Merge branch 'master' into godaddy

d3c30919 · fboltz · 66dcd89e · 338e8b19 · d3c30919 · d3c30919
Commit d3c30919 authored 4 years ago by fboltz
Expand all Hide whitespace changes
Inline Side-by-side

Showing

with 1013 additions and 670 deletions
+1013 -670
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,7 @@
 - Fix NodePort with externaltrafficpolicy targets duplication @codearky
 - Update contributing section in README (#1760) @seanmalloy
 - Option to cache AWS zones list @bpineau
+- Refactor, enhance and test Akamai provider and documentation (#1846) @edglynes

 ## v0.7.3 - 2020-08-05


--- a/README.md
+++ b/README.md
@@ -48,6 +48,7 @@ ExternalDNS' current release is `v0.7`. This version allows you to keep selected
 * [Vultr](https://www.vultr.com)
 * [OVH](https://www.ovh.com)
 * [Scaleway](https://www.scaleway.com)
+* [Akamai Edge DNS](https://learn.akamai.com/en-us/products/cloud_security/edge_dns.html)
 * [GoDaddy](https://www.godaddy.com)

 From this release, ExternalDNS can become aware of the records it is managing (enabled via `--registry=txt`), therefore ExternalDNS can safely manage non-empty hosted zones. We strongly encourage you to use `v0.5` (or greater) with `--registry=txt` enabled and `--txt-owner-id` set to a unique value that doesn't change for the lifetime of your cluster. You might also want to run ExternalDNS in a dry run mode (`--dry-run` flag) to see the changes to be submitted to your DNS Provider API.
@@ -79,6 +80,7 @@ The following table clarifies the current status of the providers according to t
 | Google Cloud DNS | Stable | |
 | AWS Route 53 | Stable | |
 | AWS Cloud Map | Beta | |
+| Akamai Edge DNS | Beta | |
 | AzureDNS | Beta | |
 | CloudFlare | Beta | |
 | RcodeZero | Alpha | |
@@ -98,7 +100,6 @@ The following table clarifies the current status of the providers according to t
 | TransIP | Alpha | |
 | VinylDNS | Alpha | |
 | RancherDNS | Alpha | |
-| Akamai FastDNS | Alpha | |
 | OVH | Alpha | |
 | Scaleway DNS | Alpha | @Sh4d1 |
 | Vultr | Alpha | |

--- a/controller/controller.go
+++ b/controller/controller.go
@@ -117,6 +117,8 @@ type Controller struct {
 	nextRunAt time.Time
 	// The nextRunAtMux is for atomic updating of nextRunAt
 	nextRunAtMux sync.Mutex
+	// DNS record types that will be considered for management
+	ManagedRecordTypes []string
 }

 // RunOnce runs a single iteration of a reconciliation loop.
@@ -147,6 +149,7 @@ func (c *Controller) RunOnce(ctx context.Context) error {
 		Desired:            endpoints,
 		DomainFilter:       c.DomainFilter,
 		PropertyComparator: c.Registry.PropertyValuesEqual,
+		ManagedRecords:     []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
 	}

 	plan = plan.Calculate()

--- a/docs/tutorials/akamai-edgedns.md
+++ b/docs/tutorials/akamai-edgedns.md
+# Setting up External-DNS for Services on Akamai Edge DNS
+
+## Prerequisites
+
+Akamai Edge DNS (formally known as Fast DNS) provider support was first released in External-DNS v0.5.18
+
+### Zones
+
+External-DNS manages service endpoints in existing DNS zones. The Akamai provider does not add, remove or configure new zones in anyway. Edge DNS zones can be created and managed thru the [Akamai Control Center](https://control.akamai.com) or [Akamai DevOps Tools](https://developer.akamai.com/devops), [Akamai CLI](https://developer.akamai.com/cli) and [Akamai Terraform Provider](https://developer.akamai.com/tools/integrations/terraform)
+
+### Akamai Edge DNS Authentication
+
+The Akamai Edge DNS provider requires valid Akamai Edgegrid API authentication credentials to access zones and manage associated DNS records. 
+
+Credentials can be provided to the provider either directly by key or indirectly via a file. The Akamai credential keys and mappings to the Akamai provider utilizing different presentation methods are:
+
+| Edgegrid Auth Key | External-DNS Cmd Line Key | Environment/ConfigMap Key | Description |
+| ----------------- | ------------------------- | ------------------------- | ----------- |
+| host | akamai-serviceconsumerdomain | EXTERNAL_DNS_AKAMAI_SERVICECONSUMERDOMAIN | Akamai Edgegrid API server |
+| access_token | akamai-access-token | EXTERNAL_DNS_AKAMAI_ACCESS_TOKEN | Akamai Edgegrid API access token |
+| client_token | akamai-client-token  | EXTERNAL_DNS_AKAMAI_CLIENT_TOKEN |Akamai Edgegrid API client token |
+| client-secret | akamai-client-secret | EXTERNAL_DNS_AKAMAI_CLIENT_SECRET |Akamai Edgegrid API client secret |
+
+In addition to specifying auth credentials individually, the credentials may be referenced indirectly by using the Akamai Edgegrid .edgerc file convention.
+
+| External-DNS Cmd Line | Environment/ConfigMap | Description |
+| --------------------- | --------------------- | ----------- |
+| akamai-edgerc-path | EXTERNAL_DNS_AKAMAI_EDGERC_PATH | Accessible path to Edgegrid credentials file, e.g /home/test/.edgerc |
+| akamai-edgerc-section | EXTERNAL_DNS_AKAMAI_EDGERC_SECTION | Section in Edgegrid credentials file containing credentials |
+
+Note: akamai-edgerc-path and akamai-edgerc-section are present in External-DNS versions after v0.7.5
+
+[Akamai API Authentication](https://developer.akamai.com/getting-started/edgegrid) provides an overview and further information pertaining to the generation of auth credentials for API base applications and tools.
+
+The following example defines and references a Kubernetes ConfigMap secret, applied by referencing the secret and its keys in the env section of the deployment.
+
+
+## Deploy External-DNS
+
+An operational External-DNS deployment consists of an External-DNS container and service. The following sections demonstrate the ConfigMap objects that would make up an example functional external DNS kubernetes configuration utilizing NGINX as the exposed service.
+
+Connect your `kubectl` client to the cluster with which you want to test External-DNS, and then apply one of the following manifest files for deployment:
+
+### Manifest (for clusters without RBAC enabled)
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: external-dns
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: external-dns
+  template:
+    metadata:
+      labels:
+        app: external-dns
+    spec:
+      containers:
+      - name: external-dns
+        image: k8s.gcr.io/external-dns/external-dns:v0.7.5
+        args:
+        - --source=service  # or ingress or both
+        - --provider=akamai
+        - --domain-filter=example.com
+        # zone-id-filter may be specified as well to filter on contract ID
+        - --registry=txt
+        - --txt-owner-id={{ owner-id-for-this-external-dns }}
+        env:
+        - name: EXTERNAL_DNS_AKAMAI_SERVICECONSUMERDOMAIN
+          valueFrom:
+            secretKeyRef:
+              name: external-dns
+              key: EXTERNAL_DNS_AKAMAI_SERVICECONSUMERDOMAIN
+        - name: EXTERNAL_DNS_AKAMAI_CLIENT_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: external-dns
+              key: EXTERNAL_DNS_AKAMAI_CLIENT_TOKEN
+        - name: EXTERNAL_DNS_AKAMAI_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: external-dns
+              key: EXTERNAL_DNS_AKAMAI_CLIENT_SECRET
+        - name: EXTERNAL_DNS_AKAMAI_ACCESS_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: external-dns
+              key: EXTERNAL_DNS_AKAMAI_ACCESS_TOKEN
+```
+
+### Manifest (for clusters with RBAC enabled)
+
+```yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: external-dns
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: external-dns
+rules:
+- apiGroups: [""]
+  resources: ["services","endpoints","pods"]
+  verbs: ["get","watch","list"]
+- apiGroups: ["extensions","networking.k8s.io"]
+  resources: ["ingresses"]
+  verbs: ["get","watch","list"]
+- apiGroups: [""]
+  resources: ["nodes"]
+  verbs: ["watch", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: external-dns-viewer
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: external-dns
+subjects:
+- kind: ServiceAccount
+  name: external-dns
+  namespace: default
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: external-dns
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: external-dns
+  template:
+    metadata:
+      labels:
+        app: external-dns
+    spec:
+      containers:
+      - name: external-dns
+        image: k8s.gcr.io/external-dns/external-dns:v0.7.5
+        args:
+        - --source=service  # or ingress or both
+        - --provider=akamai
+        - --domain-filter=example.com
+        # zone-id-filter may be specified as well to filter on contract ID
+        - --registry=txt
+        - --txt-owner-id={{ owner-id-for-this-external-dns }}
+        env:
+        - name: EXTERNAL_DNS_AKAMAI_SERVICECONSUMERDOMAIN
+          valueFrom:
+            secretKeyRef:
+              name: external-dns
+              key: EXTERNAL_DNS_AKAMAI_SERVICECONSUMERDOMAIN
+        - name: EXTERNAL_DNS_AKAMAI_CLIENT_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: external-dns
+              key: EXTERNAL_DNS_AKAMAI_CLIENT_TOKEN
+        - name: EXTERNAL_DNS_AKAMAI_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: external-dns
+              key: EXTERNAL_DNS_AKAMAI_CLIENT_SECRET
+        - name: EXTERNAL_DNS_AKAMAI_ACCESS_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: external-dns
+              key: EXTERNAL_DNS_AKAMAI_ACCESS_TOKEN
+```
+
+Create the deployment for External-DNS:
+
+```
+$ kubectl create -f externaldns.yaml
+```
+
+## Deploying an Nginx Service
+
+Create a service file called 'nginx.yaml' with the following contents:
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx
+spec:
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - image: nginx
+        name: nginx
+        ports:
+        - containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: nginx.example.com
+    external-dns.alpha.kubernetes.io/ttl: "600" #optional
+spec:
+  selector:
+    app: nginx
+  type: LoadBalancer
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+```
+
+Create the deployment, service and ingress object:
+
+```
+$ kubectl create -f nginx.yaml
+```
+
+## Verify Akamai Edge DNS Records
+
+It is recommended to wait 3-5 minutes before validating the records to allow the record changes to propagate to all the Akamai name servers worldwide.
+
+The records can be validated using the [Akamai Control Center](http://control.akamai.com) or by executing a dig, nslookup or similar DNS command.
+ 
+## Cleanup
+
+Once you successfully configure and verify record management via External-DNS, you can delete the tutorial's example:
+
+```
+$ kubectl delete -f nginx.yaml
+$ kubectl delete -f externaldns.yaml
+```
+
+## Additional Information
+
+* The Akamai provider allows the administrative user to filter zones by both name (domain-filter) and contract Id (zone-id-filter). The Edge DNS API will return a '500 Internal Error' if an invalid contract Id is provided.
+* The provider will substitute any embedded quotes in TXT records with `` ` `` (back tick) when writing the records to the API.
+   
--- a/docs/tutorials/akamai-fastdns.md
+++ b/docs/tutorials/akamai-fastdns.md
-# Setting up Akamai FastDNS
-
-## Prerequisites
-
-Akamai FastDNS provider support was added via [this PR](https://github.com/kubernetes-sigs/external-dns/pull/1384), thus you need to use a release where this pr is included. This should be at least v0.5.18
-
-The Akamai FastDNS provider expects that your zones, you wish to add records to, already exists
-and are configured correctly. It does not add, remove or configure new zones in anyway.
-
-To do this please refer to the [FastDNS documentation](https://developer.akamai.com/legacy/cli/packages/fast-dns.html).
-
-Additional data you will have to provide:
-
-* Service Consumer Domain
-* Access token
-* Client token
-* Client Secret
-
-Make these available to external DNS somehow. In the following example a secret is used by referencing the secret and its keys in the env section of the deployment.
-
-If you happen to have questions regarding authentication, please refer to the [API Client Authentication documentation](https://developer.akamai.com/legacy/introduction/Client_Auth.html)
-
-## Deployment
-
-Deploying external DNS for Akamai is actually nearly identical to deploying
-it for other providers. This is what a sample `deployment.yaml` looks like:
-
-```yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: external-dns
-  labels:
-    app.kubernetes.io/name: external-dns
-    app.kubernetes.io/version: v0.6.0
-spec:
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: external-dns
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: external-dns
-        app.kubernetes.io/version: v0.6.0
-    spec:
-      # Only use if you're also using RBAC
-      # serviceAccountName: external-dns
-      containers:
-      - name: external-dns
-        image: k8s.gcr.io/external-dns/external-dns:v0.7.3
-        args:
-        - --source=ingress # or service or both
-        - --provider=akamai
-        - --registry=txt
-        - --txt-owner-id={{ owner-id-for-this-external-dns }}
-        env:
-        - name: EXTERNAL_DNS_AKAMAI_SERVICECONSUMERDOMAIN
-          valueFrom:
-            secretKeyRef:
-              name: external-dns
-              key: EXTERNAL_DNS_AKAMAI_SERVICECONSUMERDOMAIN
-        - name: EXTERNAL_DNS_AKAMAI_CLIENT_TOKEN
-          valueFrom:
-            secretKeyRef:
-              name: external-dns
-              key: EXTERNAL_DNS_AKAMAI_CLIENT_TOKEN
-        - name: EXTERNAL_DNS_AKAMAI_CLIENT_SECRET
-          valueFrom:
-            secretKeyRef:
-              name: external-dns
-              key: EXTERNAL_DNS_AKAMAI_CLIENT_SECRET
-        - name: EXTERNAL_DNS_AKAMAI_ACCESS_TOKEN
-          valueFrom:
-            secretKeyRef:
-              name: external-dns
-              key: EXTERNAL_DNS_AKAMAI_ACCESS_TOKEN
-```
-
-## RBAC
-
-If your cluster is RBAC enabled, you also need to setup the following, before you can run external-dns:
-
-```yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: external-dns
-  namespace: default
---
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: external-dns
-rules:
- apiGroups: [""]
-  resources: ["services","endpoints","pods"]
-  verbs: ["get","watch","list"]
- apiGroups: ["extensions","networking.k8s.io"]
-  resources: ["ingresses"]
-  verbs: ["get","watch","list"]
- apiGroups: [""]
-  resources: ["nodes"]
-  verbs: ["list"]
---
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  name: external-dns-viewer
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: external-dns
-subjects:
- kind: ServiceAccount
-  name: external-dns
-  namespace: default
-```
-## Verify ExternalDNS works (Ingress example)
-
-Create an ingress resource manifest file.
-
-> For ingress objects ExternalDNS will create a DNS record based on the host specified for the ingress object.
-
-```yaml
-apiVersion: networking.k8s.io/v1beta1
-kind: Ingress
-metadata:
-  name: foo
-  annotations:
-    kubernetes.io/ingress.class: "nginx" # use the one that corresponds to your ingress controller.
-spec:
-  rules:
-  - host: foo.bar.com
-    http:
-      paths:
-      - backend:
-          serviceName: foo
-          servicePort: 80
-```
-
-## Verify ExternalDNS works (Service example)
-
-Create the following sample application to test that ExternalDNS works.
-
-> For services ExternalDNS will look for the annotation `external-dns.alpha.kubernetes.io/hostname` on the service and use the corresponding value.
-
-> If you want to give multiple names to service, you can set it to external-dns.alpha.kubernetes.io/hostname with a comma separator.
-
-```yaml
-apiVersion: v1
-kind: Service
-metadata:
-  name: nginx
-  annotations:
-    external-dns.alpha.kubernetes.io/hostname: nginx.external-dns-test.my-org.com
-spec:
-  type: LoadBalancer
-  ports:
-  - port: 80
-    name: http
-    targetPort: 80
-  selector:
-    app: nginx
-
---
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: nginx
-spec:
-  selector:
-    matchLabels:
-      app: nginx
-  template:
-    metadata:
-      labels:
-        app: nginx
-    spec:
-      containers:
-      - image: nginx
-        name: nginx
-        ports:
-        - containerPort: 80
-          name: http
-```
-
-
-**Important!**: Don't run dig, nslookup or similar immediately. You'll get hit by [negative DNS caching](https://tools.ietf.org/html/rfc2308), which is hard to flush.
-Wait about 30s-1m (interval for external-dns to kick in)
--- a/docs/tutorials/aws.md
+++ b/docs/tutorials/aws.md
@@ -414,6 +414,39 @@ You can configure Route53 to associate DNS records with healthchecks for automat

 Note: ExternalDNS does not support creating healthchecks, and assumes that `<health-check-id>` already exists.

+## Govcloud caveats
+
+Due to the special nature with how Route53 runs in Govcloud, there are a few tweaks in the deployment settings.
+
+* An Environment variable with name of AWS_REGION set to either us-gov-west-1 or us-gov-east-1 is required. Otherwise it tries to lookup a region that does not exist in Govcloud and it errors out.
+
+```yaml
+env:
+- name: AWS_REGION
+  value: us-gov-west-1
+```
+
+* Route53 in Govcloud does not allow aliases. Therefore, container args must be set so that it uses CNAMES and a txt-prefix must be set to something. Otherwise, it will try to create a TXT record with the same value than the CNAME itself, which is not allowed.
+
+```yaml
+args:
+- --aws-prefer-cname
+- --txt-prefix={{ YOUR_PREFIX }}
+```
+
+* The first two changes are needed if you use Route53 in Govcloud, which only supports private zones. There are also no cross account IAM whatsoever between Govcloud and commerical AWS accounts. If services and ingresses need to make Route 53 entries to an public zone in a commerical account, you will have set env variables of AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY with a key and secret to the commerical account that has the sufficient rights.
+
+```yaml
+env:
+- name: AWS_ACCESS_KEY_ID
+  value: XXXXXXXXX
+- name: AWS_SECRET_ACCESS_KEY
+  valueFrom:
+    secretKeyRef:
+      name: {{ YOUR_SECRET_NAME }}
+      key: {{ YOUR_SECRET_KEY }}
+```
+
 ## Clean up

 Make sure to delete all Service objects before terminating the cluster so all load balancers get cleaned up correctly.

--- a/go.mod
+++ b/go.mod
@@ -10,7 +10,7 @@ require (
 	github.com/Azure/go-autorest/autorest/adal v0.9.5
 	github.com/Azure/go-autorest/autorest/azure/auth v0.5.3
 	github.com/Azure/go-autorest/autorest/to v0.4.0
-	github.com/akamai/AkamaiOPEN-edgegrid-golang v0.9.11
+	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.0.0
 	github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38 // indirect
 	github.com/alecthomas/colour v0.1.0 // indirect
 	github.com/alecthomas/kingpin v2.2.5+incompatible

--- a/go.sum
+++ b/go.sum
@@ -60,6 +60,8 @@ github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4Rq
 github.com/ahmetb/gen-crd-api-reference-docs v0.1.5/go.mod h1:P/XzJ+c2+khJKNKABcm2biRwk2QAuwbLf8DlXuaL7WM=
 github.com/akamai/AkamaiOPEN-edgegrid-golang v0.9.11 h1:QGjNHMwoPYxE5NpOAc8kpd2KTY293/oFk5BWdjkza+k=
 github.com/akamai/AkamaiOPEN-edgegrid-golang v0.9.11/go.mod h1:L+HB2uBoDgi3+r1pJEJcbGwyyHhd2QXaGsKLbDwtm8Q=
+github.com/akamai/AkamaiOPEN-edgegrid-golang v1.0.0 h1:FJF58TWBaQnGqTIcziIP5/z3TTqWUn8fh26z03oZE2c=
+github.com/akamai/AkamaiOPEN-edgegrid-golang v1.0.0/go.mod h1:kX6YddBkXqqywAe8c9LyvgTCyFuZCTMF4cRPQhc3Fy8=
 github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38 h1:smF2tmSOzy2Mm+0dGI2AIUHY+w0BUc+4tn40djz7+6U=
 github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38/go.mod h1:r7bzyVFMNntcxPZXK3/+KdruV1H5KSlyVY0gc+NgInI=
 github.com/alecthomas/colour v0.1.0 h1:nOE9rJm6dsZ66RGWYSFrXw461ZIt9A6+nHgL7FRrDUk=

--- a/kustomize/kustomization.yaml
+++ b/kustomize/kustomization.yaml
@@ -3,7 +3,7 @@ kind: Kustomization

 images:
  - name: k8s.gcr.io/external-dns/external-dns
-    newTag: v0.7.5
+    newTag: v0.7.6

 resources:
  - ./external-dns-deployment.yaml

--- a/main.go
+++ b/main.go
@@ -152,7 +152,7 @@ func main() {
 	var p provider.Provider
 	switch cfg.Provider {
 	case "akamai":
-		p = akamai.NewAkamaiProvider(
+		p, err = akamai.NewAkamaiProvider(
 			akamai.AkamaiConfig{
 				DomainFilter:          domainFilter,
 				ZoneIDFilter:          zoneIDFilter,
@@ -160,9 +160,10 @@ func main() {
 				ClientToken:           cfg.AkamaiClientToken,
 				ClientSecret:          cfg.AkamaiClientSecret,
 				AccessToken:           cfg.AkamaiAccessToken,
+				EdgercPath:            cfg.AkamaiEdgercPath,
+				EdgercSection:         cfg.AkamaiEdgercSection,
 				DryRun:                cfg.DryRun,
-			},
-		)
+			}, nil)
 	case "alibabacloud":
 		p, err = alibabacloud.NewAlibabaCloudProvider(cfg.AlibabaCloudConfigFile, domainFilter, zoneIDFilter, cfg.AlibabaCloudZoneType, cfg.DryRun)
 	case "aws":
@@ -330,11 +331,12 @@ func main() {
 	}

 	ctrl := controller.Controller{
-		Source:       endpointsSource,
-		Registry:     r,
-		Policy:       policy,
-		Interval:     cfg.Interval,
-		DomainFilter: domainFilter,
+		Source:             endpointsSource,
+		Registry:           r,
+		Policy:             policy,
+		Interval:           cfg.Interval,
+		DomainFilter:       domainFilter,
+		ManagedRecordTypes: cfg.ManagedDNSRecordTypes,
 	}

 	if cfg.Once {

--- a/pkg/apis/externaldns/types.go
+++ b/pkg/apis/externaldns/types.go
@@ -22,6 +22,8 @@ import (
 	"strconv"
 	"time"

+	"sigs.k8s.io/external-dns/endpoint"
+
 	"github.com/alecthomas/kingpin"
 	"github.com/sirupsen/logrus"

@@ -88,6 +90,8 @@ type Config struct {
 	AkamaiClientToken                 string
 	AkamaiClientSecret                string
 	AkamaiAccessToken                 string
+	AkamaiEdgercPath                  string
+	AkamaiEdgercSection               string
 	InfobloxGridHost                  string
 	InfobloxWapiPort                  int
 	InfobloxWapiUsername              string
@@ -148,6 +152,7 @@ type Config struct {
 	TransIPAccountName                string
 	TransIPPrivateKeyFile             string
 	DigitalOceanAPIPageSize           int
+	ManagedDNSRecordTypes             []string
 	GoDaddyAPIKey                     string `secure:"yes"`
 	GoDaddySecretKey                  string `secure:"yes"`
 	GoDaddyTTL                        int64
@@ -199,6 +204,8 @@ var defaultConfig = &Config{
 	AkamaiClientToken:           "",
 	AkamaiClientSecret:          "",
 	AkamaiAccessToken:           "",
+	AkamaiEdgercSection:         "",
+	AkamaiEdgercPath:            "",
 	InfobloxGridHost:            "",
 	InfobloxWapiPort:            443,
 	InfobloxWapiUsername:        "admin",
@@ -254,6 +261,7 @@ var defaultConfig = &Config{
 	TransIPAccountName:          "",
 	TransIPPrivateKeyFile:       "",
 	DigitalOceanAPIPageSize:     50,
+	ManagedDNSRecordTypes:       []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
 	GoDaddyAPIKey:               "",
 	GoDaddySecretKey:            "",
 	GoDaddyTTL:                  600,
@@ -335,6 +343,7 @@ func (cfg *Config) ParseFlags(args []string) error {
 	app.Flag("crd-source-apiversion", "API version of the CRD for crd source, e.g. `externaldns.k8s.io/v1alpha1`, valid only when using crd source").Default(defaultConfig.CRDSourceAPIVersion).StringVar(&cfg.CRDSourceAPIVersion)
 	app.Flag("crd-source-kind", "Kind of the CRD for the crd source in API group and version specified by crd-source-apiversion").Default(defaultConfig.CRDSourceKind).StringVar(&cfg.CRDSourceKind)
 	app.Flag("service-type-filter", "The service types to take care about (default: all, expected: ClusterIP, NodePort, LoadBalancer or ExternalName)").StringsVar(&cfg.ServiceTypeFilter)
+	app.Flag("managed-record-types", "Comma separated list of record types to manage (default: A, CNAME) (supported records: CNAME, A, NS").Default("A", "CNAME").StringsVar(&cfg.ManagedDNSRecordTypes)

 	// Flags related to providers
 	app.Flag("provider", "The DNS provider where the DNS records will be created (required, options: aws, aws-sd, google, azure, azure-dns, azure-private-dns, cloudflare, rcodezero, digitalocean, hetzner, dnsimple, akamai, infoblox, dyn, designate, coredns, skydns, inmemory, ovh, pdns, oci, exoscale, linode, rfc2136, ns1, transip, vinyldns, rdns, scaleway, vultr, ultradns)").Required().PlaceHolder("provider").EnumVar(&cfg.Provider, "aws", "aws-sd", "google", "azure", "azure-dns", "hetzner", "azure-private-dns", "alibabacloud", "cloudflare", "rcodezero", "digitalocean", "dnsimple", "akamai", "infoblox", "dyn", "designate", "coredns", "skydns", "inmemory", "ovh", "pdns", "oci", "exoscale", "linode", "rfc2136", "ns1", "transip", "vinyldns", "rdns", "scaleway", "vultr", "ultradns", "godaddy")
@@ -363,10 +372,12 @@ func (cfg *Config) ParseFlags(args []string) error {
 	app.Flag("cloudflare-proxied", "When using the Cloudflare provider, specify if the proxy mode must be enabled (default: disabled)").BoolVar(&cfg.CloudflareProxied)
 	app.Flag("cloudflare-zones-per-page", "When using the Cloudflare provider, specify how many zones per page listed, max. possible 50 (default: 50)").Default(strconv.Itoa(defaultConfig.CloudflareZonesPerPage)).IntVar(&cfg.CloudflareZonesPerPage)
 	app.Flag("coredns-prefix", "When using the CoreDNS provider, specify the prefix name").Default(defaultConfig.CoreDNSPrefix).StringVar(&cfg.CoreDNSPrefix)
-	app.Flag("akamai-serviceconsumerdomain", "When using the Akamai provider, specify the base URL (required when --provider=akamai)").Default(defaultConfig.AkamaiServiceConsumerDomain).StringVar(&cfg.AkamaiServiceConsumerDomain)
-	app.Flag("akamai-client-token", "When using the Akamai provider, specify the client token (required when --provider=akamai)").Default(defaultConfig.AkamaiClientToken).StringVar(&cfg.AkamaiClientToken)
-	app.Flag("akamai-client-secret", "When using the Akamai provider, specify the client secret (required when --provider=akamai)").Default(defaultConfig.AkamaiClientSecret).StringVar(&cfg.AkamaiClientSecret)
-	app.Flag("akamai-access-token", "When using the Akamai provider, specify the access token (required when --provider=akamai)").Default(defaultConfig.AkamaiAccessToken).StringVar(&cfg.AkamaiAccessToken)
+	app.Flag("akamai-serviceconsumerdomain", "When using the Akamai provider, specify the base URL (required when --provider=akamai and edgerc-path not specified)").Default(defaultConfig.AkamaiServiceConsumerDomain).StringVar(&cfg.AkamaiServiceConsumerDomain)
+	app.Flag("akamai-client-token", "When using the Akamai provider, specify the client token (required when --provider=akamai and edgerc-path not specified)").Default(defaultConfig.AkamaiClientToken).StringVar(&cfg.AkamaiClientToken)
+	app.Flag("akamai-client-secret", "When using the Akamai provider, specify the client secret (required when --provider=akamai and edgerc-path not specified)").Default(defaultConfig.AkamaiClientSecret).StringVar(&cfg.AkamaiClientSecret)
+	app.Flag("akamai-access-token", "When using the Akamai provider, specify the access token (required when --provider=akamai and edgerc-path not specified)").Default(defaultConfig.AkamaiAccessToken).StringVar(&cfg.AkamaiAccessToken)
+	app.Flag("akamai-edgerc-path", "When using the Akamai provider, specify the .edgerc file path. Path must be reachable form invocation environment. (required when --provider=akamai and *-token, secret serviceconsumerdomain not specified)").Default(defaultConfig.AkamaiEdgercPath).StringVar(&cfg.AkamaiEdgercPath)
+	app.Flag("akamai-edgerc-section", "When using the Akamai provider, specify the .edgerc file path (Optional when edgerc-path is specified)").Default(defaultConfig.AkamaiEdgercSection).StringVar(&cfg.AkamaiEdgercSection)
 	app.Flag("infoblox-grid-host", "When using the Infoblox provider, specify the Grid Manager host (required when --provider=infoblox)").Default(defaultConfig.InfobloxGridHost).StringVar(&cfg.InfobloxGridHost)
 	app.Flag("infoblox-wapi-port", "When using the Infoblox provider, specify the WAPI port (default: 443)").Default(strconv.Itoa(defaultConfig.InfobloxWapiPort)).IntVar(&cfg.InfobloxWapiPort)
 	app.Flag("infoblox-wapi-username", "When using the Infoblox provider, specify the WAPI username (default: admin)").Default(defaultConfig.InfobloxWapiUsername).StringVar(&cfg.InfobloxWapiUsername)

