Ryan Malloy
48cddc91cf
Lays the groundwork for a future CoreDNS rfc2136 plugin that will accept TSIG-authenticated dynamic DNS updates from Caddy (via caddy-dns/rfc2136), enabling self-hosted ACME DNS-01 cert automation without depending on registrar APIs. Nothing in this commit is active at runtime: - Corefile additions are commented out - coredns/Dockerfile references a plugin repo that doesn't exist yet - scripts/acme-add-domain.sh just appends CNAME glue but has nothing to talk to until the plugin is built Architecture and implementation plan: ~/.claude/plans/dood-does-coredns-offer-enumerated-piglet.md Secret management: TSIG key generated and stored in .env.local (gitignored). .env.local.example documents the expected shape.