What happened:
I created a Service of type NodePort with externalTrafficPolicy Local which publishes port 25565 and annotated it with
external-dns.alpha.kubernetes.io/access: "public"
external-dns.alpha.kubernetes.io/hostname: "a.b."
I was able to connect to the port using the external ip but external-dns reported:
time="2025-06-21T20:13:12Z" level=info msg="config: {APIServerURL: KubeConfig: RequestTimeout:30s DefaultTargets:[] GlooNamespaces:[gloo-system] SkipperRouteGroupVersion:zalando.org/v1 Sources:[service ingress traefik-proxy] Namespace: AnnotationFilter: LabelFilter: IngressClassNames:[] FQDNTemplate: CombineFQDNAndAnnotation:false IgnoreHostnameAnnotation:false IgnoreNonHostNetworkPods:false IgnoreIngressTLSSpec:false IgnoreIngressRulesSpec:false ListenEndpointEvents:false GatewayName: GatewayNamespace: GatewayLabelFilter: Compatibility: PodSourceDomain: PublishInternal:false PublishHostIP:false AlwaysPublishNotReadyAddresses:false ConnectorSourceServer:localhost:8080 Provider:cloudflare ProviderCacheTime:0s GoogleProject: GoogleBatchChangeSize:1000 GoogleBatchChangeInterval:1s GoogleZoneVisibility: DomainFilter:[] ExcludeDomains:[] RegexDomainFilter: RegexDomainExclusion: ZoneNameFilter:[] ZoneIDFilter:[] TargetNetFilter:[] ExcludeTargetNets:[] AlibabaCloudConfigFile:/etc/kubernetes/alibaba-cloud.json AlibabaCloudZoneType: AWSZoneType: AWSZoneTagFilter:[] AWSAssumeRole: AWSProfiles:[] AWSAssumeRoleExternalID: AWSBatchChangeSize:1000 AWSBatchChangeSizeBytes:32000 AWSBatchChangeSizeValues:1000 AWSBatchChangeInterval:1s AWSEvaluateTargetHealth:true AWSAPIRetries:3 AWSPreferCNAME:false AWSZoneCacheDuration:0s AWSSDServiceCleanup:false AWSSDCreateTag:map[] AWSZoneMatchParent:false AWSDynamoDBRegion: AWSDynamoDBTable:external-dns AzureConfigFile:/etc/kubernetes/azure.json AzureResourceGroup: AzureSubscriptionID: AzureUserAssignedIdentityClientID: AzureActiveDirectoryAuthorityHost: AzureZonesCacheDuration:0s CloudflareProxied:false CloudflareCustomHostnames:false CloudflareCustomHostnamesMinTLSVersion:1.0 CloudflareCustomHostnamesCertificateAuthority:google CloudflareDNSRecordsPerPage:100 CloudflareRegionKey: CoreDNSPrefix:/skydns/ AkamaiServiceConsumerDomain: AkamaiClientToken: AkamaiClientSecret: AkamaiAccessToken: AkamaiEdgercPath: AkamaiEdgercSection: OCIConfigFile:/etc/kubernetes/oci.yaml OCICompartmentOCID: OCIAuthInstancePrincipal:false OCIZoneScope:GLOBAL OCIZoneCacheDuration:0s InMemoryZones:[] OVHEndpoint:ovh-eu OVHApiRateLimit:20 PDNSServer:http://localhost:8081 PDNSServerID:localhost PDNSAPIKey: PDNSSkipTLSVerify:false TLSCA: TLSClientCert: TLSClientCertKey: Policy:upsert-only Registry:txt TXTOwnerID:default TXTPrefix: TXTSuffix: TXTEncryptEnabled:false TXTEncryptAESKey: TXTNewFormatOnly:false Interval:1m0s MinEventSyncInterval:5s Once:false DryRun:false UpdateEvents:false LogFormat:text MetricsAddress::7979 LogLevel:info TXTCacheInterval:0s TXTWildcardReplacement: ExoscaleEndpoint: ExoscaleAPIKey: ExoscaleAPISecret: ExoscaleAPIEnvironment:api ExoscaleAPIZone:ch-gva-2 CRDSourceAPIVersion:externaldns.k8s.io/v1alpha1 CRDSourceKind:DNSEndpoint ServiceTypeFilter:[] CFAPIEndpoint: CFUsername: CFPassword: ResolveServiceLoadBalancerHostname:false RFC2136Host:[] RFC2136Port:0 RFC2136Zone:[] RFC2136Insecure:false