Due to how many servers are involved in my network, I have a hard time keeping them all organized. Some of them don't have static IP's, so I thought it might be nice if I made a config.mydomain.com domain. On this domain, I could store A records and the IP for each of the servers. This is how I set it up:
s1.config.mydomain.com. A 10.0.0.1 #ttl 60
s2.config.mydomain.com. A 10.0.0.2 #ttl 60
s3.config.mydomain.com. A 10.0.0.3 #ttl 60
# etc
Each of those records have a TTL of 60, in case I need to change an IP quickly, but I don't necessarily want clients connecting every 60 seconds to update. Now let's say I setup my domains to use them, like this:
mydomain.com. CNAME s2.config.mydomain.com. #ttl 3600
mail.mydomain.com. CNAME s2.config.mydomain.com. #ttl 10800
svn.mydomain.com. CNAME ns1.config.mydomain.com. #ttl 21600
The TTLs for the CNAMES are higher, so let's say I go to mydomain.com. It asks my DNS server for the IP of mydomain.com
, and my server returns CNAME s2.config.mydomain.com.
Then it asks my server for the IP of s2.config.mydomain.com
, and my server returns 10.0.0.1
.
Would it cache the CNAME s2.config.mydomain.com
record for 3600 seconds, and the A 10.0.0.1
record for 60 seconds? Meaning that every 60 seconds it will still ask my server for the IP address?
Or will it cache the see CNAME s2.config.mydomain.com
, get the A 10.0.0.1
, and cache them both for 3600 seconds.
If it's the first, I'll probably have to find another way to manage them, so I'm hoping it's the second, but I'm not sure. Do you know of a better way to keep track of them?
According to this message on ISC mailing list, CNAME and the record that it points to are cached by resolving name servers (sane resolving name servers) this is done to allow resolvers to be able to optimize the resolving/caching process on the client side.
So, if the CNAME TTL is valid but the A that it points to is invalid, it will only repeat the look up to the pointed record, not the original CNAME (until the CNAME TTL is up too).
All you CNAME records will be cached for a maximum of 3600, 10800 and 21600 seconds.
The A records are handled independently and will be queried again every 60 seconds.
However, in case the CNAME expires, the A record should be updated at the same time.
CNAME records have various gotchas explained in RFC 1912. mydomain.com. can't be a CNAME, because you have SOA and NS records used: it's a delegation of com. domain.
Your question is old. Nowdays some DNS providers are not following RFCs by letting users put CNAMEs in the SOA (they call it APEX domains). Again, use at your own risks.
Last but not least, putting higher TTL values on you CNAMEs could help when your clients are asking for an IPv6 record: AAAA. At least the CNAME mapping will stay in cache, and only the IP address will be asked twice.
In short: putting higher TTL on the CNAME will reduce the size of the responses seen by your clients. It should also help the resolver server. However the number of requests per second should roughly be the same.