Java and DNS lookups

Java by default caches successful DNS lookup forever. Turning changing this will have performance impact befauce of DNS lookups and there are security concerns. If you are using load balancing that relies on DNS this will need to be changed.

The file is $JAVA_HOME/jre/lib/security/java.security. The default value is -1.

 

# The Java-level namelookup cache policy for successful lookups:
#
# any negative value: caching forever
# any positive value: the number of seconds to cache an address for
# zero: do not cache
#
# default value is forever (FOREVER). For security reasons, this
# caching is made forever when a security manager is set.
#
# NOTE: setting this to anything other than the default value can have
#       serious security implications. Do not set it unless
#       you are sure you are not exposed to DNS spoofing attack.
#

networkaddress.cache.ttl=-1

Leave a Reply

Your email address will not be published. Required fields are marked *