ALIDNS: Enforce TTL constraints

integrationTest/integration_test.go

@@ -216,7 +216,6 @@ func makeTests() []*TestGroup {
 
 		testgroup("Attl",
 			not("LINODE"), // Linode does not support arbitrary TTLs: both are rounded up to 3600.
-			not("ALIDNS"), // ALIDNS auto-adjusts TTL to 600-86400 range.
 			tc("Create Arc", ttl(a("testa", "1.1.1.1"), 333)),
 			tc("Change TTL", ttl(a("testa", "1.1.1.1"), 999)),
 		),
@@ -224,7 +223,6 @@ func makeTests() []*TestGroup {
 		testgroup("TTL",
 			not("NETCUP"), // NETCUP does not support TTLs.
 			not("LINODE"), // Linode does not support arbitrary TTLs: 666 and 1000 are both rounded up to 3600.
-			not("ALIDNS"), // ALIDNS auto-adjusts TTL to 600-86400 range.
 			tc("Start", ttl(a("@", "8.8.8.8"), 666), a("www", "1.2.3.4"), a("www", "5.6.7.8")),
 			tc("Change a ttl", ttl(a("@", "8.8.8.8"), 1000), a("www", "1.2.3.4"), a("www", "5.6.7.8")),
 			tc("Change single target from set", ttl(a("@", "8.8.8.8"), 1000), a("www", "2.2.2.2"), a("www", "5.6.7.8")),
@@ -247,7 +245,6 @@ func makeTests() []*TestGroup {
 		// Next we add an additional record at the same label AND change
 		// the TTL of the existing record.
 		testgroup("add to label and change orig ttl",
-			not("ALIDNS"), // ALIDNS auto-adjusts TTL to 600-86400 range.
 			tc("Setup", ttl(a("www", "5.6.7.8"), 400)),
 			tc("Add at same label, new ttl", ttl(a("www", "5.6.7.8"), 700), ttl(a("www", "1.2.3.4"), 700)),
 		),

providers/alidns/aliDnsProvider.go

@@ -110,17 +110,6 @@ func (a *aliDnsDsp) GetZoneRecords(domain string, meta map[string]string) (model
 }
 
 func (a *aliDnsDsp) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, int, error) {
-	// Alibaba Cloud DNS requires TTL to be in the range of 600 to 86400 seconds.
-	// Adjust TTL values to fit within this range.
-	for _, r := range dc.Records {
-		if r.TTL < 600 {
-			r.TTL = 600
-		}
-		if r.TTL > 86400 {
-			r.TTL = 86400
-		}
-	}
-
 	keysToUpdate, toReport, actualChangeCount, err := diff.NewCompat(dc).ChangedGroups(existingRecords)
 	if err != nil {
 		return nil, 0, err

providers/alidns/auditrecords.go

@@ -41,6 +41,17 @@ func targetConstraint(rc *models.RecordConfig) error {
 	return nil
 }
 
+// ttlConstraint checks that TTL is within Alibaba Cloud's allowed range (600-86400 seconds).
+func ttlConstraint(rc *models.RecordConfig) error {
+	if rc.TTL < 600 {
+		return errors.New("TTL must be at least 600 seconds")
+	}
+	if rc.TTL > 86400 {
+		return errors.New("TTL must not exceed 86400 seconds (24 hours)")
+	}
+	return nil
+}
+
 // AuditRecords returns a list of errors corresponding to the records
 // that aren't supported by this provider.  If all records are
 // supported, an empty list is returned.
@@ -54,6 +65,7 @@ func AuditRecords(records []*models.RecordConfig) []error {
 	a.Add("TXT", rejectif.TxtHasTrailingSpace)     // Last verified at 2025-12-03: Alibaba strips trailing spaces
 	a.Add("TXT", rejectif.TxtHasUnpairedBackslash) // Last verified at 2025-12-03: Alibaba mishandles odd backslashes
 	a.Add("*", labelConstraint)                    // Last verified at 2025-12-03: Alibaba only allows ASCII + Chinese, rejects other Unicode
+	a.Add("*", ttlConstraint)                      // Last verified at 2025-12-03: Alibaba requires TTL 600-86400
 	a.Add("CNAME", targetConstraint)               // Last verified at 2025-12-03: CNAME target must be ASCII or Chinese
 	a.Add("SRV", rejectif.SrvHasNullTarget)        // Last verified at 2025-12-03: SRV target must not be null
 	a.Add("SRV", rejectif.SrvHasEmptyTarget)       // Last verified at 2025-12-03: SRV target must not be empty