Ryan Malloy
f8363e5ea7
Wildcards in DNS only synthesize for names that don't already exist
in the zone tree. A `_acme-challenge.<sub>` TXT record makes <sub>
an "empty non-terminal" — exists in the tree (as a parent node) but
has no records of its own. Per RFC 4592 §2.2.3, wildcards skip these,
so RFC-compliant resolvers (HE, BIND) return NODATA for <sub> even
when the zone has `* CNAME @`.
Fix: for each <sub> that's an empty non-terminal in a zone with a
wildcard, add an explicit `<sub> CNAME @` so the resolution outcome
matches what the wildcard would have produced. Zero-knowledge — no
need to identify the specific service IP per name.
30 records added across 14 zones:
acrazy.org (langfuse.dootie)
context.bet (studio)
copper-springs.online (docs.butler.dev)
demostar.io (cw.cw, doom, meet)
home-inspector.store (api, dashboard, mailpit)
inspect.pics (admin)
log.doctor (app, docs)
malloys.us (cp, cp-sandbox, mary)
nielsen-inspections.com (calendar, cw, files, v2-calendar)
qubeseptic.com (api.dispatch, dispatch, leads, mail.dispatch,
rentcache.dispatch)
ryanmalloy.com (c4ai)
sidejob.pro (api)
upc.llc (catalog, minio.or, or, s3)
CoreDNS (lenient) was returning the wildcard CNAME for these names
anyway; HE (strict RFC-compliant) was returning empty. After this
change, both behave identically.
45 lines
2.4 KiB
Dns
45 lines
2.4 KiB
Dns
; Zone file for acrazy.org
|
|
; Generated by mcp-vultr
|
|
$ORIGIN acrazy.org.
|
|
$TTL 3600
|
|
|
|
300 IN NS ns1.vultr.com
|
|
300 IN NS ns2.vultr.com
|
|
300 IN A 74.91.22.234
|
|
or 300 IN A 74.91.22.233
|
|
l 300 IN CNAME rpm-bullet.mer.idahomuellers.net
|
|
*.l 300 IN CNAME rpm-bullet.mer.idahomuellers.net
|
|
b 300 IN A 108.61.229.209
|
|
dootie 300 IN A 108.61.229.209
|
|
* 300 IN CNAME acrazy.org
|
|
*.dootie 300 IN CNAME dootie.acrazy.org
|
|
300 IN MX 10 acrazy.org
|
|
_acme-challenge 300 IN TXT "eIA2Ii4EA7cfmjVcTUvOrM5nc4nFRRYpjvxtpEYzPG4"
|
|
_acme-challenge 300 IN TXT "DQxkmE7D658WT3-MR5xa7x5NW85L0C8Xq80Iv9-ZF60"
|
|
_acme-challenge 300 IN TXT "uOz583TEOpuME0AiJgaZYusECS8VDCP55yBuGw9WL58"
|
|
_acme-challenge 300 IN TXT "0ZDa-kNYA-D5qM2c2_RwUJppwIVhbfV4kPw_urWCXzU"
|
|
_acme-challenge 300 IN TXT "nMa6SYDLhc7zUxoj7HzF-eYj3kesGoG7JLH3WnIB6Os"
|
|
_acme-challenge 300 IN TXT "rDK5pFvMHlH4NFc0L4q3g9DpLfBaO39LlXFg7UnFYBs"
|
|
_acme-challenge 300 IN TXT "9TYcG6wfz4wuSE6OoYWDP6GeUs7zNaow0YfBHSmZUAM"
|
|
_acme-challenge 300 IN TXT "Ogv1O_ccYh_NcA_GZ0c-rnBn1C-2HqBvywZL-GmkZi0"
|
|
_acme-challenge 300 IN TXT "gs1ib1BZWPhJnl9P2cHg8DVp4exQzRlWuK5nsojkN8w"
|
|
_acme-challenge 300 IN TXT "T1vpnm26TqUVmekX10TSuPkoVsh6Npn7Q3SLqfwsd9U"
|
|
_acme-challenge 300 IN TXT "tSKgr-3mIycjPBkCH0biEL7bwSOmyLHosWaYBZlDD1I"
|
|
_acme-challenge 300 IN TXT "pT2NA1Wy_7IsxvMhsB6RX8Q0v2-gI1asl6L_mWwTCCE"
|
|
_acme-challenge 300 IN TXT "2898oFCfWYJEz6ftWLL7qEMh8-eT_uQleSWiVHalEmk"
|
|
_acme-challenge 300 IN TXT "mg55APlmRSX2MhRXLsY7E4JjIlQ2rxV5n68dltG7gLs"
|
|
_acme-challenge.mc.l 300 IN TXT "iluaJ10DaYv9nLYOtqLJ5QAfdfv9f7N2lGT1rVk7mZg"
|
|
_acme-challenge.mc.l 300 IN TXT "BEecbLO_EBYf4F31Vbf_LTQSJuBLBbgcMglQRanJv6U"
|
|
_acme-challenge.mc.l 300 IN TXT "vgjdoUmdabr6iWKuA7jGpCFfE9W03qCM0RVLn1nQRWQ"
|
|
_acme-challenge.api.l 300 IN TXT "3kFf8Z9fM8dtjRbb-OFcjNfkzfu-DShkMm0hdzxRaOI"
|
|
_acme-challenge.l 300 IN TXT "3wseUmaL1PND6qn3HzTnQF_uaegJ-VHI1voFGw5j4Fs"
|
|
_acme-challenge.l 300 IN TXT "0HXwA0Ij6K5pVWO6Liv9j3nzvZyiH6HONcgREA2UDaA"
|
|
_acme-challenge.l 300 IN TXT "WmE8LR03vR1ua26QK58PxCmfxQ-_369sXIezIr8cNoM"
|
|
_acme-challenge.l 300 IN TXT "Ike1gqcB3VI7WwKoH3T8zqbpYSo2qRPrq0iqzB5wmFU"
|
|
_acme-challenge.langfuse.dootie 300 IN TXT "1WJ-mHJ2SQuuC5CgxbYY6euwiMZm1dVicfIkeluovTY"
|
|
_acme-challenge.dootie.l 300 IN TXT "uW30ozl6AKA_q9FWPlvaxuwbgBJ-TgTsXxA3JFtn0tg"
|
|
_acme-challenge.langfuse.dootie.l 300 IN TXT "P6tOVfwB8OBbI6AqnIuHXKQc05FjuABhGihUHwzpMOs"
|
|
; Explicit CNAMEs added to fix RFC 4592 empty-non-terminal cases
|
|
; (parent name has _acme-challenge children, so wildcard would skip it)
|
|
langfuse.dootie 300 IN CNAME acrazy.org
|