"In particular, the suggested recursive DNS lookup needs some form of
distributed loop detection. Otherwise, a malicious customer could publish
two zones with ANAME records and achieve significant traffic amplification,
potentially taking down the DNS hoster. A hop count in an EDNS option or
an “ANAME lookup in progress” indicator would be one way to implement this.
Another approach would impose restrictions on the owner name of an ANAME
record and its target, and restrict where CNAMEs can appear, so that a
valid ANAME can never point to another valid ANAME." (Florian Weimer)
"In particular, the suggested recursive DNS lookup needs some form of distributed loop detection. Otherwise, a malicious customer could publish two zones with ANAME records and achieve significant traffic amplification, potentially taking down the DNS hoster. A hop count in an EDNS option or an “ANAME lookup in progress” indicator would be one way to implement this. Another approach would impose restrictions on the owner name of an ANAME record and its target, and restrict where CNAMEs can appear, so that a valid ANAME can never point to another valid ANAME." (Florian Weimer)