Interaction of CNAME and A records with regard to TTL

David Botham dns at
Fri Jan 17 14:09:16 UTC 2003

> -----Original Message-----
> From: bind-users-bounce at [mailto:bind-users-bounce at] On
> Behalf Of Kross Joachim ICM N PG U ID A 1
> Sent: Friday, January 17, 2003 5:01 AM
> To: 'bind-users at'
> Subject: Interaction of CNAME and A records with regard to TTL
> Hi all,
> I am wondering about the following scenario:
> A name server receives a request for an A record and tries to resolve
> It
> finds a CNAME record with multiple A records attached. I assume it
> all
> those records into its cache. Now, assume all those records have
> TTLs. At some point in time, when some of the A records have already
> expired, another query for the original A record comes in. The CNAME
> record
> and some of the related A records are still in the cache of the name
> server.
> What is the behavior of the name server: does it return the CNAME
> and
> the A records it still has, i.e. an incomplete set with regard to all
> applicable records that exist, or does it forward the CNAME request to
> make
> sure it has all the related A records?

By definition, a all RR in a set should have the same TTL.  Therefore,
if the admin has configured the zone correctly, you will not run into
this problem.

See RFC 2181:

5.2. TTLs of RRs in an RRSet

   Resource Records also have a time to live (TTL).  It is possible for
   the RRs in an RRSet to have different TTLs.  No uses for this have
   been found that cannot be better accomplished in other ways.  This
   can, however, cause partial replies (not marked "truncated") from a
   caching server, where the TTLs for some but not all the RRs in the
   RRSet have expired.

   Consequently the use of differing TTLs in an RRSet is hereby
   deprecated, the TTLs of all RRs in an RRSet must be the same.

   Should a client receive a response containing RRs from an RRSet with
   differing TTLs, it should treat this as an error.  If the RRSet
   concerned is from a non-authoritative source for this data, the
   client should simply ignore the RRSet, and if the values were
   required, seek to acquire them from an authoritative source.  Clients
   that are configured to send all queries to one, or more, particular
   servers should treat those servers as authoritative for this purpose.
   Should an authoritative source send such a malformed RRSet, the


> I guess this is not applicable only to CNAME and A records, just A
> would pose the same question: If there are multiple A records for a
> name, with different TTLs, what does a name server do if it receives a
> query
> for that domain name after some of the records have expired: return
> incomplete list, or complete the list before returning it?
> Does this possibly have something to do with the authoritative
> portion of DNS responses?
> Thanks!
> Best regards,
> Joachim

More information about the bind-users mailing list