DNS server address cached in java?

We found that an old DNS address was used until we restarted the JVM. I need to review the class used to perform this activity..

Test this with a simple class.

import java.net.*;

public class test {
  static {
    java.security.Security.setProperty ("networkaddress.cache.ttl" , "10");
  }
  public static void main (String args[]) throws Exception {
    //System.setProperty("sun.net.spi.nameservice.nameservers", "192.168.56.50");
    //System.setProperty("sun.net.spi.nameservice.provider.1", "dns,sun");
    System.out.println("DEFAULT DNS TTL: "+sun.net.InetAddressCachePolicy.get());

    while (true) {
      try {
        System.out.println(InetAddress.getByName(args[0]).getHostName());
      }
      catch (Exception e) {
        e.printStackTrace();
      }
      Thread.sleep(10000);
    }
  }
}

This is done mainly for security. If someone hacks the name resolution configuration, your application can’t be erroneously pointed to malicious hostnames. Of course, this is only relevant if you check the name resolution configuration before a restart.

It should be noted that as shown below, setting the cache timeout on the JVM also won’t impact the DNS servers used for resolution of names to IP addresses. While this test ran, we changed the name server in /etc/resolv.conf from 192.168.56.50 to something else, which had no impact on our running class. Once started, the DNS server used by the JVM remains the same…

[root@hdp ~]# strace -f -e trace=connect java test hdp
Process 18123 attached
[pid 18123] connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
[pid 18123] connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
Process 18124 attached
Process 18125 attached
Process 18126 attached
Process 18129 attached
Process 18130 attached
Process 18131 attached
Process 18132 attached
Process 18133 attached
DEFAULT DNS TTL: 10
[pid 18123] connect(4, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
[pid 18123] connect(4, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
[pid 18123] connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.56.50")}, 16) = 0
[pid 18123] connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.56.50")}, 16) = 0
hdp
[pid 18123] connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.56.50")}, 16) = 0
[pid 18123] connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.56.50")}, 16) = 0
hdp
[pid 18123] connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.56.50")}, 16) = 0
[pid 18123] connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.56.50")}, 16) = 0
hdp
[pid 18123] connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.56.50")}, 16) = 0
[pid 18123] connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.56.50")}, 16) = 0
hdp
[pid 18123] connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.56.50")}, 16) = 0
[pid 18123] connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.56.50")}, 16) = 0
hdp
[pid 18123] connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.56.50")}, 16) = 0
[pid 18123] connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.56.50")}, 16) = 0

Regardless, beware of this unlikely issue.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.