--- a/pkg/apis/externaldns/types_test.go
+++ b/pkg/apis/externaldns/types_test.go
@@ -22,6 +22,8 @@ import (
 	"testing"
 	"time"

+	"sigs.k8s.io/external-dns/endpoint"
+
 	"github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -66,6 +68,8 @@ var (
 		AkamaiClientToken:           "",
 		AkamaiClientSecret:          "",
 		AkamaiAccessToken:           "",
+		AkamaiEdgercPath:            "",
+		AkamaiEdgercSection:         "",
 		InfobloxGridHost:            "",
 		InfobloxWapiPort:            443,
 		InfobloxWapiUsername:        "admin",
@@ -102,6 +106,7 @@ var (
 		TransIPAccountName:          "",
 		TransIPPrivateKeyFile:       "",
 		DigitalOceanAPIPageSize:     50,
+		ManagedDNSRecordTypes:       []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
 	}

 	overriddenConfig = &Config{
@@ -144,6 +149,8 @@ var (
 		AkamaiClientToken:           "o184671d5307a388180fbf7f11dbdf46",
 		AkamaiClientSecret:          "o184671d5307a388180fbf7f11dbdf46",
 		AkamaiAccessToken:           "o184671d5307a388180fbf7f11dbdf46",
+	        AkamaiEdgercPath:            "/home/test/.edgerc",
+        	AkamaiEdgercSection:         "default",
 		InfobloxGridHost:            "127.0.0.1",
 		InfobloxWapiPort:            8443,
 		InfobloxWapiUsername:        "infoblox",
@@ -186,6 +193,7 @@ var (
 		TransIPAccountName:          "transip",
 		TransIPPrivateKeyFile:       "/path/to/transip.key",
 		DigitalOceanAPIPageSize:     100,
+		ManagedDNSRecordTypes:       []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
 	}
 )

@@ -235,6 +243,8 @@ func TestParseFlags(t *testing.T) {
 				"--akamai-client-token=o184671d5307a388180fbf7f11dbdf46",
 				"--akamai-client-secret=o184671d5307a388180fbf7f11dbdf46",
 				"--akamai-access-token=o184671d5307a388180fbf7f11dbdf46",
+				"--akamai-edgerc-path=/home/test/.edgerc",
+				"--akamai-edgerc-section=default",
 				"--infoblox-grid-host=127.0.0.1",
 				"--infoblox-wapi-port=8443",
 				"--infoblox-wapi-username=infoblox",
@@ -328,6 +338,8 @@ func TestParseFlags(t *testing.T) {
 				"EXTERNAL_DNS_AKAMAI_CLIENT_TOKEN":             "o184671d5307a388180fbf7f11dbdf46",
 				"EXTERNAL_DNS_AKAMAI_CLIENT_SECRET":            "o184671d5307a388180fbf7f11dbdf46",
 				"EXTERNAL_DNS_AKAMAI_ACCESS_TOKEN":             "o184671d5307a388180fbf7f11dbdf46",
+				"EXTERNAL_DNS_AKAMAI_EDGERC_PATH":              "/home/test/.edgerc",
+				"EXTERNAL_DNS_AKAMAI_EDGERC_SECTION":           "default",
 				"EXTERNAL_DNS_INFOBLOX_GRID_HOST":              "127.0.0.1",
 				"EXTERNAL_DNS_INFOBLOX_WAPI_PORT":              "8443",
 				"EXTERNAL_DNS_INFOBLOX_WAPI_USERNAME":          "infoblox",

--- a/pkg/apis/externaldns/validation/validation.go
+++ b/pkg/apis/externaldns/validation/validation.go
@@ -45,16 +45,16 @@ func ValidateConfig(cfg *externaldns.Config) error {

 	// Akamai provider specific validations
 	if cfg.Provider == "akamai" {
-		if cfg.AkamaiServiceConsumerDomain == "" {
+		if cfg.AkamaiServiceConsumerDomain == "" && cfg.AkamaiEdgercPath != "" {
 			return errors.New("no Akamai ServiceConsumerDomain specified")
 		}
-		if cfg.AkamaiClientToken == "" {
+		if cfg.AkamaiClientToken == "" && cfg.AkamaiEdgercPath != "" {
 			return errors.New("no Akamai client token specified")
 		}
-		if cfg.AkamaiClientSecret == "" {
+		if cfg.AkamaiClientSecret == "" && cfg.AkamaiEdgercPath != "" {
 			return errors.New("no Akamai client secret specified")
 		}
-		if cfg.AkamaiAccessToken == "" {
+		if cfg.AkamaiAccessToken == "" && cfg.AkamaiEdgercPath != "" {
 			return errors.New("no Akamai access token specified")
 		}
 	}

--- a/plan/plan.go
+++ b/plan/plan.go
@@ -43,6 +43,8 @@ type Plan struct {
 	DomainFilter endpoint.DomainFilter
 	// Property comparator compares custom properties of providers
 	PropertyComparator PropertyComparator
+	// DNS record types that will be considered for management
+	ManagedRecords []string
 }

 // Changes holds lists of actions to be executed by dns providers
@@ -119,10 +121,10 @@ func (t planTable) addCandidate(e *endpoint.Endpoint) {
 func (p *Plan) Calculate() *Plan {
 	t := newPlanTable()

-	for _, current := range filterRecordsForPlan(p.Current, p.DomainFilter) {
+	for _, current := range filterRecordsForPlan(p.Current, p.DomainFilter, p.ManagedRecords) {
 		t.addCurrent(current)
 	}
-	for _, desired := range filterRecordsForPlan(p.Desired, p.DomainFilter) {
+	for _, desired := range filterRecordsForPlan(p.Desired, p.DomainFilter, p.ManagedRecords) {
 		t.addCandidate(desired)
 	}

@@ -155,9 +157,10 @@ func (p *Plan) Calculate() *Plan {
 	}

 	plan := &Plan{
-		Current: p.Current,
-		Desired: p.Desired,
-		Changes: changes,
+		Current:        p.Current,
+		Desired:        p.Desired,
+		Changes:        changes,
+		ManagedRecords: []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
 	}

 	return plan
@@ -224,7 +227,7 @@ func (p *Plan) shouldUpdateProviderSpecific(desired, current *endpoint.Endpoint)
 // Per RFC 1034, CNAME records conflict with all other records - it is the
 // only record with this property. The behavior of the planner may need to be
 // made more sophisticated to codify this.
-func filterRecordsForPlan(records []*endpoint.Endpoint, domainFilter endpoint.DomainFilter) []*endpoint.Endpoint {
+func filterRecordsForPlan(records []*endpoint.Endpoint, domainFilter endpoint.DomainFilter, managedRecords []string) []*endpoint.Endpoint {
 	filtered := []*endpoint.Endpoint{}

 	for _, record := range records {
@@ -232,14 +235,8 @@ func filterRecordsForPlan(records []*endpoint.Endpoint, domainFilter endpoint.Do
 		if !domainFilter.Match(record.DNSName) {
 			continue
 		}
-
-		// Explicitly specify which records we want to use for planning.
-		// TODO: Add AAAA records as well when they are supported.
-		switch record.RecordType {
-		case endpoint.RecordTypeA, endpoint.RecordTypeCNAME, endpoint.RecordTypeNS:
+		if isManagedRecord(record.RecordType, managedRecords) {
 			filtered = append(filtered, record)
-		default:
-			continue
 		}
 	}

@@ -280,3 +277,12 @@ func CompareBoolean(defaultValue bool, name, current, previous string) bool {

 	return v1 == v2
 }
+
+func isManagedRecord(record string, managedRecords []string) bool {
+	for _, r := range managedRecords {
+		if record == r {
+			return true
+		}
+	}
+	return false
+}
--- a/plan/plan_test.go
+++ b/plan/plan_test.go
@@ -205,9 +205,10 @@ func (suite *PlanTestSuite) TestSyncFirstRound() {
 	expectedDelete := []*endpoint.Endpoint{}

 	p := &Plan{
-		Policies: []Policy{&SyncPolicy{}},
-		Current:  current,
-		Desired:  desired,
+		Policies:       []Policy{&SyncPolicy{}},
+		Current:        current,
+		Desired:        desired,
+		ManagedRecords: []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
 	}

 	changes := p.Calculate().Changes
@@ -226,9 +227,10 @@ func (suite *PlanTestSuite) TestSyncSecondRound() {
 	expectedDelete := []*endpoint.Endpoint{}

 	p := &Plan{
-		Policies: []Policy{&SyncPolicy{}},
-		Current:  current,
-		Desired:  desired,
+		Policies:       []Policy{&SyncPolicy{}},
+		Current:        current,
+		Desired:        desired,
+		ManagedRecords: []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
 	}

 	changes := p.Calculate().Changes
@@ -247,9 +249,10 @@ func (suite *PlanTestSuite) TestSyncSecondRoundMigration() {
 	expectedDelete := []*endpoint.Endpoint{}

