PNDS provider is the only one which uses MatchParent functionality. The
MatchParent functionality breaks domain and regex domain filters. It
also makes PDNS provider behave differently than other providers while
having the same configuration. MatchParent can be replaced by using
multiple domain filters. After discussion with maintainers we concluded
that MatchParent should be removed.
All of the providers have TLS enabled by default so this change will
make PDNS provider behave as exected. Additionally, enabling TLS
by default is a good practice and previous bahaviour was a bit
misleading. It was possible to pass `--tls-ca` without
`--pdns-tls-enabled` and the PDNS provider would ignore the tls and
instantiate client with disabled tls. This change adds a flag to disable
the tls: `--pdns-skip-tls-verify`. Similar flag is used by pihole and
bluecat providers.
Additionaly this change makes providing custom TLS CA optional. It if is
not provided. A system certificates will be used. This makes PDNS behave
the same as other providers.
If you had an RRSet that contained multiple records, the provider would
end up generating multiple endpoints where really it needs to produce a
single endpoint with multiple targets.
