CNAMEs and the TXT registry

[ryane]

It appears that the TXT registry is incompatible with some DNS providers when using the Ingress source. For example:

I am using the nginx ingress controller backed by an ELB on AWS. And, I have an ingress that looks like this:

$ kubectl describe ingress nginx
Name:                   nginx
Namespace:              dev
Address:                xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxx.us-east-1.elb.amazonaws.com
Default backend:        default-http-backend:80 (<none>)
Rules:
  Host                          Path    Backends
  ----                          ----    --------
  nginx.test.mydomain.com
                                /       nginx:80 (<none>)
Annotations:
Events: <none>

This works fine with external-dns when using the AWS provider because it creates an ALIAS. However, if I try to use the Google or DigitalOcean providers, I get errors:

$ ./external-dns --source=ingress --provider=google --domain-filter test.mydomain.com. --registry=txt --txt-owner-id=extdns --once --google-project my-project
...
INFO[0001] Add records: nginx.test.mydomain.com. CNAME [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxx.us-east-1.elb.amazonaws.com.]
INFO[0001] Add records: nginx.test.mydomain.com. TXT ["heritage=external-dns,external-dns/owner=extdns"]
FATA[0002] googleapi: Error 400: The resource record set 'entity.change.additions[0]' is invalid because the DNS name 'nginx.test.mydomain.com.' may have either one CNAME resource record set or resource record sets of other types, but not both.
More details:
Reason: cnameResourceRecordSetConflict, Message: The resource record set 'entity.change.additions[0]' is invalid because the DNS name 'nginx.test.mydomain.com.' may have either one CNAME resource record set or resource record sets of other types, but not both.
Reason: cnameResourceRecordSetConflict, Message: The resource record set 'entity.change.additions[1]' is invalid because the DNS name 'nginx.test.mydomain.com.' may have either one CNAME resource record set or resource record sets of other types, but not both.

$ ./external-dns --source=ingress --provider=digitalocean --domain-filter test.mydomain.com. --registry=txt --txt-owner-id=extdns --once
...
INFO[0002] Changing record.                              action=CREATE record=nginx.test.mydomain.com type=CNAME zone=test.mydomain.com
INFO[0003] Changing record.                              action=CREATE record=nginx.test.mydomain.com type=TXT zone=test.mydomain.com
FATA[0003] POST https://api.digitalocean.com/v2/domains/test.mydomain.com/records: 422 records cannot share a name with a CNAME record

According to the RFCs (RFC 1034 section 3.6.2, RFC 1912 section 2.4), it not permissible for a CNAME record to co-exist with any other records, even TXT records. Some of the DNS providers enforce this (cloudflare does not, fwiw) and causes external-dns to break.

Any ideas on how to approach this? Maybe use a simple hash of the name for the corresponding TXT record to avoid this conflict? Other ideas?

[ideahitme]

Hello,

Yes, CNAME cannot co-exist with other records, therefore we provided --txt-prefix flag which makes sure to create a TXT record with a name = prefix.<CNAME record>. Let me know if this solved your issue.

[ryane]

yep, I totally missed that. that gets me past the problem. Thanks!

[rofreytag]

When using txt-prefix you should include a . to make sure external-dns does correctly handle the root record of your domain.

See: #1416 (comment)