rsp2k/coredns
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
coredns/zones/upc.llc.zone
Ryan Malloy f8363e5ea7 zones: add explicit CNAME-to-apex for RFC 4592 empty-non-terminals 
Wildcards in DNS only synthesize for names that don't already exist
in the zone tree. A `_acme-challenge.<sub>` TXT record makes <sub>
an "empty non-terminal" — exists in the tree (as a parent node) but
has no records of its own. Per RFC 4592 §2.2.3, wildcards skip these,
so RFC-compliant resolvers (HE, BIND) return NODATA for <sub> even
when the zone has `* CNAME @`.

Fix: for each <sub> that's an empty non-terminal in a zone with a
wildcard, add an explicit `<sub> CNAME @` so the resolution outcome
matches what the wildcard would have produced. Zero-knowledge — no
need to identify the specific service IP per name.

30 records added across 14 zones:
  acrazy.org (langfuse.dootie)
  context.bet (studio)
  copper-springs.online (docs.butler.dev)
  demostar.io (cw.cw, doom, meet)
  home-inspector.store (api, dashboard, mailpit)
  inspect.pics (admin)
  log.doctor (app, docs)
  malloys.us (cp, cp-sandbox, mary)
  nielsen-inspections.com (calendar, cw, files, v2-calendar)
  qubeseptic.com (api.dispatch, dispatch, leads, mail.dispatch,
                  rentcache.dispatch)
  ryanmalloy.com (c4ai)
  sidejob.pro (api)
  upc.llc (catalog, minio.or, or, s3)

CoreDNS (lenient) was returning the wildcard CNAME for these names
anyway; HE (strict RFC-compliant) was returning empty. After this
change, both behave identically.
2026-05-18 18:34:51 -06:00

52 lines
2.5 KiB
Dns
Raw Blame History

; Zone file for upc.llc
; Generated by mcp-vultr
$ORIGIN upc.llc.
$TTL 3600
300 IN NS ns1.vultr.com
300 IN NS ns2.vultr.com
l 300 IN A 127.0.0.1
300 IN A 108.61.229.209
* 300 IN A 108.61.229.209
300 IN AAAA 2001:19f0:5c01:12ca:5400:5ff:fe35:a427
* 300 IN AAAA 2001:19f0:5c01:12ca:5400:5ff:fe35:a427
*.l 300 IN CNAME l.upc.llc
mail 300 IN CNAME mail.supported.systems
autoconfig 600 IN CNAME mail.upc.llc
*.portal.l 300 IN CNAME portal.l.upc.llc
*.s3 300 IN CNAME s3.upc.llc
*.report.l 300 IN CNAME report.l.upc.llc
*.report 300 IN CNAME report.upc.llc
300 IN MX 10 upc.llc
300 IN MX 10 mail.supported.systems
_acme-challenge.l 300 IN TXT "LZGNwW9DGUuN2ly0vm5czSrRIG20lqx--6Gd4j1x71w"
_acme-challenge.l 300 IN TXT "sSIwSVfZ2ceW8ie8aYXrzf73iEWMZSXl9e6ogxFQNCc"
_acme-challenge.l 300 IN TXT "Z4fh4rHw8d-GR-L3cnocj8o-8OpI5GccMwWRQiUnPd0"
_acme-challenge.l 300 IN TXT "8kd2q8Ib7DFvq8SAGsKTtxU2qLV7L8E_ePD8Ww2MVfA"
_acme-challenge.l 300 IN TXT "q-aWCBE1lMD0_xcNzwWydAW7bk3tLzMIWYi2z0WapWE"
_acme-challenge.l 300 IN TXT "p3G13Tmd-S47IDPo2Zjq4NJjQZ9qJyZw_izjte3Y9ps"
_acme-challenge.www.l 300 IN TXT "9vR7zAbgH0Tbfhmz5Mi94XtjS1St8r7ZOulkgn1Jo_s"
300 IN TXT "v=spf1 include:mail.supported.systems ~all"
_acme-challenge.s3 300 IN TXT "e_fyF4DWbCUGErurD1HxCWY67I5868wAODGSbqR2CKE"
_acme-challenge.oscar-admin.l 300 IN TXT "CuCSK7VwXgrIkFCniISQTysR9YasyYZGGR_npvLkvTM"
_acme-challenge.or 300 IN TXT "sZUOOMwyY7i0iBeGJDvT770cbxYBZ1YTcJhVSgAm8PM"
_acme-challenge.minio.or 300 IN TXT "lr9ZZF6wZD2w_yjXPmi651_4tqKgegBE86n7ZwKFkRQ"
_acme-challenge 300 IN TXT "uuhLgoMHHvVoMzRPm0mncCFVMqZA1CIu24uIyEqEnbE"
_acme-challenge.catalog 300 IN TXT "SrMSL___IIdzxTKRJY4TNIv3Wf8HMh_S63IfR23WVvk"
_acme-challenge.catalog 300 IN TXT "BKP8F679sa2ThAFBNI0Ki112cOKfrBVRsnKPMbC1PHU"
_acme-challenge.report-1.l 300 IN TXT "47OK-_UnAAr0EwrRDdqbVcB10PNzoMTixEhxrRJKVO4"
_acme-challenge.notes.report-1.l 300 IN TXT "a-1AbHE3CnlEXnyMxFGX51GbC0UxcAACYeOmUWlwXE0"
_imap._tcp 600 IN SRV 20 0 143 mail.upc.llc.
_pop3._tcp 600 IN SRV 20 0 110 mail.upc.llc.
_submission._tcp 600 IN SRV 20 0 587 mail.upc.llc.
_autodiscover._tcp 600 IN SRV 10 0 443 mail.upc.llc.
_submissions._tcp 600 IN SRV 10 0 465 mail.upc.llc.
_imaps._tcp 600 IN SRV 10 0 993 mail.upc.llc.
_pop3s._tcp 600 IN SRV 10 0 995 mail.upc.llc.
; Explicit CNAMEs added to fix RFC 4592 empty-non-terminal cases
; (parent name has _acme-challenge children, so wildcard would skip it)
catalog 300 IN CNAME upc.llc
minio.or 300 IN CNAME upc.llc
or 300 IN CNAME upc.llc
s3 300 IN CNAME upc.llc
Reference in New Issue View Git Blame Copy Permalink