Java resolve dns via proxy when using custom ProxySelector

Question

I'm in need to develop a java library which allows a traffic to be directed via proxy only for specified hosts.

The library is almost ready and working, but there is problem with resolving dns addresses via proxy.

In short words I extended CustomProxySelector class which has following logic:

public class CustomProxySelector extends ProxySelector {

  public List<Proxy> select(URI uri) {
    if (customProxyDefinedFor(uri)) {
      return getCustomProxyFor(uri);
    } else {
      // use direct connection
    }
  }
}

All works fine if local dns can resolve host given as "uri" parameter (for example if I want stackoverflow.com to go via proxy it will work because my local dns can resolve stackoverflow.com).

The problem comes when there is a host which is not known to my local dns. For example the dns behind proxy knows how to resolve address like "host1.private.dmz" because this is special host only known behind proxy (the proxy acts really as reverse proxy here). JVM seems to first try to resolve "host1.private.dmz" to ip, and when it fails it ends with folowing stacktrace:

Caused by: java.net.UnknownHostException: host1.private.dmz
    at java.net.InetAddress.getAllByName0(InetAddress.java:1259)
    at java.net.InetAddress.getAllByName(InetAddress.java:1171)
    at java.net.InetAddress.getAllByName(InetAddress.java:1105)
    at com.mysql.jdbc.StandardSocketFactory.connect(StandardSocketFactory.java:247)
    (...)

Because it fails to resolve the ip, my Custom ProxySelector is never used. Is there any option to force java not to resolve ip via localdns but via proxy?

If I give the ip address of host1.private.dmz (for example 10.100.12.13) all works ok. The communication is directed to my Custom Proxy Selector and the traffic goes via custom proxy without problem.

Answer 1

I solved this issue. The important thing to fix this problem is correct understanding that the problem does not lay in jvm but in application. Jvm does not try to resolve host1.private.dmz before calling custom proxy selector, it is the application itself.

If we have a look at last line of the stacktrace you can see that exception comes from mysql jdbc driver, so it is mysql driver who trys to resolve host1.private.dmz to IP address, before actually opening connection to that host. Therefore because application does not open a connection (because exception occurs when application trys to resolve dns), no proxy selector is called ("no connection" == "no proxy selector").

What can we do in such case?

If it is you who writes the application, simply don't resolve the IP by calling InetAddress.getAllByName() and directly open connection to host domain name (host1.private.dmz). If for some reason you need an IP than handle the exception (in case of exception try to open connection without resolving the address). If still this is not acceptable for you there is one more option. You can instruct jvm to use extra DNS server which is able to resolve IP of this domain. You can do this by setting following properties:

System.setProperty("sun.net.spi.nameservice.provider.1", "dns,sun");
System.setProperty("sun.net.spi.nameservice.nameservers", "10.200.2.3,100.40.70.5);

This should set extra dns server for your application.

There can however be one more problematic situation. An attempt to resolve domain name to ip might take place before you have the chance to set up extra dns servers. For example you might be running web application on Tomcat with database connection pool configured in Tomcat's context. In such case the exception "UnknownHostException" can happen before you set up extra dnses. In such case you can run this application by "proxifying it". Strictly in java you can do this by using jProxyLoader library (http://jproxyloader.sourceforge.net) , for example by running the application with following parameters:

-Djava.system.class.loader=net.sf.jproxyloader.JProxyLoader -DjplDnsServers=10.0.1.18

Above example will set up 10.0.1.18 as extra dns server (which is able to resolve the uknown domain name) at application startup. Thanks to this extra dns will already be available when application boots up.

You understand more about this problem, by having a look at jProxyLoader troubleshooting page: http://jproxyloader.sourceforge.net/troubleshooting.html