external-dns icon indicating copy to clipboard operation
external-dns copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

NS records throw error or don't get created with PowerDNS (possibly others)

Open darkpixel opened this issue 6 months ago • 4 comments
trafficstars

What happened:

Created an empty zone in PowerDNS. Created a simple DNSEndpoint to create NS records:

---    
apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
  name: testing
spec:
  endpoints:
  - dnsName: example.tld
    recordTTL: 300
    recordType: NS
    targets:
      - ns1.example.tld
      - ns2.example.tld
      - ns3.example.tld

external-dns threw an error:

ime="2025-05-14T23:10:37Z" level=debug msg="Unable to patch zone Status: 422 Unprocessable Entity, Body: {\"error\": \"Record example.tld./NS 'ns1.example.tld': Not in expected format (parsed as 'ns1.example.tld.')\"}"
time="2025-05-14T23:10:37Z" level=debug msg="Retrying PatchZone() ... 0"
time="2025-05-14T23:10:38Z" level=debug msg="Unable to patch zone Status: 422 Unprocessable Entity, Body: {\"error\": \"Record example.tld./NS 'ns1.example.tld': Not in expected format (parsed as 'ns1.example.tld.')\"}"
time="2025-05-14T23:10:38Z" level=debug msg="Retrying PatchZone() ... 1"
time="2025-05-14T23:10:38Z" level=debug msg="Unable to patch zone Status: 422 Unprocessable Entity, Body: {\"error\": \"Record example.tld./NS 'ns1.example.tld': Not in expected format (parsed as 'ns1.example.tld.')\"}"
time="2025-05-14T23:10:38Z" level=debug msg="Retrying PatchZone() ... 2"
time="2025-05-14T23:10:39Z" level=debug msg="PDNS API response: "
time="2025-05-14T23:10:39Z" level=error msg="Failed to do run once: soft error\nunable to patch zone: Status: 422 Unprocessable Entity, Body: {\"error\": \"Record example.tld./NS 'ns1.example.tld': Not in expected format (parsed as 'ns1.example.tld.')\"}"

So I updated the DNSEndpoint to include a period at the end:

---    
apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
  name: testing
spec:
  endpoints:
  - dnsName: example.tld
    recordTTL: 300
    recordType: NS
    targets:
      - ns1.example.tld.
      - ns2.example.tld.
      - ns3.example.tld.

It acts like everything is fine, but the records don't get created. Setting the log level to debug reveals this during a run:

time="2025-05-14T23:12:38Z" level=warning msg="Endpoint testing with DNSName example.tld has an illegal target. The subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com')"

What you expected to happen: NS records to be created

How to reproduce it (as minimally and precisely as possible): Install powerdns, enable the API, configure external-dns, create an empty zone (i.e. pdnsutil create-zone example.tld), apply that DNSEndpoint.

Anything else we need to know?: I suspect this is something related to parsing and may affect other DNS providers, but I can't be certain.

Environment:

  • External-DNS version: v0.17.0
  • DNS provider: powerdns

darkpixel avatar May 14 '25 23:05 darkpixel