 	p := &Plan{
-		Policies: []Policy{&SyncPolicy{}},
-		Current:  current,
-		Desired:  desired,
+		Policies:       []Policy{&SyncPolicy{}},
+		Current:        current,
+		Desired:        desired,
+		ManagedRecords: []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
 	}

 	changes := p.Calculate().Changes
@@ -268,9 +271,10 @@ func (suite *PlanTestSuite) TestSyncSecondRoundWithTTLChange() {
 	expectedDelete := []*endpoint.Endpoint{}

 	p := &Plan{
-		Policies: []Policy{&SyncPolicy{}},
-		Current:  current,
-		Desired:  desired,
+		Policies:       []Policy{&SyncPolicy{}},
+		Current:        current,
+		Desired:        desired,
+		ManagedRecords: []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
 	}

 	changes := p.Calculate().Changes
@@ -289,9 +293,10 @@ func (suite *PlanTestSuite) TestSyncSecondRoundWithProviderSpecificChange() {
 	expectedDelete := []*endpoint.Endpoint{}

 	p := &Plan{
-		Policies: []Policy{&SyncPolicy{}},
-		Current:  current,
-		Desired:  desired,
+		Policies:       []Policy{&SyncPolicy{}},
+		Current:        current,
+		Desired:        desired,
+		ManagedRecords: []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
 	}

 	changes := p.Calculate().Changes
@@ -316,6 +321,7 @@ func (suite *PlanTestSuite) TestSyncSecondRoundWithProviderSpecificDefaultFalse(
 		PropertyComparator: func(name, previous, current string) bool {
 			return CompareBoolean(false, name, previous, current)
 		},
+		ManagedRecords: []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
 	}

 	changes := p.Calculate().Changes
@@ -368,9 +374,10 @@ func (suite *PlanTestSuite) TestSyncSecondRoundWithOwnerInherited() {
 	expectedDelete := []*endpoint.Endpoint{}

 	p := &Plan{
-		Policies: []Policy{&SyncPolicy{}},
-		Current:  current,
-		Desired:  desired,
+		Policies:       []Policy{&SyncPolicy{}},
+		Current:        current,
+		Desired:        desired,
+		ManagedRecords: []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
 	}

 	changes := p.Calculate().Changes
@@ -410,9 +417,10 @@ func (suite *PlanTestSuite) TestDifferentTypes() {
 	expectedDelete := []*endpoint.Endpoint{}

 	p := &Plan{
-		Policies: []Policy{&SyncPolicy{}},
-		Current:  current,
-		Desired:  desired,
+		Policies:       []Policy{&SyncPolicy{}},
+		Current:        current,
+		Desired:        desired,
+		ManagedRecords: []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
 	}

 	changes := p.Calculate().Changes
@@ -431,9 +439,10 @@ func (suite *PlanTestSuite) TestIgnoreTXT() {
 	expectedDelete := []*endpoint.Endpoint{}

 	p := &Plan{
-		Policies: []Policy{&SyncPolicy{}},
-		Current:  current,
-		Desired:  desired,
+		Policies:       []Policy{&SyncPolicy{}},
+		Current:        current,
+		Desired:        desired,
+		ManagedRecords: []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
 	}

 	changes := p.Calculate().Changes
@@ -452,9 +461,10 @@ func (suite *PlanTestSuite) TestRemoveEndpoint() {
 	expectedDelete := []*endpoint.Endpoint{suite.bar192A}

 	p := &Plan{
-		Policies: []Policy{&SyncPolicy{}},
-		Current:  current,
-		Desired:  desired,
+		Policies:       []Policy{&SyncPolicy{}},
+		Current:        current,
+		Desired:        desired,
+		ManagedRecords: []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
 	}

 	changes := p.Calculate().Changes
@@ -473,9 +483,10 @@ func (suite *PlanTestSuite) TestRemoveEndpointWithUpsert() {
 	expectedDelete := []*endpoint.Endpoint{}

 	p := &Plan{
-		Policies: []Policy{&UpsertOnlyPolicy{}},
-		Current:  current,
-		Desired:  desired,
+		Policies:       []Policy{&UpsertOnlyPolicy{}},
+		Current:        current,
+		Desired:        desired,
+		ManagedRecords: []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
 	}

 	changes := p.Calculate().Changes
@@ -495,9 +506,10 @@ func (suite *PlanTestSuite) TestDuplicatedEndpointsForSameResourceReplace() {
 	expectedDelete := []*endpoint.Endpoint{suite.bar192A}

 	p := &Plan{
-		Policies: []Policy{&SyncPolicy{}},
-		Current:  current,
-		Desired:  desired,
+		Policies:       []Policy{&SyncPolicy{}},
+		Current:        current,
+		Desired:        desired,
+		ManagedRecords: []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
 	}

 	changes := p.Calculate().Changes
@@ -518,9 +530,10 @@ func (suite *PlanTestSuite) TestDuplicatedEndpointsForSameResourceRetain() {
 	expectedDelete := []*endpoint.Endpoint{suite.bar192A}

 	p := &Plan{
-		Policies: []Policy{&SyncPolicy{}},
-		Current:  current,
-		Desired:  desired,
+		Policies:       []Policy{&SyncPolicy{}},
+		Current:        current,
+		Desired:        desired,
+		ManagedRecords: []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
 	}

 	changes := p.Calculate().Changes
@@ -540,9 +553,10 @@ func (suite *PlanTestSuite) TestMultipleRecordsSameNameDifferentSetIdentifier()
 	expectedDelete := []*endpoint.Endpoint{}

 	p := &Plan{
-		Policies: []Policy{&SyncPolicy{}},
-		Current:  current,
-		Desired:  desired,
+		Policies:       []Policy{&SyncPolicy{}},
+		Current:        current,
+		Desired:        desired,
+		ManagedRecords: []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
 	}

 	changes := p.Calculate().Changes
@@ -562,9 +576,10 @@ func (suite *PlanTestSuite) TestSetIdentifierUpdateCreatesAndDeletes() {
 	expectedDelete := []*endpoint.Endpoint{suite.multiple2}

 	p := &Plan{
-		Policies: []Policy{&SyncPolicy{}},
-		Current:  current,
-		Desired:  desired,
+		Policies:       []Policy{&SyncPolicy{}},
+		Current:        current,
+		Desired:        desired,
+		ManagedRecords: []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
 	}

 	changes := p.Calculate().Changes
@@ -584,10 +599,11 @@ func (suite *PlanTestSuite) TestDomainFiltersInitial() {
 	expectedDelete := []*endpoint.Endpoint{}

 	p := &Plan{
-		Policies:     []Policy{&SyncPolicy{}},
-		Current:      current,
-		Desired:      desired,
-		DomainFilter: endpoint.NewDomainFilterWithExclusions([]string{"domain.tld"}, []string{"ex.domain.tld"}),
+		Policies:       []Policy{&SyncPolicy{}},
+		Current:        current,
+		Desired:        desired,
+		DomainFilter:   endpoint.NewDomainFilterWithExclusions([]string{"domain.tld"}, []string{"ex.domain.tld"}),
+		ManagedRecords: []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
 	}

 	changes := p.Calculate().Changes
@@ -607,10 +623,11 @@ func (suite *PlanTestSuite) TestDomainFiltersUpdate() {
 	expectedDelete := []*endpoint.Endpoint{}

 	p := &Plan{
-		Policies:     []Policy{&SyncPolicy{}},
-		Current:      current,
-		Desired:      desired,
-		DomainFilter: endpoint.NewDomainFilterWithExclusions([]string{"domain.tld"}, []string{"ex.domain.tld"}),
+		Policies:       []Policy{&SyncPolicy{}},
+		Current:        current,
+		Desired:        desired,
+		DomainFilter:   endpoint.NewDomainFilterWithExclusions([]string{"domain.tld"}, []string{"ex.domain.tld"}),
+		ManagedRecords: []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
 	}

 	changes := p.Calculate().Changes
@@ -808,6 +825,7 @@ func TestShouldUpdateProviderSpecific(tt *testing.T) {
 				Current:            []*endpoint.Endpoint{test.current},
 				Desired:            []*endpoint.Endpoint{test.desired},
 				PropertyComparator: test.propertyComparator,
+				ManagedRecords:     []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
 			}
 			b := plan.shouldUpdateProviderSpecific(test.desired, test.current)
 			assert.Equal(t, test.shouldUpdate, b)

--- a/provider/akamai/akamai.go
+++ b/provider/akamai/akamai.go
--- a/provider/akamai/akamai_test.go
+++ b/provider/akamai/akamai_test.go
@@ -17,148 +17,206 @@ limitations under the License.
 package akamai

 import (
-	"bytes"
 	"context"
 	"encoding/json"
-	"io"
-	"io/ioutil"
-	"net/http"
-	"net/http/httptest"
-	"strings"
+	log "github.com/sirupsen/logrus"
 	"testing"

-	"github.com/akamai/AkamaiOPEN-edgegrid-golang/edgegrid"
+	dns "github.com/akamai/AkamaiOPEN-edgegrid-golang/configdns-v2"
 	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/mock"
 	"sigs.k8s.io/external-dns/endpoint"
 	"sigs.k8s.io/external-dns/plan"
 	"sigs.k8s.io/external-dns/provider"
 )

-type mockAkamaiClient struct {
-	mock.Mock
+type edgednsStubData struct {
+	objType       string // zone, record, recordsets
+	output        []interface{}
+	updateRecords []interface{}
+	createRecords []interface{}
 }

