Trying to recreate the record when external-dns.alpha.kubernetes.io/target: <somevalue> is used

[hussainbani]

When trying to create an ingress with external-dns.alpha.kubernetes.io/target: <somevalue> in azure private dns, it keep on updating the record.

Example Config:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    kubernetes.io/private-external-dns: "true"
    external-dns.alpha.kubernetes.io/target: <somevalue>`
  generation: 4
  name: nginx1
  namespace: default
spec:
  rules:
  - host: ingresstest.example.com
    http:
      paths:
      - backend:
          service:
            name: nginx-svc-1
            port:
              number: 80
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - ingresstest.example.com
status:
  loadBalancer:
    ingress:
    - ip: 10.X.X.X

Logs:

time="2025-01-15T21:08:09Z" level=debug msg="Endpoints generated from ingress: default/nginx1: [ingresstest.example.com 300 IN CNAME  google.com []]"
time="2025-01-15T21:08:09Z" level=debug msg="Received 6 changes to process"
time="2025-01-15T21:08:09Z" level=debug msg="Retrieving Azure Private DNS zones for Resource Group 'rg-weu-poc-global-01'"
time="2025-01-15T21:08:09Z" level=debug msg="Validating Zone: example.com"
time="2025-01-15T21:08:09Z" level=debug msg="Found 1 Azure Private DNS zone(s). Updating zones cache"
time="2025-01-15T21:08:09Z" level=debug msg="Records to be deleted: 0"
time="2025-01-15T21:08:09Z" level=debug msg="Records to be updated: 1"
time="2025-01-15T21:08:09Z" level=info msg="Updating CNAME record named 'ingresstest' to 'google.com' for Azure Private DNS zone 'example.com'."
time="2025-01-15T21:08:10Z" level=info msg="Updating TXT record named 'ingresstest' to '\"heritage=external-dns,external-dns/owner=default,external-dns/resource=ingress/default/nginx1\"' for Azure Private DNS zone 'example.com'."
time="2025-01-15T21:08:10Z" level=error msg="Failed to update TXT record named 'ingresstest' to '\"heritage=external-dns,external-dns/owner=default,external-dns/resource=ingress/default/nginx1\"' for Azure Private DNS zone 'example.com': PUT https://management.azure.com/subscriptions/6c69a917-9508-4ed9-b66c-552409d7c1c6/resourceGroups/rg-weu-poc-global-01/providers/Microsoft.Network/privateDnsZones/example.com/TXT/ingresstest\n--------------------------------------------------------------------------------\nRESPONSE 409: 409 Conflict\nERROR CODE: Conflict\n--------------------------------------------------------------------------------\n{\n  \"code\": \"Conflict\",\n  \"message\": \"The record could not be created because a CNAME record with the same name already exists in this zone.\",\n  \"details\": [\n    {\n      \"code\": \"CannotCreateRecordDueToCNameNamingRestriction\",\n      \"message\": \"The record could not be created because a CNAME record with the same name already exists in this zone.\"\n    }\n  ]\n}\n--------------------------------------------------------------------------------\n"

[anroots-by]

I encountered a similar issue. I use external-dns in Azure infrastructure, with Azure Private DNS zone. Relevant annotations from Ingress resource:

annotations:
      external-dns.alpha.kubernetes.io/ingress-hostname-source: annotation-only
      external-dns.alpha.kubernetes.io/hostname: someservice.company.com
      external-dns.alpha.kubernetes.io/target: ingress.internal.company.com

DNS records in the private DNS zone are initially created just fine, but follow-up checks/updates result in duplicate errors.

[hbani]

I tested the similar approach using target as IP rather than CNAME, didnt encountered the issue. Seems like this is specific to CNAME.

[ivankatliarchuk]

/help
/area provider/azure

[k8s-ci-robot]

@ivankatliarchuk:
This request has been marked as needing help from a contributor.

Guidelines

Please ensure that the issue body includes answers to the following questions:

• Why are we solving this issue?
• To address this issue, are there any code changes? If there are code changes, what needs to be done in the code and what places can the assignee treat as reference points?
• Does this issue have zero to low barrier of entry?
• How can the assignee reach out to you for help?

For more details on the requirements of such an issue, please see here and ensure that they are met.

If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-help command.

In response to this:

/help
/area provider/azure

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.