The current implementation of external-dns from sig-external-dns does
not support domain filtering (--domain-filter) for sub-domains on Route53,
such as test.sub-domain.domain.com. The function MatchParent was recently
removed from the base code, but it is still necessary for this purpose.
An example of a use case for this support is having a cluster per hosted
zone with a hundred ingress related to that zone with different variants of
sub-domains. With the matchParent function and zone-match-parent flag,
external-dns will now support an extended automatic match for sub-domains.
When AAAA multi-target / dual stack support was
added via #2461 it broke ownership of domains across
different clusters with different ingress records types.
For example if 2 clusters manage the same zone,
1 cluster uses A records and the other uses CNAME
records, when each record type is treated as a separate
planning record, it will cause ownership to bounce back
and forth and records to be constantly created and
deleted.
This change updates the planner to keep track of multiple
current records for a domain. This allows for A and AAAA
records to exist for a domain while allowing record type
changes.
The planner will ignore desired records for a domain that
represent conflicting record types allowed by RFC 1034 3.6.2.
For example if the desired records for a domain contains
a CNAME record plus any other record type no changes for
that domain will be planned.
The planner now contains an owned record filter provided
by the registry. This allows the planner to accurately plan
create updates when there are record type changes between
the current and desired endpoints. Without this filter the
planner could add create changes for domains not owned
by the controller.
PNDS provider is the only one which uses MatchParent functionality. The
MatchParent functionality breaks domain and regex domain filters. It
also makes PDNS provider behave differently than other providers while
having the same configuration. MatchParent can be replaced by using
multiple domain filters. After discussion with maintainers we concluded
that MatchParent should be removed.
If a single change fails during the retry, it will be added to a queue.
In the next iteration, changes from this queue will be submitted after
all other changes.
When submitting single changes, they are always submitted as batches of
changes with the same DNS name and ownership relation to avoid
inconsistency between the record created and the TXT records.