-func (m *mockAkamaiClient) NewRequest(config edgegrid.Config, met, p string, b io.Reader) (*http.Request, error) {
-	switch {
-	case met == "GET":
-		switch {
-		case strings.HasPrefix(p, "https:///config-dns/v2/zones?"):
-			b = bytes.NewReader([]byte("{\"zones\":[{\"contractId\":\"Test\",\"zone\":\"example.com\"},{\"contractId\":\"Exclude-Me\",\"zone\":\"exclude.me\"}]}"))
-		case strings.HasPrefix(p, "https:///config-dns/v2/zones/example.com/"):
-			b = bytes.NewReader([]byte("{\"recordsets\":[{\"name\":\"www.example.com\",\"type\":\"A\",\"ttl\":300,\"rdata\":[\"10.0.0.2\",\"10.0.0.3\"]},{\"name\":\"www.example.com\",\"type\":\"TXT\",\"ttl\":300,\"rdata\":[\"heritage=external-dns,external-dns/owner=default\"]}]}"))
-		case strings.HasPrefix(p, "https:///config-dns/v2/zones/exclude.me/"):
-			b = bytes.NewReader([]byte("{\"recordsets\":[{\"name\":\"www.exclude.me\",\"type\":\"A\",\"ttl\":300,\"rdata\":[\"192.168.0.1\",\"192.168.0.2\"]}]}"))
-		}
-	case met == "DELETE":
-		b = bytes.NewReader([]byte("{\"title\": \"Success\", \"status\": 200, \"detail\": \"Record deleted\", \"requestId\": \"4321\"}"))
-	case met == "ERROR":
-		b = bytes.NewReader([]byte("{\"status\": 404 }"))
+type edgednsStub struct {
+	stubData map[string]edgednsStubData
+}
+
+func newStub() *edgednsStub {
+	return &edgednsStub{
+		stubData: make(map[string]edgednsStubData),
 	}
-	req := httptest.NewRequest(met, p, b)
-	return req, nil
 }

-func (m *mockAkamaiClient) Do(config edgegrid.Config, req *http.Request) (*http.Response, error) {
-	handler := func(w http.ResponseWriter, r *http.Request) (isError bool) {
-		b, _ := ioutil.ReadAll(r.Body)
-		io.WriteString(w, string(b))
-		return string(b) == "{\"status\": 404 }"
+func createAkamaiStubProvider(stub *edgednsStub, domfilter endpoint.DomainFilter, idfilter provider.ZoneIDFilter) (*AkamaiProvider, error) {
+
+	akamaiConfig := AkamaiConfig{
+		DomainFilter:          domfilter,
+		ZoneIDFilter:          idfilter,
+		ServiceConsumerDomain: "testzone.com",
+		ClientToken:           "test_token",
+		ClientSecret:          "test_client_secret",
+		AccessToken:           "test_access_token",
 	}
-	w := httptest.NewRecorder()
-	err := handler(w, req)
-	resp := w.Result()

-	if err == true {
-		resp.StatusCode = 400
+	prov, err := NewAkamaiProvider(akamaiConfig, stub)
+	aprov := prov.(*AkamaiProvider)
+	return aprov, err
+}
+
+func (r *edgednsStub) createStubDataEntry(objtype string) {
+
+	log.Debugf("Creating stub data entry")
+	if _, exists := r.stubData[objtype]; !exists {
+		r.stubData[objtype] = edgednsStubData{objType: objtype}
 	}

-	return resp, nil
+	return
 }

-func TestRequestError(t *testing.T) {
-	config := AkamaiConfig{}
+func (r *edgednsStub) setOutput(objtype string, output []interface{}) {

-	client := &mockAkamaiClient{}
-	c := NewAkamaiProvider(config)
-	c.client = client
+	log.Debugf("Setting output to %v", output)
+	r.createStubDataEntry(objtype)
+	stubdata := r.stubData[objtype]
+	stubdata.output = output
+	r.stubData[objtype] = stubdata

-	m := "ERROR"
-	p := ""
-	b := ""
-	x, err := c.request(m, p, bytes.NewReader([]byte(b)))
-	assert.Nil(t, x)
-	assert.NotNil(t, err)
+	return
 }

-func TestFetchZonesZoneIDFilter(t *testing.T) {
-	config := AkamaiConfig{
-		ZoneIDFilter: provider.NewZoneIDFilter([]string{"Test"}),
-	}
+func (r *edgednsStub) setUpdateRecords(objtype string, records []interface{}) {

-	client := &mockAkamaiClient{}
-	c := NewAkamaiProvider(config)
-	c.client = client
+	log.Debugf("Setting updaterecords to %v", records)
+	r.createStubDataEntry(objtype)
+	stubdata := r.stubData[objtype]
+	stubdata.updateRecords = records
+	r.stubData[objtype] = stubdata

-	x, _ := c.fetchZones()
-	y, _ := json.Marshal(x)
-	if assert.NotNil(t, y) {
-		assert.Equal(t, "{\"zones\":[{\"contractId\":\"Test\",\"zone\":\"example.com\"}]}", string(y))
-	}
+	return
 }

-func TestFetchZonesEmpty(t *testing.T) {
-	config := AkamaiConfig{
-		DomainFilter: endpoint.NewDomainFilter([]string{"Nonexistent"}),
-		ZoneIDFilter: provider.NewZoneIDFilter([]string{"Nonexistent"}),
+func (r *edgednsStub) setCreateRecords(objtype string, records []interface{}) {
+
+	log.Debugf("Setting createrecords to %v", records)
+	r.createStubDataEntry(objtype)
+	stubdata := r.stubData[objtype]
+	stubdata.createRecords = records
+	r.stubData[objtype] = stubdata
+
+	return
+}
+
+func (r *edgednsStub) ListZones(queryArgs dns.ZoneListQueryArgs) (*dns.ZoneListResponse, error) {
+
+	log.Debugf("Entering ListZones")
+	// Ignore Metadata`
+	resp := &dns.ZoneListResponse{}
+	zones := make([]*dns.ZoneResponse, 0)
+	for _, zname := range r.stubData["zone"].output {
+		log.Debugf("Processing output: %v", zname)
+		zn := &dns.ZoneResponse{Zone: zname.(string), ContractId: "contract"}
+		log.Debugf("Created Zone Object: %v", zn)
+		zones = append(zones, zn)
 	}
+	resp.Zones = zones
+	return resp, nil
+}

-	client := &mockAkamaiClient{}
-	c := NewAkamaiProvider(config)
-	c.client = client
+func (r *edgednsStub) GetRecordsets(zone string, queryArgs dns.RecordsetQueryArgs) (*dns.RecordSetResponse, error) {

-	x, _ := c.fetchZones()
-	y, _ := json.Marshal(x)
-	if assert.NotNil(t, y) {
-		assert.Equal(t, "{\"zones\":null}", string(y))
+	log.Debugf("Entering GetRecordsets")
+	// Ignore Metadata`
+	resp := &dns.RecordSetResponse{}
+	sets := make([]dns.Recordset, 0)
+	for _, rec := range r.stubData["recordset"].output {
+		rset := rec.(dns.Recordset)
+		sets = append(sets, rset)
 	}
+	resp.Recordsets = sets
+
+	return resp, nil
 }

-func TestFetchRecordset1(t *testing.T) {
-	config := AkamaiConfig{}
+func (r *edgednsStub) CreateRecordsets(recordsets *dns.Recordsets, zone string, reclock bool) error {

-	client := &mockAkamaiClient{}
-	c := NewAkamaiProvider(config)
-	c.client = client
+	return nil
+}
+
+func (r *edgednsStub) GetRecord(zone string, name string, record_type string) (*dns.RecordBody, error) {
+
+	resp := &dns.RecordBody{}
+
+	return resp, nil
+}
+
+func (r *edgednsStub) DeleteRecord(record *dns.RecordBody, zone string, recLock bool) error {
+
+	return nil
+}

-	x, _ := c.fetchRecordSet("example.com")
+func (r *edgednsStub) UpdateRecord(record *dns.RecordBody, zone string, recLock bool) error {
+
+	return nil
+}
+
+// Test FetchZones
+func TestFetchZonesZoneIDFilter(t *testing.T) {
+
+	stub := newStub()
+	domfilter := endpoint.DomainFilter{}
+	idfilter := provider.NewZoneIDFilter([]string{"Test"})
+	c, err := createAkamaiStubProvider(stub, domfilter, idfilter)
+	assert.Nil(t, err)
+	stub.setOutput("zone", []interface{}{"test1.testzone.com", "test2.testzone.com"})
+
+	x, _ := c.fetchZones()
 	y, _ := json.Marshal(x)
 	if assert.NotNil(t, y) {
-		assert.Equal(t, "{\"recordsets\":[{\"name\":\"www.example.com\",\"type\":\"A\",\"ttl\":300,\"rdata\":[\"10.0.0.2\",\"10.0.0.3\"]},{\"name\":\"www.example.com\",\"type\":\"TXT\",\"ttl\":300,\"rdata\":[\"heritage=external-dns,external-dns/owner=default\"]}]}", string(y))
+		assert.Equal(t, "{\"zones\":[{\"contractId\":\"contract\",\"zone\":\"test1.testzone.com\"},{\"contractId\":\"contract\",\"zone\":\"test2.testzone.com\"}]}", string(y))
 	}
 }

-func TestFetchRecordset2(t *testing.T) {
-	config := AkamaiConfig{}
+func TestFetchZonesEmpty(t *testing.T) {

-	client := &mockAkamaiClient{}
-	c := NewAkamaiProvider(config)
-	c.client = client
+	stub := newStub()
+	domfilter := endpoint.NewDomainFilter([]string{"Nonexistent"})
+	idfilter := provider.NewZoneIDFilter([]string{"Nonexistent"})
+	c, err := createAkamaiStubProvider(stub, domfilter, idfilter)
+	assert.Nil(t, err)
+	stub.setOutput("zone", []interface{}{})

-	x, _ := c.fetchRecordSet("exclude.me")
+	x, _ := c.fetchZones()
 	y, _ := json.Marshal(x)
 	if assert.NotNil(t, y) {
-		assert.Equal(t, "{\"recordsets\":[{\"name\":\"www.exclude.me\",\"type\":\"A\",\"ttl\":300,\"rdata\":[\"192.168.0.1\",\"192.168.0.2\"]}]}", string(y))
+		assert.Equal(t, "{\"zones\":[]}", string(y))
 	}
 }

