Cloudflare’s public DNS resolver, 1.1.1.1, is one of the most widely used services worldwide. In February 2026, the service experienced a brief outage that disrupted domain name resolution for a segment of users. The incident was traced to an ambiguity in the ordering of DNS records, specifically the interaction between CNAME and A records, as defined in older RFC specifications.
Incident Details
During the outage, resolvers that queried 1.1.1.1 received DNS responses containing both a CNAME record and an A record for the same domain. The order in which these records appeared in the response was not explicitly defined by the relevant RFCs. Some resolvers processed the CNAME first, following the standard practice of following the alias chain, while others processed the A record first, treating it as the definitive address. This inconsistency caused a subset of queries to fail or return incorrect IP addresses, leading to a noticeable degradation in service quality.
Technical Explanation
The Domain Name System (DNS) uses several record types to map human‑readable domain names to machine‑readable IP addresses. An A record provides the IPv4 address for a domain, whereas a CNAME record indicates that the domain is an alias for another domain. RFC 2181 clarifies that a CNAME record must be the sole record for a name, but earlier RFCs did not specify the order in which multiple record types could appear in a response. When a response contains both a CNAME and an A record, the resolver must decide which record to prioritize. The lack of a clear ordering rule meant that different resolver implementations could behave differently, creating a race condition that manifested as an outage for some users.
Cloudflare Response
Cloudflare publicly acknowledged the issue in a statement released shortly after the outage. The company confirmed that the root cause was the ambiguous ordering of CNAME and A records in DNS responses. Cloudflare’s engineering team adjusted the DNS configuration for 1.1.1.1 to ensure that responses containing a CNAME record no longer included an A record for the same name. Additionally, the company proposed a clarification to the relevant RFCs to eliminate the ambiguity and prevent similar incidents in the future.
Proposed RFC Clarification
The proposed amendment would explicitly state that when a CNAME record is present for a name, no other records of the same name should appear in the same response. This change aligns with the intent of RFC 2181 and would standardize resolver behavior across the Internet.
Implications for the Industry
DNS resolvers are a critical component of the Internet’s infrastructure. An outage affecting a major public resolver can have cascading effects on web traffic, email delivery, and application performance. The incident highlights the importance of precise specifications in Internet standards. It also underscores the need for continuous monitoring and rapid response mechanisms within DNS service providers.
Future Outlook
Cloudflare has indicated that it will continue to monitor the performance of 1.1.1.1 and will implement additional safeguards to detect similar anomalies early. The Internet Engineering Task Force (IETF) is expected to review the proposed RFC clarification in the coming months. If adopted, the amendment will provide clearer guidance for DNS server implementations worldwide, reducing the likelihood of future outages caused by record ordering ambiguities.
