"On January 8, a routine update to the DNS service changed the order in which CNAME records appeared in responses, causing some DNS clients to fail when resolving names because they expected the alias records to come first. While most modern software treats the order of records in DNS responses as irrelevant, the Cloudflare team found that some implementations expect CNAME records to appear before all other record types."
"When a DNS resolver looks up a name with a CNAME record, it may see a series of alias records linking the original name to a final address, and it caches each step with its own expiry time. Cloudflare notes that if part of this chain has expired in the cache, the resolver only re-fetches the expired portion and combines it with the valid parts to form the complete response."
An update to the DNS service changed CNAME record ordering, causing some DNS clients to fail because they expected alias records to come first. Most modern software treats DNS record order as irrelevant, but some implementations assume CNAMEs appear before other types. The ordering change caused resolution failures and a major outage of the public 1.1.1.1 DNS service. The change originated December 2, 2025, entered testing on December 10, and began deployment on January 7, 2026. DNS resolvers cache each step of CNAME chains with separate expiries and may only re-fetch expired portions, combining them with valid cached parts. Ambiguity in older DNS standards about record order prompted a proposal for a clarified specification.
Read at InfoQ
Unable to calculate read time
Collection
[
|
...
]