Fixes are available
Fix packs for DataPower XML Accelerator appliances version 3.8.2
Fix packs for DataPower XML Security Gateway appliances version 3.8.2
Fix packs for DataPower Integration appliances version 3.8.2
Fix packs for DataPower B2B Appliance XB60 version 3.8.2
Fix packs for DataPower XML Security Gateway appliances version 4.0.1
Fix packs for DataPower XML Accelerator appliances version 4.0.1
Fix packs for DataPower Integration appliances version 4.0.1
Fix packs for DataPower B2B appliances version 4.0.1
Fix packs for DataPower XML Accelerator appliances version 4.0.2
Fix packs for DataPower XML Security Gateway appliances version 4.0.2
Fix packs for DataPower Integration appliances version 4.0.2
Fix packs for DataPower B2B appliances version 4.0.2
Fix packs for DataPower Service Gateway appliances version 4.0.2
Fix packs for DataPower B2B appliances version 5.0
Fix packs for DataPower Integration appliances version 5.0
Fix packs for DataPower XML Accelerator appliances version 5.0
Fix packs for DataPower XML Security Gateway appliances version 5.0
Fix packs for DataPower Service Gateway appliances version 5.0
Fix packs for DataPower Service Gateway XG45 Virtual Edition version 5.0
Fix packs for DataPower Integration Appliance XI52 Virtual Edition version 5.0
APAR status
Closed as program error.
Error description
Datapower only uses the Time To Live (TTL) value in the DNS A Record. The appliance should also consider the TTL value passed in the CNAME field, and use this value if it is shorter than the TTL value of the A Record
Local fix
Problem summary
Affected are customers using the Datapower appliance to reference other network devices via DNS aliases in an environment where these DNS aliases might change. When resolving a DNS alias name where the timeout associated with the alias to a canonical name is shorter than the one associated with the canonical name's IP address, Datapower was failing to re-resolve the alias name immediately after its DNS record had expired. Datapower DNS resolution component honors only the TTL value returned in A or AAAA DNS records, failing to account for the TTL value in CNAME records. Therefore, if a network alias name were resolved via a pair of DNS records, e.g. of CNAME and A types, and the TTL value of CNAME record were shorter than the one of the A record, Datapower would cache the name-to-address translation entry using the A TTL, effectively disregarding the CNAME TTL value, which is not compliant with RFC-1034.
Problem conclusion
The fix sets TTL to the lesser of the A record or the CNAME record. The fix is available in 3.8.2.16, 4.0.1.14, 4.0.2.10 and 5.0.0.4 For a list of the latest fix packs available, please see: http://www-01.ibm.com/support/docview.wss?uid=swg21237631
Temporary fix
Customers that have control over their DNS infrastructure can configure the server to use timeout values on their A or AAAA records to be shorter than the ones for CNAME records.
Comments
APAR Information
APAR number
IC86912
Reported component name
DATAPOWER
Reported component ID
DP1234567
Reported release
401
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-10-01
Closed date
2012-11-13
Last modified date
2012-11-23
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
DATAPOWER
Fixed component ID
DP1234567
Applicable component levels
R382 PSN
UP
R401 PSN
UP
R402 PSN
UP
R500 PSN
UP
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.