[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: JLDAP, TLS, and DNS





--On Thursday, March 02, 2006 3:44 PM -0700 Jon Roberts <postmaster@jonanddeb.net> wrote:


"The InetAddress class has a cache to store successful as well as
unsuccessful host name resolutions. The positive caching is there to
guard against DNS spoofing attacks; while the negative caching is used to
improve performance. By default, the result of positive host name
resolutions are cached forever..."

As a side note, this behavior of Java is absolutely horrid when using load balancing via DNS. It means that it completely *ignores* the load balancing in place, and "locks" onto a particular server. We've had to code circles around Java to get it to a state where it will "fall back" onto other servers if the one it is currently talking to doesn't respond. However, this requires hard coding names in conf files, which is ugly. Turning the caching off isn't an option for some reason I don't recall.


--Quanah


-- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html