Can I use a CNAME for registrar NS records with Google Cloud DNS?

Question

Google Cloud DNS is prompting users to set the following nameserver records with their registars:

ns-cloud-c1.googledomains.com.
ns-cloud-c2.googledomains.com.
ns-cloud-c3.googledomains.com.
ns-cloud-c4.googledomains.com.

Can I instead also set the nameserver to a CNAME that I control, like so?

ns1.foo.com -> CNAME to ns-cloud-c1.googledomains.com.
ns2.foo.com -> CNAME to ns-cloud-c2.googledomains.com.
etc

This appears to work technically, but I am wondering if this was a supported configuration with Google Cloud DNS, or will I be running into problems with this scheme at some point in the future?

Also, will the name server records to use (e.g. ns-cloud-c1.googledomains.com.) always be identical for all zones in one account?

Thanks

Answer 1

This may work technically, but it is a VERY bad idea - for 3 reasons.

RFC1035, section 3.3.11 states "NS records cause both the usual additional section processing to locate a type A record, and, when used in a referral, a special search of the zone in which they reside for glue information." - ie the specification requires the use of an A record. This is really the answer. Everything below is just to help grasp why -

The second reason (which really is just understanding the mindset behind this) is glue records and how systems know/cache domain names. (This does not exactly apply here, but think of the domain example.com with the nameservers nsX.example.com - in order for this to work, nsX needs to coded into the root zone records, otherwise it cant find example.com to resolve nsX.example.com. Using CNAMES breaks a lot of assumptions made by nameservers and is likely to come back and bite you.

The last, way less important reason is that CNAMES don't work how Joe Aaverage thinks they do. They are NOT a link from a single subdomain to another domain! By setting up a CNAME without knowing exactly what it does there will be unexpected consequences - in this case, requests to resolve a.ns1.foo.com will try to look up a.ns-cloud-c1.googledomains.com which is not catastrophic but also not desireable behaviour.