Interaction of CNAME and A records with regard to TTL

Mark_Andrews at isc.org Mark_Andrews at isc.org
Fri Jan 17 13:28:07 UTC 2003 

> 
> Hi all,
> 
> I am wondering about the following scenario:
> 
> A name server receives a request for an A record and tries to resolve it. It
> finds a CNAME record with multiple A records attached. I assume it puts all
> those records into its cache. Now, assume all those records have different
> TTLs. At some point in time, when some of the A records have already
> expired, another query for the original A record comes in. The CNAME record
> and some of the related A records are still in the cache of the name server.
> What is the behavior of the name server: does it return the CNAME record and
> the A records it still has, i.e. an incomplete set with regard to all the
> applicable records that exist, or does it forward the CNAME request to make
> sure it has all the related A records?

	Well you don't put differing ttls into the DNS for the same
	name and type.

	The authoritative servers should be correcting this if you
	do by taking the lowest ttl and using that for the set.  Both
	BIND 9 and BIND 8 do this.

	The caches should also take differing ttls and normalise
	them to the lowest ttl when it receives them.  If it doesn't
	do that it should at the least expire the whole set of records
	if a record in the set expires.  BIND 9 does the former, BIND 8
	the later.

	There was a benefit in preserving the differing ttls as
	they were usually the result of nameservers merging RRsets.
	When you had two differnet RRsets there was a high probability
	that the one with multiple ttls was the result of a merger
	and should be dropped in preference to the one with consistant
	ttls.

	Mark
 
> I guess this is not applicable only to CNAME and A records, just A records
> would pose the same question: If there are multiple A records for a domain
> name, with different TTLs, what does a name server do if it receives a query
> for that domain name after some of the records have expired: return the
> incomplete list, or complete the list before returning it?
> 
> Does this possibly have something to do with the authoritative nameserver
> portion of DNS responses?
> 
> Thanks!
> 
> Best regards,
> Joachim
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org

More information about the bind-users mailing list