RFC2136GSSTSIG:false RFC2136CreatePTR:false RFC2136KerberosRealm: RFC2136KerberosUsername: RFC2136KerberosPassword: RFC2136TSIGKeyName: RFC2136TSIGSecret: RFC2136TSIGSecretAlg: RFC2136TAXFR:false RFC2136MinTTL:0s RFC2136LoadBalancingStrategy:disabled RFC2136BatchChangeSize:50 RFC2136UseTLS:false RFC2136SkipTLSVerify:false NS1Endpoint: NS1IgnoreSSL:false NS1MinTTLSeconds:0 TransIPAccountName: TransIPPrivateKeyFile: DigitalOceanAPIPageSize:50 ManagedDNSRecordTypes:[A AAAA CNAME SRV] ExcludeDNSRecordTypes:[] GoDaddyAPIKey: GoDaddySecretKey: GoDaddyTTL:0 GoDaddyOTE:false OCPRouterName: IBMCloudProxied:false IBMCloudConfigFile:/etc/kubernetes/ibmcloud.json TencentCloudConfigFile:/etc/kubernetes/tencent-cloud.json TencentCloudZoneType: PiholeServer: PiholePassword: PiholeTLSInsecureSkipVerify:false PluralCluster: PluralProvider: WebhookProviderURL:http://localhost:8888 WebhookProviderReadTimeout:5s WebhookProviderWriteTimeout:10s WebhookServer:false TraefikDisableLegacy:true TraefikDisableNew:false NAT64Networks:[]}"
time="2025-06-21T20:13:12Z" level=info msg="Instantiating new Kubernetes client"
time="2025-06-21T20:13:12Z" level=info msg="Using inCluster-config based on serviceaccount-token"
time="2025-06-21T20:13:12Z" level=info msg="Created Kubernetes client https://10.43.0.1:443"
time="2025-06-21T20:13:12Z" level=info msg="Using inCluster-config based on serviceaccount-token"
time="2025-06-21T20:13:12Z" level=info msg="Created Dynamic Kubernetes client https://10.43.0.1:443"
time="2025-06-21T20:13:15Z" level=info msg="Changing record." action=CREATE record=_minecraft._tcp.a.b ttl=1 type=SRV zone=<zone>
time="2025-06-21T20:13:16Z" level=error msg="failed to create record: weight is a required data field. (9101), port is a required data field. (9101), target is a required data field. (9101)" action=CREATE record=_minecraft._tcp.a.b ttl=1 type=SRV zone=<zone>
time="2025-06-21T20:13:16Z" level=info msg="Changing record." action=CREATE record=_minecraft._tcp.a.b ttl=1 type=TXT zone=<zone>
time="2025-06-21T20:13:17Z" level=info msg="Changing record." action=CREATE record=srv-_minecraft._tcp.a.b ttl=1 type=TXT zone=<zone>
time="2025-06-21T20:13:18Z" level=fatal msg="Failed to do run once: failed to submit all changes for the following zones: [<zone>]"
Exchanged domain for a.b
What you expected to happen:
External DNS should have created the SRV Record
How to reproduce it (as minimally and precisely as possible):
- Set up External DNS to create SRV Records (https://kubernetes-sigs.github.io/external-dns/latest/docs/sources/service/#nodeport)
- Set up a web server or something similar
- Publish it through a NodePort with the aforementioned annotations
- Observe ExternalDNS Logs
Anything else we need to know?:
Environment:
- External-DNS version (use
external-dns --version): v20250514-v0.17.0
- DNS provider: Cloudflare
- Others:
What happened:
I created a Service of type NodePort with externalTrafficPolicy Local which publishes port 25565 and annotated it with
I was able to connect to the port using the external ip but external-dns reported:
What you expected to happen:
External DNS should have created the SRV Record
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
Environment:
external-dns --version): v20250514-v0.17.0