Feature Request: Ignore certain manually set records

[stephanrenggli]

I would like to request a feature to exclude certain (manually created) DNS records from being managed (deleted) by SyncFlaer.

Use Case

I am using a domain for services proxied by traefik. SyncFlaerautomatically manages those records and the root record.
I have now started using the same domain for ProtonMail. ProtonMail requires certain CNAME records to be set on the domain.

Proposed Solution

I could set these records using SyncFlaer but I would prefer to be able to specify that SyncFlaer ignores certain records (ideally following a regex pattern). That way I could tell SyncFlaer to ignore (and therefor not delete) all records containing protonmail.

In the config this could be similar to additionalRecords.
I have also tried just setting the required CNAME records using SyncFlaer additionalRecords, however for some reason those records are continuously updated for no apparent reason.

[rxbn]

Hi @stephanrenggli

Thanks for opening an issue! Before we proceed, I would like to know what exactly happened to the CNAME records. Could you please provide me with an example additionalRecord? What do you mean with "continuously updated for no apparent reason"?

Many thanks,
-- Robin

[stephanrenggli]

I created the following additionalRecords in config.yml:

additionalRecords:
  # ProtonMail example.com
  - name: protonmail._domainkey.example.com
    type: CNAME
    content: protonmail.domainkey.<random string>.domains.proton.ch.
  - name: protonmail2._domainkey.example.com
    type: CNAME
    content: protonmail2.domainkey.<random string>.domains.proton.ch.
  - name: protonmail3._domainkey.example.com
    type: CNAME
    content: protonmail3.domainkey.<random string>.domains.proton.ch.

These records are provided by ProtonMail in the domain setup process. Once added the container logs showed the records were being continuously updated. Example logs below:

time="2023-01-01T01:44:45Z" level=info msg="Updated: name: protonmail2._domainkey.example.com, type: CNAME, content: protonmail2.domainkey.<random string>.domains.proton.ch., proxied: false, ttl: 1"
time="2023-01-01T01:44:47Z" level=info msg="Updated: name: protonmail3._domainkey.example.com, type: CNAME, content: protonmail3.domainkey.<random string>.domains.proton.ch., proxied: false, ttl: 1"
time="2023-01-01T01:44:49Z" level=info msg="Updated: name: protonmail._domainkey.example.com, type: CNAME, content: protonmail.domainkey.<random string>.domains.proton.ch., proxied: false, ttl: 1"
time="2023-01-01T01:44:56Z" level=info msg="Updated: name: protonmail2._domainkey.example.com, type: CNAME, content: protonmail2.domainkey.<random string>.domains.proton.ch., proxied: false, ttl: 1"
time="2023-01-01T01:44:58Z" level=info msg="Updated: name: protonmail3._domainkey.example.com, type: CNAME, content: protonmail3.domainkey.<random string>.domains.proton.ch., proxied: false, ttl: 1"
time="2023-01-01T01:44:59Z" level=info msg="Updated: name: protonmail._domainkey.example.com, type: CNAME, content: protonmail.domainkey.<random string>.domains.proton.ch., proxied: false, ttl: 1"
time="2023-01-01T01:45:10Z" level=info msg="Updated: name: protonmail2._domainkey.example.com, type: CNAME, content: protonmail2.domainkey.<random string>.domains.proton.ch., proxied: false, ttl: 1"
time="2023-01-01T01:45:11Z" level=info msg="Updated: name: protonmail3._domainkey.example.com, type: CNAME, content: protonmail3.domainkey.<random string>.domains.proton.ch., proxied: false, ttl: 1"
time="2023-01-01T01:45:13Z" level=info msg="Updated: name: protonmail._domainkey.example.com, type: CNAME, content: protonmail.domainkey.<random string>.domains.proton.ch., proxied: false, ttl: 1"

As you can see, the records seem to be updated every few seconds. Between the updates, nothing was changed, so the record wouldn't need updating from what I can see. The records are created correctly on CloudFlare.

