coredns/zones/ryanmalloy.com.zone
Ryan Malloy f8363e5ea7 zones: add explicit CNAME-to-apex for RFC 4592 empty-non-terminals
Wildcards in DNS only synthesize for names that don't already exist
in the zone tree. A `_acme-challenge.<sub>` TXT record makes <sub>
an "empty non-terminal" — exists in the tree (as a parent node) but
has no records of its own. Per RFC 4592 §2.2.3, wildcards skip these,
so RFC-compliant resolvers (HE, BIND) return NODATA for <sub> even
when the zone has `* CNAME @`.

Fix: for each <sub> that's an empty non-terminal in a zone with a
wildcard, add an explicit `<sub> CNAME @` so the resolution outcome
matches what the wildcard would have produced. Zero-knowledge — no
need to identify the specific service IP per name.

30 records added across 14 zones:
  acrazy.org (langfuse.dootie)
  context.bet (studio)
  copper-springs.online (docs.butler.dev)
  demostar.io (cw.cw, doom, meet)
  home-inspector.store (api, dashboard, mailpit)
  inspect.pics (admin)
  log.doctor (app, docs)
  malloys.us (cp, cp-sandbox, mary)
  nielsen-inspections.com (calendar, cw, files, v2-calendar)
  qubeseptic.com (api.dispatch, dispatch, leads, mail.dispatch,
                  rentcache.dispatch)
  ryanmalloy.com (c4ai)
  sidejob.pro (api)
  upc.llc (catalog, minio.or, or, s3)

CoreDNS (lenient) was returning the wildcard CNAME for these names
anyway; HE (strict RFC-compliant) was returning empty. After this
change, both behave identically.
2026-05-18 18:34:51 -06:00

22 lines
988 B
Dns

; Zone file for ryanmalloy.com
; Generated by mcp-vultr
$ORIGIN ryanmalloy.com.
$TTL 3600
300 IN NS ns1.vultr.com
300 IN NS ns2.vultr.com
300 IN A 108.61.229.209
l 300 IN CNAME rpm-bullet.mer.idahomuellers.net
*.l 300 IN CNAME rpm-bullet.mer.idahomuellers.net
* 300 IN CNAME ryanmalloy.com
300 IN MX 10 mail.supported.systems
300 IN TXT "v=spf1 mx a:mail.supported.systems ~all"
_dmarc 3600 IN TXT "v=DMARC1; p=quarantine; rua=mailto:reports@ryanmalloy.com; adkim=s; aspf=s;"
_acme-challenge.c4ai 300 IN TXT "sjdm_4JFJfjMQL2ZFb6k-S99gKOnxloIlDrAj15uNkQ"
_acme-challenge.timelinize.l 300 IN TXT "vX4WW3y7aZ6rmPnXWbxTtA5F5ZLE7559bvxbBTXm_Bc"
_acme-challenge.timelinize.l 300 IN TXT "pDaP_rq_CuetBDXERK4V_z80uXS2MKptX4dS-hsuzEk"
_acme-challenge.timelinize.l 300 IN TXT "bqdeHmt500XGMWUJ3zHrCd1MPmlBN_ySGyTTQWO5vJs"
; Explicit CNAMEs added to fix RFC 4592 empty-non-terminal cases
; (parent name has _acme-challenge children, so wildcard would skip it)
c4ai 300 IN CNAME ryanmalloy.com