IBM Support

IC86912: DATAPOWER DOES NOT USE THE TTL VALUE PASSED IN THE DNS CNAME RECORD.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Datapower only uses the Time To Live (TTL) value in the DNS A
Record. The appliance
should also consider the TTL value passed in the CNAME
field, and use this value if it is shorter than the TTL value of
the A Record

Local fix

  • 



Problem summary


    

  • Affected are customers using the Datapower appliance to
reference other network devices via DNS aliases in an
environment where these DNS aliases might change.

When resolving a DNS alias name where the timeout associated
with the alias to a canonical name is shorter than the one
associated with the canonical name's IP address, Datapower was
failing to re-resolve the alias name immediately after its DNS
record had expired.

Datapower DNS resolution component honors only the TTL value
returned in A or AAAA DNS records, failing to account for
the TTL
value in CNAME records. Therefore, if a network alias name were
resolved via a pair of DNS records, e.g. of CNAME and A types,
and the TTL value of CNAME record were shorter than the one of
the
A record, Datapower would cache the name-to-address translation
entry using the A TTL, effectively disregarding the CNAME TTL
value, which is not compliant with RFC-1034.

    



Problem conclusion



Temporary fix


    

  • Customers that have control over their DNS infrastructure can
configure the server to use timeout values on their A or AAAA
records to be shorter than the ones for CNAME records.

    



Comments


    

  • 



APAR Information




    

  • APAR number
    IC86912
    • 

  • Reported component name
    DATAPOWER
    • 

  • Reported component ID
    DP1234567
    • 

  • Reported release
    401
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2012-10-01
    • 

  • Closed date
    2012-11-13
    • 

  • Last modified date
    2012-11-23
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    DATAPOWER
    • 

  • Fixed component ID
    DP1234567
    • 



Applicable component levels


    

  • R382  PSN
       UP
    • 

  • R401  PSN
       UP
    • 

  • R402  PSN
       UP
    • 

  • R500  PSN
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.0.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            11 February 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback