fix: relativize zone-apex hostnames to '@' for CoreDNS MySQL 🐛

CoreDNS MySQL (cybercinch fork) expects '@' for zone-apex references in
record RDATA. Storing the full FQDN (e.g. 'ithome.net.nz.') caused CoreDNS
to strip the zone suffix and serve 'MX 0 .' / 'CNAME .' instead of the
correct apex target.

- Add _relativize_name(): converts zone FQDN → '@', in-zone subdomains →
  relative label, external FQDNs left unchanged. Handles both already-
  relativized output from dnspython ($ORIGIN present) and absolute FQDNs
  when $ORIGIN is absent from the zone file.
- Replace _normalize_cname_data() with _relativize_name(); add
  _normalize_mx_data(), _normalize_ns_data(), _normalize_srv_data() using
  the same helper.
- _parse_zone_to_record_set() now normalizes MX, NS, SRV alongside CNAME.
- _ensure_zone_exists() sets managed_by='directadmin' on create and
  back-fills NULL rows from pre-migration installs.
- Zone.managed_by changed to nullable=True to match ALTER TABLE migration
  where existing rows have no value.
- schema/coredns_mysql.sql updated to reflect actual two-table schema with
  managed_by column and migration comment.
- 11 new tests (130 total, all passing).

tests/test_coredns_mysql.py

@@ -165,3 +165,124 @@ def test_reconcile_no_changes_when_zone_matches(mysql_backend):
     success, removed = mysql_backend.reconcile_zone_records("example.com", ZONE_DATA)
     assert success
     assert removed == 0
+
+
+# ---------------------------------------------------------------------------
+# managed_by field
+# ---------------------------------------------------------------------------
+
+
+def test_write_zone_sets_managed_by_directadmin(mysql_backend):
+    mysql_backend.write_zone("example.com", ZONE_DATA)
+    session = mysql_backend.Session()
+    zone = session.execute(
+        select(Zone).filter_by(zone_name="example.com.")
+    ).scalar_one_or_none()
+    assert zone.managed_by == "directadmin"
+    session.close()
+
+
+def test_write_zone_migrates_null_managed_by(mysql_backend):
+    """Zones that pre-exist without managed_by get it set on next write."""
+    session = mysql_backend.Session()
+    zone = Zone(zone_name="example.com.", managed_by=None)
+    session.add(zone)
+    session.commit()
+    session.close()
+
+    mysql_backend.write_zone("example.com", ZONE_DATA)
+
+    session = mysql_backend.Session()
+    zone = session.execute(
+        select(Zone).filter_by(zone_name="example.com.")
+    ).scalar_one_or_none()
+    assert zone.managed_by == "directadmin"
+    session.close()
+
+
+# ---------------------------------------------------------------------------
+# _relativize_name — apex/in-zone/external normalisation for CoreDNS MySQL
+# ---------------------------------------------------------------------------
+
+
+def test_relativize_apex_symbol(mysql_backend):
+    assert mysql_backend._relativize_name("example.com", "@") == "@"
+
+
+def test_relativize_dot(mysql_backend):
+    assert mysql_backend._relativize_name("example.com", ".") == "@"
+
+
+def test_relativize_zone_fqdn_to_apex(mysql_backend):
+    """Full zone FQDN must become '@' — storing it as-is causes CoreDNS to serve '.'."""
+    assert mysql_backend._relativize_name("example.com", "example.com.") == "@"
+
+
+def test_relativize_in_zone_subdomain(mysql_backend):
+    assert mysql_backend._relativize_name("example.com", "mail.example.com.") == "mail"
+
+
+def test_relativize_external_fqdn_unchanged(mysql_backend):
+    assert mysql_backend._relativize_name("example.com", "mail.google.com.") == "mail.google.com."
+
+
+def test_relativize_already_relative_unchanged(mysql_backend):
+    assert mysql_backend._relativize_name("example.com", "mail") == "mail"
+
+
+# ---------------------------------------------------------------------------
+# MX record normalization via write_zone
+# ---------------------------------------------------------------------------
+
+MX_APEX_ZONE = """\
+$ORIGIN example.com.
+$TTL 300
+example.com. 300 IN SOA ns.example.com. admin.example.com. (2023 3600 1800 604800 86400)
+example.com. 300 IN MX 0 example.com.
+example.com. 300 IN MX 10 mail.google.com.
+"""
+
+MX_RELATIVE_ZONE = """\
+$ORIGIN example.com.
+$TTL 300
+example.com. 300 IN SOA ns.example.com. admin.example.com. (2023 3600 1800 604800 86400)
+example.com. 300 IN MX 0 @
+example.com. 300 IN MX 10 mail.google.com.
+"""
+
+
+def _get_mx_data(mysql_backend, zone_name="example.com"):
+    session = mysql_backend.Session()
+    zone = session.execute(
+        select(Zone).filter_by(zone_name=zone_name + ".")
+    ).scalar_one_or_none()
+    records = (
+        session.execute(
+            select(Record).filter_by(zone_id=zone.id, type="MX")
+        ).scalars().all()
+    )
+    result = {r.data for r in records}
+    session.close()
+    return result
+
+
+def test_mx_apex_fqdn_stored_as_at_symbol(mysql_backend):
+    """MX pointing to zone FQDN must be stored as '0 @'."""
+    mysql_backend.write_zone("example.com", MX_APEX_ZONE)
+    mx_data = _get_mx_data(mysql_backend)
+    assert "0 @" in mx_data
+    assert not any("example.com" in d for d in mx_data)
+
+
+def test_mx_apex_at_symbol_stored_as_at_symbol(mysql_backend):
+    """MX '0 @' (already relative) must remain '0 @'."""
+    mysql_backend.write_zone("example.com", MX_RELATIVE_ZONE)
+    mx_data = _get_mx_data(mysql_backend)
+    assert "0 @" in mx_data
+
+
+def test_mx_external_fqdn_stored_unchanged(mysql_backend):
+    """External MX target must be stored as absolute FQDN."""
+    mysql_backend.write_zone("example.com", MX_APEX_ZONE)
+    mx_data = _get_mx_data(mysql_backend)
+    assert "10 mail.google.com." in mx_data