* feat(metrics): add source wrapper metrics for invalid and deduplicated endpoints
Add GaugeVecMetric.Reset() to clear stale label combinations between cycles.
Introduce invalidEndpoints and deduplicatedEndpoints gauge vectors in the
source wrappers package, partitioned by record_type and source_type. The
dedup source wrapper now tracks rejected (invalid) and de-duplicated
endpoints per collection cycle.
Update the metrics documentation and bump the known metrics count.
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
* feat(source): add PTR source wrapper for automatic reverse DNS
Implement ptrSource, a source wrapper that generates PTR endpoints from
A/AAAA records. The wrapper supports:
- Global default via WithCreatePTR (maps to --create-ptr flag)
- Per-endpoint override via record-type provider-specific property
- Grouping multiple hostnames sharing an IP into a single PTR endpoint
- Skipping wildcard DNS names
Add WithPTRSupported and WithCreatePTR options to the wrapper Config
and wire the PTR wrapper into the WrapSources chain when PTR is in
managed-record-types.
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
* feat(config): add --create-ptr flag and deprecate --rfc2136-create-ptr
Add the generic --create-ptr boolean flag to Config, enabling automatic
PTR record creation for any provider. Add IsPTRSupported() helper that
checks whether PTR is included in --managed-record-types.
Add validation: --create-ptr (or legacy --rfc2136-create-ptr) now
requires PTR in --managed-record-types, preventing misconfiguration.
Mark --rfc2136-create-ptr as deprecated in the flag description.
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
* refactor(rfc2136): remove inline PTR logic in favor of PTR source wrapper
Remove the createPTR field, AddReverseRecord, RemoveReverseRecord, and
GenerateReverseRecord methods from the rfc2136 provider. PTR record
generation is now handled generically by the PTR source wrapper before
records reach the provider.
Update the PTR creation test to supply pre-generated PTR endpoints
(simulating what the source wrapper produces) instead of relying on
the provider to create them internally.
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
* feat(controller): wire PTR source wrapper into buildSource
Pass the top-level Config to buildSource so it can read IsPTRSupported()
and the CreatePTR / RFC2136CreatePTR flags. When PTR is in
managed-record-types, the PTR source wrapper is installed in the
wrapper chain with the combined create-ptr default.
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
* chore(pdns): remove stale comment and fix whitespace
Remove an outdated comment about a single-target-per-tuple assumption
that no longer applies.
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
* docs: add PTR records documentation and update existing guides
Add docs/advanced/ptr-records.md covering the --create-ptr flag,
per-resource annotation overrides, prerequisites, and usage examples.
Update:
- annotations.md: document record-type annotation
- flags.md: add --create-ptr, mark --rfc2136-create-ptr as deprecated
- tutorials/rfc2136.md: point to generic --create-ptr flag
- contributing/source-wrappers.md: add PTR wrapper to the chain
- mkdocs.yml: add PTR Records navigation entry
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
* feat(rfc2136)!: remove rfc2136-create-ptr in favor of create-ptr
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
---------
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
* docs(aws): tutorial with kind and localstack
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
* remove dependencies
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
* docs(aws): tutorial with kind and localstack
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
* docs(aws): tutorial with kind and localstack
Co-authored-by: Michel Loiseleur <97035654+mloiseleur@users.noreply.github.com>
* docs(aws): tutorial with kind and localstack
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
* docs(aws): tutorial with kind and localstack
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
* docs(aws): tutorial with kind and localstack
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
* docs(aws): tutorial with kind and localstack
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
---------
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
Co-authored-by: Michel Loiseleur <97035654+mloiseleur@users.noreply.github.com>
* docs: add BIND9 on Kubernetes with Kind tutorial for rfc2136 provider
Add a step-by-step guide for deploying BIND9 and ExternalDNS inside
a local Kind cluster, covering forward (A) and reverse (PTR) DNS
zones with TSIG authentication.
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
* docs: apply suggestions for bind9 tutorial
Co-authored-by: Michel Loiseleur <97035654+mloiseleur@users.noreply.github.com>
---------
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
Co-authored-by: Michel Loiseleur <97035654+mloiseleur@users.noreply.github.com>
* feat(cloudflare): add --batch-change-size and --batch-change-interval flags
Adds two new global CLI flags for controlling batch DNS change behaviour:
- --batch-change-size (default 200): maximum number of DNS operations per batch
- --batch-change-interval (default 1s): pause between consecutive batch chunks
Wires the flags through Config into the Cloudflare provider's DNSRecordsConfig.
* feat(cloudflare): implement batch DNS records API with automatic fallback
Uses Cloudflare's Batch DNS Records API to submit all creates, updates, and
deletes for a zone in a single transactional API call per chunk, significantly
reducing the total number of requests made against the Cloudflare API.
