rsp2k/coredns
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
coredns/zones/context.bet.zone
Ryan Malloy f8363e5ea7 zones: add explicit CNAME-to-apex for RFC 4592 empty-non-terminals 
Wildcards in DNS only synthesize for names that don't already exist
in the zone tree. A `_acme-challenge.<sub>` TXT record makes <sub>
an "empty non-terminal" — exists in the tree (as a parent node) but
has no records of its own. Per RFC 4592 §2.2.3, wildcards skip these,
so RFC-compliant resolvers (HE, BIND) return NODATA for <sub> even
when the zone has `* CNAME @`.

Fix: for each <sub> that's an empty non-terminal in a zone with a
wildcard, add an explicit `<sub> CNAME @` so the resolution outcome
matches what the wildcard would have produced. Zero-knowledge — no
need to identify the specific service IP per name.

30 records added across 14 zones:
  acrazy.org (langfuse.dootie)
  context.bet (studio)
  copper-springs.online (docs.butler.dev)
  demostar.io (cw.cw, doom, meet)
  home-inspector.store (api, dashboard, mailpit)
  inspect.pics (admin)
  log.doctor (app, docs)
  malloys.us (cp, cp-sandbox, mary)
  nielsen-inspections.com (calendar, cw, files, v2-calendar)
  qubeseptic.com (api.dispatch, dispatch, leads, mail.dispatch,
                  rentcache.dispatch)
  ryanmalloy.com (c4ai)
  sidejob.pro (api)
  upc.llc (catalog, minio.or, or, s3)

CoreDNS (lenient) was returning the wildcard CNAME for these names
anyway; HE (strict RFC-compliant) was returning empty. After this
change, both behave identically.
2026-05-18 18:34:51 -06:00

36 lines
2.0 KiB
Dns
Raw Blame History

; Zone file for context.bet
; Generated by mcp-vultr
$ORIGIN context.bet.
$TTL 3600
300 IN NS ns1.vultr.com
300 IN NS ns2.vultr.com
300 IN A 74.91.22.234
* 300 IN CNAME context.bet
300 IN MX 10 context.bet
_acme-challenge.studio 300 IN TXT "Li380TywS7mThEIWuivl7P2Zkt3xM5Ug_dYEa-oN238"
_acme-challenge.studio 300 IN TXT "KHzdoVgJnWS-pYx0MFaeqzMxkAKMIffHYBE-FgV_gz8"
_acme-challenge 300 IN TXT "YvpqyCHZnlMxlA5I7PJu4FXLXRlObIdvTmd07P_Hctg"
_acme-challenge 300 IN TXT "v69JehSdw3zzXbpMXt78_ehOwyK_lB95xazpar9QCUw"
_acme-challenge.studio 300 IN TXT "-jLi-_E2LQeDcK-90-AsaMSmjIwVuqSpG_Ec6Caqy0k"
_acme-challenge 300 IN TXT "8hQvvSl-TOe9-1zh-SX0MuqBdNLkcEA_-qreWrJfCCc"
_acme-challenge 300 IN TXT "oidj3oOo-olO9H9lGoM4Nz4b9Uu5StG7N9Rl9sr23jA"
_acme-challenge.studio 300 IN TXT "iDNJ2D5UE1OdScdVr_lP4uzZMxIqsdnM7a8aVqIT19k"
_acme-challenge.studio 300 IN TXT "ycghCSKyjTMG4bvykVnTvQcphzWN5eYg00dUfnqVSFc"
_acme-challenge 300 IN TXT "XyNd3vAko2O8Mkcyls7doan9uW5lG35SGPv-SmyxivQ"
_acme-challenge 300 IN TXT "bzSz7HZ4JgWEroq1WfsIvQRR1zgjQy12BRjUhYqGFBw"
_acme-challenge.studio 300 IN TXT "99qVcWYwN_XUWXC586zZppJi5cLPfQfivCeRhXXbRqw"
_acme-challenge 300 IN TXT "p1ZqtSwtskcGdDNXB5q2s8tvKD2vm7vptvQNGjmXY1M"
_acme-challenge 300 IN TXT "G2GOJARalsSvrMPBxNB8dHHK2hfSEvuZJ6BiH-n2uIs"
_acme-challenge.studio 300 IN TXT "Td4SJyBCFrlG0A7fkzg7NXgxyK1ZJ6dzD2tb4UwcmcU"
_acme-challenge.studio 300 IN TXT "nV2gUz5waLhkPJIyL_MC1wtPOjivETBxYQhVYehZIX0"
_acme-challenge 300 IN TXT "uKLKmUQtvlP5ma77toyn8rtmM4dHdqUQdQIW5pSHHUU"
_acme-challenge 300 IN TXT "8lJ4Ury26qHtSwLaABC9UB_ZdFja3ZmujmUg7-5Y4Bg"
_acme-challenge 300 IN TXT "FSMb7Ru6xgzIIUvlzSzzVnOsGQD2Dgxm_qhx6hyymnE"
_acme-challenge 300 IN TXT "yB9kMNkHqVDe5vMvkgN5SFxiXgDSlSyUgldfW971BXw"
_acme-challenge 300 IN TXT "dpheXmHW0vH_NW5t8Ie_OWXiJkZT0l2U2Yu9w5n5uZg"
_acme-challenge 300 IN TXT "K6DYSkbn2Fk_P0fA1fxbIZszce4NzjTtgodaUNxDS1w"
; Explicit CNAMEs added to fix RFC 4592 empty-non-terminal cases
; (parent name has _acme-challenge children, so wildcard would skip it)
studio 300 IN CNAME context.bet
Reference in New Issue View Git Blame Copy Permalink