[Date Prev][Date Next]
Re: JLDAP, TLS, and DNS
--On Thursday, March 02, 2006 3:44 PM -0700 Jon Roberts
"The InetAddress class has a cache to store successful as well as
unsuccessful host name resolutions. The positive caching is there to
guard against DNS spoofing attacks; while the negative caching is used to
improve performance. By default, the result of positive host name
resolutions are cached forever..."
As a side note, this behavior of Java is absolutely horrid when using load
balancing via DNS. It means that it completely *ignores* the load
balancing in place, and "locks" onto a particular server. We've had to
code circles around Java to get it to a state where it will "fall back"
onto other servers if the one it is currently talking to doesn't respond.
However, this requires hard coding names in conf files, which is ugly.
Turning the caching off isn't an option for some reason I don't recall.
Principal Software Developer
ITS/Shared Application Services
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html