IC86912: DATAPOWER DOES NOT USE THE TTL VALUE PASSED IN THE DNS CNAME RECORD.
Fixes are available
Fix packs for DataPower B2B appliances version 5.0
Fix packs for DataPower Integration appliances version 5.0
Fix packs for DataPower XML Accelerator appliances version 5.0
Fix packs for DataPower XML Security Gateway appliances version 5.0
Fix packs for DataPower Service Gateway appliances version 5.0
Fix packs for DataPower Service Gateway XG45 Virtual Edition version 5.0
Fix packs for DataPower Integration Appliance XI52 Virtual Edition version 5.0
Closed as program error.
Datapower only uses the Time To Live (TTL) value in the DNS A Record. The appliance should also consider the TTL value passed in the CNAME field, and use this value if it is shorter than the TTL value of the A Record
Affected are customers using the Datapower appliance to reference other network devices via DNS aliases in an environment where these DNS aliases might change. When resolving a DNS alias name where the timeout associated with the alias to a canonical name is shorter than the one associated with the canonical name's IP address, Datapower was failing to re-resolve the alias name immediately after its DNS record had expired. Datapower DNS resolution component honors only the TTL value returned in A or AAAA DNS records, failing to account for the TTL value in CNAME records. Therefore, if a network alias name were resolved via a pair of DNS records, e.g. of CNAME and A types, and the TTL value of CNAME record were shorter than the one of the A record, Datapower would cache the name-to-address translation entry using the A TTL, effectively disregarding the CNAME TTL value, which is not compliant with RFC-1034.
The fix sets TTL to the lesser of the A record or the CNAME record. The fix is available in 220.127.116.11, 18.104.22.168, 22.214.171.124 and 126.96.36.199 For a list of the latest fix packs available, please see: http://www-01.ibm.com/support/docview.wss?uid=swg21237631
Customers that have control over their DNS infrastructure can configure the server to use timeout values on their A or AAAA records to be shorter than the ones for CNAME records.
Reported component name
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID
Applicable component levels