rsp2k/coredns
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
coredns/zones/nielsen-inspections.com.zone
Ryan Malloy f8363e5ea7 zones: add explicit CNAME-to-apex for RFC 4592 empty-non-terminals 
Wildcards in DNS only synthesize for names that don't already exist
in the zone tree. A `_acme-challenge.<sub>` TXT record makes <sub>
an "empty non-terminal" — exists in the tree (as a parent node) but
has no records of its own. Per RFC 4592 §2.2.3, wildcards skip these,
so RFC-compliant resolvers (HE, BIND) return NODATA for <sub> even
when the zone has `* CNAME @`.

Fix: for each <sub> that's an empty non-terminal in a zone with a
wildcard, add an explicit `<sub> CNAME @` so the resolution outcome
matches what the wildcard would have produced. Zero-knowledge — no
need to identify the specific service IP per name.

30 records added across 14 zones:
  acrazy.org (langfuse.dootie)
  context.bet (studio)
  copper-springs.online (docs.butler.dev)
  demostar.io (cw.cw, doom, meet)
  home-inspector.store (api, dashboard, mailpit)
  inspect.pics (admin)
  log.doctor (app, docs)
  malloys.us (cp, cp-sandbox, mary)
  nielsen-inspections.com (calendar, cw, files, v2-calendar)
  qubeseptic.com (api.dispatch, dispatch, leads, mail.dispatch,
                  rentcache.dispatch)
  ryanmalloy.com (c4ai)
  sidejob.pro (api)
  upc.llc (catalog, minio.or, or, s3)

CoreDNS (lenient) was returning the wildcard CNAME for these names
anyway; HE (strict RFC-compliant) was returning empty. After this
change, both behave identically.
2026-05-18 18:34:51 -06:00

51 lines
3.1 KiB
Dns
Raw Blame History

; Zone file for nielsen-inspections.com
; Generated by mcp-vultr
$ORIGIN nielsen-inspections.com.
$TTL 3600
300 IN NS ns1.vultr.com
300 IN NS ns2.vultr.com
* 300 IN A 74.91.22.234
300 IN A 74.91.22.234
new 300 IN A 74.91.22.232
74.91.22.232 300 IN A 74.91.22.232
l 300 IN A 127.0.0.1
*.l 300 IN A 127.0.0.1
supabase 300 IN CNAME supabase.supported.systems
quote 300 IN CNAME nielsen-inspections.inspect.systems
docs 300 IN CNAME nielsen-inspections.inspect.systems
docs-sandbox 300 IN CNAME nielsen-inspections.inspect.systems
300 IN MX 10 mail.supported.systems
nielsen-inspections.com_report._dmarc.mail 3600 IN TXT "v=DMARC1"
300 IN TXT "v=spf1 mx a:mail.supported.systems ~all"
dkim._domainkey 300 IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGPt3zH0RxxDUW1Wg+3FOKIYNQy5vo/hvbPB/U6O7hh5K/SnQ2MDPfnL3B+Ur3kKmYFcSTdVMotr9Ds7wRJWFv49oK4f4VKxfoBD8Sh9GrJDNDM+g86h8M1v3cWKLdeRa+UczJDLRb9wwW8eRR17OQafqGupN0ZbsazbZwTrC5z/RZlLBtEMsIceWwHPhR+H3Bl9rH2t1RQSjbD2A9fM5EPXeVvzn9SwDpxgfMRfs7/k/prPASxW0/8Bun3k2BOzOjP/H4v509xTJOn/6S5eC2QJ47hw5XsjOu1j9Fy2YqUkgDpcrqLiS5K/7E+BSWURitfuxAamv+vkTfrbU3D0lQIDAQAB"
_acme-challenge.new 300 IN TXT "-hHWyBLh_3qyIy1gYFSifjgOAbmN2t3OU2I_232rVNU"
_acme-challenge.new 300 IN TXT "WQbACLatgQG_0Z3IrbcMMjzOleV5El5NUp8gTJuHd0A"
_acme-challenge.quote 300 IN TXT "TzAjFo4FnUXIk17rqA3JORGFcijweOUzkIM0MXaIzTs"
_acme-challenge.v2-calendar 300 IN TXT "H9U_cMG3N7Gc4I0pjqa7EzSqYKQ00XBVFcHb8QfsLxM"
_acme-challenge.docs 300 IN TXT "1AvKwRWSpEV25IXoZmUfWKX883e3xT6jZr07BwR_a04"
_acme-challenge.docs-sandbox 300 IN TXT "R0yh7Y_ukrPAiz4cH0qJEsIgZrswDLkTozEcttqJftg"
_acme-challenge.quote 300 IN TXT "tt8NsMRClprrM7K-sK2j91br89aAomPj8qFqb81g5UI"
_acme-challenge.cw 300 IN TXT "L638gX_M8v9SwXjupi00RzHvWblePIudowgIr5xbo6o"
_acme-challenge.docs 300 IN TXT "w4s8Veq9FptmGDE0WIutO0h6_zt3D3ndNWPVJPHXTHw"
_acme-challenge.calendar 300 IN TXT "DAUuB6i8LyY4IaoiJ_XiMnOJ3O_S7urMAGuFIJsf8ig"
_acme-challenge.docs-sandbox 300 IN TXT "SUBS6xJA7Uy8ODqw2i2Fz1TUwtCo5OQUn8fSyvyCiZA"
_acme-challenge.v2-calendar 300 IN TXT "g_rNWANJWsRksMMdO6PNvI3J1Rya__wsNPxyW58jr6E"
_acme-challenge 300 IN TXT "fAZB7TmCVq0Y6KB4Qc2PpWPtAL4LiYtpa0olUNpSwsM"
_acme-challenge 300 IN TXT "n_YyCywZHO0VDSMF9bqz-8j1igZ2yzRJKeA6rZNXWaE"
_acme-challenge 300 IN TXT "4W7uXnvXNn8IApnBZBxLNBWWwRzWRcbqJ9JWN2J4WQ4"
_acme-challenge 300 IN TXT "HhvzxJ5Cysj8Ox3OqiIrY5wjjiFPZre4fYm64Afj7hk"
_acme-challenge 300 IN TXT "xbf-CdITyy0wb5PdUBlPCf7UkrqbgzxyUv_sL_0Luls"
_acme-challenge 300 IN TXT "hypwHEiuySqH_kUPJsU7oNQLFI25zRS9hTd2fTinn24"
_acme-challenge 300 IN TXT "rf2G1O-_2lWOD3YVIDzsCf-3SjeOW4xQkijU6S-peg8"
_acme-challenge 300 IN TXT "_OarPKPxYMpsvT_VuAKVkJoxP1vQmqMMRESOwpPflbg"
_acme-challenge 300 IN TXT "06at-8AT6CKT6Cbn5JEfASqOyiqx2T-PfvYlg4O86Bo"
_acme-challenge 300 IN TXT "8YYbiZ4dEbfK0KKrVWl81ZCdamED1a9b_3we2JEl-rE"
_acme-challenge.files 300 IN TXT "nckNo7UBhAFgevwMvQ85niQIiXuU37FoLK3XVECZzfk"
; Explicit CNAMEs added to fix RFC 4592 empty-non-terminal cases
; (parent name has _acme-challenge children, so wildcard would skip it)
calendar 300 IN CNAME nielsen-inspections.com
cw 300 IN CNAME nielsen-inspections.com
files 300 IN CNAME nielsen-inspections.com
v2-calendar 300 IN CNAME nielsen-inspections.com
Reference in New Issue View Git Blame Copy Permalink