What happened:
When creating a frontend NLB using ingress, the external-dns is associating the A record to the ALB DNS and not to the NLB DNS.

What you expected to happen:
external-dns should create the A record using the NLB DNS.

How to reproduce it (as minimally and precisely as possible):
Enable Frontend NLB on Ingress using AWS ALB Controller: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.13/guide/ingress/annotations/#enable-frontend-nlb

Make sure the ALB scheme is internal:

alb.ingress.kubernetes.io/scheme: internal

Environment:

• External-DNS version (use external-dns --version): v0.18.0
• DNS provider: Route 53

Additional notes

After some debugging I think I figured out the issue. This only happens when the ALB is internal. The internal- prefix is always added to the internal ALBs and not the NLBs.

Here is the external-dns log when the ALB is configured as internal:

time="2025-07-18T23:54:54Z" level=debug msg="Modifying endpoint: SUBDOMAIN.MYDOMAIN.COM 0 IN CNAME  internal-k8s-THIS-IS-MY-ALB.us-east-1.elb.amazonaws.com;k8s-THIS-IS-MY-nlb-0000000000.elb.us-east-1.amazonaws.com [], setting alias=true"

Notice both ALB;NLB domains:
internal-k8s-THIS-IS-MY-ALB.us-east-1.elb.amazonaws.com;k8s-THIS-IS-MY-nlb-0000000000.elb.us-east-1.amazonaws.com

And here is the log when the ALB is internet-facing:

time="2025-07-18T23:54:54Z" level=debug msg="Modifying endpoint: SUBDOMAIN.MYDOMAIN.COM 0 IN CNAME  k8s-THIS-IS-MY-nlb-0000000000.elb.us-east-1.amazonaws.com;k8s-THIS-IS-MY-ALB.us-east-1.elb.amazonaws.com [], setting alias=true"

Notice both NLB;ALB domains:
k8s-THIS-IS-MY-nlb-0000000000.elb.us-east-1.amazonaws.com;k8s-THIS-IS-MY-ALB.us-east-1.elb.amazonaws.com

It seems like external-dns tries to create using BOTH DNS, but Route 53 only accepts one, the first one. So when using internal ALB, that one appears first because of the alphabetical order.

Ideally external-dns should know that the A record should point to the NLB when the frontend NLB is enabled.