RFC2136: Add support for DNS-over-TLS #3974

iteratee · 2023-10-06T17:18:28Z

Reuse the existing TLS options.
Add two new flags, one to enable DNS-over-TLS, and the second to disable cert checks for DNS-over-TLS.
Factor out the connection code so that it can be shared between the zone transfer and the updates. If TLS was requested, it will be used for both.
RFC9013 requires TLS 1.3 or later, and an ALPN negotiation of "dot".

Description

RFC2136: Add support for DNS-over-TLS

Reuse the existing TLS options.
Add two new flags, one to enable DNS-over-TLS, and the second to disable cert checks for DNS-over-TLS.
Factor out the connection code so that it can be shared between the zone transfer and the updates. If TLS was requested, it will be used for both.
RFC9013 requires TLS 1.3 or later, and an ALPN negotiation of "dot".

Checklist

Unit tests updated
End user documentation updated

linux-foundation-easycla · 2023-10-06T17:18:33Z

The committers listed above are authorized under a signed CLA.

✅ login: iteratee / name: Kyle Butt (1030de7, a3c9908)

k8s-ci-robot · 2023-10-06T17:18:36Z

Welcome @iteratee!

It looks like this is your first PR to kubernetes-sigs/external-dns 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/external-dns has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

k8s-ci-robot · 2023-10-06T17:18:37Z

Hi @iteratee. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

mloiseleur · 2023-10-09T07:20:25Z

Hello @iteratee,

Thanks for this PR. You'll need to sign the CLA, first.

iteratee · 2023-10-09T16:14:57Z

Hello @iteratee,

Thanks for this PR. You'll need to sign the CLA, first.

Sorry, I was having trouble with the system. It should be all set now.

iteratee · 2023-10-17T02:37:24Z

@mloiseleur I did get the CLA signed

mloiseleur · 2023-10-18T06:52:10Z

Thanks.
Would you please add some tests and some (tutorial) documentation on this ?

iteratee · 2023-10-19T18:47:38Z

Thanks. Would you please add some tests and some (tutorial) documentation on this ?

I didn't see an obvious way to test the content of the root cert and client cert and key. I did test the basics of a TLS connection. I also added a note about the flags to the tutorial.

mloiseleur · 2023-10-20T08:16:35Z

Thanks.
/ok-to-test

iteratee · 2023-10-21T20:19:17Z

/retest

mloiseleur · 2023-10-24T06:51:17Z

Would you please add some tests on other cases ?
The skip TLS Verify, and the case when auth. with a tls key pair is not tested.

iteratee · 2023-10-24T07:40:48Z

OK, new tests.

/retest

mloiseleur · 2023-10-29T16:53:29Z

/lgtm

iteratee · 2023-11-08T18:50:31Z

What else needs to happen for this PR?

iteratee · 2024-01-03T18:44:38Z

Sorry for the delay. Rebase done. Tests still pass.

mloiseleur · 2024-01-04T07:49:39Z

/lgtm
/assign @Raffo

iteratee · 2024-01-05T22:40:39Z

Just saw the recent merge conflict and fixed again.

iteratee · 2024-01-19T17:45:59Z

@mloiseleur @Raffo

iteratee · 2024-01-24T23:17:08Z

/retest

mloiseleur · 2024-01-25T08:20:54Z

/lgtm
/assign @szuecs

szuecs · 2024-02-07T15:24:12Z

pkg/apis/externaldns/types.go

@@ -189,6 +189,8 @@ type Config struct {
 	RFC2136TAXFR                       bool
 	RFC2136MinTTL                      time.Duration
 	RFC2136BatchChangeSize             int
+	RFC2136UseTls                      bool


RFC2136UseTls -> RFC2136UseTLS

szuecs · 2024-02-07T15:25:33Z

provider/rfc2136/rfc2136.go

@@ -207,6 +225,15 @@ func (r rfc2136Provider) IncomeTransfer(m *dns.Msg, a string) (env chan *dns.Env
 		t.TsigSecret = map[string]string{r.tsigKeyName: r.tsigSecret}
 	}

