SRV records cannot be created using DNSEndpoint CRD

[alexbakker-quandago]

What happened:

SRV records cannot be created through the DNSEndpoint CRD, because of an inconsistency in validation of trailing dots in targets. When specifying a target with a trailing dot, external-dns will complain about the fact that the target has a trailing dot, telling you to remove it. If you then remove the trailing dot from the target, external-dns will complain that the target is missing a trailing dot, telling you to add it.

What you expected to happen:

My SRV record to be created.

How to reproduce it (as minimally and precisely as possible):

1. Create an SRV record with targets containing a trailing dot:

apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
  name: example-domains
  namespace: example
spec:
  endpoints:
  - dnsName: _sips._tcp.sip.example.com
    recordTTL: 180
    recordType: SRV
    targets:
     - 1 100 5061 sips1.example.com.

2. Watch external-dns write the following to the log:

level=warning msg="Endpoint example/example-domains with DNSName _sips._tcp.sip.example.com has an illegal target \"1 100 5061 sips1.example.com.\" for SRV record — use \"1 100 5061 sips1.example.com\" not \"1 100 5061 sips1.example.com.\"."

3. Remove the trailing dot from the target:

apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
  name: example-domains
  namespace: example
spec:
  endpoints:
  - dnsName: _sips._tcp.sip.example.com
    recordTTL: 180
    recordType: SRV
    targets:
     - 1 100 5061 sips1.example.com

5. Watch external-dns write the following to the log:

level=debug msg="Invalid SRV record target: 1 100 5061 sips1.example.com. Target host does not end with a dot.'"
level=warning msg="Skipping endpoint [:_sips._tcp.sip.example.com] due to invalid configuration [SRV:1 100 5061 sips1.example.com]"

Anything else we need to know?:

...

Environment:

• External-DNS version (use external-dns --version): v20260406-v0.21.0
• DNS provider: aws

Checklist

• I have searched existing issues and tried to find a fix myself
• I am using the latest release,
  or have checked the staging image to confirm the bug is still reproducible
• I have provided the actual process flags (not Helm values)
• I have provided kubectl get <resource> -o yaml output including status
• I have provided full external-dns debug logs
• I have described what DNS records exist and what I expected

[alexbakker-quandago]

It's a little bit difficult to bisect this, but I'm fairly certain this issue was introduced in b453ea1. That patch essentially adds a second layer of validation (with different logic) on top of any existing validation that exists in a source (such as the CRD source).

The dedup source requires SRV targets with a trailing dot: https://github.com/kubernetes-sigs/external-dns/blob/v0.21.0/endpoint/endpoint.go#L654-L657

While the CRD source requires SRV targets without a trailing dot: https://github.com/kubernetes-sigs/external-dns/blob/v0.21.0/source/crd.go#L126-L143