mirror of
https://github.com/StackExchange/dnscontrol.git
synced 2025-12-09 13:46:07 +08:00
f1b30a1a04
## Summary This PR adds a new domain modifier `IGNORE_EXTERNAL_DNS()` that automatically detects and ignores DNS records managed by Kubernetes [external-dns](https://github.com/kubernetes-sigs/external-dns) controller. **Related Issue:** This addresses the feature request discussed in StackExchange/dnscontrol#935 (Idea: Ownership system), where @tlimoncelli indicated openness to accepting a PR for this functionality. ## Problem When running DNSControl alongside Kubernetes external-dns, users face a challenge: - **external-dns** dynamically creates DNS records based on Kubernetes Ingress/Service resources - Users cannot use `IGNORE()` because they cannot predict which record names external-dns will create - Using `NO_PURGE()` is too broad - it prevents DNSControl from cleaning up any orphaned records The fundamental issue is that `IGNORE()` requires static patterns known at config-time, but external-dns creates records dynamically at runtime. ## Solution `IGNORE_EXTERNAL_DNS()` solves this by detecting external-dns managed records at runtime: ```javascript D("example.com", REG_CHANGEME, DnsProvider(DSP_MY_PROVIDER), IGNORE_EXTERNAL_DNS(), // Automatically ignore external-dns managed records A("@", "1.2.3.4"), CNAME("www", "@") ); ``` ### How It Works external-dns uses a TXT record registry to track ownership. For each managed record, it creates a TXT record like: - `a-myapp.example.com` → TXT containing `heritage=external-dns,external-dns/owner=...` - `cname-api.example.com` → TXT containing `heritage=external-dns,external-dns/owner=...` This PR: 1. Scans existing TXT records for the `heritage=external-dns` marker 2. Parses the TXT record name prefix (e.g., `a-`, `cname-`) to determine the managed record type 3. Automatically adds those records to the ignore list during diff operations ## Changes | File | Purpose | |------|---------| | `models/domain.go` | Add `IgnoreExternalDNS` field to DomainConfig | | `pkg/js/helpers.js` | Add `IGNORE_EXTERNAL_DNS()` JavaScript helper | | `pkg/diff2/externaldns.go` | Core detection logic for external-dns TXT records | | `pkg/diff2/externaldns_test.go` | Unit tests for detection logic | | `pkg/diff2/handsoff.go` | Integrate external-dns detection into handsoff() | | `pkg/diff2/diff2.go` | Pass IgnoreExternalDNS flag to handsoff() | | `commands/types/dnscontrol.d.ts` | TypeScript definitions for IDE support | | `documentation/.../IGNORE_EXTERNAL_DNS.md` | User documentation | ## Design Philosophy This follows DNSControl's pattern of convenience builders (like `M365_BUILDER`, `SPF_BUILDER`, `DKIM_BUILDER`) that make complex operations simple. Just as those builders abstract away implementation details, `IGNORE_EXTERNAL_DNS()` abstracts away the complexity of detecting external-dns managed records. ## Testing All unit tests pass: ``` go test ./pkg/diff2/... -v # Tests detection logic go test ./pkg/js/... # Tests JS helpers go build ./... # Builds successfully ``` ## Caveats Documented - Only supports TXT registry (the default for external-dns) - Requires external-dns to use default naming conventions - May need updates if external-dns changes its registry format --------- Co-authored-by: Tom Limoncelli <6293917+tlimoncelli@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| A.md | ||
| AAAA.md | ||
| ADGUARDHOME_A_PASSTHROUGH.md | ||
| ADGUARDHOME_AAAA_PASSTHROUGH.md | ||
| AKAMAICDN.md | ||
| AKAMAITLC.md | ||
| ALIAS.md | ||
| AUTODNSSEC_OFF.md | ||
| AUTODNSSEC_ON.md | ||
| AZURE_ALIAS.md | ||
| CAA.md | ||
| CAA_BUILDER.md | ||
| CF_REDIRECT.md | ||
| CF_SINGLE_REDIRECT.md | ||
| CF_TEMP_REDIRECT.md | ||
| CF_WORKER_ROUTE.md | ||
| CLOUDNS_WR.md | ||
| CNAME.md | ||
| DefaultTTL.md | ||
| DHCID.md | ||
| DISABLE_IGNORE_SAFETY_CHECK.md | ||
| DKIM_BUILDER.md | ||
| DMARC_BUILDER.md | ||
| DNAME.md | ||
| DNSKEY.md | ||
| DnsProvider.md | ||
| DS.md | ||
| FRAME.md | ||
| HTTPS.md | ||
| IGNORE.md | ||
| IGNORE_EXTERNAL_DNS.md | ||
| IGNORE_NAME.md | ||
| IGNORE_TARGET.md | ||
| IMPORT_TRANSFORM.md | ||
| IMPORT_TRANSFORM_STRIP.md | ||
| INCLUDE.md | ||
| LOC.md | ||
| LOC_BUILDER_DD.md | ||
| LOC_BUILDER_DMM_STR.md | ||
| LOC_BUILDER_DMS_STR.md | ||
| LOC_BUILDER_STR.md | ||
| LUA.md | ||
| M365_BUILDER.md | ||
| MX.md | ||
| NAMESERVER.md | ||
| NAMESERVER_TTL.md | ||
| NAPTR.md | ||
| NO_PURGE.md | ||
| NS.md | ||
| OPENPGPKEY.md | ||
| PORKBUN_URLFWD.md | ||
| PTR.md | ||
| PURGE.md | ||
| R53_ALIAS.md | ||
| SMIMEA.md | ||
| SOA.md | ||
| SPF_BUILDER.md | ||
| SRV.md | ||
| SSHFP.md | ||
| SVCB.md | ||
| TLSA.md | ||
| TXT.md | ||
| URL.md | ||
| URL301.md | ||