Interaction of CNAME and A records with regard to TTL
dns at botham.net
Fri Jan 17 14:09:16 UTC 2003
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
> Behalf Of Kross Joachim ICM N PG U ID A 1
> Sent: Friday, January 17, 2003 5:01 AM
> To: 'bind-users at isc.org'
> Subject: Interaction of CNAME and A records with regard to TTL
> Hi all,
> I am wondering about the following scenario:
> A name server receives a request for an A record and tries to resolve
> finds a CNAME record with multiple A records attached. I assume it
> those records into its cache. Now, assume all those records have
> TTLs. At some point in time, when some of the A records have already
> expired, another query for the original A record comes in. The CNAME
> and some of the related A records are still in the cache of the name
> What is the behavior of the name server: does it return the CNAME
> the A records it still has, i.e. an incomplete set with regard to all
> applicable records that exist, or does it forward the CNAME request to
> sure it has all the related A records?
By definition, a all RR in a set should have the same TTL. Therefore,
if the admin has configured the zone correctly, you will not run into
See RFC 2181:
5.2. TTLs of RRs in an RRSet
Resource Records also have a time to live (TTL). It is possible for
the RRs in an RRSet to have different TTLs. No uses for this have
been found that cannot be better accomplished in other ways. This
can, however, cause partial replies (not marked "truncated") from a
caching server, where the TTLs for some but not all the RRs in the
RRSet have expired.
Consequently the use of differing TTLs in an RRSet is hereby
deprecated, the TTLs of all RRs in an RRSet must be the same.
Should a client receive a response containing RRs from an RRSet with
differing TTLs, it should treat this as an error. If the RRSet
concerned is from a non-authoritative source for this data, the
client should simply ignore the RRSet, and if the values were
required, seek to acquire them from an authoritative source. Clients
that are configured to send all queries to one, or more, particular
servers should treat those servers as authoritative for this purpose.
Should an authoritative source send such a malformed RRSet, the
> I guess this is not applicable only to CNAME and A records, just A
> would pose the same question: If there are multiple A records for a
> name, with different TTLs, what does a name server do if it receives a
> for that domain name after some of the records have expired: return
> incomplete list, or complete the list before returning it?
> Does this possibly have something to do with the authoritative
> portion of DNS responses?
> Best regards,
More information about the bind-users