Java DNS Caching Solutions
Java DNS Caching Solutions
Java-based CAS clients do not automatically pick up the DNS changes. This is caused by an underlying security setting of old Java Virtual Machine that caches DNS resolutions permanently between restarts. This causes those clients to break after the DNS switch, as they do not update their IP address to the new setting.
Affected Clients | Unaffected Clients |
---|---|
If your service uses one of the following clients, YOU MUST use one of the workarounds listed below.
| If your service uses one of the following clients it is NOT NECESSARY to implement any of the listed workarounds
|
Workaround #1 - Change the DNS TTL for the JVM
There are two ways to change the DNS behavior for a JVM. The most reliable method is to change the settings in the java.security file for the JVM. It is also possible to pass commandline parameters, but this is not guaranteed to work. Each of the options are outlined below:
Restart Required
Please note that after applying either of these properties, you must restart Java in order for the changes to take effect.
Workarounds
The following workarounds and resolutions will allow your Java-based CASified application to properly authenticate to CAS after the Data Center upgrade.
Workaround #2 - Update JDK to 1.6.0 or greater
Java 1.6 introduced a change to the default DNS caching behaviour. The default value for networkaddress.cache.ttl changed from -1 (cache forever) to a system-dependent value, but only if you have no security manager installed. The idea was for this to work as a robustness against DNS cache poisoning.
Please note that upgrading to JDK 1.6.0 may not resolve DNS caching issues if the system-dependent value is set to cache indefinitely. Please check your system settings for DNS caching before relying on this solution.
Workaround #3 - Perform a server restart after the CAS HA Upgrade
While this solution will not account for any future DNS changes, likely the easiest approach is to simply schedule a server restart after the CAS HA Upgrade is complete. We will clearly indentify the upgrade window for the HA upgrade so that you may schedule your server restart with confidence.