fix(provider): IDNA awareness in the zone finder

[hanapedia]

What does it do ?

This PR fixes an overlooked usage of the old IDNA logic in FindZone() that still emits warning logs when parsing hostnames containing the * character. Although PR #5685 addressed this issue in some parts of the code by using a new IDNA profile that allows characters like *, one remaining path still uses the old profile, resulting in warning logs like:
Failed to convert label “*” of hostname “*.example.com” to its Unicode form: idna: disallowed rune U+002A
This PR updates the logic to consistently use the intended IDNA profile and avoid logging spurious warnings for wildcard hostnames.

Motivation

This PR follows up on the changes in #5685 , which partially addressed unnecessary warning logs for hostnames with characters like *. However, the FindZone() function still uses the outdated IDNA conversion logic, causing the warning to appear even after #5685 was merged.

Suppressing these unnecessary warnings improves log clarity and avoids confusion for users working with wildcard DNS entries.

More

• Yes, this PR title follows Conventional Commits
• Yes, I added unit tests
• Yes, I updated end user documentation accordingly

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: hanapedia / name: Hiroki Hanada (d4a6294)

[k8s-ci-robot]

Welcome @hanapedia!

It looks like this is your first PR to kubernetes-sigs/external-dns 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/external-dns has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

Hi @hanapedia. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[ivankatliarchuk]

I'm not sure if this required. Could you share a real case end evidences. I did explicitly a validation. Which image you are using btw.

[ivankatliarchuk]

Share arguments as well, not helm please.

[ivankatliarchuk]

/ok-to-test

[hanapedia]

@ivankatliarchuk
Sorry for the lack of context in the original PR 🙏.

I haven’t run against the current master branch in production yet—the logs I referred to were observed in v0.17.0 and v0.18.0 when creating or deleting a DNSEndpoint with * in the domain name (e.g. "*.sandbox.example.com").

The exact warning logs (domain masked) were:

{"level":"warning","msg":"Failed to convert label '*' of hostname '*.helloworld.sandbox.somedomain.com.' to its Unicode form: idna: disallowed rune U+002A","time":"2025-07-31T06:03:03Z"}
{"level":"warning","msg":"Failed to convert label 'a-*' of hostname 'a-*.helloworld.sandbox.somedomain.com.' to its Unicode form: idna: disallowed rune U+002A","time":"2025-07-31T06:03:03Z"}

Arguments used (running on bare metal Kubernetes with CloudDNS provider):

args:
  - --source=crd
  - --source=service
  - --provider=google
  - --registry=txt
  - --log-format=json
  - --publish-internal-services

I also verified that this behavior still exists in current master by adding new test cases with "*" in the domain name to zonefinder_test.go—the warnings still appear there.
I confirmed it by using testutils.LogsUnderTestWithLogLevel and testutils.TestHelperLogContains like so in zonefinder_test.go:

	hook := testutils.LogsUnderTestWithLogLevel(log.WarnLevel, t)
	zoneID, zoneName = z.FindZone("*.example.com")
	assert.Equal(t, "*.example.com", zoneName)
	assert.Equal(t, "123412", zoneID)
	testutils.TestHelperLogContains("Failed to convert label \"*\" of hostname \"*.example.com\" to its Unicode form: idna: disallowed rune U+002A", hook, t)

[ivankatliarchuk]

Will double check when have time just in case.

Fixes #5706

[ivankatliarchuk]

So I did testing once again. Was not able to reproduce

There's one catch: I was testing with the AWS provider, which doesn't actually use this method, which I was not aware off ;-)

[ivankatliarchuk]

/lgtm

cc: @mloiseleur

[mloiseleur]

/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mloiseleur

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [mloiseleur]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment