old TXT records, as currently, it is creating 2 TXT records right now due to which we have to reduce the batch size which leads to a delay in the creation of route53 records.

[loxley]

For us it caused a zone to hit the limit that Cloudflare has of 1000 records, so now we might need to buy a bigger plan. Not fun at all.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[Skaronator]

It has been over 6 months. Maybe it's time to get rid of the legacy registry format?

/remove-lifecycle stale

[adelsz]

It has been one year and ExternalDNS is still creating two records for absolutely no reason. In the worst case you can introduce a feature flag useFormat: v2 which defaults to useFormat: v1, v2...

[bagutzu]

Same issue described by @darkpixel happens in our use case.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[darkpixel]

Go away stalebot. Not having enough contributors on a project doesn't mean the bug is magically fixed and should be closed.

[visit1985]

Maybe we can contribute by writing an anti-stale bot.

/remove-lifecycle stale

[prog76]

seems due some bug or feature we can have just one TXT record in v0.14.0 when encryption is enabled.

--txt-encrypt-enabled 
--txt-encrypt-aes-key=01234567890123456789012345678901

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[Skaronator]

/remove-lifecycle stale

[tamalsaha]

We are also experiencing the zone record limit issue because of this. One question I want to ask is, why the registry records are not stored where the Domain name is NS.external-dns and value of the TXT record is the domains that are managed by this deployment. This can work well to avoid wastage of the records.

The 255 char limit of a DNS record can be handled by using multiple such records

Was this idea considered before? Is considered and not used, can you anyone point out what was the issue there?

---

An alternative approach will be to store the data inside the cluster in a configmap and then store id of that configmap in a txt record. That can be even better in terms of metadata storage. Was this idea considered before?

[saravanan30erd]

Like @prog76 mentioned here https://github.com/kubernetes-sigs/external-dns/issues/3167#issuecomment-1938174743 I tested few latest versions with encryption enabled and I can confirm its creating only one TXT record which is new format.

I checked the code and looks like old records will not be created when TXT encryption is enabled. https://github.com/kubernetes-sigs/external-dns/blob/4da484b7e4bb5c2a3ce18f46a3ce011aecd80d0b/registry/txt.go#L217