I’m using Cloudflare’s DNS over HTTPS API and have been testing what the output would be if a CNAME-loop occurs.
Cloudflare returns an EDE code of 22 (No reachable authority).
Although this is technically correct according to the RFC 8914, quote:
The resolver could not reach any of the authoritative name servers (or they potentially refused to reply)
It is also a bit ambiguous since the authority is reachable (the 2 domains that I used for this test both use Cloudflare as their nameserver).
Using EDE code 0 other with an EXTRA-TEXT indicating the loop would be more suitable.
Google’s DNS (8.8.8.8) already does this, with Dig returning (domain name replaced with an example):
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
; EDE: 0 (Other): (CNAME cycle at loop.example.com/a)
vs Cloudflare’s:
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; EDE: 22 (No Reachable Authority)