Wildcards in DNS only synthesize for names that don't already exist
in the zone tree. A `_acme-challenge.<sub>` TXT record makes <sub>
an "empty non-terminal" — exists in the tree (as a parent node) but
has no records of its own. Per RFC 4592 §2.2.3, wildcards skip these,
so RFC-compliant resolvers (HE, BIND) return NODATA for <sub> even
when the zone has `* CNAME @`.
Fix: for each <sub> that's an empty non-terminal in a zone with a
wildcard, add an explicit `<sub> CNAME @` so the resolution outcome
matches what the wildcard would have produced. Zero-knowledge — no
need to identify the specific service IP per name.
30 records added across 14 zones:
acrazy.org (langfuse.dootie)
context.bet (studio)
copper-springs.online (docs.butler.dev)
demostar.io (cw.cw, doom, meet)
home-inspector.store (api, dashboard, mailpit)
inspect.pics (admin)
log.doctor (app, docs)
malloys.us (cp, cp-sandbox, mary)
nielsen-inspections.com (calendar, cw, files, v2-calendar)
qubeseptic.com (api.dispatch, dispatch, leads, mail.dispatch,
rentcache.dispatch)
ryanmalloy.com (c4ai)
sidejob.pro (api)
upc.llc (catalog, minio.or, or, s3)
CoreDNS (lenient) was returning the wildcard CNAME for these names
anyway; HE (strict RFC-compliant) was returning empty. After this
change, both behave identically.
60 lines
4.4 KiB
Dns
60 lines
4.4 KiB
Dns
; Zone file for qubeseptic.com
|
|
; Generated by mcp-vultr
|
|
$ORIGIN qubeseptic.com.
|
|
$TTL 3600
|
|
|
|
300 IN NS ns1.vultr.com
|
|
300 IN NS ns2.vultr.com
|
|
300 IN A 108.61.229.209
|
|
l 300 IN CNAME rpm-bullet.mer.idahomuellers.net
|
|
* 300 IN A 108.61.229.209
|
|
autoconfig 600 IN A 66.42.75.247
|
|
*.l 300 IN CNAME rpm-bullet.mer.idahomuellers.net
|
|
tw 300 IN CNAME lsct.ashburn.us1.twilio.com
|
|
300 IN MX 10 mail.supported.systems
|
|
jobs 300 IN MX 10 mail.supported.systems
|
|
300 IN TXT "google-site-verification=TPaiTqkSCw0vRKrgXVBTua7kyIOHsJkfCf1RHfGTEWY"
|
|
300 IN TXT "v=spf1 mx a:mail.supported.systems ~all"
|
|
dkim._domainkey 300 IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVZGFAou8+E8B7wpmc6ck4Y8Ydewp3uppPnvGVxeTpU9g7XtuUHH74iQiVxwkaW6Rx6/3LMPdkYQ9vjAy9TVYNVuBamVrzmVh0SQKv5oqxZPk6yP5gCD40G20fx0NvUwWadkfnMI8/vlCZ6W68WFxCrS+zi6AJl3sIbFZ4bEXlAAGZu2MihhVOryo3CBY80m8ksH1XuujK8MuiReJjhsYtA39/zQGm2D5xMKFrp+JtOU2U8kzCz+DZ63H3iOE3BuKkhMtsABrmrOfEc0LrayF0YRIjtERYOWGMulVy7vuriCztLSoV0dLLyNlvDBTQGrZcICq8zFX40BiBQyGebtSQIDAQAB"
|
|
_acme-challenge.pdfs.idaho.data.l 300 IN TXT "w2i5gOZBpprmIG4BT4qfhtZ5lyxroV_tIPGBQRx0h7U"
|
|
_acme-challenge.idaho.data.l 300 IN TXT "SZ4U7rs6InsuAUqo31RBlvsvJQO8rsnw4UAMD9ilir0"
|
|
_acme-challenge.idaho.data.l 300 IN TXT "bGf7a1zxcVPSPWjj_xik_Xk1EOc5mrNdy9Y6igC7sa0"
|
|
_acme-challenge.pdfs.idaho.data.l 300 IN TXT "ia5jwWwj2LB8u6Irboju1zE5Xgo7oW4C2EKZJ4AgdSk"
|
|
_acme-challenge.pdfs.idaho.data.l 300 IN TXT "0L13v3MqQt6JzvHBYXFpHr-71ZM-YcgHmysx4wy70M4"
|
|
_acme-challenge.pdfs.idaho.data.l 300 IN TXT "bGHSQ8kr0BxXP4kjpsTzR-NPQZ1z9SSbEbZyc4xmn3c"
|
|