+	c, err := makeClient(r)
+	if err != nil {
+		return nil, fmt.Errorf("error setting up TLS: %v", err)


szuecs · 2024-02-07T15:25:38Z

provider/rfc2136/rfc2136.go

+	}
+	conn, err := c.Dial(a)
+	if err != nil {
+		return nil, fmt.Errorf("failed to connect for transfer: %v", err)


szuecs · 2024-02-07T15:25:48Z

provider/rfc2136/rfc2136.go

-	c := new(dns.Client)
+	c, err := makeClient(r)
+	if err != nil {
+		return fmt.Errorf("error setting up TLS: %v", err)


szuecs · 2024-02-07T15:27:31Z

@iteratee thanks for the PR, only have small things found

* Reuse the existing TLS options. * Add two new flags, one to enable DNS-over-TLS, and the second to disable cert checks for DNS-over-TLS. * Factor out the connection code so that it can be shared between the zone transfer and the updates. If TLS was requested, it will be used for both. * RFC9013 requires TLS 1.3 or later, and an ALPN negotiation of "dot".

Add a note about the TLS flags to the RFC2136 Tutorial.

iteratee

All requested changes made and rebased. Sorry for the delay, I didn't see the review come through until today.

iteratee · 2024-02-26T18:25:41Z

pkg/apis/externaldns/types.go

@@ -189,6 +189,8 @@ type Config struct {
 	RFC2136TAXFR                       bool
 	RFC2136MinTTL                      time.Duration
 	RFC2136BatchChangeSize             int
+	RFC2136UseTls                      bool


iteratee · 2024-02-26T18:25:50Z

provider/rfc2136/rfc2136.go

@@ -207,6 +225,15 @@ func (r rfc2136Provider) IncomeTransfer(m *dns.Msg, a string) (env chan *dns.Env
 		t.TsigSecret = map[string]string{r.tsigKeyName: r.tsigSecret}
 	}

+	c, err := makeClient(r)
+	if err != nil {
+		return nil, fmt.Errorf("error setting up TLS: %v", err)


iteratee · 2024-02-26T18:25:56Z

provider/rfc2136/rfc2136.go

+	}
+	conn, err := c.Dial(a)
+	if err != nil {
+		return nil, fmt.Errorf("failed to connect for transfer: %v", err)


iteratee · 2024-02-26T18:26:02Z

provider/rfc2136/rfc2136.go

-	c := new(dns.Client)
+	c, err := makeClient(r)
+	if err != nil {
+		return fmt.Errorf("error setting up TLS: %v", err)


mloiseleur · 2024-02-27T07:36:39Z

/lgtm

szuecs · 2024-02-29T17:33:39Z

/approve

k8s-ci-robot · 2024-02-29T17:34:15Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: szuecs

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [szuecs]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