I do have another additionalRecord which works fine. So maybe the issue is related to the content field?

additionalRecords:
  - name: test.example.com
    type: CNAME

The cloudflare: section in config.yml contains the following:

cloudflare:
  apiToken: <token>
  zoneNames:
    - example.com
  deleteGrace: 10
  defaults:
    type: CNAME
    proxied: false
    ttl: 1

Let me know if you need additional details.

[rxbn]

Thanks! Could you please try the following additionalRecord configuration:

additionalRecords:
  # ProtonMail example.com
  - name: protonmail._domainkey.example.com
    type: CNAME
    content: protonmail.domainkey.<random string>.domains.proton.ch.
    ttl: 120
  - name: protonmail2._domainkey.example.com
    type: CNAME
    content: protonmail2.domainkey.<random string>.domains.proton.ch.
    ttl: 120
  - name: protonmail3._domainkey.example.com
    type: CNAME
    content: protonmail3.domainkey.<random string>.domains.proton.ch.
    ttl: 120

I have added the ttl: 120 config. It might be required due to Cloudflare API limitations.

[stephanrenggli]

Thanks for the quick reply!

I tried your exact configuration, however this didn't seem to fix the issue:

time="2023-01-01T19:10:09Z" level=info msg="Created: name: protonmail._domainkey.example.com, type: CNAME, content: protonmail.domainkey.<random string>.domains.proton.ch., proxied: false, ttl: 120"
time="2023-01-01T19:10:10Z" level=info msg="Created: name: protonmail2._domainkey.example.com, type: CNAME, content: protonmail2.domainkey.<random string>.domains.proton.ch., proxied: false, ttl: 120"
time="2023-01-01T19:10:11Z" level=info msg="Created: name: protonmail3._domainkey.example.com, type: CNAME, content: protonmail3.domainkey.<random string>.domains.proton.ch., proxied: false, ttl: 120"

time="2023-01-01T19:10:21Z" level=info msg="Updated: name: protonmail2._domainkey.example.com, type: CNAME, content: protonmail2.domainkey.<random string>.domains.proton.ch., proxied: false, ttl: 120"
time="2023-01-01T19:10:24Z" level=info msg="Updated: name: protonmail3._domainkey.example.com, type: CNAME, content: protonmail3.domainkey.<random string>.domains.proton.ch., proxied: false, ttl: 120"
time="2023-01-01T19:10:27Z" level=info msg="Updated: name: protonmail._domainkey.example.com, type: CNAME, content: protonmail.domainkey.<random string>.domains.proton.ch., proxied: false, ttl: 120"
time="2023-01-01T19:10:34Z" level=info msg="Updated: name: protonmail2._domainkey.example.com, type: CNAME, content: protonmail2.domainkey.<random string>.domains.proton.ch., proxied: false, ttl: 120"
time="2023-01-01T19:10:36Z" level=info msg="Updated: name: protonmail3._domainkey.example.com, type: CNAME, content: protonmail3.domainkey.<random string>.domains.proton.ch., proxied: false, ttl: 120"
time="2023-01-01T19:10:38Z" level=info msg="Updated: name: protonmail._domainkey.example.com, type: CNAME, content: protonmail.domainkey.<random string>.domains.proton.ch., proxied: false, ttl: 120"
time="2023-01-01T19:10:46Z" level=info msg="Updated: name: protonmail2._domainkey.example.com, type: CNAME, content: protonmail2.domainkey.<random string>.domains.proton.ch., proxied: false, ttl: 120"
time="2023-01-01T19:10:48Z" level=info msg="Updated: name: protonmail3._domainkey.example.com, type: CNAME, content: protonmail3.domainkey.<random string>.domains.proton.ch., proxied: false, ttl: 120"
time="2023-01-01T19:10:50Z" level=info msg="Updated: name: protonmail._domainkey.example.com, type: CNAME, content: protonmail.domainkey.<random string>.domains.proton.ch., proxied: false, ttl: 120"
time="2023-01-01T19:10:57Z" level=info msg="Updated: name: protonmail2._domainkey.example.com, type: CNAME, content: protonmail2.domainkey.<random string>.domains.proton.ch., proxied: false, ttl: 120"
time="2023-01-01T19:10:59Z" level=info msg="Updated: name: protonmail3._domainkey.example.com, type: CNAME, content: protonmail3.domainkey.<random string>.domains.proton.ch., proxied: false, ttl: 120"
time="2023-01-01T19:11:01Z" level=info msg="Updated: name: protonmail._domainkey.example.com, type: CNAME, content: protonmail.domainkey.<random string>.domains.proton.ch., proxied: false, ttl: 120"
time="2023-01-01T19:11:07Z" level=info msg="Updated: name: protonmail2._domainkey.example.com, type: CNAME, content: protonmail2.domainkey.<random string>.domains.proton.ch., proxied: false, ttl: 120"
time="2023-01-01T19:11:09Z" level=info msg="Updated: name: protonmail3._domainkey.example.com, type: CNAME, content: protonmail3.domainkey.<random string>.domains.proton.ch., proxied: false, ttl: 120"
time="2023-01-01T19:11:11Z" level=info msg="Updated: name: protonmail._domainkey.example.com, type: CNAME, content: protonmail.domainkey.<random string>.domains.proton.ch., proxied: false, ttl: 120"

