如何让 Java 遵守 DNS 缓存超时? [英] How to make Java honor the DNS Caching Timeout?

问题描述

我们使用 GSLB 进行地理分布和负载平衡.每个服务都分配了一个固定的域名.通过一些 DNS 魔法，域名被解析为最接近服务器且负载最小的 IP.为了负载平衡工作，应用服务器需要接受来自 DNS 响应的 TTL 并在缓存超时时再次解析域名.但是，我找不到在 Java 中执行此操作的方法.

We use GSLB for geo-distribution and load-balancing. Each service is assigned a fixed domain name. Through some DNS magic, the domain name is resolved into an IP that's closest to the server with least load. For the load-balancing to work, the application server needs to honor the TTL from DNS response and to resolve the domain name again when cache times out. However, I couldn't figure out a way to do this in Java.

该应用程序采用 Java 5，在 Linux (Centos 5) 上运行.

The application is in Java 5, running on Linux (Centos 5).

推荐答案

根据 Byron 的回答，您不能设置 networkaddress.cache.ttl 或 networkaddress.cache.negative.ttl 通过使用 -D 标志或调用 System.setProperty 作为系统属性，因为这些不是系统属性 - 它们是 Security 属性.

Per Byron's answer, you can't set networkaddress.cache.ttl or networkaddress.cache.negative.ttl as System Properties by using the -D flag or calling System.setProperty because these are not System properties - they are Security properties.

如果您想使用系统属性来触发此行为(因此您可以使用 -D 标志或调用 System.setProperty)，您需要设置以下系统属性:

If you want to use a System property to trigger this behavior (so you can use the -D flag or call System.setProperty), you will want to set the following System property:

-Dsun.net.inetaddr.ttl=0

此系统属性将启用所需的效果.

This system property will enable the desired effect.

但请注意:如果您在启动 JVM 进程时不使用 -D 标志并选择从代码中调用它:

But be aware: if you don't use the -D flag when starting the JVM process and elect to call this from code instead:

java.security.Security.setProperty("networkaddress.cache.ttl" , "0")

此代码必须在 JVM 中的任何其他代码尝试执行网络操作之前​​执行.

This code must execute before any other code in the JVM attempts to perform networking operations.

这很重要，因为例如，如果您在 .war 文件中调用 Security.setProperty 并将该 .war 部署到 Tomcat，这将不起作用:Tomcat 使用 Java 网络堆栈来在您的 .war 代码执行之前对其进行初始化.由于这种竞争条件"，在启动 JVM 进程时使用 -D 标志通常更方便.

This is important because, for example, if you called Security.setProperty in a .war file and deployed that .war to Tomcat, this wouldn't work: Tomcat uses the Java networking stack to initialize itself much earlier than your .war's code is executed. Because of this 'race condition', it is usually more convenient to use the -D flag when starting the JVM process.

如果您不使用-Dsun.net.inetaddr.ttl=0 或调用Security.setProperty，您将需要编辑$JRE_HOME/lib/security/java.security 并在该文件中设置这些安全属性，例如

If you don't use -Dsun.net.inetaddr.ttl=0 or call Security.setProperty, you will need to edit $JRE_HOME/lib/security/java.security and set those security properties in that file, e.g.

networkaddress.cache.ttl = 0
networkaddress.cache.negative.ttl = 0

但请注意围绕这些属性的评论中的安全警告.仅当您有理由确信自己不易受到DNS 欺骗攻击的影响时才这样做.

But pay attention to the security warnings in the comments surrounding those properties. Only do this if you are reasonably confident that you are not susceptible to DNS spoofing attacks.

这篇关于如何让 Java 遵守 DNS 缓存超时?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！