How does DNS TTL work in chained CNAME configurations?
I have a DNS config that looks something like this:
www.example.com 600 IN CNAME prod.myzone.l2.company.example
prod.myzone.l2.company.example 600 IN CNAME ssl-endpoint-12345.hostcorp.example
ssl-endpoint-12345.hostcorp.example 60 IN A 192.0.2.4
So the first two CNAME records in the chain have a TTL of 10 minutes, and the final A record has a TTL of 1 minute
The prod.myzone.l2.company.example CNAME does regional load-balancing between multiple endpoints, and is automatically updated if my DNS provider determines that the current endpoint is unhealthy. For this reason, I would like to propagate changes to the prod.myzone.l2.company.example CNAME as quickly as possible.
If I wanted to reduce overall TTL that clients see when prod.myzone.l2.company.example changes, is it sufficient to only reduce the TTL of the prod.myzone.l2.company.example record, or do I also need to reduce the TTL on the www.example.com record as well?
Solution 1:
The TTL for CNAME records does not work in any way differently than other records.
Let us imagine a recursive resolver through which the above goes. It then fills its cache with:
-
www.example.com CNAMEvalid for 600s -
prod.myzone.l2.company.example CNAMEvalid for 600s -
ssl-endpoint-12345.hostcorp.example Avalid for 60s
If someone later query ssl-endpoint-12345.hostcorp.example A directly, then the 60s TTL applies.
But if the query comes for www.example.com, then the resolver will see it doesn't have an A record, but a CNAME and then reuse all of the above.
66s (for example) after the above, www.example.com is still in the resolver cache, but ssl-endpoint-12345.hostcorp.example A won't be anymore so the resolver will have to do a new DNS query to get that data, and cache it.