+// TestAkamaiRecords tests record endpoint
 func TestAkamaiRecords(t *testing.T) {
-	config := AkamaiConfig{}
-
-	client := &mockAkamaiClient{}
-	c := NewAkamaiProvider(config)
-	c.client = client

+	stub := newStub()
+	domfilter := endpoint.DomainFilter{}
+	idfilter := provider.ZoneIDFilter{}
+	c, err := createAkamaiStubProvider(stub, domfilter, idfilter)
+	assert.Nil(t, err)
+	stub.setOutput("zone", []interface{}{"test1.testzone.com"})
+	recordsets := make([]interface{}, 0)
+	recordsets = append(recordsets, dns.Recordset{
+		Name:  "www.example.com",
+		Type:  endpoint.RecordTypeA,
+		Rdata: []string{"10.0.0.2", "10.0.0.3"},
+	})
+	recordsets = append(recordsets, dns.Recordset{
+		Name:  "www.example.com",
+		Type:  endpoint.RecordTypeTXT,
+		Rdata: []string{"heritage=external-dns,external-dns/owner=default"},
+	})
+	recordsets = append(recordsets, dns.Recordset{
+		Name:  "www.exclude.me",
+		Type:  endpoint.RecordTypeA,
+		Rdata: []string{"192.168.0.1", "192.168.0.2"},
+	})
+	stub.setOutput("recordset", recordsets)
 	endpoints := make([]*endpoint.Endpoint, 0)
 	endpoints = append(endpoints, endpoint.NewEndpoint("www.example.com", endpoint.RecordTypeA, "10.0.0.2", "10.0.0.3"))
 	endpoints = append(endpoints, endpoint.NewEndpoint("www.example.com", endpoint.RecordTypeTXT, "heritage=external-dns,external-dns/owner=default"))
@@ -171,28 +229,40 @@ func TestAkamaiRecords(t *testing.T) {
 }

 func TestAkamaiRecordsEmpty(t *testing.T) {
-	config := AkamaiConfig{
-		ZoneIDFilter: provider.NewZoneIDFilter([]string{"Nonexistent"}),
-	}

-	client := &mockAkamaiClient{}
-	c := NewAkamaiProvider(config)
-	c.client = client
+	stub := newStub()
+	domfilter := endpoint.DomainFilter{}
+	idfilter := provider.NewZoneIDFilter([]string{"Nonexistent"})
+	c, err := createAkamaiStubProvider(stub, domfilter, idfilter)
+	assert.Nil(t, err)
+	stub.setOutput("zone", []interface{}{"test1.testzone.com"})
+	recordsets := make([]interface{}, 0)
+	stub.setOutput("recordset", recordsets)

 	x, _ := c.Records(context.Background())
 	assert.Nil(t, x)
 }

 func TestAkamaiRecordsFilters(t *testing.T) {
-	config := AkamaiConfig{
-		DomainFilter: endpoint.NewDomainFilter([]string{"www.exclude.me"}),
-		ZoneIDFilter: provider.NewZoneIDFilter([]string{"Exclude-Me"}),
-	}
-
-	client := &mockAkamaiClient{}
-	c := NewAkamaiProvider(config)
-	c.client = client

+	stub := newStub()
+	domfilter := endpoint.NewDomainFilter([]string{"www.exclude.me"})
+	idfilter := provider.ZoneIDFilter{}
+	c, err := createAkamaiStubProvider(stub, domfilter, idfilter)
+	assert.Nil(t, err)
+	stub.setOutput("zone", []interface{}{"www.exclude.me"})
+	recordsets := make([]interface{}, 0)
+	recordsets = append(recordsets, dns.Recordset{
+		Name:  "www.example.com",
+		Type:  endpoint.RecordTypeA,
+		Rdata: []string{"10.0.0.2", "10.0.0.3"},
+	})
+	recordsets = append(recordsets, dns.Recordset{
+		Name:  "www.exclude.me",
+		Type:  endpoint.RecordTypeA,
+		Rdata: []string{"192.168.0.1", "192.168.0.2"},
+	})
+	stub.setOutput("recordset", recordsets)
 	endpoints := make([]*endpoint.Endpoint, 0)
 	endpoints = append(endpoints, endpoint.NewEndpoint("www.exclude.me", endpoint.RecordTypeA, "192.168.0.1", "192.168.0.2"))

@@ -202,32 +272,32 @@ func TestAkamaiRecordsFilters(t *testing.T) {
 	}
 }

+// TestCreateRecords tests create function
+// (p AkamaiProvider) createRecordsets(zoneNameIDMapper provider.ZoneIDName, endpoints []*endpoint.Endpoint) error
 func TestCreateRecords(t *testing.T) {
-	config := AkamaiConfig{}

-	client := &mockAkamaiClient{}
-	c := NewAkamaiProvider(config)
-	c.client = client
+	stub := newStub()
+	domfilter := endpoint.DomainFilter{}
+	idfilter := provider.ZoneIDFilter{}
+	c, err := createAkamaiStubProvider(stub, domfilter, idfilter)
+	assert.Nil(t, err)

 	zoneNameIDMapper := provider.ZoneIDName{"example.com": "example.com"}
 	endpoints := make([]*endpoint.Endpoint, 0)
 	endpoints = append(endpoints, endpoint.NewEndpoint("www.example.com", endpoint.RecordTypeA, "10.0.0.2", "10.0.0.3"))
 	endpoints = append(endpoints, endpoint.NewEndpoint("www.example.com", endpoint.RecordTypeTXT, "heritage=external-dns,external-dns/owner=default"))

-	x, _ := c.createRecords(zoneNameIDMapper, endpoints)
-	if assert.NotNil(t, x) {
-		assert.Equal(t, endpoints, x)
-	}
+	err = c.createRecordsets(zoneNameIDMapper, endpoints)
+	assert.Nil(t, err)
 }

 func TestCreateRecordsDomainFilter(t *testing.T) {
-	config := AkamaiConfig{
-		DomainFilter: endpoint.NewDomainFilter([]string{"example.com"}),
-	}

-	client := &mockAkamaiClient{}
-	c := NewAkamaiProvider(config)
-	c.client = client
+	stub := newStub()
+	domfilter := endpoint.DomainFilter{}
+	idfilter := provider.ZoneIDFilter{}
+	c, err := createAkamaiStubProvider(stub, domfilter, idfilter)
+	assert.Nil(t, err)

 	zoneNameIDMapper := provider.ZoneIDName{"example.com": "example.com"}
 	endpoints := make([]*endpoint.Endpoint, 0)
@@ -235,38 +305,36 @@ func TestCreateRecordsDomainFilter(t *testing.T) {
 	endpoints = append(endpoints, endpoint.NewEndpoint("www.example.com", endpoint.RecordTypeTXT, "heritage=external-dns,external-dns/owner=default"))
 	exclude := append(endpoints, endpoint.NewEndpoint("www.exclude.me", endpoint.RecordTypeA, "10.0.0.2", "10.0.0.3"))

-	x, _ := c.createRecords(zoneNameIDMapper, exclude)
-	if assert.NotNil(t, x) {
-		assert.Equal(t, endpoints, x)
-	}
+	err = c.createRecordsets(zoneNameIDMapper, exclude)
+	assert.Nil(t, err)
 }

+// TestDeleteRecords validate delete
 func TestDeleteRecords(t *testing.T) {
-	config := AkamaiConfig{}

-	client := &mockAkamaiClient{}
-	c := NewAkamaiProvider(config)
-	c.client = client
+	stub := newStub()
+	domfilter := endpoint.DomainFilter{}
+	idfilter := provider.ZoneIDFilter{}
+	c, err := createAkamaiStubProvider(stub, domfilter, idfilter)
+	assert.Nil(t, err)

 	zoneNameIDMapper := provider.ZoneIDName{"example.com": "example.com"}
 	endpoints := make([]*endpoint.Endpoint, 0)
 	endpoints = append(endpoints, endpoint.NewEndpoint("www.example.com", endpoint.RecordTypeA, "10.0.0.2", "10.0.0.3"))
 	endpoints = append(endpoints, endpoint.NewEndpoint("www.example.com", endpoint.RecordTypeTXT, "heritage=external-dns,external-dns/owner=default"))

-	x, _ := c.deleteRecords(zoneNameIDMapper, endpoints)
-	if assert.NotNil(t, x) {
-		assert.Equal(t, endpoints, x)
-	}
+	err = c.deleteRecordsets(zoneNameIDMapper, endpoints)
+	assert.Nil(t, err)
 }

+//
 func TestDeleteRecordsDomainFilter(t *testing.T) {
-	config := AkamaiConfig{
-		DomainFilter: endpoint.NewDomainFilter([]string{"example.com"}),
-	}

-	client := &mockAkamaiClient{}
-	c := NewAkamaiProvider(config)
-	c.client = client
+	stub := newStub()
+	domfilter := endpoint.NewDomainFilter([]string{"example.com"})
+	idfilter := provider.ZoneIDFilter{}
+	c, err := createAkamaiStubProvider(stub, domfilter, idfilter)
+	assert.Nil(t, err)

 	zoneNameIDMapper := provider.ZoneIDName{"example.com": "example.com"}
 	endpoints := make([]*endpoint.Endpoint, 0)
@@ -274,38 +342,36 @@ func TestDeleteRecordsDomainFilter(t *testing.T) {
 	endpoints = append(endpoints, endpoint.NewEndpoint("www.example.com", endpoint.RecordTypeTXT, "heritage=external-dns,external-dns/owner=default"))
 	exclude := append(endpoints, endpoint.NewEndpoint("www.exclude.me", endpoint.RecordTypeA, "10.0.0.2", "10.0.0.3"))

