Skip to content

fix(crd): allow trailing dot in CNAME targets#6218

Merged
k8s-ci-robot merged 4 commits intokubernetes-sigs:masterfrom
gofogo:fix-crd-cname
Feb 26, 2026
Merged

fix(crd): allow trailing dot in CNAME targets#6218
k8s-ci-robot merged 4 commits intokubernetes-sigs:masterfrom
gofogo:fix-crd-cname

Conversation

@ivankatliarchuk
Copy link
Copy Markdown
Member

@ivankatliarchuk ivankatliarchuk commented Feb 23, 2026
edited
Loading

What does it do ?

RFC 1035 §5.1 FQDN targets were wrongly rejected; accept CNAME with or without trailing dot

The CRD source rejected CNAME targets with a trailing dot, but RFC 1035 §5.1 defines the trailing dot as standard absolute FQDN notation in zone file syntax - backend.cluster.local. is as valid as backend.cluster.local. Users familiar with DNS zone files (common in Kubernetes with .cluster.local. search domains) would naturally write FQDNs with a trailing dot and get silently dropped endpoints with a non-actionable warning.

  • Made warning message more actionable
  • hasDot is computed for every target regardless of record type, but for TXT, MX, and CNAME we immediately continue — so the computation is wasted for those. Move hasDot inside the cases that actually use it.

Commit 2fdc7354 (~2 years ago), titled "Add unit tests for NAPTR and invalid endpoints". The test was added alongside NAPTR tests as "invalid endpoint CNAME" with expectEndpoints: false - no justification given, it was simply assumed that trailing dots on CNAME targets are invalid, mirroring the same rule applied to A/AAAA records.

Initially added change #1107, assumes that all targets must not have trailing dots.

Motivation

Added a case endpoint.RecordTypeCNAME to the target validation switch that skips the trailing-dot check, treating both forms as valid. Updated the existing test that asserted the trailing-dot form was illegal (expectEndpoints: false → true) and added a companion test for the bare (no trailing dot) form alongside it

Relates #6145

More

  • Yes, this PR title follows Conventional Commits
  • Yes, I added unit tests
  • Yes, I updated end user documentation accordingly

@ivankatliarchuk
fix(crd): allow trailing dot in CNAME targets
37f2733 
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
@k8s-ci-robot k8s-ci-robot requested a review from vflaux February 23, 2026 12:21
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Feb 23, 2026
@coveralls
Copy link
Copy Markdown

coveralls commented Feb 23, 2026
edited
Loading

Pull Request Test Coverage Report for Build 22307159213

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • 2 unchanged lines in 1 file lost coverage.
  • Overall coverage increased (+0.01%) to 79.271%
Files with Coverage Reduction New Missed Lines %
crd.go 2 68.86%
Totals Coverage Status
Change from base Build 22304791143: 0.01%
Covered Lines: 16050
Relevant Lines: 20247
💛 - Coveralls

@ivankatliarchuk
fix(crd): allow trailing dot in CNAME targets
a5eb772 
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Feb 23, 2026
@ivankatliarchuk
fix(crd): allow trailing dot in CNAME targets
2681e8c 
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
@k8s-ci-robot k8s-ci-robot added docs size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Feb 23, 2026
@ivankatliarchuk
fix(crd): allow trailing dot in CNAME targets
eaab022 
Signed-off-by: ivan katliarchuk <ivan.katliarchuk@gmail.com>
vflaux
vflaux reviewed Feb 25, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@vflaux vflaux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 25, 2026
@ivankatliarchuk
Copy link
Copy Markdown
Member Author

ivankatliarchuk commented Feb 26, 2026

/approve

@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Feb 26, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ivankatliarchuk

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 26, 2026
@k8s-ci-robot k8s-ci-robot merged commit 947c25d into kubernetes-sigs:master Feb 26, 2026
18 checks passed
@ivankatliarchuk ivankatliarchuk deleted the fix-crd-cname branch February 26, 2026 07:54
ivankatliarchuk added a commit to gofogo/k8s-sigs-external-dns-fork that referenced this pull request Mar 10, 2026
@ivankatliarchuk
Merge branch 'master' into feat-metric-skipped_records_owner_mismatch…
c125f07 
…_total

