New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cloudflare record throwing Invalid dns record identifier #13068

jleclanche opened this Issue Mar 25, 2017 · 6 comments


None yet
6 participants

jleclanche commented Mar 25, 2017

Terraform 0.9.1, recently upgraded from 0.8 to the new backend system to the new backend system (I was using an s3 remote state before).

I have the following record:

resource "cloudflare_record" "uploads-db" {
	domain = ""
	name = "uploads-db"
	type = "CNAME"
	value = "${aws_db_instance.uploads-db.address}"
	proxied = false

I've had this record for a while, but now after the upgrade every time I do terraform plan, I get the following error:

Error refreshing state: 1 error(s) occurred:
2017/03/25 17:22:34 [DEBUG] plugin: terraform: local-exec-provisioner (internal) 2017/03/25 17:22:34 [DEBUG] plugin: waiting for all plugin processes to complete...
2017/03/25 17:22:34 [DEBUG] plugin: terraform: aws-provider (internal) 2017/03/25 17:22:34 [DEBUG] plugin: waiting for all plugin processes to complete...

* cloudflare_record.uploads-db: cloudflare_record.uploads-db: error from makeRequest: HTTP status 400: content "{\"success\":false,\"errors\":[{\"code\":1002,\"message\":\"Invalid dns record identifier\"}],\"messages\":[],\"result\":null}"

I tried deleting and even tainting the record, but it always gives me that error, rendering terraform completely unusable :(


This comment has been minimized.

obierlaire commented Mar 27, 2017

I'm using older versions of terraform (v0.8.8 and v0.8.4) and I'm facing the exact same issue since this morning.
The destroy of my stack doesn't work neither.

I managed to work around it by manually destroying my stack and deleting the tfstate file.
If you start again from scratch, it's working nicely.


This comment has been minimized.

jleclanche commented Mar 27, 2017

I suspect what's happening is somehow, the tfstate got out of sync with the cloudflare upstream. Debugging this is very annoying because the HTTP request log is not available from cloudflare-go, so I'm left guessing what actually is happening and why.

This is super super bad though, a single bad cloudflare record is corrupting the entire terraform state (hundreds of machines/S3 buckets/domains/etc) with no way to recover. That really shouldn't be possible.


This comment has been minimized.

jleclanche commented Mar 27, 2017

BTW, as suspected this is fixed by deleting the record from terraform.

I think there's a possibility that you would reproduce this by creating a record with terraform, then deleting it upstream, then running a refresh plan again.

But really, this situation should fail more gracefully than that. A bad plugin can take the whole infrastructure down with no obvious recourse to end users.


This comment has been minimized.

jleclanche commented Mar 30, 2017

I successfully reproduced this by deleting, upstream, a cloudflare record that I created with terraform then running terraform plan.


This comment has been minimized.

andersla commented Apr 8, 2017

I also reproduced.
I think Cloudflare module should continue without error if record does not exist when destroying.


This comment has been minimized.

jychen7 commented Apr 21, 2017

I meet this today too.

my work around is edit the state file to use new dns record identifier (which can be found in cloudflare api response) and increase the serial manually

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment