🐞 delegate _all_ "_acme-challenge." records

We now delegate all types of records (e.g. SOA A, AAAA, MX, PTR) for queries of domains prefixed with "_acme-challenge." to the hostname with the "_acme-challenge." portion stripped. Previously we limited our delegation of "_acme-challenge." records to TXT & NS records.

For example, when queried for the MX record of _acme-challenge.52-0-56-137.sslip.io, we would send a reply that would delegate to the DNS server 52-0-56-137.sslip.io (whose IP address 52.0.56.137 would be supplied as well). In other words, we'd disable the authoritative flag, send an empty Answers section, an Authoritative section consisting of one record, 52-0-56-137.sslip.io, and an Additionals section consisting of the IP address 52.0.56.137.

We also rigorously disable the authoritative flag. Previously we played fast-and-loose with the authoritative flag.

Additional Notes

For every nameserver listed in either the Answers or Authorities section, we now include their respective IP addresses in the Additionals section.

We fixed a bug where ID would get corrupted. dig for example, would sometimes emit the warning, ";; Warning: ID mismatch: expected ID x, got y".