time="2023-01-01T19:11:28Z" level=info msg="Waiting 9 more runs until DNS record protonmail2._domainkey.example.com gets deleted"
time="2023-01-01T19:11:29Z" level=info msg="Waiting 9 more runs until DNS record protonmail3._domainkey.example.com gets deleted"
time="2023-01-01T19:11:30Z" level=info msg="Waiting 9 more runs until DNS record protonmail._domainkey.example.com gets deleted"

The first 3 messages show the records being created, the next few are the mentioned updates (no configuration changes occurred, the is always the same as well). I then commented out the records in config.yml, so they get marked for deletion in the last 3 messages.

CloudFlare screenshot of the created records:

[rxbn]

Hmm... this must be some kind of a weird bug. I'm digging into it!

[rxbn]

I found the issue! It looks like either SyncFlaer or the Cloudflare API don't like the trailing ..

Could you please try it again with the following config:

additionalRecords:
  # ProtonMail example.com
  - name: protonmail._domainkey.example.com
    type: CNAME
    content: protonmail.domainkey.<random string>.domains.proton.ch # here I removed the dot
  - name: protonmail2._domainkey.example.com
    type: CNAME
    content: protonmail2.domainkey.<random string>.domains.proton.ch # here I removed the dot
  - name: protonmail3._domainkey.example.com
    type: CNAME
    content: protonmail3.domainkey.<random string>.domains.proton.ch # here I removed the dot

Also make sure you use the latest version of SyncFlaer.

[stephanrenggli]

Thank you! This fixed the issue.
ProtonMail even described this issue in their setup page but since the records were added successfully (Cloudflare probably automatically removes the trailing dot?) I didn't think to try without.

As for the original feature request; do you think you could add an exclude feature of some kind?

[rxbn]

I'm glad I was able to help! BTW: I just pushed v5.5.2, which should ignore any trailing dots.

Do you have a specific use-case for an exclude feature?

In general, SyncFlaer is designed to be the single source of truth for your A and CNAME DNS records (AAAA coming soon). If you would like to exclude certain domains, you can either use the ignoredRules config (https://github.com/containeroo/SyncFlaer/blob/master/configs/config.yml#L43) or use the Kubernetes ingress annotation syncflaer.containeroo.ch/ignore=true.

[stephanrenggli]

If I understand correctly ignoredRules would ignore certain records specified by Traefik?

My use case would have been having certain records set manually in the Cloudflare web interface. For example ProtonMail requires TXT, MX and CNAME records. Of those I can only set the CNAME records using SyncFlaer.
The ProtonMail records don't have anything to do with my Traefik config, so my idea was to exclude those records in the SyncFlaer config. Now that I have thought about it some more this doesn't make sense either because I would again have to specify something related to the ProtonMail records in SyncFlaer.

As SyncFlaer is designed to be the single source of truth, maybe having the ability to set TXT and MX records as well would be interesting?

[rxbn]

Yes, ignoredRules ignores certain Traefik hosts if you connect SyncFlaer to the Traefik API.

Our goal is to add support for all DNS record types in the near future. I will keep you posted!