Ryan Malloy
f8363e5ea7
Wildcards in DNS only synthesize for names that don't already exist
in the zone tree. A `_acme-challenge.<sub>` TXT record makes <sub>
an "empty non-terminal" — exists in the tree (as a parent node) but
has no records of its own. Per RFC 4592 §2.2.3, wildcards skip these,
so RFC-compliant resolvers (HE, BIND) return NODATA for <sub> even
when the zone has `* CNAME @`.
Fix: for each <sub> that's an empty non-terminal in a zone with a
wildcard, add an explicit `<sub> CNAME @` so the resolution outcome
matches what the wildcard would have produced. Zero-knowledge — no
need to identify the specific service IP per name.
30 records added across 14 zones:
acrazy.org (langfuse.dootie)
context.bet (studio)
copper-springs.online (docs.butler.dev)
demostar.io (cw.cw, doom, meet)
home-inspector.store (api, dashboard, mailpit)
inspect.pics (admin)
log.doctor (app, docs)
malloys.us (cp, cp-sandbox, mary)
nielsen-inspections.com (calendar, cw, files, v2-calendar)
qubeseptic.com (api.dispatch, dispatch, leads, mail.dispatch,
rentcache.dispatch)
ryanmalloy.com (c4ai)
sidejob.pro (api)
upc.llc (catalog, minio.or, or, s3)
CoreDNS (lenient) was returning the wildcard CNAME for these names
anyway; HE (strict RFC-compliant) was returning empty. After this
change, both behave identically.
47 lines
2.9 KiB
Dns
47 lines
2.9 KiB
Dns
; Zone file for malloys.us
|
|
; Generated by mcp-vultr
|
|
$ORIGIN malloys.us.
|
|
$TTL 3600
|
|
|
|
300 IN NS ns1.vultr.com
|
|
300 IN NS ns2.vultr.com
|
|
300 IN A 74.91.22.234
|
|
dev.mary 300 IN CNAME rpm-bullet.mer.idahomuellers.net
|
|
* 300 IN CNAME malloys.us
|
|
*.dev.mary 300 IN CNAME dev.mary.malloys.us
|
|
vault 300 IN CNAME idahomuellers.fortiddns.com
|
|
300 IN MX 10 smtp.google.com
|
|
dkim._domainkey 300 IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAioX3DstYBuThEEyFs/o7m4HqsaImxMJRC7o12FvX90btr7c3RXkvRzY9sawhW3O0XmhfaJfZ/Gho0ng2RwKLEdYQcnoSJaYwV+3ERvdDBwlDgBNgUs9ODmP10HELpsgRg+sNoBClZNXXuT+pkuQhRpvVz9KQWRSsHvhh5ZUCTmx4vdC9WskvfqWxgC39qScEBLylqoCYjkzIk+ByYc8X9rSUzKZ2HaHMLTlzei1k16QiLgwPHa8QRPDWsH8joIg8XW3SiLDRrwfub+lZRe5d7V+13HO76k9LXMNzG4kSAwxvDMWnfD2iki3x7tQ/CFfdcsLUDfbuRy7d3JKwMZDsbQIDAQAB"
|
|
_acme-challenge.cp 300 IN TXT "I8y77h78LeuG7H8CpyELFfgHjfWBcd0VRkPAYboV5Mg"
|
|
_acme-challenge.cp-sandbox 300 IN TXT "LUNk008FKra7ifgL61DV681kmo4wThRJb6zG4t1mDww"
|
|
_acme-challenge.cp 300 IN TXT "d3iE6aJJRzKE3iFajLg_67oYeskj_XLDNuxKt6BuG3c"
|
|
300 IN TXT "v=spf1 include:_spf.google.com ~all"
|
|
300 IN TXT "v=DMARC1; p=none; rua=mailto:dmarc@malloys.us"
|
|
_acme-challenge 300 IN TXT "dFdOw5R4dkuNvN0SokI5v5cQbIihwCyiHu_gIxzbAo0"
|
|
_acme-challenge 300 IN TXT "2ErkGT83BzfrsCKFhutetQMIsnzIwcvTKJ8kkcfcJ8k"
|
|
_acme-challenge 300 IN TXT "UEsEmtEazgpBNfB_qbCNqG1r9rKWUvzyoCQHpTvYPQA"
|
|
_acme-challenge 300 IN TXT "ABpU2SvJB2NXJnT8H0mxA3v1ZHTZ2dV0uGk5f7OWmIA"
|
|
_acme-challenge.mary 300 IN TXT "2CWi2TUBWh8DB3_9j7lBqp38LQuHQMHg1OChIkJMh8w"
|
|
_acme-challenge 300 IN TXT "x8vlYMJWYIgz1Rr3VAD_Mu0zFEI2cIdzGIk9yqxAmac"
|
|
_acme-challenge.mary 300 IN TXT "j8TCDhOlM5hqjpY4pOvqCCocTk7rwM4oLMbPQhONoi8"
|
|
_acme-challenge 300 IN TXT "vcY8gFPeDdJM6It5F7fb1N4cUJyGzleKB0EZtwFghgs"
|
|
_acme-challenge.mary 300 IN TXT "gFg4W4aKHTKkKO4onTecKr_5uzFCFZccSqhM4BZ76_0"
|
|
_acme-challenge.mary 300 IN TXT "X5vEo2glHx67KX5xiBmM8yAo3YogrfQrAKNIv2ZcJJk"
|
|
acrazy-verification 300 IN TXT "eac154yffy1eg05ual8bh8vpgh08ilru"
|
|
_acme-challenge 300 IN TXT "tVRBw_rb8e1h_0YX3xDtATGHG4jyvq9TykufAeGmIbM"
|
|
_acme-challenge 300 IN TXT "ZJs4qgRRnf1YuQeZLy5Dwf7VpiyOHe7ghioHtinlyek"
|
|
_acme-challenge.mary 300 IN TXT "pDLt0kQp2dWyiDW561Tg-AyHzxVaZuL1aIb2HaWbjrI"
|
|
_acme-challenge 300 IN TXT "Ui5iYPzijZedzfh4xwnsGi-5FM6xY-hPvXCW9FXjf-A"
|
|
_acme-challenge.mary 300 IN TXT "1Jjpl48uAiifbvdYOt984aFJYL_nuGfD3M-MkZxLq9M"
|
|
_acme-challenge.mary 300 IN TXT "yrYnGc8ljy7ovKGBlP4sJpA__8tsze7c-QM6dvUPmhE"
|
|
_acme-challenge 300 IN TXT "hPz_OIZGc2qyHrNMGkPCXDf4ML4bv67P_ojmb-ed6gM"
|
|
_acme-challenge 300 IN TXT "mzrirf7ykU_V_6mh38Q664h_yg3AEVA88tQRE7YGOUc"
|
|
_acme-challenge 300 IN TXT "v4oJppz3N-D9IEBw0faQ54pg7WsLmDNua7bVgQWVmpw"
|
|
_acme-challenge 300 IN TXT "OlN30ETZq9etulzl9lOMTDvWQ4Frpq2NlyGOx5kpB_I"
|
|
300 IN TXT "openai-domain-verification=dv-pa82Ps1fOTq50Ad2crkhWWTv"
|
|
; Explicit CNAMEs added to fix RFC 4592 empty-non-terminal cases
|
|
; (parent name has _acme-challenge children, so wildcard would skip it)
|
|
cp 300 IN CNAME malloys.us
|
|
cp-sandbox 300 IN CNAME malloys.us
|
|
mary 300 IN CNAME malloys.us
|