Tuesday, January 8, 2008

Configure JVM DNS Caching

I solved a minor but irritating JVM problem where host names are cached in forever. While this makes DNS spoofing attacks much more difficult, it is also forces an application restart for host name changes to be recognized.

The solution is to alter the networkaddress.cache.ttl settings in $JAVA_HOME/lib/security/java.security file. By default this property is a -1 which caches forever. By setting to a positive integer the JVM will cache host names for that number of seconds.

No comments: