Create dummy A records for _acme-challenge.docs

[ixdy]

This prevents resolvers from following the wildcard CNAME for *.docs
when trying to resolve the _acme-challenge.docs TXT record.

This should partially address #160; I still need to update the DNS records and then re-request a cert.

/assign @thockin

[munnerz]

In cert-manager we've recently added a 'cnameStrategy' option to allow you to dictate how CNAME records should be handled. That said, the proposed fix here sums up/fixes my findings when implementing that PR well too! 😄 cert-manager/cert-manager#1136

[thockin]

/lgtm
/approve

We'll have to discuss whether cert procurement should be allowed to mutate DNS directly or go through this PR process for short-lved records like the TXT records for this.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ixdy, thockin

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• dns/OWNERS [ixdy,thockin]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ixdy]

Deployed these changes manually, and working on refreshing the TLS cert to fix #160.

Eventually (hopefully sooner rather than later) I'd like to move to either https://github.com/GoogleCloudPlatform/gke-managed-certs (if/when available) or cert-manager. With cert-manager we may be able to use an HTTP challenge instead of a DNS challenge, which might resolve the DNS access concerns.

[ixdy]

(x-ref #38; we should setup automation on all the things, not just gcsweb)