[dns] Fix CoreDNS serve_stale syntax — 24h TTL, no refresh-mode arg

CoreDNS refused to load the new Corefile with `serve_stale 3600s 86400s`:

  plugin/cache: invalid value for serve_stale refresh mode: 86400s

serve_stale takes one DURATION and an optional refresh_mode keyword
("immediate" or "verify"), not two durations. Simplified to
`serve_stale 86400s` (serve cached entries for up to 24h when upstream
is unreachable). The new CoreDNS pods were CrashLoopBackOff; the two
old pods kept serving traffic so there was no outage, but the partial
apply left the cluster wedged with the bad ConfigMap.

Also collapses the inline viktorbarzin.lan cache block.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

docs/architecture/dns.md

@@ -269,7 +269,7 @@ CoreDNS is managed via Terraform in `stacks/technitium/modules/technitium/` —
   cache {
     success 10000 300 6
     denial 10000 300 60
-    serve_stale 3600s 86400s                        # resilience during upstream outage
+    serve_stale 86400s                        # resilience during upstream outage
   }
   loop / reload / loadbalance
 }
@@ -280,7 +280,7 @@ viktorbarzin.lan:53 {
     health_check 5s
     max_fails 2
   }
-  cache (success 10000 300, denial 10000 300, serve_stale 3600s 86400s)
+  cache (success 10000 300, denial 10000 300, serve_stale 86400s)
 }
 ```
 

stacks/technitium/modules/technitium/main.tf

@@ -68,7 +68,7 @@ resource "kubernetes_config_map" "coredns" {
           cache {
             success 10000 300 6
             denial 10000 300 60
-            serve_stale 3600s 86400s
+            serve_stale 86400s
           }
           loop
           reload
@@ -89,7 +89,7 @@ resource "kubernetes_config_map" "coredns" {
         cache {
           success 10000 300 6
           denial 10000 300 60
-          serve_stale 3600s 86400s
+          serve_stale 86400s
         }
       }
     EOF