如何使Java遵守DNS缓存超时? [英] How to make Java honor the DNS Caching Timeout?

问题描述

我们使用GSLB进行地理位置分配和负载平衡.每个服务都分配有一个固定的域名.通过一些DNS魔术，可以将域名解析为最接近服务器且负载最少的IP.为了使负载平衡起作用，应用程序服务器需要遵循DNS响应中的TTL，并在缓存超时时再次解析域名.但是，我找不到用Java做到这一点的方法.

We use GSLB for geo-distribution and load-balancing. Each service is assigned a fixed domain name. Through some DNS magic, the domain name is resolved into an IP that's closest to the server with least load. For the load-balancing to work, the application server needs to honor the TTL from DNS response and to resolve the domain name again when cache times out. However, I couldn't figure out a way to do this in Java.

该应用程序使用Java 5，可在Linux(Centos 5)上运行.

The application is in Java 5, running on Linux (Centos 5).

推荐答案

每个拜伦的答案，您不能使用-D标志或调用System.setProperty将networkaddress.cache.ttl或networkaddress.cache.negative.ttl设置为系统属性.不是系统属性-它们是安全性属性.

Per Byron's answer, you can't set networkaddress.cache.ttl or networkaddress.cache.negative.ttl as System Properties by using the -D flag or calling System.setProperty because these are not System properties - they are Security properties.

如果要使用系统属性来触发此行为(因此可以使用-D标志或调用System.setProperty)，则需要设置以下 System 属性:

If you want to use a System property to trigger this behavior (so you can use the -D flag or call System.setProperty), you will want to set the following System property:

-Dsun.net.inetaddr.ttl=0

此系统属性将启用所需的效果.

This system property will enable the desired effect.

但是要注意:如果您在启动JVM进程时不使用-D标志，而是选择从代码中调用它:

But be aware: if you don't use the -D flag when starting the JVM process and elect to call this from code instead:

java.security.Security.setProperty("networkaddress.cache.ttl" , "0")

此代码必须在JVM中的任何其他代码尝试执行网络操作之前​​必须执行.

This code must execute before any other code in the JVM attempts to perform networking operations.

这很重要，因为例如，如果您在.war文件中调用了Security.setProperty并将该.war部署到Tomcat，则此操作将无效:Tomcat使用Java网络堆栈进行初始化的时间要早​​于您的.战争的代码被执行.由于这种竞争条件"，通常在启动JVM进程时使用-D标志更为方便.

This is important because, for example, if you called Security.setProperty in a .war file and deployed that .war to Tomcat, this wouldn't work: Tomcat uses the Java networking stack to initialize itself much earlier than your .war's code is executed. Because of this 'race condition', it is usually more convenient to use the -D flag when starting the JVM process.

如果您不使用-Dsun.net.inetaddr.ttl=0或调用Security.setProperty，则需要编辑$JRE_HOME/lib/security/java.security并在该文件中设置这些安全属性，例如

If you don't use -Dsun.net.inetaddr.ttl=0 or call Security.setProperty, you will need to edit $JRE_HOME/lib/security/java.security and set those security properties in that file, e.g.

networkaddress.cache.ttl = 0
networkaddress.cache.negative.ttl = 0

但是请注意那些属性周围的注释中的安全警告.仅在您有理由确信自己不易受到 DNS欺骗攻击的情况下才这样做.

But pay attention to the security warnings in the comments surrounding those properties. Only do this if you are reasonably confident that you are not susceptible to DNS spoofing attacks.

这篇关于如何使Java遵守DNS缓存超时?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！