External DNS attempts to delete unrelated TXT records.

[jchv]

I'm trying to use external DNS to manage the root of my domain. Among other things, though, I have TXT records containing SPF data. It seems that external DNS tries to change the record type. This is with the Google provider and the registry completely disabled to rule out any wonky issues.

Configuration:

---
rbac:
    create: true

provider: google 

google:
    project: [...]
    serviceAccountSecret: externaldns-credentials

logLevel: debug

registry: noop

policy: upsert-only

Logs (reverse chronological)

time="2018-05-31T17:56:35Z" level=error msg="googleapi: Error 412: Precondition not met for 'entity.change.deletions[0]', conditionNotMet"
-- | -- | --
time="2018-05-31T17:56:35Z" level=info msg="Add records: [...]. A [xx.xx.xx.xx] 300"
time="2018-05-31T17:56:35Z" level=info msg="Del records: [...]. TXT [\"google-site-verification=xxx;\" \"v=spf1 include:xxx include:xxx include:xxx ~all\"] 300"
time="2018-05-31T17:56:35Z" level=info msg="Change zone: [...]"
time="2018-05-31T17:56:35Z" level=debug msg="Considering zone: [...] (domain: [...].)"
time="2018-05-31T17:56:35Z" level=debug msg="Matched [...]. (zone: [...])"
time="2018-05-31T17:56:35Z" level=debug msg="Matching zones against domain filters: []"
time="2018-05-31T17:56:35Z" level=debug msg="Endpoints generated from ingress: default/[...]-a32befdc: [[...] 0 IN A xx.xx.xx.xx flower.[...] 0 IN A xx.xx.xx.xx]"

I think a solution would be to not consider TXT records for the planning phase. After all, the TXT registry should be taking care of adding/removing TXT records, right?

[hjacobs]

Is this a duplicate of #573? Maybe also related to #449?

[jchv]

@hjacobs I don't believe so. The proposed solution to use --txt-prefix will not work here because it doesn't relate to the TXT registry at all - FWIW, I was previously attempting to do this with --txt-prefix set and only disabled the TXT registry to make it easier to test - rather, it has to do with the planner. As far as I can tell, the planner takes into account TXT records as it would A or CNAME records. Usually, when external-dns is the only thing controlling the records, this is fine, because the A/CNAME records will be considered before the TXT record, and they will always come in pairs. However, here I have a TXT record with no A/CNAME record of the same name, and external DNS is trying to convert it into an A record.

I believe the behavior should be for the planner to avoid considering TXT records at all, as that's the domain of the TXT registry. If you agree with this, I can propose a PR that will do this.

[jchv]

Alright, I went ahead and created a PR, because I'm now relatively confident that 1. there is a bug, 2. the bug seems to behave as I thought it did. Hopefully my approach is solid.