tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Ludwig <mil...@gmx.de>
Subject Re: SOT: JVM and DNS Failover
Date Fri, 03 Dec 2010 20:21:00 GMT
Michael Ludwig schrieb am 03.12.2010 um 20:51 (+0100):
> Michael Ludwig schrieb am 03.12.2010 um 20:31 (+0100):
> 
> >   networkaddress.cache.ttl
> 
> > Wondering myself what the default value is?
> > 
> >   sun.net.inetaddr.ttl
> 
> > So is the "implementation specific period of time" the value taken
> > from the OS?
> 
> I think this rather means that it's up to the JVM vendor's gusto.
> 
> In the absence of a security manger, the value can be tweaked here:
> 
>   C:\Programme\Java\jre6\lib\security\java.security

The comments in that file (at least in my copy of it) really leave you
wondering whether in the absence of a security manager, the default
value is FOREVER or 30 seconds. And whether you can tweak it when
running under a security manager.

          \,,,/
          (o o)
------oOOo-(_)-oOOo------
# The Java-level namelookup cache policy for successful lookups:
#
# any negative value: caching forever
# any positive value: the number of seconds to cache an address for
# zero: do not cache
#
# default value is forever (FOREVER). For security reasons, this
# caching is made forever when a security manager is set. When a security
# manager is not set, the default behavior is to cache for 30 seconds.
#
# NOTE: setting this to anything other than the default value can have
#       serious security implications. Do not set it unless 
#       you are sure you are not exposed to DNS spoofing attack.
#
#networkaddress.cache.ttl=-1 

-- 
Michael Ludwig

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message