Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

networkaddress.cache.ttl null in openjdk

Tags:

java

java-8

When I perform:

System.getProperty("networkaddress.cache.ttl");
Security.getProperty("networkaddress.cache.ttl");

result is null.

I am using alpine, openJdk8. I did some tests and saw that my resources dns are changing, it is my desired behaviour, resolve dns, not cache forever.

I read that if SecurityManager is installed, default value is: -1, that means "cache dns forever"

I do not have SecurityManager installed.

What is the correct behaviour for this case? When SecurityManager is not installed and networkaddress.cache.ttl is null? Dns cache will be flush or not?

like image 567
javaTry Avatar asked Jan 26 '23 15:01

javaTry

1 Answers

The settings are actually in the configuration files.

OpenJDK 8

Using the Docker image openjdk:8, the implementation uses 30 seconds when there is no security manager.

/usr/local/openjdk-8/jre/lib/security/java.security :

#
# The Java-level namelookup cache policy for successful lookups:
#
# any negative value: caching forever
# any positive value: the number of seconds to cache an address for
# zero: do not cache
#
# default value is forever (FOREVER). For security reasons, this
# caching is made forever when a security manager is set. When a security
# manager is not set, the default behavior in this implementation
# is to cache for 30 seconds.
#
# NOTE: setting this to anything other than the default value can have
#       serious security implications. Do not set it unless
#       you are sure you are not exposed to DNS spoofing attack.
#
#networkaddress.cache.ttl=-1

OpenJDK 11

Using the Docker image openjdk:11, the implementation is the same as above.

/usr/local/openjdk-11/conf/security/java.security :

#
# The Java-level namelookup cache policy for successful lookups:
#
# any negative value: caching forever
# any positive value: the number of seconds to cache an address for
# zero: do not cache
#
# default value is forever (FOREVER). For security reasons, this
# caching is made forever when a security manager is set. When a security
# manager is not set, the default behavior in this implementation
# is to cache for 30 seconds.
#
# NOTE: setting this to anything other than the default value can have
#       serious security implications. Do not set it unless
#       you are sure you are not exposed to DNS spoofing attack.
#
#networkaddress.cache.ttl=-1

In some other versions, it can be under /etc, e.g. /etc/java-11-openjdk/security/java.security

Using AdoptOpenJDK 11, you can see the TTL is set to 30 seconds when no security manager is found.

like image 78
pyb Avatar answered Jan 30 '23 05:01

pyb
Sign in to Comment

Related questions

Cannot run program CreateProcess error=206, The filename or extension is too long
Find nth term of a sequence in less than O(N)
Simplify ifPresentOrElse chain
Is it necessary to store a value from a method which is retuning a value in java?
class path resource [org/springframework/boot/autoconfigure/web/ServerPropertiesAutoConfiguration.class] cannot be opened because it does not exist
Use cases when lombok or java 'var' is useful [duplicate]
Why concatenate strings with an empty value before returning the value?
wiremock java api - stub request body in form of form-data (not string, nor json)
Firebase Showing An Internal Error has occured. [7:]
Avoid duplicate code with numerous Java classes sharing fields
Java Stream reduce unexplained behaviour
How to check if a class has overriden a default method from an interface using Reflection in Kotlin or Java?
Spring Controller Unit Test throws NestedServletException
Setting null or empty for @singular list in lombok
Use case for RuntimeException from package Kotlin
Why are Java regular expressions compiled?
SPARK dataframe returning null when trying to apply schema to JSON data
How to determine if an object is the same one or different
Fast algorithm for finding all people alive at a given time?
What is better to persist in db OffsetDateTime or Instant

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!