fix: use UPSERT instead of CREATE for single-record AppendRecords#294
Open
andrewseddon wants to merge 1 commit intolibdns:masterfrom
Open
fix: use UPSERT instead of CREATE for single-record AppendRecords#294andrewseddon wants to merge 1 commit intolibdns:masterfrom
andrewseddon wants to merge 1 commit intolibdns:masterfrom
Conversation
When AppendRecords is called with a single record, it previously used the Route53 CREATE action which fails with InvalidChangeBatch if the ResourceRecordSet already exists. This commonly happens with ACME DNS-01 challenges when a _acme-challenge TXT record is left over from a previous attempt (e.g. after a container restart or failed cleanup). The fix removes the single-record special case so all appends use the same merge+UPSERT path that was already used for multi-record appends. This is idempotent and handles both new and existing record sets correctly. Fixes the error: Tried to create resource record set [name='_acme-challenge.example.com.', type='TXT'] but it already exists
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
When
AppendRecordsis called with a single record, it uses the Route53CREATEaction viacreateRecord(). This fails with anInvalidChangeBatcherror if the ResourceRecordSet already exists:This commonly happens with ACME DNS-01 challenges (e.g. via Caddy) when a
_acme-challengeTXT record is left over from a previous attempt — for example after a container restart, failed cleanup, or when both the staging and production ACME servers attempt the challenge.Fix
Remove the single-record special case in
appendRecordSet()so all appends use the existing merge+UPSERT path (which was already used for multi-record appends). This correctly handles both new and existing record sets.The multi-record path:
UPSERTto set the combined record setThis is one extra API call (
ListResourceRecordSets) compared to the previous single-record path, but is correct and idempotent.