Writing this down so I don't forget about it. Low priority.

Per all the rfcs, CNAME records should be the ONLY record for any given label. No other records of any type should be created with the same name as a CNAME.

We have had confusion with various providers accepting them inconsistently, or giving unhelpful errors if you try.

We may want to do a pre-pass to make sure CNAMES are the only records for their names and give a clear warning (or fail hard) if you try to.

Apex CNAMES are technically valid, but require extra care as well. Technically you should not have any other records at all if you use one. Perhaps we should not allow them at all? Or require some extra validation to make one? With Gcloud, for example, we would need to remove ALL records (including the NS records) for google to even accept an apex CNAME. This kinda requires special code just for this case. Is it one we even care to support, or should we explicitly disallow it?