Private DNS: no error while create A record with more than 20 records

[amarkevich]

Terraform (and AzureRM Provider) Version

Terraform v1.0.1

• Installed hashicorp/azurerm v2.66.0 (signed by HashiCorp)

Affected Resource(s)

• `azurerm_private_dns_a_record

Terraform Configuration Files

resource "azurerm_private_dns_a_record" "a" {
  name                = "@"
  resource_group_name = "rg-corp-dns"
  zone_name           = "corp.com"
  ttl                 = 300
  records             = ["10.0.180.17", ...more than 20... ]
}

Debug Output

module.corp-com-dns-zone["corp.com"].azurerm_private_dns_a_record.a["@"]: Creating...

Panic Output

│ Error: creating/updating A Record: (A Name "@" / Private Dns Zone Name "corp.com" / Resource Group "rg-corp-dns"): privatedns.RecordSetsClient#CreateOrUpdate: Failure sending request: StatusCode=409 -- Original Error: autorest/azure: Service returned an error. Status=<nil> <nil>
│ 
│   with module.corp-com-dns-zone["corp.com"].azurerm_private_dns_a_record.a["@"],
│   on .terraform/modules/corp-com-dns-zone/main.tf line 21, in resource "azurerm_private_dns_a_record" "a":
│   21: resource "azurerm_private_dns_a_record" "a" {

Expected Behaviour

Detailed error message

Actual Behaviour

No error message

Steps to Reproduce

1. terraform apply

[jackofallops]

Hi @amarkevich - I think the problem here is that you are trying to create an SOA entry as an A-record, which is not allowed by the API. The SOA ('@') record is managed with the azurerm_private_dns_zone resource itself. That said, we should have some validation on the azurerm_private_dns_a_record resource to prevent that value being specified.

[github-actions]

This functionality has been released in v2.73.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[t-l-k]

@jackofallops @amarkevich @stephybun Creating @ type A records for "apex" records is distinct from type SOA records, no? I've raised following issue:

• Bug azurerm_private_dns_a_record apex records validation bug: Error: "name" cannot contain @ #13081

I looked at the soa_record block on the resource docs and couldn't find an attribute that would accept an address. I've used A private DNS records in the past to set apex records up until 2.73.0, worked fine. I wasn't trying to set 20 IPs tho!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.