You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/registry/txt.md
+32Lines changed: 32 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -208,6 +208,8 @@ Caching is enabled by specifying a cache duration with the `--txt-cache-interval
208
208
209
209
## OwnerID migration
210
210
211
+
> Automating DNS migrations with third-party tools can be risky. DNS is often business-critical, and without deep understanding of the environment, 3rd party automation tools can do more harm than good.
212
+
211
213
The owner ID of the TXT records managed by external-dns instance can be updated.
212
214
213
215
When `--migrate-from-txt-owner` is set, it will enable the migration checks
@@ -293,3 +295,33 @@ spec:
293
295
294
296
If you didn't set the owner ID, the value set by external-dns is `default`. You can set the
295
297
`--migrate-from-txt-owner`flag to `default` to migrate the associated records.
> Warning: The `--migrate-from-txt-owner` flag combined with `policy=sync` can be unsafe in shared hosted zones when multiple clusters previously used the same TXT owner value (for example `default`).
302
+
303
+
In a shared hosted zone, if one cluster runs ExternalDNS with `policy=sync` and `--migrate-from-txt-owner=default`, it may attempt to delete DNS records that belong to other clusters which still use `owner=default`.
304
+
To avoid this, do not share the same TXT owner value across clusters in any zone where `policy=sync` or migration flags will be used.
305
+
306
+
#### Per-cluster owner IDs
307
+
308
+
For multi-cluster setups sharing a hosted zone:
309
+
310
+
- Assign a **unique** `--txt-owner-id` to each cluster (for example `cluster1`, `cluster2`) and document this convention clearly in your platform configuration.
311
+
- Avoid using a common owner such as `default` across clusters in a shared zone if any cluster will run with `policy=sync` or use `--migrate-from-txt-owner`.
312
+
313
+
#### Example migration sequence for shared zones
314
+
315
+
When migrating from a shared owner (such as `default`) in a shared hosted zone:
316
+
317
+
1. While still using `policy=upsert-only` (or equivalent), roll out cluster-specific `--txt-owner-id` values and ensure *new* records are created with the cluster’s own owner ID.
318
+
2. Avoid `--migrate-from-txt-owner=<old-owner>` unless you can guarantee that only a single cluster has records with `<old-owner>` in that hosted zone, or perform the migration in an isolated zone where only that cluster writes records.
319
+
320
+
### When to avoid owner migration
321
+
322
+
The following pattern is **not recommended** and may cause record deletion for other clusters:
323
+
324
+
- Multiple clusters share a Route53 hosted zone and all existing records use `owner=default`.
325
+
- Only one cluster is upgraded to use `policy=sync`, `--txt-owner-id=<cluster-name>`, and `--migrate-from-txt-owner=default`, while other clusters still use `owner=default`.
326
+
327
+
In this situation, the upgraded cluster can treat other clusters’ records as orphans and schedule them for deletion during synchronization. Prefer per-cluster zones, manual TXT record adjustment, or fully coordinated migration of all clusters if the migration flag must be used.
0 commit comments