Lays the groundwork for a future CoreDNS rfc2136 plugin that will accept
TSIG-authenticated dynamic DNS updates from Caddy (via caddy-dns/rfc2136),
enabling self-hosted ACME DNS-01 cert automation without depending on
registrar APIs.
Nothing in this commit is active at runtime:
- Corefile additions are commented out
- coredns/Dockerfile references a plugin repo that doesn't exist yet
- scripts/acme-add-domain.sh just appends CNAME glue but has nothing
to talk to until the plugin is built
Architecture and implementation plan:
~/.claude/plans/dood-does-coredns-offer-enumerated-piglet.md
Secret management: TSIG key generated and stored in .env.local
(gitignored). .env.local.example documents the expected shape.
Ryan Malloy
48cddc91cf