Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

networkaddress.cache.ttl null in openjdk

Tags:

java

java-8

When I perform:

System.getProperty("networkaddress.cache.ttl");
Security.getProperty("networkaddress.cache.ttl");

result is null.

I am using alpine, openJdk8. I did some tests and saw that my resources dns are changing, it is my desired behaviour, resolve dns, not cache forever.

I read that if SecurityManager is installed, default value is: -1, that means "cache dns forever"

I do not have SecurityManager installed.

What is the correct behaviour for this case? When SecurityManager is not installed and networkaddress.cache.ttl is null? Dns cache will be flush or not?

like image 567
javaTry Avatar asked Jan 26 '23 15:01

javaTry


1 Answers

The settings are actually in the configuration files.

OpenJDK 8

Using the Docker image openjdk:8, the implementation uses 30 seconds when there is no security manager.

/usr/local/openjdk-8/jre/lib/security/java.security :

#
# The Java-level namelookup cache policy for successful lookups:
#
# any negative value: caching forever
# any positive value: the number of seconds to cache an address for
# zero: do not cache
#
# default value is forever (FOREVER). For security reasons, this
# caching is made forever when a security manager is set. When a security
# manager is not set, the default behavior in this implementation
# is to cache for 30 seconds.
#
# NOTE: setting this to anything other than the default value can have
#       serious security implications. Do not set it unless
#       you are sure you are not exposed to DNS spoofing attack.
#
#networkaddress.cache.ttl=-1

OpenJDK 11

Using the Docker image openjdk:11, the implementation is the same as above.

/usr/local/openjdk-11/conf/security/java.security :

#
# The Java-level namelookup cache policy for successful lookups:
#
# any negative value: caching forever
# any positive value: the number of seconds to cache an address for
# zero: do not cache
#
# default value is forever (FOREVER). For security reasons, this
# caching is made forever when a security manager is set. When a security
# manager is not set, the default behavior in this implementation
# is to cache for 30 seconds.
#
# NOTE: setting this to anything other than the default value can have
#       serious security implications. Do not set it unless
#       you are sure you are not exposed to DNS spoofing attack.
#
#networkaddress.cache.ttl=-1

In some other versions, it can be under /etc, e.g. /etc/java-11-openjdk/security/java.security

Using AdoptOpenJDK 11, you can see the TTL is set to 30 seconds when no security manager is found.

like image 78
pyb Avatar answered Jan 30 '23 05:01

pyb