当我执行:
System.getProperty("networkaddress.cache.ttl");
Security.getProperty("networkaddress.cache.ttl");
结果为空。
我正在使用高山,openJdk8。我做了一些测试,发现我的资源 dns 正在发生变化,这是我想要的行为,解析 dns,而不是永远缓存。
我读到如果安装了 SecurityManager,默认值为:-1,这意味着“永远缓存 dns”
我没有安装 SecurityManager。
这种情况下的正确行为是什么?未安装 SecurityManager 且 networkaddress.cache.ttl 为空时?Dns 缓存是否会刷新?
这些设置实际上在配置文件中。
使用 Docker 镜像openjdk:8,当没有安全管理器时,实现使用 30 秒。
/usr/local/openjdk-8/jre/lib/security/java.security :
#
# The Java-level namelookup cache policy for successful lookups:
#
# any negative value: caching forever
# any positive value: the number of seconds to cache an address for
# zero: do not cache
#
# default value is forever (FOREVER). For security reasons, this
# caching is made forever when a security manager is set. When a security
# manager is not set, the default behavior in this implementation
# is to cache for 30 seconds.
#
# NOTE: setting this to anything other than the default value can have
# serious security implications. Do not set it unless
# you are sure you are not exposed to DNS spoofing attack.
#
#networkaddress.cache.ttl=-1
使用Docker镜像openjdk:11,实现同上。
/usr/local/openjdk-11/conf/security/java.security :
#
# The Java-level namelookup cache policy for successful lookups:
#
# any negative value: caching forever
# any positive value: the number of seconds to cache an address for
# zero: do not cache
#
# default value is forever (FOREVER). For security reasons, this
# caching is made forever when a security manager is set. When a security
# manager is not set, the default behavior in this implementation
# is to cache for 30 seconds.
#
# NOTE: setting this to anything other than the default value can have
# serious security implications. Do not set it unless
# you are sure you are not exposed to DNS spoofing attack.
#
#networkaddress.cache.ttl=-1
在其他一些版本中,它可以在 /etc 下,例如 /etc/java-11-openjdk/security/java.security
使用 AdoptOpenJDK 11,您可以看到当没有找到安全管理器时,TTL 设置为 30 秒。