technitium: mirror most.viktorbarzin.me into the internal zone (CF Pages site)
All checks were successful
ci/woodpecker/push/default Pipeline was successful

The internal split-horizon zone is authoritative for viktorbarzin.me,
so the new Cloudflare Pages site (most.viktorbarzin.me, added for
Viktor's 'мост' school static site) NXDOMAINed for every internal
client — LAN, VLANs and pods — while resolving fine externally.
Per the superset rule, add it as a static CNAME (-> most-6if.pages.dev)
in the ingress-dns-sync CronJob next to the mail-auth records, and
document the off-infra-site case in dns.md.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin 2026-07-03 10:10:46 +00:00
parent 217a54be9d
commit 7dd80b6c7c
2 changed files with 9 additions and 1 deletions

View file

@ -1002,6 +1002,14 @@ resource "kubernetes_cron_job_v1" "technitium_ingress_dns_sync" {
echo "mail-auth: MX present"
fi
# Off-infra sites on Cloudflare Pages: the internal zone is
# authoritative (superset rule above), so public-only names
# with no Traefik ingress must be mirrored here or every
# internal client (LAN, VLANs, pods) gets NXDOMAIN for them.
# Target is the pages.dev host resolves via upstream to CF
# edge IPs; normal egress, no hairpin involved.
add_cname "most.$$ZONE" "most-6if.pages.dev"
# Pin the .lan ingress anchor A record to the LIVE Traefik LB IP.
# *.viktorbarzin.lan ingress hosts CNAME to ingress.viktorbarzin.lan,
# so a Traefik LB IP move that misses the .lan zone silently breaks