Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to disable Java's SSL Reverse DNS Lookup

Tags:

java

ssl

dns

I have a server in development and a few developers connecting to it. This server uses Java's TLS implementation with SSLEngine.

We saw that, at first, every new connection would have a long delay (30-40 seconds). We narrowed it down to reverse DNS lookups timing out. We solved that by putting all our IPs in the HOSTS file.

Now, the problem is that we are going to widen progressively our user base and I don't want to edit the HOSTS file, especially since we can't guarantee that they're going to have static IPs.

Is there any way to disable the reverse DNS lookup step in Java's SSL/TLS?

I'd like to have this as a configurable parameter, so that we can turn it off during development.

like image 228
malaverdiere Avatar asked Jul 07 '10 10:07

malaverdiere

People also ask

What is the command for reverse DNS lookup?

Type nslookup followed by the IP address and press 'Enter. ' For example, it can be nslookup 8.8. 8.8. Now, the command prompt will return the DNS name and the IP you entered.

Why is reverse DNS needed?

Why is this so important? Reverse DNS is mainly used to track the origin of a website visitor, the origin of an e-mail message, etc. It is usually not as critical as the classic DNS, visitors will reach the website even without the presence of reverse DNS for the IP of the web server or the IP of the visitor.

2 Answers

I faced this same problem today when I tried to create a SSL socket connection by IP address only. That resulted in reverse DNS lookup attempt, and therefore it was really slow...

To me the solution was simply to pass a dummy empty string as the host name, when creating the InetAddress for the SSL connection. That is, I changed 

InetAddress.getByAddress(addrBytes)

to

InetAddress.getByAddress("", addrBytes)

and it no longer does the reverse DNS lookup.

like image 182
AriH Avatar answered Sep 26 '22 20:09

AriH

This question came up in 2006 on the Sun JSSE forums. The bottom line is that it seems to occur only in the Windows java runtime. In this bug report, towards the bottom, is one proposed solution. And here is another proposed solution:

Basically, a reverse DNS lookup during the SSL handshake causes a long timeout.

To fix the problem, cache your server address as an InetAddress object and reuse it in the Socket constructor whenever you are making a new connection to your server.

Hopefully one of these will work for you.

like image 25
President James K. Polk Avatar answered Sep 22 '22 20:09

President James K. Polk
Sign in to Comment

Related questions

multi-module maven project
Polymorphic call
How To Keep Size Of JTextArea constant?
Howto: install JOGL for Eclipse in Mac OSX 10.6?
how to ensure that JDialog always stays on top
Simplifying fully qualified names in Eclipse
How to avoid Eclipse warnings when using legacy code without generics?
Design pattern: Polymorphism for list of objects
BitShifting with BigIntegers in Java
How do you use Java 1.6 Annotation Processing to perform compile time weaving?
Can i query a List? Java
What is the eclipse java declaration shortcut?
Is Java serialization a tool to shrink the memory footprint?
Java Concurrency : Volatile vs final in "cascaded" variables?
Run Java-applets directly ( without html page )
Does class without data member have memory footprint in java?
gradle runJar task?
How to calculate a Date for a 00:00:00 a.m. of a today?
How can I compare types in Java with reflection
Java application memory usage

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!