IC86912: DATAPOWER DOES NOT USE THE TTL VALUE PASSED IN THE DNS CNAME RECORD.
Closed as program error.
Datapower only uses the Time To Live (TTL) value in the DNS A Record. The appliance should also consider the TTL value passed in the CNAME field, and use this value if it is shorter than the TTL value of the A Record
Affected are customers using the Datapower appliance to reference other network devices via DNS aliases in an environment where these DNS aliases might change. When resolving a DNS alias name where the timeout associated with the alias to a canonical name is shorter than the one associated with the canonical name's IP address, Datapower was failing to re-resolve the alias name immediately after its DNS record had expired. Datapower DNS resolution component honors only the TTL value returned in A or AAAA DNS records, failing to account for the TTL value in CNAME records. Therefore, if a network alias name were resolved via a pair of DNS records, e.g. of CNAME and A types, and the TTL value of CNAME record were shorter than the one of the A record, Datapower would cache the name-to-address translation entry using the A TTL, effectively disregarding the CNAME TTL value, which is not compliant with RFC-1034.
The fix sets TTL to the lesser of the A record or the CNAME record. The fix is available in 18.104.22.168, 22.214.171.124, 126.96.36.199 and 188.8.131.52 For a list of the latest fix packs available, please see: http://www-01.ibm.com/support/docview.wss?uid=swg21237631
Customers that have control over their DNS infrastructure can configure the server to use timeout values on their A or AAAA records to be shorter than the ones for CNAME records.
Reported component name
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID
Applicable component levels
Translate this page: