TXT record duplication

[manuelmazzuola]

What happened:

We are running External-DNS version v0.15.1, deployed with the following configuration:

--log-level=info \
--log-format=text \
--interval=30m \
--events \
--source=service \
--source=ingress \
--source=crd \
--policy=sync \
--registry=txt \
--txt-owner-id=eks-usrv-projecta \
--txt-prefix=external-dns- \
--domain-filter=projecta.example.internal \
--domain-filter=projecta.example.com \
--label-filter=external-dns=enabled \
--provider=aws \
--aws-batch-change-size=1000 \
--aws-batch-change-interval=10s

AWS is the DNS provider, and we are using Route53 with both a private and a public hosted zone. We have a bunch of ingresses resources in the cluster, and some services: one service associated with the public hosted zone, the other with the private.

The problem observed is that External-DNS would create the TXT records as expected in Route53, but would then encounter errors indicating that the TXT record could not be created due to duplication. Even if the duplicate TXT record was manually deleted, it would be immediately recreated, and the duplicate error would appear again. There were no CNAME or A records with the same name already present. It's as if External-DNS forgot that it had just created the TXT record and tried to recreate it repeatedly, resulting in a constant error loop.

Ultimately, the issue was resolved by simply restarting the External-DNS pod; after the restart, the duplication and creation error did not recur.

What you expected to happen:

TXT records for new DNS entries should be created only if they do not exist, and External-DNS should correctly track ownership. No duplicate creation attempts or errors should appear. No manual intervention or pod restart should be required for normal operations.

Anything else we need to know?:

• The deployment is using an AWS Application Load Balancer.
• The error persisted until the pod was manually restarted. Afterwards, everything worked as expected.
• Verified that no other A or CNAME records existed with the same name when testing.

LOGS

time="2025-11-05T09:56:32Z" level=info msg="Desired change: CREATE external-dns-cname-kong-microservices-app.projecta.example.com TXT" profile=default zoneID=/hostedzone/ZAAAAAA1AAAA111AAAA zoneName=projecta.example.com.
time="2025-11-05T09:56:32Z" level=info msg="Desired change: CREATE external-dns-kong-microservices-app.projecta.example.com TXT" profile=default zoneID=/hostedzone/ZAAAAAA1AAAA111AAAA zoneName=projecta.example.com.
time="2025-11-05T09:56:32Z" level=info msg="Desired change: CREATE kong-microservices-app.projecta.example.com A" profile=default zoneID=/hostedzone/ZAAAAAA1AAAA111AAAA zoneName=projecta.example.com.
time="2025-11-05T09:56:32Z" level=error msg="Failure in zone projecta.example.com. when submitting change batch: operation error Route 53: ChangeResourceRecordSets, https response error StatusCode: 400, RequestID: cef75d3b-694e-4303-b95b-9876da99bec2, InvalidChangeBatch: [Tried to create resource record set [name='external-dns-cname-kong-microservices-app.projecta.example.com.', type='TXT'] but it already exists, Tried to create resource record set [name='external-dns-kong-microservices-app.projecta.example.com.', type='TXT'] but it already exists]" profile=default zoneID=/hostedzone/ZAAAAAA1AAAA111AAAA zoneName=projecta.example.com.

