From 4bde13ac62479537f73f2bd14f142b14b4e18b62 Mon Sep 17 00:00:00 2001
From: "Madhusudan.C.S" <madhusudancs@google.com>
Date: Wed, 10 May 2017 13:12:05 -0700
Subject: [PATCH] Remove all the existing records before creating new ones to
 avoid DNS misconfiguration.

When we fetch the dns records by name, we get a list of records that match
the given name. As an optimization we look up to see if the new record we
want to create is already in the returned list to avoid performing any updates.

However, when the new record we want to create isn't in the returned list, it
is hard to say if the returned list contains the list of records that we want
to retain. For example, we might get a list of A records and we want to create
a CNAME record. Creating a new CNAME record without removing the A records is
a DNS misconfiguration. So to play safe we just remove all the existing records
in the list and create the new desired record.

**Note**: This is the opposite of what I said here - https://reviewable.kubernetes.io/reviews/kubernetes/kubernetes/44626#-Ki9xQOzybryHvsxNrra.
---
 federation/pkg/federation-controller/service/dns.go | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/federation/pkg/federation-controller/service/dns.go b/federation/pkg/federation-controller/service/dns.go
index 7104bb72720..79e1a5ecd6e 100644
--- a/federation/pkg/federation-controller/service/dns.go
+++ b/federation/pkg/federation-controller/service/dns.go
@@ -254,9 +254,11 @@ func (s *ServiceController) ensureDnsRrsets(dnsZone dnsprovider.Zone, dnsName st
 				// Need to replace the existing one with a better one (or just remove it if we have no healthy endpoints).
 				glog.V(4).Infof("Existing recordset %v not equivalent to needed recordset %v removing existing and adding needed.", rrsetList, newRrset)
 				changeSet := rrsets.StartChangeset()
-				changeSet.Remove(found)
+				for i := range rrsetList {
+					changeSet = changeSet.Remove(rrsetList[i])
+				}
 				if uplevelCname != "" {
-					changeSet.Add(newRrset)
+					changeSet = changeSet.Add(newRrset)
 					if err := changeSet.Apply(); err != nil {
 						return err
 					}
@@ -288,7 +290,12 @@ func (s *ServiceController) ensureDnsRrsets(dnsZone dnsprovider.Zone, dnsName st
 			} else {
 				// Need to replace the existing one with a better one
 				glog.V(4).Infof("Existing recordset %v is not equivalent to needed recordset %v, removing existing and adding needed.", found, newRrset)
-				if err = rrsets.StartChangeset().Remove(found).Add(newRrset).Apply(); err != nil {
+				changeSet := rrsets.StartChangeset()
+				for i := range rrsetList {
+					changeSet = changeSet.Remove(rrsetList[i])
+				}
+				changeSet = changeSet.Add(newRrset)
+				if err = changeSet.Apply(); err != nil {
 					return err
 				}
 				glog.V(4).Infof("Successfully replaced recordset %v -> %v", found, newRrset)