diff --git a/discovery/dns/dns.go b/discovery/dns/dns.go
index 9aa07dcae..7b388ca71 100644
--- a/discovery/dns/dns.go
+++ b/discovery/dns/dns.go
@@ -213,6 +213,7 @@ func (d *Discovery) refreshOne(ctx context.Context, name string, ch chan<- *targ
 			target = hostPort(addr.AAAA.String(), d.port)
 		case *dns.CNAME:
 			// CNAME responses can occur with "Type: A" dns_sd_config requests.
+			continue
 		default:
 			level.Warn(d.logger).Log("msg", "Invalid record", "record", record)
 			continue
diff --git a/docs/configuration/https.md b/docs/configuration/https.md
index 157df84d8..bc95e9be2 100644
--- a/docs/configuration/https.md
+++ b/docs/configuration/https.md
@@ -1,3 +1,8 @@
+---
+title: HTTPS and authentication
+sort_rank: 7
+---
+
 # HTTPS and authentication
 
 Prometheus supports basic authentication and TLS.
@@ -27,7 +32,8 @@ tls_server_config:
   key_file: <filename>
 
   # Server policy for client authentication. Maps to ClientAuth Policies.
-  # For more detail on clientAuth options: [ClientAuthType](https://golang.org/pkg/crypto/tls/#ClientAuthType)
+  # For more detail on clientAuth options:
+  # https://golang.org/pkg/crypto/tls/#ClientAuthType
   [ client_auth_type: <string> | default = "NoClientCert" ]
 
   # CA certificate for client certificate authentication to the server.