Cannot set Service to create a CNAME instead of an Alias without --aws-prefer-cname and with alias: "false"

[nitrocode]

What happened:

I have a kind: Service

kind: Service
# ...
      external-dns.alpha.kubernetes.io/alias: "false"
      external-dns.alpha.kubernetes.io/aws-weight: "200"
      external-dns.alpha.kubernetes.io/hostname: example.dev.domain.internal
      external-dns.alpha.kubernetes.io/set-identifier: nlb

external dns config

  - args:
    - --source=service
    - --source=ingress
    - --domain-filter=dev.domain.internal
    - --domain-filter=internal.dev.domain.com
    - --provider=aws
    - --policy=upsert-only
    - --registry=txt
    - --txt-owner-id=private-external-dns
    - --interval=1m
    - --events
    - --aws-batch-change-interval=10s
    - --aws-zones-cache-duration=1h

Error

time="2023-08-07T18:29:52Z" level=error msg="InvalidChangeBatch: [RRSet of type A with DNS name example.dev.domain.internal. is not permitted because a conflicting RRSet of type CNAME with the same DNS name already exists in zone dev.domain.internal., RRSet of type TXT with DNS name example.dev.domain.internal. is not permitted because a conflicting RRSet of type CNAME with the same DNS name already exists in zone dev.domain.internal.]\n\tstatus code: 400, request id: snip"

I have a weighted CNAME in dev.domain.internal called example. External-dns is trying to create an alias which doesn't work alongside a CNAME.

What you expected to happen:

The external-dns.alpha.kubernetes.io/alias: "false" should be respected and the type that external-dns should attempt to create should be a CNAME instead of an A.

How to reproduce it (as minimally and precisely as possible):

See above

Anything else we need to know?:

• External DNS always uses ALIAS for AWS ELBs, not CNAME (only A records are created in Route53) #564

Environment:

• External-DNS version (use external-dns --version): v0.13.5
• DNS provider: aws
• Others: N/A

---

external-dns/provider/aws/aws.go

Line 644 in 725cdd0

alias = useAlias(ep, p.preferCNAME)

external-dns/provider/aws/aws.go

Lines 952 to 1003 in 725cdd0

	// useAlias determines if AWS ALIAS should be used.
	func useAlias(ep *endpoint.Endpoint, preferCNAME bool) bool {
	if preferCNAME {
	return false
	}
	if ep.RecordType == endpoint.RecordTypeCNAME && len(ep.Targets) > 0 {
	return canonicalHostedZone(ep.Targets[0]) != ""
	}
	return false
	}
	// isAWSAlias determines if a given endpoint is supposed to create an AWS Alias record
	// and (if so) returns the target hosted zone ID
	func isAWSAlias(ep *endpoint.Endpoint) string {
	isAlias, exists := ep.GetProviderSpecificProperty(providerSpecificAlias)
	if exists && isAlias == "true" && ep.RecordType == endpoint.RecordTypeCNAME && len(ep.Targets) > 0 {
	// alias records can only point to canonical hosted zones (e.g. to ELBs) or other records in the same zone
	if hostedZoneID, ok := ep.GetProviderSpecificProperty(providerSpecificTargetHostedZone); ok {
	// existing Endpoint where we got the target hosted zone from the Route53 data
	return hostedZoneID
	}
	// check if the target is in a canonical hosted zone
	if canonicalHostedZone := canonicalHostedZone(ep.Targets[0]); canonicalHostedZone != "" {
	return canonicalHostedZone
	}
	// if not, target needs to be in the same zone
	return sameZoneAlias
	}
	return ""
	}
	// canonicalHostedZone returns the matching canonical zone for a given hostname.
	func canonicalHostedZone(hostname string) string {
	for suffix, zone := range canonicalHostedZones {
	if strings.HasSuffix(hostname, suffix) {
	return zone
	}
	}
	if strings.HasSuffix(hostname, ".amazonaws.com") {
	// hostname is an AWS hostname, but could not find canonical hosted zone.
	// This could mean that a new region has been added but is not supported yet.
	log.Warnf("Could not find canonical hosted zone for domain %s. This may be because your region is not supported yet.", hostname)
	}
	return ""
	}

