search

StackExchange / dnscontrol

Infrastructure as code for DNS!
https://dnscontrol.org/
MIT License
3.16k stars 400 forks source link

Foundation DNS fails to deploy #3183

Closed wdhdev closed 3 weeks ago

wdhdev commented 3 weeks ago

Describe the bug For some reason, when using Cloudflare as the DNS provider in combination with Cloudflare's Enterprise Foundation DNS enabled, it continues to attempt to create the foundationdns(.com/.net/.org) NS records, even though they are not added in the script.

You can see the failed workflow here: https://github.com/is-a-dev/register/actions/runs/11623459807/job/32370520349

To Reproduce Steps to reproduce the behavior:

  1. Have a Cloudflare domain on the Enterprise plan
  2. Attempt to deploy DNS using a DNSControl script
  3. It will attempt to create some DNS records at the root with the Foundation DNS records.

Expected behavior It shouldn't be attempting to create any NS records at root. It works perfectly fine with the default *.ns.cloudflare.com nameservers.

DNS Provider

Additional context To enable Foundation DNS, it requires the Enterprise plan.

We are deploying our DNS from GitHub using GitHub Actions, using an unmodified version of DNSControl. All deploys were working perfectly fine before this: https://github.com/is-a-dev/register/tree/main/dnsconfig.js

cafferata commented 3 weeks ago

Ping @tresni, the maintainer of the Cloudflare provider.

wdhdev commented 3 weeks ago

After doing some testing, I managed to fix this by deploying the zone file to Cloudflare, but making DNSControl treat it as if it was a shadow nameserver, which makes DNSControl not attempt to deploy any NS records at the root.

Updated code:

- D("is-a.dev", NewRegistrar("none"), DnsProvider(NewDnsProvider("cloudflare")), commit);
+ D("is-a.dev", NewRegistrar("none"), DnsProvider(NewDnsProvider("cloudflare"), 0), commit);