openjdk中的networkaddress.cache.ttl null [英] networkaddress.cache.ttl null in openjdk

问题描述

当我表演时:

System.getProperty("networkaddress.cache.ttl");
Security.getProperty("networkaddress.cache.ttl");

结果为空.

我正在使用alpine，openJdk8.我进行了一些测试，发现我的资源dns正在更改，这是我想要的行为，可以解析dns，而不是永远缓存.

I am using alpine, openJdk8. I did some tests and saw that my resources dns are changing, it is my desired behaviour, resolve dns, not cache forever.

我了解到，如果安装了SecurityManager，默认值为-1，表示永远缓存dns"

I read that if SecurityManager is installed, default value is: -1, that means "cache dns forever"

我没有安装SecurityManager.

I do not have SecurityManager installed.

在这种情况下正确的行为是什么?当未安装SecurityManager且networkaddress.cache.ttl为null时?dns缓存是否刷新?

What is the correct behaviour for this case? When SecurityManager is not installed and networkaddress.cache.ttl is null? Dns cache will be flush or not?

推荐答案

设置实际上在配置文件中.

The settings are actually in the configuration files.

使用Docker映像，在没有安全管理器的情况下，该实现会花费30秒.

Using the Docker image openjdk:8, the implementation uses 30 seconds when there is no security manager.

/usr/local/openjdk-8/jre/lib/security/java.security :

#
# The Java-level namelookup cache policy for successful lookups:
#
# any negative value: caching forever
# any positive value: the number of seconds to cache an address for
# zero: do not cache
#
# default value is forever (FOREVER). For security reasons, this
# caching is made forever when a security manager is set. When a security
# manager is not set, the default behavior in this implementation
# is to cache for 30 seconds.
#
# NOTE: setting this to anything other than the default value can have
#       serious security implications. Do not set it unless
#       you are sure you are not exposed to DNS spoofing attack.
#
#networkaddress.cache.ttl=-1

OpenJDK 11

使用Docker映像openjdk:11，实现与上面相同.

OpenJDK 11

Using the Docker image openjdk:11, the implementation is the same as above.

/usr/local/openjdk-11/conf/security/java.security :

#
# The Java-level namelookup cache policy for successful lookups:
#
# any negative value: caching forever
# any positive value: the number of seconds to cache an address for
# zero: do not cache
#
# default value is forever (FOREVER). For security reasons, this
# caching is made forever when a security manager is set. When a security
# manager is not set, the default behavior in this implementation
# is to cache for 30 seconds.
#
# NOTE: setting this to anything other than the default value can have
#       serious security implications. Do not set it unless
#       you are sure you are not exposed to DNS spoofing attack.
#
#networkaddress.cache.ttl=-1

在其他一些版本中，它可以位于/etc下，例如/etc/java-11-openjdk/security/java.security

In some other versions, it can be under /etc, e.g. /etc/java-11-openjdk/security/java.security

使用AdoptOpenJDK 11，您可以看到

Using AdoptOpenJDK 11, you can see the TTL is set to 30 seconds when no security manager is found.

这篇关于openjdk中的networkaddress.cache.ttl null的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！