- Batch size and interval are controlled via --batch-change-size / --batch-change-interval
- Record types unsupported by the batch PUT endpoint (e.g. SRV, CAA) are
submitted individually via the standard API
- If a batch chunk is rejected by Cloudflare, ExternalDNS automatically retries
each record change in that chunk individually so no changes are silently lost
- Adds cloudflare_batch.go with the core batching logic and full test coverage
* feat(cloudflare): soft retry for 'unexpected EOF' (issue 3798)
* feat(cloudflare): soft retry for 'unexpected EOF' (issue 3798)
* feat(cloudflare): debug logs for intentional invididual-updates
* feat(cloudflare): improved code coverage
* feat(cloudflare): handle json.Encoder error in test helper
* feat(registry/txt): enable support for SRV and NAPTR
This enables support for SRV and NAPTR in the TXT registry.
* doc(crd): add example DNSEndpoint for SRV and NAPTR
* feat(coredns): use managed-by to separate records
Signed-off-by: Jan Jansen <jan.jansen@gdata.de>
* feat(coredns): use txt-owner-id to strictly separated external-dns instances
Signed-off-by: Jan Jansen <jan.jansen@gdata.de>
* fix tests
Signed-off-by: Jan Jansen <jan.jansen@gdata.de>
* fix reviewer comments
Signed-off-by: Jan Jansen <jan.jansen@gdata.de>
* answer review comments
* fix deletion behavior and remove extra function
* fix markdown
* fix tests again
---------
Signed-off-by: Jan Jansen <jan.jansen@gdata.de>
* fix(aws): warn on TXT AccessDenied due to ABAC
ExternalDNS writes TXT ownership records. ABAC missing TXT can cause 403
AccessDenied from Route 53.
* Update AWS ABAC docs to include TXT in record types
* Log entries when AccessDenied occurs and batch contains TXT
* Added unit tests for AccessDenied detection, TXT detection and logging
Refs: #5773
Signed-off-by: Tobias Harnickell <tobias.harnickell@bedag.ch>
* fix(aws): Drop prescriptive IAM warning
* Return the first Route 53 error from `submitChanges` so operators see
the original AWS message
* Remove IAM-guessing branch while keeping split-and-retry submission
* Tidy error test and fall back to `provider.NewSoftErrorf` when no AWS
error was captured
* Add tests for error return on failures upon zone submission
Signed-off-by: Tobias Harnickell <tobias.harnickell@bedag.ch>
* fix(aws): Remove TXT-specific error handling
Signed-off-by: Tobias Harnickell <tobias.harnickell@bedag.ch>
* fix(aws): Remove Route53 final error message
Signed-off-by: Tobias Harnickell <tobias.harnickell@bedag.ch>
* fix(aws): Remove unused import of `error`
Signed-off-by: Tobias Harnickell <tobias.harnickell@bedag.ch>
---------
Signed-off-by: Tobias Harnickell <tobias.harnickell@bedag.ch>
* scoping the AWS IAM policy to explicitely defined AWS Route53 zones
* Apply suggestions from code review
Co-authored-by: Michel Loiseleur <97035654+mloiseleur@users.noreply.github.com>
* Update aws.md
* Update docs/tutorials/aws.md
Co-authored-by: Michel Loiseleur <97035654+mloiseleur@users.noreply.github.com>
* Update aws.md
breaking up lines to make it pass markdown linting
---------
Co-authored-by: Michel Loiseleur <97035654+mloiseleur@users.noreply.github.com>
Only grant endpointslices permissions when using service source and remove
outdated endpoints RBAC from provider tutorials.
Add rbac tests for the chart.
* feat(aws): add support for geoproximity routing
* remove the invalid test
* make some changes based on review comments
* fix linting errors
* make changes based on review feedback
* add more tests to get better coverage
* update docs
* make the linter happy
* address review feedback
This commit addresses the review feedback by making the following changes:
- use a more object-oriented approach for geoProximity handling
- change log levels to warnings instead of errors
- add more test cases for geoProximity
* fix linting error
* use shorter annotation names
- add flag to enable regional hostname feature
- support deletion of regional hostname on annotation edit
- correctly support differences detection with cloudflare state
- increased tests coverage
Co-authored-by: Michel Loiseleur <97035654+mloiseleur@users.noreply.github.com>
* fix(azure): Enhance retry logic using azure SDK
* Added the changes for flag based maxretries configuration
* Fixed types.go, flags.md and delected unneccesary comments
* Added the correct image for the Azure Private DNS tutorial
* Following the go naming convention for maxRetriesCount
* Added the correct flag information to the --azure-maxretries-count
* Made the required changes to accept the --azure-maxretries-count flag value from cli/env
* docs(tutorials): add IONOS Cloud setup tutorial for ExternalDNS
* docs(tutorials): improve formatting and clarity in IONOS Cloud tutorial
* docs(tutorials): address comments, file names to use dash, and more information on ionos webhook repo and image
* Update docs/tutorials/ionoscloud.md
Co-authored-by: Michel Loiseleur <97035654+mloiseleur@users.noreply.github.com>
---------
Co-authored-by: Michel Loiseleur <97035654+mloiseleur@users.noreply.github.com>
