Commonly, the name service in use by the Internet, DNS, uses various
record types for queries between DNS servers and clients. The common record
types are Address records (A-records), Name Server records (NS records), Mail
Exchange (MX records), Start of Authority records (SOA records), and Canonical
Name records (CNAME records). Each record or query type has various rules and
formats associated with it, including details about what may be cached, what
may be trusted by other clients, etc.
Clients usually send queries to a local server, and that local server
may send further queries to other servers on behalf of that client in order to
formulate a response for the client. When the local server receives the
responses, it will cache the information for future use and will respond to the
The CSS 11000 and 11500 series switches have the ability to act as an
authoritative DNS name server and will only respond to DNS A-record requests.
If a CSS configured for DNS via the Global Server Load Balancing feature
receives a DNS request or query for an unsupported record type, the CSS will
respond with rcode 4 "not implemented" or rcode 3 "NXDOMAIN," depending on the
version of WebNS. When an NXDOMAIN response code is received, the querying
server will typically stop attempting to resolve any other record type for that
name. For example, an NXDOMAIN response to the AAAA query may stop the server
from sending an A query, though there may indeed be an A-record in existence.
Some resolvers that receive an NXDOMAIN response and support negative caching
will not query for A-records for the same name until the negatively cached
error response has expired, which can take an extended period of time.
When the DNS query received is for a legitimate host name but an
unsupported record type, these negative responses may be cached by various
proxies or caching nameservers and will lead to apparent temporary service
outages when other clients query the caching nameserver or proxy for the
legitimate host name. Though network services are physically unaffected, end
users are dependent upon name resolution, and the lack of correct DNS
information can result in effective service outages.
Cisco Bug ID CSCdz62499 was the first fix, which changed the response
from rcode 3 to rcode 4. This result code is also negatively cached, so the
complete fix has been correctly addressed with Cisco Bug ID CSCea36989.
The CSS will now return an RFC 2308-compliant NODATA type 3 response,
which is an authoritative answer with rcode=NOERROR, answer=0, and no SOA. This
response should cause the specific client to query for another A-record instead
of continuing to query for the unsupported record type or using the negatively
cached error message or NXDOMAIN answer.