time="2025-11-05T09:56:42Z" level=info msg="Desired change: CREATE external-dns-cname-kong-admin-ms-app.projecta.internal.example TXT" profile=default zoneID=/hostedzone/ZBBBBBBB9BBBB999BBBB zoneName=projecta.internal.example.
time="2025-11-05T09:56:42Z" level=info msg="Desired change: CREATE external-dns-cname-kong-manager-ms-app.projecta.internal.example TXT" profile=default zoneID=/hostedzone/ZBBBBBBB9BBBB999BBBB zoneName=projecta.internal.example.
time="2025-11-05T09:56:42Z" level=info msg="Desired change: CREATE external-dns-cname-kong-microservices-app.projecta.internal.example TXT" profile=default zoneID=/hostedzone/ZBBBBBBB9BBBB999BBBB zoneName=projecta.internal.example.
time="2025-11-05T09:56:42Z" level=info msg="Desired change: CREATE external-dns-kong-admin-ms-app.projecta.internal.example TXT" profile=default zoneID=/hostedzone/ZBBBBBBB9BBBB999BBBB zoneName=projecta.internal.example.
time="2025-11-05T09:56:42Z" level=info msg="Desired change: CREATE external-dns-kong-manager-ms-app.projecta.internal.example TXT" profile=default zoneID=/hostedzone/ZBBBBBBB9BBBB999BBBB zoneName=projecta.internal.example.
time="2025-11-05T09:56:42Z" level=info msg="Desired change: CREATE external-dns-kong-microservices-app.projecta.internal.example TXT" profile=default zoneID=/hostedzone/ZBBBBBBB9BBBB999BBBB zoneName=projecta.internal.example.
time="2025-11-05T09:56:42Z" level=info msg="Desired change: CREATE kong-admin-ms-app.projecta.internal.example A" profile=default zoneID=/hostedzone/ZBBBBBBB9BBBB999BBBB zoneName=projecta.internal.example.
time="2025-11-05T09:56:42Z" level=info msg="Desired change: CREATE kong-manager-ms-app.projecta.internal.example A" profile=default zoneID=/hostedzone/ZBBBBBBB9BBBB999BBBB zoneName=projecta.internal.example.
time="2025-11-05T09:56:42Z" level=info msg="Desired change: CREATE kong-microservices-app.projecta.internal.example A" profile=default zoneID=/hostedzone/ZBBBBBBB9BBBB999BBBB zoneName=projecta.internal.example.
time="2025-11-05T09:56:43Z" level=error msg="Failure in zone projecta.internal.example. when submitting change batch: operation error Route 53: ChangeResourceRecordSets, https response error StatusCode: 400, RequestID: 4e85de32-3ac3-4532-9e79-2877b1731081, InvalidChangeBatch: [Tried to create resource record set [name='external-dns-cname-kong-admin-ms-app.projecta.internal.example.', type='TXT'] but it already exists, Tried to create resource record set [name='external-dns-cname-kong-manager-ms-app.projecta.internal.example.', type='TXT'] but it already exists, Tried to create resource record set [name='external-dns-kong-admin-ms-app.projecta.internal.example.', type='TXT'] but it already exists, Tried to create resource record set [name='external-dns-kong-manager-ms-app.projecta.internal.example.', type='TXT'] but it already exists]" profile=default zoneID=/hostedzone/ZBBBBBBB9BBBB999BBBB zoneName=projecta.internal.example.
time="2025-11-05T09:56:43Z" level=error msg="Failed submitting change (error: operation error Route 53: ChangeResourceRecordSets, https response error StatusCode: 400, RequestID: 698035d7-8c1d-49c5-ae57-26f2d5445780, InvalidChangeBatch: [Tried to create resource record set [name='external-dns-cname-kong-admin-ms-app.projecta.internal.example.', type='TXT'] but it already exists, Tried to create resource record set [name='external-dns-kong-admin-ms-app.projecta.internal.example.', type='TXT'] but it already exists]), it will be retried in a separate change batch in the next iteration" profile=default zoneID=/hostedzone/ZBBBBBBB9BBBB999BBBB zoneName=projecta.internal.example.
time="2025-11-05T09:56:43Z" level=error msg="Failed submitting change (error: operation error Route 53: ChangeResourceRecordSets, https response error StatusCode: 400, RequestID: bd424226-f9c2-4bc5-814b-45be33458393, InvalidChangeBatch: [Tried to create resource record set [name='external-dns-cname-kong-manager-ms-app.projecta.internal.example.', type='TXT'] but it already exists, Tried to create resource record set [name='external-dns-kong-manager-ms-app.projecta.internal.example.', type='TXT'] but it already exists]), it will be retried in a separate change batch in the next iteration" profile=default zoneID=/hostedzone/ZBBBBBBB9BBBB999BBBB zoneName=projecta.internal.example.
time="2025-11-05T09:56:44Z" level=info msg="3 record(s) were successfully updated" profile=default zoneID=/hostedzone/ZBBBBBBB9BBBB999BBBB zoneName=projecta.internal.example.
time="2025-11-05T09:56:54Z" level=error msg="Failed to do run once: soft error\nfailed to submit all changes for the following zones: [/hostedzone/ZAAAAAA1AAAA111AAAA /hostedzone/ZBBBBBBB9BBBB999BBBB]"

Environment:

• External-DNS version: v0.15.1
• DNS provider: AWS Route53
• Kubernetes platform: EKS
• Hosted zones: One public, one private
• ALB Ingress Controller: in use

[ivankatliarchuk]

There is no support for older versions. Only upstream, as we have no resources or capacity to support/patch previous versions. Try 0.19 and master version. If bug still exist, we need kube manifests to reproduce it.

[ivankatliarchuk]

Pull master branch and execute go main.go <your-flags>. Have a look, the problem could be resolved. The bug report without following our teamplates https://github.com/kubernetes-sigs/external-dns/blob/master/.github/ISSUE_TEMPLATE/---bug-report.md, most likely not going to be addressed.