external-dns/provider/aws/aws.go

Lines 672 to 697 in 725cdd0

	func (p *AWSProvider) newChange(action string, ep *endpoint.Endpoint) (*Route53Change, bool) {
	change := &Route53Change{
	Change: route53.Change{
	Action: aws.String(action),
	ResourceRecordSet: &route53.ResourceRecordSet{
	Name: aws.String(ep.DNSName),
	},
	},
	}
	dualstack := false
	if targetHostedZone := isAWSAlias(ep); targetHostedZone != "" {
	evalTargetHealth := p.evaluateTargetHealth
	if prop, ok := ep.GetProviderSpecificProperty(providerSpecificEvaluateTargetHealth); ok {
	evalTargetHealth = prop == "true"
	}
	// If the endpoint has a Dualstack label, append a change for AAAA record as well.
	if val, ok := ep.Labels[endpoint.DualstackLabelKey]; ok {
	dualstack = val == "true"
	}
	change.ResourceRecordSet.Type = aws.String(route53.RRTypeA)
	change.ResourceRecordSet.AliasTarget = &route53.AliasTarget{
	DNSName: aws.String(ep.Targets[0]),
	HostedZoneId: aws.String(cleanZoneID(targetHostedZone)),
	EvaluateTargetHealth: aws.Bool(evalTargetHealth),
	}
	} else {

[darpham]

I have a problem / feature request
I think having a annotation to override recordType altogether would be great
external-dns.alpha.kubernetes.io/record-type: CNAME

[alex-hunt-materialize]

It seems like the external-dns.alpha.kubernetes.io/alias is completely bugged currently (on the latest master 5225d99546050dab6e85fed6babf6f1adb66f2c2). If it is set to "true" on a service, then external-dns will just crash, but if set to "false" or not set at all, it creates an alias A record.

time="2023-09-29T00:40:44Z" level=debug msg="Using cached zones list"
time="2023-09-29T00:40:44Z" level=debug msg="Adding 1vjjxofl2wd83blfoo8mc5xlo.us-east-1.aws.alexhunt.dev.materialize.cloud. to zone us-east-1.aws.alexhunt.dev.materialize.cloud. [Id: /hostedzone/Z0082264QQ0XRDUNUH1C]"
time="2023-09-29T00:40:44Z" level=debug msg="Adding _heritage.1vjjxofl2wd83blfoo8mc5xlo.us-east-1.aws.alexhunt.dev.materialize.cloud. to zone us-east-1.aws.alexhunt.dev.materialize.cloud. [Id: /hostedzone/Z0082264QQ0XRDUNUH1C]"
time="2023-09-29T00:40:44Z" level=debug msg="Adding _heritage.a-1vjjxofl2wd83blfoo8mc5xlo.us-east-1.aws.alexhunt.dev.materialize.cloud. to zone us-east-1.aws.alexhunt.dev.materialize.cloud. [Id: /hostedzone/Z0082264QQ0XRDUNUH1C]"
time="2023-09-29T00:40:44Z" level=info msg="Desired change: CREATE 1vjjxofl2wd83blfoo8mc5xlo.us-east-1.aws.alexhunt.dev.materialize.cloud A [Id: /hostedzone/Z0082264QQ0XRDUNUH1C]"
time="2023-09-29T00:40:44Z" level=info msg="Desired change: CREATE _heritage.1vjjxofl2wd83blfoo8mc5xlo.us-east-1.aws.alexhunt.dev.materialize.cloud TXT [Id: /hostedzone/Z0082264QQ0XRDUNUH1C]"
time="2023-09-29T00:40:44Z" level=info msg="Desired change: CREATE _heritage.a-1vjjxofl2wd83blfoo8mc5xlo.us-east-1.aws.alexhunt.dev.materialize.cloud TXT [Id: /hostedzone/Z0082264QQ0XRDUNUH1C]"
time="2023-09-29T00:40:45Z" level=error msg="Failure in zone us-east-1.aws.alexhunt.dev.materialize.cloud. [Id: /hostedzone/Z0082264QQ0XRDUNUH1C] when submitting change batch: InvalidChangeBatch: [Invalid Resource Record: 'FATAL problem: ARRDATAIllegalIPv4Address (Value is not a valid IPv4 address) encountered with 'blncr-20230929001944850100000003-e180a3f6f275dc82.elb.us-east-1.amazonaws.com'']\n\tstatus code: 400, request id: 60464d86-c095-4a36-a63a-4408a4d0e90a"
time="2023-09-29T00:40:46Z" level=fatal msg="failed to submit all changes for the following zones: [/hostedzone/Z0082264QQ0XRDUNUH1C]"
Stream closed EOF for mz-system/external-dns-6ff6c67c96-xk8nj (external-dns)

That Value is not a valid IPv4 address seems like it's trying to create a non-alias A record if we tell it to use aliases.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[alex-hunt-materialize]

/remove-lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[nitrocode]

/remove-lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[nitrocode]

/remove-lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[nitrocode]

/remove-lifecycle stale

[papayakiwi]

@nitrocode please can you test with v0.13.6 or higher? I believe the issue you've reported is fixed in v0.13.6 by @johngmyers with #3674