* master: (21 commits)
  refactor(testutils): extract log test helpers into subpackage to fix (kubernetes-sigs#6236)
  chore(deps): bump mkdocs-material (kubernetes-sigs#6237)
  feat(endpoint): reject alias property on unsupported record types (kubernetes-sigs#6188)
  fix(charts): Skip cluster-scope RBAC on namespaced (kubernetes-sigs#5843)
  chore(deps): bump the dev-dependencies group across 1 directory with 3 updates (kubernetes-sigs#6226)
  feat(pdns): add --[no-]prefer-alias flag and alias annotation support (kubernetes-sigs#6129)
  fix(ci): failed to download the coveralls binary from GitHub releases (kubernetes-sigs#6228)
  docs: add external-dns-pscloud-webhook to New providers list (kubernetes-sigs#6214)
  fix(crd): allow trailing dot in CNAME targets (kubernetes-sigs#6218)
  docs: added deep wiki badge (kubernetes-sigs#6215)
  feat(crd): Support MX record with trailing dot (kubernetes-sigs#6163)
  chore(source): standardize sources with merge endpionts and deduplicate targets (kubernetes-sigs#6174)
  chore(store): Added RESTConfig() to ClientGenerator (kubernetes-sigs#6177)
  chore(ingress): clarify that both IP and Hostname are collected from LoadBalancer status (kubernetes-sigs#6138)
  chore(endpoint): added empty checks (kubernetes-sigs#6157)
  chore(linter): enable unparam (kubernetes-sigs#6160)
  fix(tlsutils): fix nil error wrapping and wrong env var in TLS config (kubernetes-sigs#6198)
  chore(endpoint): harden crypto (kubernetes-sigs#6197)
  feat(fqdn): Deduplicate and sort ExecTemplate output. Add functions (kubernetes-sigs#6173)
  benchmark(endpoint): endpoint benchmarks (kubernetes-sigs#6156)
  ...
ivankatliarchuk added a commit to gofogo/k8s-sigs-external-dns-fork that referenced this pull request Mar 10, 2026
@ivankatliarchuk
Merge branch 'master' into chore-standartize-source-constructors
81ec0af 
* master: (23 commits)
  refactor(testutils): extract log test helpers into subpackage to fix (kubernetes-sigs#6236)
  chore(deps): bump mkdocs-material (kubernetes-sigs#6237)
  feat(endpoint): reject alias property on unsupported record types (kubernetes-sigs#6188)
  fix(charts): Skip cluster-scope RBAC on namespaced (kubernetes-sigs#5843)
  chore(deps): bump the dev-dependencies group across 1 directory with 3 updates (kubernetes-sigs#6226)
  feat(pdns): add --[no-]prefer-alias flag and alias annotation support (kubernetes-sigs#6129)
  fix(ci): failed to download the coveralls binary from GitHub releases (kubernetes-sigs#6228)
  docs: add external-dns-pscloud-webhook to New providers list (kubernetes-sigs#6214)
  fix(crd): allow trailing dot in CNAME targets (kubernetes-sigs#6218)
  docs: added deep wiki badge (kubernetes-sigs#6215)
  feat(crd): Support MX record with trailing dot (kubernetes-sigs#6163)
  chore(source): standardize sources with merge endpionts and deduplicate targets (kubernetes-sigs#6174)
  chore(store): Added RESTConfig() to ClientGenerator (kubernetes-sigs#6177)
  chore(ingress): clarify that both IP and Hostname are collected from LoadBalancer status (kubernetes-sigs#6138)
  chore(endpoint): added empty checks (kubernetes-sigs#6157)
  chore(linter): enable unparam (kubernetes-sigs#6160)
  fix(tlsutils): fix nil error wrapping and wrong env var in TLS config (kubernetes-sigs#6198)
  chore(endpoint): harden crypto (kubernetes-sigs#6197)
  feat(fqdn): Deduplicate and sort ExecTemplate output. Add functions (kubernetes-sigs#6173)
  benchmark(endpoint): endpoint benchmarks (kubernetes-sigs#6156)
  ...
@jooola jooola mentioned this pull request Apr 9, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mloiseleur mloiseleur Awaiting requested review from mloiseleur

1 more reviewer

@vflaux vflaux vflaux left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@vflaux vflaux

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. docs lgtm "Looks good to me", indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. source

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ivankatliarchuk @coveralls @k8s-ci-robot @vflaux