Date: Mon, 17 Sep 2007 21:27:20 -0700 (PDT) From: Nick Johnson <freebsd@spatula.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: java/116430: JDK does not respect DNS caching parameters on timeout with CNAME Message-ID: <20070918042720.68A9117034@turing.morons.org> Resent-Message-ID: <200709180430.l8I4U1qd014220@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 116430
>Category: java
>Synopsis: JDK does not respect DNS caching parameters on timeout with CNAME
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-java
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Sep 18 04:30:01 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Nick Johnson
>Release: FreeBSD 6.2-STABLE i386
>Organization:
morons.org
>Environment:
System: FreeBSD turing.morons.org 6.2-STABLE FreeBSD 6.2-STABLE #0: Sun Jan 21 16:53:54 PST 2007 root@turing.morons.org:/usr/src/sys/i386/compile/TURING i386
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_12-p6-root_29_jul_2007_13_27)
>Description:
When making a Socket connection, if the initial lookup for a host that is actually a CNAME times out, the JDK
does not respect the networkaddress.cache.negative.ttl value and immediately throws an UnknownHostException on
subsequent queries.
>How-To-Repeat:
0. Configure Java to run with -Dsun.net.inetaddr.negative.ttl=0 and/or set networkaddress.cache.negative.ttl=0 in java.security.
Configure /etc/resolv.conf to resolve against 127.0.0.1.
1. Create a Socket giving a hostname that resolves as a CNAME and block requests with a firewall so that the request times
out at least initially. Here are some example hosts for which this problem has been seen:
www.washingtonpost.com
www.towleroad.com
www.wcbd.com
2. After the UnknownHostException, unblock the firewall and perform a lookup on the command line such that the name does
resolve.
3. Repeat step 1. The JDK will immediately throw UnknownHostException without performing another lookup (you can
snoop network traffic and see that there is no subsequent lookup performed).
I'm not sure if the request has to time out entirely the first time, or if the resolver just has to do a retry, or if
it always fails because it's a CNAME rather than an A record (but works correctly if the name is already in the BIND
cache because the address is also there).
>Fix:
Unknown
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070918042720.68A9117034>