当我表演时:
System.getProperty("networkaddress.cache.ttl");
Security.getProperty("networkaddress.cache.ttl");
结果为空。
我正在使用高山的openJdk8。 我做了一些测试,发现我的资源dns发生了变化,这是我想要的行为,可以解析dns,而不是永远缓存。
我了解到,如果安装了SecurityManager,默认值为-1,表示“永远缓存dns”
我没有安装SecurityManager。
在这种情况下正确的行为是什么? 当未安装SecurityManager且networkaddress.cache.ttl为null时? dns缓存是否刷新?
设置实际上在配置文件中。
使用Docker映像openjdk:8,在没有安全管理器的情况下,该实现使用30秒。
/usr/local/openjdk-8/jre/lib/security/java.security:
#
# The Java-level namelookup cache policy for successful lookups:
#
# any negative value: caching forever
# any positive value: the number of seconds to cache an address for
# zero: do not cache
#
# default value is forever (FOREVER). For security reasons,this
# caching is made forever when a security manager is set. When a security
# manager is not set,the default behavior in this implementation
# is to cache for 30 seconds.
#
# NOTE: setting this to anything other than the default value can have
# serious security implications. Do not set it unless
# you are sure you are not exposed to DNS spoofing attack.
#
#networkaddress.cache.ttl=-1
使用Docker映像openjdk:11,实现与上面相同。
/usr/local/openjdk-11/conf/security/java.security:
#
# The Java-level namelookup cache policy for successful lookups:
#
# any negative value: caching forever
# any positive value: the number of seconds to cache an address for
# zero: do not cache
#
# default value is forever (FOREVER). For security reasons,the default behavior in this implementation
# is to cache for 30 seconds.
#
# NOTE: setting this to anything other than the default value can have
# serious security implications. Do not set it unless
# you are sure you are not exposed to DNS spoofing attack.
#
#networkaddress.cache.ttl=-1
在其他一些版本中,它可以位于/ etc下,例如/etc/java-11-openjdk/security/java.security