…rnal-dns to v0.14.1@7bb4c52 by renovate (#19644) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [registry.k8s.io/external-dns/external-dns](https://togithub.com/kubernetes-sigs/external-dns) | patch | `v0.14.0` -> `v0.14.1` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>kubernetes-sigs/external-dns (registry.k8s.io/external-dns/external-dns)</summary> ### [`v0.14.1`](https://togithub.com/kubernetes-sigs/external-dns/releases/tag/v0.14.1) [Compare Source](https://togithub.com/kubernetes-sigs/external-dns/compare/v0.14.0...v0.14.1) #### What's Changed - docs: add reference to adguard webhook provider by [@muhlba91](https://togithub.com/muhlba91) in [kubernetes-sigs/external-dns#4030 - Update azure.md by [@sesoldi](https://togithub.com/sesoldi) in [kubernetes-sigs/external-dns#4009 - add initial support for gw apis 1.0.0 GA by [@larivierec](https://togithub.com/larivierec) in [kubernetes-sigs/external-dns#4019 - build(deps): bump the dev-dependencies group with 3 updates by [@dependabot](https://togithub.com/dependabot) in [kubernetes-sigs/external-dns#4028 - add stackit webhook to readme by [@PatrickKoss](https://togithub.com/PatrickKoss) in [kubernetes-sigs/external-dns#4029 - Add org.opencontainers.image.source label to container image by [@robinschneider](https://togithub.com/robinschneider) in [kubernetes-sigs/external-dns#4022 - bump kustomize version to v0.14.0 by [@Raffo](https://togithub.com/Raffo) in [kubernetes-sigs/external-dns#4024 - OCI Provider private zone and workload identity support by [@anders-swanson](https://togithub.com/anders-swanson) in [kubernetes-sigs/external-dns#3995 - RFC2136: Allow multiple zones by [@CRASH-Tech](https://togithub.com/CRASH-Tech) in [kubernetes-sigs/external-dns#3976 - chore(chart): Updated GH workflows by [@stevehipwell](https://togithub.com/stevehipwell) in [kubernetes-sigs/external-dns#4010 - fix: dynamodb registry when statements over 25 by [@danie1sullivan](https://togithub.com/danie1sullivan) in [kubernetes-sigs/external-dns#4021 - Allow to configure revisionHistoryLimit on the K8s Deployment resource by [@arnisoph](https://togithub.com/arnisoph) in [kubernetes-sigs/external-dns#4008 - chore: Bump kingpin/v2 dep by [@mrueg](https://togithub.com/mrueg) in [kubernetes-sigs/external-dns#4033 - Update all image versions in documentation by [@Raffo](https://togithub.com/Raffo) in [kubernetes-sigs/external-dns#4037 - updated various broken link in ultradns tutorial by [@kundan2707](https://togithub.com/kundan2707) in [kubernetes-sigs/external-dns#3794 - Make --ignore-hostname-annotation flag more consistent by [@johngmyers](https://togithub.com/johngmyers) in [kubernetes-sigs/external-dns#3964 - service source uses externalIPs in ExternalName type if available by [@dromie](https://togithub.com/dromie) in [kubernetes-sigs/external-dns#4007 - build(deps): bump the dev-dependencies group with 1 update by [@dependabot](https://togithub.com/dependabot) in [kubernetes-sigs/external-dns#4046 - fix(google): ensure trailing dot for SRV records by [@siliconsheep](https://togithub.com/siliconsheep) in [kubernetes-sigs/external-dns#4048 - oracle provider: dns zone cache by [@anders-swanson](https://togithub.com/anders-swanson) in [kubernetes-sigs/external-dns#4049 - fix(httpProxy): drop status==valid filter by [@nefelim4ag](https://togithub.com/nefelim4ag) in [kubernetes-sigs/external-dns#3978 - doc: added --infoblox-view argument to Infoblox documentation by [@tanerm](https://togithub.com/tanerm) in [kubernetes-sigs/external-dns#4036 - fix: regression on scaleway provider in 0.14.0 by [@M0NsTeRRR](https://togithub.com/M0NsTeRRR) in [kubernetes-sigs/external-dns#4039 - Add GleSYS to the readme for webhooks by [@glesys-andreas](https://togithub.com/glesys-andreas) in [kubernetes-sigs/external-dns#4054 - build(deps): bump the dev-dependencies group with 1 update by [@dependabot](https://togithub.com/dependabot) in [kubernetes-sigs/external-dns#4057 - feat: make webhook httpapi reusable by [@mrueg](https://togithub.com/mrueg) in [kubernetes-sigs/external-dns#4065 - Make routegroup client IPv6 compatible by [@mikkeloscar](https://togithub.com/mikkeloscar) in [kubernetes-sigs/external-dns#4068 - doc: fix link to ionos webhook provider by [@akrieg-ionos](https://togithub.com/akrieg-ionos) in [kubernetes-sigs/external-dns#4031 - feat(chart): Added complex provider support by [@stevehipwell](https://togithub.com/stevehipwell) in [kubernetes-sigs/external-dns#4085 - chore: update 45 go modules dependancies by [@mloiseleur](https://togithub.com/mloiseleur) in [kubernetes-sigs/external-dns#4088 - webhook: Move httpapi into own package by [@mrueg](https://togithub.com/mrueg) in [kubernetes-sigs/external-dns#4084 - doc: Add netcup webhook provider by [@mrueg](https://togithub.com/mrueg) in [kubernetes-sigs/external-dns#4095 - build(deps): bump the dev-dependencies group with 3 updates by [@dependabot](https://togithub.com/dependabot) in [kubernetes-sigs/external-dns#4097 - update to add il-central-1 by [@theloneexplorerquest](https://togithub.com/theloneexplorerquest) in [kubernetes-sigs/external-dns#4093 - Add readme bizflycloud webhook provider by [@huyduong2792](https://togithub.com/huyduong2792) in [kubernetes-sigs/external-dns#4079 - fix: Allow revisionHistoryLimit to be set to 0 by [@bodgit](https://togithub.com/bodgit) in [kubernetes-sigs/external-dns#4053 - helm: Avoid unnecessary pod restart on each helm chart version by [@jkroepke](https://togithub.com/jkroepke) in [kubernetes-sigs/external-dns#4103 - Correct typo from 'Kuberntes' to 'Kubernetes' by [@jongwooo](https://togithub.com/jongwooo) in [kubernetes-sigs/external-dns#4118 - build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 by [@dependabot](https://togithub.com/dependabot) in [kubernetes-sigs/external-dns#4123 - cleanup: remove dead code (`(Create|Update|Delete)Records` functions in AWS, Google, DNSimple) by [@mloiseleur](https://togithub.com/mloiseleur) in [kubernetes-sigs/external-dns#4129 - ci: remove `confusing-naming` property by [@PascalBourdier](https://togithub.com/PascalBourdier) in [kubernetes-sigs/external-dns#4116 - chore: fix code comment by [@tanujd11](https://togithub.com/tanujd11) in [kubernetes-sigs/external-dns#4131 - fix: include cloudflare error in metrics and logs by [@danie1sullivan](https://togithub.com/danie1sullivan) in [kubernetes-sigs/external-dns#4082 - gateway-api: fix wildcard matching by [@abursavich](https://togithub.com/abursavich) in [kubernetes-sigs/external-dns#4124 - build(deps): bump the dev-dependencies group with 23 updates by [@dependabot](https://togithub.com/dependabot) in [kubernetes-sigs/external-dns#4134 - Hetzner webhook provider readme link by [@mconfalonieri](https://togithub.com/mconfalonieri) in [kubernetes-sigs/external-dns#4051 - Fix timeout for traefik-proxy source by [@k8r-io](https://togithub.com/k8r-io) in [kubernetes-sigs/external-dns#4076 - build(deps): bump the dev-dependencies group with 7 updates by [@dependabot](https://togithub.com/dependabot) in [kubernetes-sigs/external-dns#4144 - fix: remove useless functions by [@PascalBourdier](https://togithub.com/PascalBourdier) in [kubernetes-sigs/external-dns#4115 - fix(ambassador): don't resolve LB hostname by [@fad3t](https://togithub.com/fad3t) in [kubernetes-sigs/external-dns#4092 - doc(azure): shows how to use userAssignedIdentityID with clientId in azure.json by [@thesse1](https://togithub.com/thesse1) in [kubernetes-sigs/external-dns#4133 - build(deps): bump the dev-dependencies group with 4 updates by [@dependabot](https://togithub.com/dependabot) in [kubernetes-sigs/external-dns#4146 - webhook: Fix metric name and add request gauges by [@mrueg](https://togithub.com/mrueg) in [kubernetes-sigs/external-dns#4078 - build(deps): bump the dev-dependencies group with 2 updates by [@dependabot](https://togithub.com/dependabot) in [kubernetes-sigs/external-dns#4145 - build(deps): bump the dev-dependencies group with 1 update by [@dependabot](https://togithub.com/dependabot) in [kubernetes-sigs/external-dns#4154 - fix: heritage