JVM DNS IP地址缓存（InetAddress）

一、JVM IP地址缓存

1. JVM默认策略

IP地址解析后缓存，LDNS、浏览器以及OS的hosts文件都会解析后缓存，因为一次DNS解析相对而言还是很耗时的。为了提高性能，JVM也会这么干。java.net.InetAddress类是IP地址的抽象，因此JVM对IP地址的默认缓存策略可以参看该类的注释。

InetAddress Caching
 
The InetAddress class has a cache to store successful as well as unsuccessful host name resolutions.
By default, when a security manager is installed, in order to protect against DNS spoofing attacks, the result of positive host name resolutions are cached forever. When a security manager is not installed, the default behavior is to cache entries for a finite (implementation dependent) period of time. The result of unsuccessful host name resolution is cached for a very short period of time (10 seconds) to improve performance.
 
If the default behavior is not desired, then a Java security property can be set to a different Time-to-live (TTL) value for positive caching. Likewise, a system admin can configure a different negative caching TTL value when needed.
 
Two Java security properties control the TTL values used for positive and negative host name resolution caching:
 
networkaddress.cache.ttl
Indicates the caching policy for successful name lookups from the name service. The value is specified as as integer to indicate the number of seconds to cache the successful lookup. The default setting is to cache for an implementation specific period of time.
A value of -1 indicates "cache forever".
 
networkaddress.cache.negative.ttl (default: 10)
Indicates the caching policy for un-successful name lookups from the name service. The value is specified as as integer to indicate the number of seconds to cache the failure for un-successful lookups.
A value of 0 indicates "never cache". A value of -1 indicates "cache forever".

默认缓存策略：

A. 域名能够正确解析的IP地址将会永久缓存；
B. 域名解析出错的IP地址会默认缓存10S；

2. 自定义策略

至少有三种方式可以修改该缓存策略，本文总结了三种，分别是：

A. JVM启动时修改java.sercurity配置文件；
B. JVM启动时添加启动参数；
C. JVM启动后，通过System修改系统类属性；

三种方式的详细内容如下所述：

2.1 JVM启动时修改配置文件

在JDK的安装包下，%JAVA_HOME%/lib/security/java.security文件中，通过修改networkaddress.cache.negative.ttl和networkaddress.cache.ttl的值来配置可以正确解析和不能正确解析的IP地址缓存策略。java.security文件中的配置信息如下所示。

# The Java-level namelookup cache policy for successful lookups:
#
# any negative value: caching forever
# any positive value: the number of seconds to cache an address for
# zero: do not cache
#
# default value is forever (FOREVER). For security reasons, this
# caching is made forever when a security manager is set. When a security
# manager is not set, the default behavior in this implementation
# is to cache for 30 seconds.
#
# NOTE: setting this to anything other than the default value can have
#       serious security implications. Do not set it unless
#       you are sure you are not exposed to DNS spoofing attack.
#
#networkaddress.cache.ttl=-1
 
# The Java-level namelookup cache policy for failed lookups:
#
# any negative value: cache forever
# any positive value: the number of seconds to cache negative lookup results
# zero: do not cache
#
# In some Microsoft Windows networking environments that employ
# the WINS name service in addition to DNS, name service lookups
# that fail may take a noticeably long time to return (approx. 5 seconds).
# For this reason the default caching policy is to maintain these
# results for 10 seconds.
#
#
networkaddress.cache.negative.ttl=10

2.2 JVM启动时修改启动参数

在JVM启动的时候增加启动参数来设置。

A. 正确解析：-Dsun.net.inetaddr.ttl=xx

B. 错误解析：-Dsun.net.inetaddr.negative.ttl=xx

2.3 运行时通过System类修改

通过java.lang.System类在JVM启动后修改。

		System.setProperty("sun.net.inetaddr.ttl", "-1");
		System.setProperty("sun.net.inetaddr.negative.ttl", "10");

二、最佳实践

最佳实践：单例模式使用InetAddress类。

三、附件

下载：《DNS Caching in Java Virtual Machines》

附注：

本文如有错漏，烦请不吝指正，谢谢！