-	x, _ := c.deleteRecords(zoneNameIDMapper, exclude)
-	if assert.NotNil(t, x) {
-		assert.Equal(t, endpoints, x)
-	}
+	err = c.deleteRecordsets(zoneNameIDMapper, exclude)
+	assert.Nil(t, err)
 }

+// Test record update func
 func TestUpdateRecords(t *testing.T) {
-	config := AkamaiConfig{}

-	client := &mockAkamaiClient{}
-	c := NewAkamaiProvider(config)
-	c.client = client
+	stub := newStub()
+	domfilter := endpoint.DomainFilter{}
+	idfilter := provider.ZoneIDFilter{}
+	c, err := createAkamaiStubProvider(stub, domfilter, idfilter)
+	assert.Nil(t, err)

 	zoneNameIDMapper := provider.ZoneIDName{"example.com": "example.com"}
 	endpoints := make([]*endpoint.Endpoint, 0)
 	endpoints = append(endpoints, endpoint.NewEndpoint("www.example.com", endpoint.RecordTypeA, "10.0.0.2", "10.0.0.3"))
 	endpoints = append(endpoints, endpoint.NewEndpoint("www.example.com", endpoint.RecordTypeTXT, "heritage=external-dns,external-dns/owner=default"))

-	x, _ := c.updateNewRecords(zoneNameIDMapper, endpoints)
-	if assert.NotNil(t, x) {
-		assert.Equal(t, endpoints, x)
-	}
+	err = c.updateNewRecordsets(zoneNameIDMapper, endpoints)
+	assert.Nil(t, err)
 }

+//
 func TestUpdateRecordsDomainFilter(t *testing.T) {
-	config := AkamaiConfig{
-		DomainFilter: endpoint.NewDomainFilter([]string{"example.com"}),
-	}

-	client := &mockAkamaiClient{}
-	c := NewAkamaiProvider(config)
-	c.client = client
+	stub := newStub()
+	domfilter := endpoint.NewDomainFilter([]string{"example.com"})
+	idfilter := provider.ZoneIDFilter{}
+	c, err := createAkamaiStubProvider(stub, domfilter, idfilter)
+	assert.Nil(t, err)

 	zoneNameIDMapper := provider.ZoneIDName{"example.com": "example.com"}
 	endpoints := make([]*endpoint.Endpoint, 0)
@@ -313,19 +379,19 @@ func TestUpdateRecordsDomainFilter(t *testing.T) {
 	endpoints = append(endpoints, endpoint.NewEndpoint("www.example.com", endpoint.RecordTypeTXT, "heritage=external-dns,external-dns/owner=default"))
 	exclude := append(endpoints, endpoint.NewEndpoint("www.exclude.me", endpoint.RecordTypeA, "10.0.0.2", "10.0.0.3"))

-	x, _ := c.updateNewRecords(zoneNameIDMapper, exclude)
-	if assert.NotNil(t, x) {
-		assert.Equal(t, endpoints, x)
-	}
+	err = c.updateNewRecordsets(zoneNameIDMapper, exclude)
+	assert.Nil(t, err)
 }

 func TestAkamaiApplyChanges(t *testing.T) {
-	config := AkamaiConfig{}

-	client := &mockAkamaiClient{}
-	c := NewAkamaiProvider(config)
-	c.client = client
+	stub := newStub()
+	domfilter := endpoint.NewDomainFilter([]string{"example.com"})
+	idfilter := provider.ZoneIDFilter{}
+	c, err := createAkamaiStubProvider(stub, domfilter, idfilter)
+	assert.Nil(t, err)

+	stub.setOutput("zone", []interface{}{"example.com"})
 	changes := &plan.Changes{}
 	changes.Create = []*endpoint.Endpoint{
 		{DNSName: "www.example.com", RecordType: "A", Targets: endpoint.Targets{"target"}, RecordTTL: 300},

--- a/provider/aws/aws_test.go
+++ b/provider/aws/aws_test.go
@@ -1152,6 +1152,7 @@ func TestAWSHealthTargetAnnotation(tt *testing.T) {
 				Current:            []*endpoint.Endpoint{test.current},
 				Desired:            []*endpoint.Endpoint{test.desired},
 				PropertyComparator: provider.PropertyValuesEqual,
+				ManagedRecords:     []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
 			}
 			plan = plan.Calculate()
 			assert.Equal(t, test.shouldUpdate, len(plan.Changes.UpdateNew) == 1)

--- a/provider/cloudflare/cloudflare_test.go
+++ b/provider/cloudflare/cloudflare_test.go
@@ -229,7 +229,7 @@ func (m *mockCloudFlareClient) ZoneDetails(zoneID string) (cloudflare.Zone, erro
 	return cloudflare.Zone{}, errors.New("Unknown zoneID: " + zoneID)
 }

-func AssertActions(t *testing.T, provider *CloudFlareProvider, endpoints []*endpoint.Endpoint, actions []MockAction, args ...interface{}) {
+func AssertActions(t *testing.T, provider *CloudFlareProvider, endpoints []*endpoint.Endpoint, actions []MockAction, managedRecords []string, args ...interface{}) {
 	t.Helper()

 	var client *mockCloudFlareClient
@@ -250,9 +250,10 @@ func AssertActions(t *testing.T, provider *CloudFlareProvider, endpoints []*endp
 	}

 	plan := &plan.Plan{
-		Current:      records,
-		Desired:      endpoints,
-		DomainFilter: endpoint.NewDomainFilter([]string{"bar.com"}),
+		Current:        records,
+		Desired:        endpoints,
+		DomainFilter:   endpoint.NewDomainFilter([]string{"bar.com"}),
+		ManagedRecords: managedRecords,
 	}

 	changes := plan.Calculate().Changes
@@ -305,7 +306,10 @@ func TestCloudflareA(t *testing.T) {
 				Proxied: false,
 			},
 		},
-	})
+	},
+		[]string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
+	)
+
 }

 func TestCloudflareCname(t *testing.T) {
@@ -340,7 +344,9 @@ func TestCloudflareCname(t *testing.T) {
 				Proxied: false,
 			},
 		},
-	})
+	},
+		[]string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
+	)
 }

 func TestCloudflareCustomTTL(t *testing.T) {
@@ -365,7 +371,9 @@ func TestCloudflareCustomTTL(t *testing.T) {
 				Proxied: false,
 			},
 		},
-	})
+	},
+		[]string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
+	)
 }

 func TestCloudflareProxiedDefault(t *testing.T) {
@@ -389,7 +397,9 @@ func TestCloudflareProxiedDefault(t *testing.T) {
 				Proxied: true,
 			},
 		},
-	})
+	},
+		[]string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
+	)
 }

 func TestCloudflareProxiedOverrideTrue(t *testing.T) {
@@ -419,7 +429,9 @@ func TestCloudflareProxiedOverrideTrue(t *testing.T) {
 				Proxied: true,
 			},
 		},
-	})
+	},
+		[]string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
+	)
 }

 func TestCloudflareProxiedOverrideFalse(t *testing.T) {
@@ -449,7 +461,9 @@ func TestCloudflareProxiedOverrideFalse(t *testing.T) {
 				Proxied: false,
 			},
 		},
-	})
+	},
+		[]string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
+	)
 }

 func TestCloudflareProxiedOverrideIllegal(t *testing.T) {
@@ -479,7 +493,9 @@ func TestCloudflareProxiedOverrideIllegal(t *testing.T) {
 				Proxied: true,
 			},
 		},
-	})
+	},
+		[]string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
+	)
 }

 func TestCloudflareSetProxied(t *testing.T) {
@@ -525,7 +541,7 @@ func TestCloudflareSetProxied(t *testing.T) {
 					Proxied: testCase.proxiable,
 				},
 			},
-		}, testCase.recordType+" record on "+testCase.domain)
+		}, []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME, endpoint.RecordTypeNS}, testCase.recordType+" record on "+testCase.domain)
 	}
 }

@@ -1038,6 +1054,7 @@ func TestProviderPropertiesIdempotency(t *testing.T) {
 			Current:            current,
 			Desired:            desired,
 			PropertyComparator: provider.PropertyValuesEqual,
+			ManagedRecords:     []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
 		}

 		plan = *plan.Calculate()
@@ -1091,7 +1108,8 @@ func TestCloudflareComplexUpdate(t *testing.T) {
 				},
 			},
 		},
-		DomainFilter: endpoint.NewDomainFilter([]string{"bar.com"}),
+		DomainFilter:   endpoint.NewDomainFilter([]string{"bar.com"}),
+		ManagedRecords: []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
 	}

 	planned := plan.Calculate()
@@ -1178,9 +1196,10 @@ func TestCustomTTLWithEnabledProxyNotChanged(t *testing.T) {
 	provider.AdjustEndpoints(endpoints)

 	plan := &plan.Plan{
-		Current:      records,
-		Desired:      endpoints,
-		DomainFilter: endpoint.NewDomainFilter([]string{"bar.com"}),
+		Current:        records,
+		Desired:        endpoints,
+		DomainFilter:   endpoint.NewDomainFilter([]string{"bar.com"}),
+		ManagedRecords: []string{endpoint.RecordTypeA, endpoint.RecordTypeCNAME},
 	}

 	planned := plan.Calculate()

--- a/registry/txt_test.go
+++ b/registry/txt_test.go
@@ -172,9 +172,9 @@ func testTXTRegistryRecordsPrefixed(t *testing.T) {
 			},
 		},
 		{
-			DNSName:       "*.wildcard.test-zone.example.org",
-			Targets:       endpoint.Targets{"foo.loadbalancer.com"},
-			RecordType:    endpoint.RecordTypeCNAME,
+			DNSName:    "*.wildcard.test-zone.example.org",
+			Targets:    endpoint.Targets{"foo.loadbalancer.com"},
+			RecordType: endpoint.RecordTypeCNAME,
 			Labels: map[string]string{
 				endpoint.OwnerLabelKey: "owner",
 			},