txt record was not able to be created for txt record by [@tanujd11](https://togithub.com/tanujd11) in [kubernetes-sigs/external-dns#4140 - build(deps): bump the dev-dependencies group with 9 updates by [@dependabot](https://togithub.com/dependabot) in [kubernetes-sigs/external-dns#4155 - fix(istio): support for ExternalIPs in Istio resources by [@KarstenSiemer](https://togithub.com/KarstenSiemer) in [kubernetes-sigs/external-dns#4094 - Update rfc2136 provider to split out changes per zone by [@gregsidelinger](https://togithub.com/gregsidelinger) in [kubernetes-sigs/external-dns#4107 - Exoscale provider optimization by [@kobajagi](https://togithub.com/kobajagi) in [kubernetes-sigs/external-dns#4071 - fix: godaddy - rate limiter add one token every second by [@nefelim4ag](https://togithub.com/nefelim4ag) in [kubernetes-sigs/external-dns#4087 - feat(helm-chart): Allow configuration of ipFamilyPolicy by [@dongjiang1989](https://togithub.com/dongjiang1989) in [kubernetes-sigs/external-dns#4153 - chore(chart): Deprecated secretConfiguration by [@stevehipwell](https://togithub.com/stevehipwell) in [kubernetes-sigs/external-dns#4161 - feat: support webhook provider in Chart by [@mloiseleur](https://togithub.com/mloiseleur) in [kubernetes-sigs/external-dns#4032 - feat(helm-chart): Released chart for v0.14.0 by [@appkins](https://togithub.com/appkins) in [kubernetes-sigs/external-dns#4073 - chore(chart): Fixed chart changelog by [@stevehipwell](https://togithub.com/stevehipwell) in [kubernetes-sigs/external-dns#4168 - fix(pdns): provider implicitly changes CNAME to ALIAS by [@tmaroschik](https://togithub.com/tmaroschik) in [kubernetes-sigs/external-dns#4162 - fix(chart): Fix webhook install failure by [@gabe565](https://togithub.com/gabe565) in [kubernetes-sigs/external-dns#4173 - fix: provide possibility to have a soft error mode by [@szuecs](https://togithub.com/szuecs) in [kubernetes-sigs/external-dns#4166 - \[helm] Allow tpl in provider again by [@jkroepke](https://togithub.com/jkroepke) in [kubernetes-sigs/external-dns#4180 - Fix args for webhook deployment by [@webwurst](https://togithub.com/webwurst) in [kubernetes-sigs/external-dns#4202 - add RBAC fix to namespaces - get, watch, list to each gateway-\*route by [@orenlevi111](https://togithub.com/orenlevi111) in [kubernetes-sigs/external-dns#4205 - chore: Released chart v1.14.3 by [@stevehipwell](https://togithub.com/stevehipwell) in [kubernetes-sigs/external-dns#4208 - build(deps): bump the dev-dependencies group with 24 updates by [@dependabot](https://togithub.com/dependabot) in [kubernetes-sigs/external-dns#4227 - Fix "workload identity" spelling by [@gdubicki](https://togithub.com/gdubicki) in [kubernetes-sigs/external-dns#4201 - feat(aws-provider): create flag to support sub-domains match parent by [@thiagoluiznunes](https://togithub.com/thiagoluiznunes) in [kubernetes-sigs/external-dns#4236 - Change coredns testing to fix failing tests by [@pascalgn](https://togithub.com/pascalgn) in [kubernetes-sigs/external-dns#4245 - Validate AWS record values size during batch set generation by [@megum1n](https://togithub.com/megum1n) in [kubernetes-sigs/external-dns#4126 - build(deps): bump the dev-dependencies group with 1 update by [@dependabot](https://togithub.com/dependabot) in [kubernetes-sigs/external-dns#4222 - build(deps): bump the dev-dependencies group with 13 updates by [@dependabot](https://togithub.com/dependabot) in [kubernetes-sigs/external-dns#4246 - Update link to current workshop by [@AndrewCharlesHay](https://togithub.com/AndrewCharlesHay) in [kubernetes-sigs/external-dns#4170 - cleanup: Drop additional docker files by [@mrueg](https://togithub.com/mrueg) in [kubernetes-sigs/external-dns#4182 - chore: update the slack channel URL into the github support template by [@angegar](https://togithub.com/angegar) in [kubernetes-sigs/external-dns#3815 - add soft error by [@jeanfrancoislelezec](https://togithub.com/jeanfrancoislelezec) in [kubernetes-sigs/external-dns#4199 - Fix Gateway API TLS TCP Route by [@zs-ko](https://togithub.com/zs-ko) in [kubernetes-sigs/external-dns#4213 - Update the OCI Provider to incorporate SoftError to avoid CrashLoopBackoff by [@jrosinsk](https://togithub.com/jrosinsk) in [kubernetes-sigs/external-dns#4229 - Add Gcore provider on readme by [@kokizzu](https://togithub.com/kokizzu) in [kubernetes-sigs/external-dns#4256 - feat: enable Azure subscription ID override by [@pascalgn](https://togithub.com/pascalgn) in [kubernetes-sigs/external-dns#4186 - build(deps): bump the dev-dependencies group with 1 update by [@dependabot](https://togithub.com/dependabot) in [kubernetes-sigs/external-dns#4254 - feat: allow setting dnsConfig by [@davhdavh](https://togithub.com/davhdavh) in [kubernetes-sigs/external-dns#4265 - build(deps): bump the dev-dependencies group with 17 updates by [@dependabot](https://togithub.com/dependabot) in [kubernetes-sigs/external-dns#4270 - build(deps): bump the dev-dependencies group with 1 update by [@dependabot](https://togithub.com/dependabot) in [kubernetes-sigs/external-dns#4269 - build(deps): bump the dev-dependencies group with 6 updates by [@dependabot](https://togithub.com/dependabot) in [kubernetes-sigs/external-dns#4279 - docs: 📝 add Azure DNS w/workload identity blog post to readme by [@krukowskid](https://togithub.com/krukowskid) in [kubernetes-sigs/external-dns#4248 - feat(gandi): add support for personal access token by [@deadlybore](https://togithub.com/deadlybore) in [kubernetes-sigs/external-dns#4249 - RFC2136: Add support for DNS-over-TLS by [@iteratee](https://togithub.com/iteratee) in [kubernetes-sigs/external-dns#3974 - Fixing NAPTR support by [@jstudler](https://togithub.com/jstudler) in [kubernetes-sigs/external-dns#4212 - doc: explain how to use Azure internal load balancer by [@mloiseleur](https://togithub.com/mloiseleur) in [kubernetes-sigs/external-dns#4252 - fix(aws): allow alias records to be created when using the alias annotation by [@papayakiwi](https://togithub.com/papayakiwi) in [kubernetes-sigs/external-dns#4178 - fix(service): omit nil endpoints and prefer endpointsForHostname() by [@yurrriq](https://togithub.com/yurrriq) in [kubernetes-sigs/external-dns#4293 - chore: update maintainers by [@mloiseleur](https://togithub.com/mloiseleur) in [kubernetes-sigs/external-dns#4304 - build(deps): bump the dev-dependencies group with 21 updates by [@dependabot](https://togithub.com/dependabot) in [kubernetes-sigs/external-dns#4307 - build(deps): bump the dev-dependencies group with 6 updates by [@dependabot](https://togithub.com/dependabot) in [kubernetes-sigs/external-dns#4312 - feat(ambassador): add support for provider specific annotations by [@fad3t](https://togithub.com/fad3t) in [kubernetes-sigs/external-dns#4120 - build(deps): bump the dev-dependencies group with 8 updates by [@dependabot](https://togithub.com/dependabot) in [kubernetes-sigs/external-dns#4313 - build(deps): bump the dev-dependencies group with 2 updates by [@dependabot](https://togithub.com/dependabot) in [kubernetes-sigs/external-dns#4314 - build(deps): bump the dev-dependencies group with 14 updates by [@dependabot](https://togithub.com/dependabot) in [kubernetes-sigs/external-dns#4321 #### Docker image registry.k8s.io/external-dns/external-dns:v0.14.0 #### New Contributors - [@muhlba91](https://togithub.com/muhlba91) made their first contribution in [kubernetes-sigs/external-dns#4030 - [@sesoldi](https://togithub.com/sesoldi) made their first contribution in [kubernetes-sigs/external-dns#4009 - [@larivierec](https://togithub.com/larivierec) made their first contribution in [kubernetes-sigs/external-dns#4019 - [@PatrickKoss](https://togithub.com/PatrickKoss) made their first contribution in [kubernetes-sigs/external-dns#4029 - [@robinschneider](https://togithub.com/robinschneider) made their first contribution in [kubernetes-sigs/external-dns#4022 - [@anders-swanson](https://togithub.com/anders-swanson) made their first contribution in [kubernetes-sigs/external-dns#3995 - [@CRASH-Tech](https://togithub.com/CRASH-Tech) made their