How to make Java honor the DNS Caching Timeout?

java dns gslb
ZZ Coder picture ZZ Coder · Aug 10, 2009 · Viewed 100.5k times · Source

We use GSLB for geo-distribution and load-balancing. Each service is assigned a fixed domain name. Through some DNS magic, the domain name is resolved into an IP that's closest to the server with least load. For the load-balancing to work, the application server needs to honor the TTL from DNS response and to resolve the domain name again when cache times out. However, I couldn't figure out a way to do this in Java.

The application is in Java 5, running on Linux (Centos 5).

Answer

Les Hazlewood picture Les Hazlewood · Jun 20, 2013

Per Byron's answer, you can't set networkaddress.cache.ttl or networkaddress.cache.negative.ttl as System Properties by using the -D flag or calling System.setProperty because these are not System properties - they are Security properties.

If you want to use a System property to trigger this behavior (so you can use the -D flag or call System.setProperty), you will want to set the following System property:

-Dsun.net.inetaddr.ttl=0

This system property will enable the desired effect.

But be aware: if you don't use the -D flag when starting the JVM process and elect to call this from code instead:

java.security.Security.setProperty("networkaddress.cache.ttl" , "0")

This code must execute before any other code in the JVM attempts to perform networking operations.

This is important because, for example, if you called Security.setProperty in a .war file and deployed that .war to Tomcat, this wouldn't work: Tomcat uses the Java networking stack to initialize itself much earlier than your .war's code is executed. Because of this 'race condition', it is usually more convenient to use the -D flag when starting the JVM process.

If you don't use -Dsun.net.inetaddr.ttl=0 or call Security.setProperty, you will need to edit $JRE_HOME/lib/security/java.security and set those security properties in that file, e.g.

networkaddress.cache.ttl = 0
networkaddress.cache.negative.ttl = 0

But pay attention to the security warnings in the comments surrounding those properties. Only do this if you are reasonably confident that you are not susceptible to DNS spoofing attacks.

Related questions

How to use Socks 5 proxy with Apache HTTP Client 4?

I'm trying to create app that sends HTTP requests via Apache HC 4 via SOCKS5 proxy. I can not use app-global proxy, because app is multi-threaded (I need different proxy for each HttpClient instance). I've found no examples of SOCKS5 usage …

Read More
DNS query in JAVA

I am messing around with DNS services in Java - I am specifically trying to lookup all google.com addresses and display them in an array, similar to running a lookup using nslookup: nslookup -q=TXT _netblocks.google.com 8.8.8.8 I …

Read More
Domain name resolution not working in Java Applications on Ubuntu64 9.04 machine. All other software resolves DNS correctly

I have an number of Java applications installed on an Ubuntu64 9.04 PC, and none of them can resolve domain names (there are multiple JRE's too - some of them are IBM products). If I put the domain name in the …

Read More