I’m using Cloudflare’s DNS over HTTPS API and have been testing what the output would be if a CNAME-loop occurs.
Cloudflare returns an EDE code of 22 (No reachable authority).
Although this is technically correct according to the RFC 8914, quote:
The resolver could not reach any of the authoritative name servers (or they potentially refused to reply)
It is also a bit ambiguous since the authority is reachable (the 2 domains that I used for this test both use Cloudflare as their nameserver).
Using EDE code 0
other with an
EXTRA-TEXT indicating the loop would be more suitable.
Google’s DNS (18.104.22.168) already does this, with
Dig returning (domain name replaced with an example):
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ; EDE: 0 (Other): (CNAME cycle at loop.example.com/a)
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; EDE: 22 (No Reachable Authority)