_acme-challenge.pdfs.idaho.data.l 300 IN TXT "Yt4IOlPK1vdy5Q-s2TGNKA5e-fuEJQuomxjyS3vq9kM"
|
|
_acme-challenge.pdfs.idaho.data.l 300 IN TXT "8lJVr9anqgOeASfCeYZmkDACiRWmNlF6C39f1LQAj7s"
|
|
_acme-challenge.api.l 300 IN TXT "RGKdh-Sscvtlm1IF22RjeHFll2RnusLxRYEY523ab_k"
|
|
_acme-challenge.api.l 300 IN TXT "DFE62Que-naq_f8EHi6KMWMQ2KgMb-kIHrGwpgQ4VJU"
|
|
_acme-challenge.auth.leads.l 300 IN TXT "BM6OXZ0O1ehuOJsW9qiXKBVA4U_i9PIxpXOa85lxObc"
|
|
_acme-challenge.api.dispatch 300 IN TXT "FYfNYJleW7GF_B0TuSa7jRKy0UwWLRQr2vgbNzVmYRQ"
|
|
_acme-challenge.api.dispatch 300 IN TXT "0TI1UgqUV8RYPa7WJ922L_lueJOMfB9B9W0Ci06tMu8"
|
|
_acme-challenge.api.dispatch 300 IN TXT "RwzpAIDzF3gRaoffic8BjyAsIwfPiDkRR9FURcEZlAw"
|
|
_acme-challenge.mail.dispatch 300 IN TXT "IMu1pPsrsndOLGPHaIGk-d87UWdZ2XEOx5nB1TIC5V4"
|
|
_acme-challenge.mail.dispatch 300 IN TXT "YIEbEC-2HMVupAkqMzTfpoHGdxawh8mtlrNuu9uQo_U"
|
|
_acme-challenge.mail.dispatch 300 IN TXT "Ju-EKSL-csMJ5YtOD4tN_Xfzd4Dr8-Lr8GpYacxXsU4"
|
|
_acme-challenge.dispatch 300 IN TXT "FgyBNrpL75bXhU6VYhnGxA1nEIx66i87z1MrjrbwkvE"
|
|
_twilio 300 IN TXT "twilio-domain-verification=90d2b1c2eb2f73eaadd26dcf19548886"
|
|
_twilio.tw 300 IN TXT "twilio-domain-verification=90d2b1c2eb2f73eaadd26dcf19548886"
|
|
_acme-challenge.rentcache.dispatch 300 IN TXT "K_KbhgTrWk18emFEHdDP9dLR276uU0a0US2I-MyutTo"
|
|
_dmarc 3600 IN TXT "v=DMARC1;p=reject;sp=reject;rua=mailto:dmarc-report@qubeseptic.com;ruf=mailto:dmarc-failures@qubeseptic.com;aspf=s;adkim=s;fo=1;"
|
|
jobs 300 IN TXT "v=spf1 mx a:mail.supported.systems ~all"
|
|
dkim._domainkey.jobs 300 IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVZGFAou8+E8B7wpmc6ck4Y8Ydewp3uppPnvGVxeTpU9g7XtuUHH74iQiVxwkaW6Rx6/3LMPdkYQ9vjAy9TVYNVuBamVrzmVh0SQKv5oqxZPk6yP5gCD40G20fx0NvUwWadkfnMI8/vlCZ6W68WFxCrS+zi6AJl3sIbFZ4bEXlAAGZu2MihhVOryo3CBY80m8ksH1XuujK8MuiReJjhsYtA39/zQGm2D5xMKFrp+JtOU2U8kzCz+DZ63H3iOE3BuKkhMtsABrmrOfEc0LrayF0YRIjtERYOWGMulVy7vuriCztLSoV0dLLyNlvDBTQGrZcICq8zFX40BiBQyGebtSQIDAQAB"
|
|
_acme-challenge.leads 300 IN TXT "b24y9q6jcLxVc3E3ItxJBAmd1G1yClQ6kf-vYhzzkhk"
|
|
_acme-challenge.leads 300 IN TXT "0MwwP6kHZhTRdxpYs6SP5l2xvKWYKXJvhwP_UsYg8kg"
|
|
_acme-challenge 300 IN TXT "IUHPs530qhNQgx9IYh9uyg12hSLE4-IWXVVa35QHvdA"
|
|
_imap._tcp 600 IN SRV 20 0 143 mail.supported.systems
|
|
_pop3._tcp 600 IN SRV 20 0 110 mail.supported.systems
|
|
_submission._tcp 600 IN SRV 20 0 587 mail.supported.systems
|
|
_autodiscover._tcp 600 IN SRV 10 0 443 mail.supported.systems
|
|
_submissions._tcp 600 IN SRV 10 0 465 mail.supported.systems
|
|
_imaps._tcp 600 IN SRV 10 0 993 mail.supported.systems
|
|
_pop3s._tcp 600 IN SRV 10 0 995 mail.supported.systems
|
|
; Explicit CNAMEs added to fix RFC 4592 empty-non-terminal cases
|
|
; (parent name has _acme-challenge children, so wildcard would skip it)
|
|
api.dispatch 300 IN CNAME qubeseptic.com
|
|
dispatch 300 IN CNAME qubeseptic.com
|
|
leads 300 IN CNAME qubeseptic.com
|
|
mail.dispatch 300 IN CNAME qubeseptic.com
|
|
rentcache.dispatch 300 IN CNAME qubeseptic.com
|