first contribution in [kubernetes-sigs/external-dns#3976 - [@danie1sullivan](https://togithub.com/danie1sullivan) made their first contribution in [kubernetes-sigs/external-dns#4021 - [@arnisoph](https://togithub.com/arnisoph) made their first contribution in [kubernetes-sigs/external-dns#4008 - [@dromie](https://togithub.com/dromie) made their first contribution in [kubernetes-sigs/external-dns#4007 - [@siliconsheep](https://togithub.com/siliconsheep) made their first contribution in [kubernetes-sigs/external-dns#4048 - [@tanerm](https://togithub.com/tanerm) made their first contribution in [kubernetes-sigs/external-dns#4036 - [@glesys-andreas](https://togithub.com/glesys-andreas) made their first contribution in [kubernetes-sigs/external-dns#4054 - [@akrieg-ionos](https://togithub.com/akrieg-ionos) made their first contribution in [kubernetes-sigs/external-dns#4031 - [@theloneexplorerquest](https://togithub.com/theloneexplorerquest) made their first contribution in [kubernetes-sigs/external-dns#4093 - [@huyduong2792](https://togithub.com/huyduong2792) made their first contribution in [kubernetes-sigs/external-dns#4079 - [@tanujd11](https://togithub.com/tanujd11) made their first contribution in [kubernetes-sigs/external-dns#4131 - [@mconfalonieri](https://togithub.com/mconfalonieri) made their first contribution in [kubernetes-sigs/external-dns#4051 - [@k8r-io](https://togithub.com/k8r-io) made their first contribution in [kubernetes-sigs/external-dns#4076 - [@thesse1](https://togithub.com/thesse1) made their first contribution in [kubernetes-sigs/external-dns#4133 - [@dongjiang1989](https://togithub.com/dongjiang1989) made their first contribution in [kubernetes-sigs/external-dns#4153 - [@appkins](https://togithub.com/appkins) made their first contribution in [kubernetes-sigs/external-dns#4073 - [@tmaroschik](https://togithub.com/tmaroschik) made their first contribution in [kubernetes-sigs/external-dns#4162 - [@gabe565](https://togithub.com/gabe565) made their first contribution in [kubernetes-sigs/external-dns#4173 - [@webwurst](https://togithub.com/webwurst) made their first contribution in [kubernetes-sigs/external-dns#4202 - [@orenlevi111](https://togithub.com/orenlevi111) made their first contribution in [kubernetes-sigs/external-dns#4205 - [@gdubicki](https://togithub.com/gdubicki) made their first contribution in [kubernetes-sigs/external-dns#4201 - [@thiagoluiznunes](https://togithub.com/thiagoluiznunes) made their first contribution in [kubernetes-sigs/external-dns#4236 - [@AndrewCharlesHay](https://togithub.com/AndrewCharlesHay) made their first contribution in [kubernetes-sigs/external-dns#4170 - [@angegar](https://togithub.com/angegar) made their first contribution in [kubernetes-sigs/external-dns#3815 - [@jeanfrancoislelezec](https://togithub.com/jeanfrancoislelezec) made their first contribution in [kubernetes-sigs/external-dns#4199 - [@zs-ko](https://togithub.com/zs-ko) made their first contribution in [kubernetes-sigs/external-dns#4213 - [@kokizzu](https://togithub.com/kokizzu) made their first contribution in [kubernetes-sigs/external-dns#4256 - [@davhdavh](https://togithub.com/davhdavh) made their first contribution in [kubernetes-sigs/external-dns#4265 - [@krukowskid](https://togithub.com/krukowskid) made their first contribution in [kubernetes-sigs/external-dns#4248 - [@deadlybore](https://togithub.com/deadlybore) made their first contribution in [kubernetes-sigs/external-dns#4249 - [@iteratee](https://togithub.com/iteratee) made their first contribution in [kubernetes-sigs/external-dns#3974 - [@jstudler](https://togithub.com/jstudler) made their first contribution in [kubernetes-sigs/external-dns#4212 - [@papayakiwi](https://togithub.com/papayakiwi) made their first contribution in [kubernetes-sigs/external-dns#4178 - [@yurrriq](https://togithub.com/yurrriq) made their first contribution in [kubernetes-sigs/external-dns#4293 **Full Changelog**: kubernetes-sigs/external-dns@v0.14.0...v0.14.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate).

