January 19, 2026

Chicken-and-egg, now with reboots

Article URL →HN comments →

What came first: the CNAME or the A record?

A tiny shuffle sparked a big internet freak-out — users blame fragile rules and Cisco chaos

TLDR: A tiny record-order tweak in Cloudflare’s 1.1.1.1 broke some name lookups and even triggered reboot loops on certain Cisco switches before a quick rollback. Commenters blasted fragile internet rules, cited Hyrum’s and Postel’s Laws, and questioned testing, turning a minor fix into a major standards-and-vendors smackdown.

Cloudflare tweaked its 1.1.1.1 “internet phone book” to save memory, and a small reorder of answers blew up into a big drama: some tools expect the nickname (CNAME) to show up before the actual address (A record), and when that flipped, lookups broke and even certain Cisco switches reportedly spiraled into reboot loops. Cloudflare rolled back within hours, but the comments lit up.

The strongest mood? DNS is cursed. One user sighed that broken servers and clients “will probably never go away” and joked we might need to ditch DNS entirely. Standards nerds brandished Hyrum’s Law and Postel’s Law: once people see a behavior, they rely on it, and systems should be strict in what they send, forgiving in what they accept. Skeptics accused Cloudflare of hiding behind “ambiguous” rules to justify missing tests, while others roasted Cisco’s “quality” and dunked on the switch reboot saga.

Humor flew fast: chicken-and-egg memes (“CNAME vs A: who goes first?”), eye-rolls at 40-year-old ambiguities, and quips that the internet had a tantrum because a list got shuffled. Some praised the quick revert and transparency. Others called it a masterclass in how a "small" change can expose brittle code everywhere.

Key Points

  • A memory optimization to 1.1.1.1 altered DNS response record ordering, causing client resolution failures on January 8, 2026.
  • Certain DNS clients expect CNAME records to precede A/AAAA records; placing CNAMEs last broke resolution for those clients.
  • The resolver uses per-record TTLs, enabling partial-chain caching and selective re-resolution of expired links.
  • Code changed from constructing a new list (CNAMEs first) to appending CNAMEs to existing answers (CNAMEs last).
  • Timeline: change introduced Dec 2, 2025; tested Dec 10; global release began Jan 7, 2026; incident declared Jan 8; reverted and impact ended by 19:55 UTC Jan 8.

Hottest takes

"Random DNS servers and clients being broken in weird ways is such a common problem and will probably never go away unless DNS is abandoned altogether" — charcircuit
"Be conservative in what you send, be liberal in what you accept." — patrickmay
"Given my years of experience with Cisco \"quality\", I'm not surprised by this:" — frumplestlatz

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.