Use CoreDNS to do recursive CNAME aliasing for AGH

ansible/roles/adguardhome/files/Corefile

@@ -0,0 +1,32 @@
+(alias) {
+    errors
+    cancel
+
+    forward . tls://9.9.9.10 {
+       tls_servername dns10.quad9.net
+    }
+
+    hosts {
+        {{ pve_hosts.ingress.external_ip }} pve.sys.theorangeone.net
+        fallthrough
+        ttl 300
+    }
+
+    # HACK: Rewrite the CNAME to itself so it's reprocessed
+    rewrite cname exact pve.sys.theorangeone.net. pve.sys.theorangeone.net.
+}
+
+
+theorangeone.net:5353 {
+    import alias
+}
+
+jakehoward.tech:5353 {
+    import alias
+}
+
+.:5353 {
+    acl {
+        block
+    }
+}

ansible/roles/adguardhome/files/adguardhome.yml

@@ -24,6 +24,8 @@ dns:
   refuse_any: true
   upstream_dns:
     - tls://dns10.quad9.net
+    - '[/theorangeone.net/]127.0.0.53:5353'
+    - '[/jakehoward.tech/]127.0.0.53:5353'
   upstream_dns_file: ""
   bootstrap_dns:
     - 9.9.9.10
@@ -140,9 +142,7 @@ filtering:
   blocking_mode: default
   parental_block_host: family-block.dns.adguard.com
   safebrowsing_block_host: standard-block.dns.adguard.com
-  rewrites:
-    - domain: pve.sys.theorangeone.net
-      answer: "{{ pve_hosts.ingress.external_ip }}"
+  rewrites: []
   safebrowsing_cache_size: 1048576
   safesearch_cache_size: 1048576
   parental_cache_size: 1048576