k8s-ci-robot requested review from njuettner and szuecs October 6, 2023 17:18

k8s-ci-robot added cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Oct 6, 2023

k8s-ci-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Oct 6, 2023

k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels Oct 9, 2023

iteratee force-pushed the rfc2136-dns-over-tls branch from 443cb5a to dffa09a Compare October 19, 2023 18:46

k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Oct 19, 2023

k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Oct 20, 2023

iteratee force-pushed the rfc2136-dns-over-tls branch from dffa09a to 159c052 Compare October 21, 2023 20:18

iteratee force-pushed the rfc2136-dns-over-tls branch from 159c052 to 78effd8 Compare October 24, 2023 07:36

k8s-ci-robot assigned mloiseleur Oct 29, 2023

k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 29, 2023

k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jan 3, 2024

k8s-ci-robot assigned Raffo Jan 4, 2024

k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 4, 2024

iteratee force-pushed the rfc2136-dns-over-tls branch from 1e1aa08 to 8f842b1 Compare January 5, 2024 22:40

k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 5, 2024

k8s-ci-robot assigned szuecs Jan 25, 2024

k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 25, 2024

szuecs reviewed Feb 7, 2024

View reviewed changes

iteratee added 2 commits February 26, 2024 11:23

RFC2136: Document DNS-over-TLS

1030de7

Add a note about the TLS flags to the RFC2136 Tutorial.

iteratee force-pushed the rfc2136-dns-over-tls branch from 8f842b1 to 1030de7 Compare February 26, 2024 18:24

k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 26, 2024

iteratee commented Feb 26, 2024

View reviewed changes

k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 27, 2024

k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 29, 2024

k8s-ci-robot merged commit 8d3eb3a into kubernetes-sigs:master Feb 29, 2024
13 checks passed

RFC2136: Add support for DNS-over-TLS #3974

RFC2136: Add support for DNS-over-TLS #3974

Conversation

iteratee commented Oct 6, 2023 • edited

linux-foundation-easycla bot commented Oct 6, 2023 • edited

k8s-ci-robot commented Oct 6, 2023

k8s-ci-robot commented Oct 6, 2023

mloiseleur commented Oct 9, 2023

iteratee commented Oct 9, 2023

iteratee commented Oct 17, 2023

mloiseleur commented Oct 18, 2023 • edited

iteratee commented Oct 19, 2023

mloiseleur commented Oct 20, 2023

iteratee commented Oct 21, 2023

mloiseleur commented Oct 24, 2023

iteratee commented Oct 24, 2023 • edited

mloiseleur commented Oct 29, 2023

iteratee commented Nov 8, 2023

iteratee commented Jan 3, 2024 • edited

mloiseleur commented Jan 4, 2024

iteratee commented Jan 5, 2024

iteratee commented Jan 19, 2024

iteratee commented Jan 24, 2024

mloiseleur commented Jan 25, 2024

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

szuecs commented Feb 7, 2024

iteratee left a comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

mloiseleur commented Feb 27, 2024

szuecs commented Feb 29, 2024

k8s-ci-robot commented Feb 29, 2024

iteratee commented Oct 6, 2023 •

edited

linux-foundation-easycla bot commented Oct 6, 2023 •

edited

mloiseleur commented Oct 18, 2023 •

edited

iteratee commented Oct 24, 2023 •

edited

iteratee commented Jan 3, 2024 •

edited