A Cloudflare 1.1.1.1 update on January 8, 2026, aimed at reducing memory usage inadvertently changed the order of CNAME and A records in DNS responses. This shift broke specific DNS clients, including glibc's `getaddrinfo` function and Cisco switch firmware, which expected CNAMEs to appear first in the answer section.

The incident reveals a 40-year protocol ambiguity in RFC 1034. While the RFC suggests CNAMEs may 'preface' an answer, it lacks the normative language of modern standards. Most modern clients, like systemd-resolved, handle out-of-order records by parsing the entire answer set, but legacy implementations rely on sequential processing.

Cloudflare traced the issue to a code change on December 2, 2025, that appended CNAMEs last to save memory. The fix was reverted within hours, but it highlights how a minor optimization can cause widespread failures when dependent on an old specification. Future work will involve stricter client-side validation and clearer RFC updates.